ZyXEL NWA-3500 User Guide
ZyXEL NWA-3500 Manual
 |
View all ZyXEL NWA-3500 manuals
Add to My Manuals
Save this manual to your list of manuals |
ZyXEL NWA-3500 manual content summary:
- ZyXEL NWA-3500 | User Guide - Page 1
NWA-3500/NWA-3550 802.11a/g Dual Radio Wireless Business AP 802.11a/g Dual Radio Outdoor WLAN Business AP Default Login Details IP Address http://192.168.1.2 Password 1234 Firmware Version 3.7 Edition 2, 8/2009 www.zyxel.com www.zyxel.com Copyright © 2009 ZyXEL Communications Corporation - ZyXEL NWA-3500 | User Guide - Page 2
- ZyXEL NWA-3500 | User Guide - Page 3
for Internet access. Note: It is recommended you use the web configurator to configure the NWA. • Support Disc Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. User's Guide Feedback Help - ZyXEL NWA-3500 | User Guide - Page 4
About This User's Guide Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. See http://www.zyxel.com/ web/contact_us.php for - ZyXEL NWA-3500 | User Guide - Page 5
things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The NWA-3500 or the NWA-3550 may be referred to as the "NWA", the "device", the "system" or the "product" in this User's Guide. • Product labels, screen names, field labels and field choices are all in bold - ZyXEL NWA-3500 | User Guide - Page 6
Figures Figures in this User's Guide may use the following generic icons. The NWA icon is not an exact representation of your NWA. Table 1 Common Icons NWA Computer Notebook Server Printer Telephone Switch Router Internet Cloud Firewall DSLAM Wireless Signal 6 NWA-3500/NWA-3550 User - ZyXEL NWA-3500 | User Guide - Page 7
Always disconnect all cables from this device before servicing or disassembling. • Use ONLY an appropriate water pipes will be damaged. • The PoE (Power over Ethernet) devices that supply or your local radio regulations. ZyXEL bears no responsibility whatsoever for NWA-3500/NWA-3550 User's Guide 7 - ZyXEL NWA-3500 | User Guide - Page 8
Safety Warnings 8 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 9
Server ...209 Certificates ...217 Log Screens ...235 VLAN ...245 Load Balancing ...265 Dynamic Channel Selection ...271 Maintenance ...275 Troubleshooting and Specifications 287 Troubleshooting ...289 Product Specifications ...297 Appendices and Index ...303 NWA-3500/NWA-3550 User's Guide 9 - ZyXEL NWA-3500 | User Guide - Page 10
Contents Overview 10 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 11
1.1 Overview ...23 1.2 Applications for the NWA ...24 1.2.1 Access Point ...24 1.2.2 Bridge / Repeater ...25 1.2.2.1 Bridge / Repeater Mode Example 26 1.2.3 AP + Bridge ...28 1.2.4 MBSSID ...28 1.2.5 Pre-Configured SSID Profiles 30 1.2.6 Configuring Dual WLAN Adaptors 30 1.3 CAPWAP ...31 1.4 Ways - ZyXEL NWA-3500 | User Guide - Page 12
2.3.1 Methods of Restoring Factory-Defaults 38 2.4 Navigating the Web 43 3.3.1 Change the Operating Mode 45 3.3.1.1 Access Point 45 3.3.1.2 MBSSID 46 3.3.2 Configure the VoIP Network Your NWA in Controller AP Mode 73 3.6.4.1 Secondary AP Controller 74 12 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 13
Table of Contents 3.6.4.2 Primary AP Controller 75 3.6.5 Setting Your NWA in Managed AP Mode 75 3.6.6 Configuring the Managed Access Points List 76 3.6.7 Checking your Settings and Testing the Configuration 79 Part II: The Web Configurator 81 Chapter 4 Status Screens ...83 4.1 Overview ...83 - ZyXEL NWA-3500 | User Guide - Page 14
the System Screens 110 7.2 General Screen ...111 7.3 Password Screen ...113 7.4 Time Setting Screen ...115 7.5 The Wireless Screen ...123 8.3.1 Access Point Mode 123 8.3.2 Bridge / Repeater Mode 126 8.3.3 AP + Bridge Mode ...131 ATC+WMM from LAN to WLAN 152 14 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 15
of Contents 9.3.3.2 ATC+WMM from WLAN to LAN 152 9.3.4 Type Of Service (ToS 152 9.3.4.1 DiffServ 152 9.3.4.2 DSCP and Per-Hop Behavior 153 9.3.4.3 ToS (Type of Service) and WMM QoS 153 Chapter 10 Filter Screen ...180 13.2.1 Configuring the MAC Filter 180 NWA-3500/NWA-3550 User's Guide 15 - ZyXEL NWA-3500 | User Guide - Page 16
IP Screen 183 14.1.2 What You Need To Know About IP 183 14.2 The IP Screen ...184 14.3 Technical Reference ...185 14.3.1 WAN IP Address Assignment 185 Chapter 15 Rogue AP Supported AP Screen 212 17.4 The Trusted Users Screen 213 17.5 Technical Reference ...214 16 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 17
20.2 Wireless VLAN Screen ...247 20.2.1 RADIUS VLAN Screen 248 20.3 Technical Reference ...250 20.3.1 VLAN Tagging ...250 20.3.2 Configuring Management VLAN Example 250 20.3.3 Configuring Microsoft's IAS Server Example 253 20.3.3.1 Configuring VLAN Groups 254 NWA-3500/NWA-3550 User's Guide 17 - ZyXEL NWA-3500 | User Guide - Page 18
Defaults 284 23.9 Restart Screen ...284 Part III: Troubleshooting and Specifications 287 Chapter 24 Troubleshooting...289 24.1 Overview ...289 24.2 Power, Hardware Connections, and LEDs 289 24.3 NWA Access and Login 290 24.4 AP Management Modes 292 24.5 Internet Access ...294 18 NWA-3500/NWA - ZyXEL NWA-3500 | User Guide - Page 19
Wireless LANs 331 Appendix C Pop-up Windows, JavaScripts and Java Permissions 347 Appendix D Importing Certificates 355 Appendix E IP Addresses and Subnetting 381 Appendix F Text File Based Auto Configuration 391 Appendix G Legal Information 399 Index...403 NWA-3500/NWA-3550 User's Guide 19 - ZyXEL NWA-3500 | User Guide - Page 20
Table of Contents 20 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 21
PART I Introduction Introducing the NWA (23) The Web Configurator (37) Status Screens (83) Management Mode (87) Tutorial (41) 21 - ZyXEL NWA-3500 | User Guide - Page 22
22 - ZyXEL NWA-3500 | User Guide - Page 23
traffic security, supporting IEEE 802.1x, Wi-Fi Protected Access (WPA), WPA2 and WEP data encryption. Your NWA is easy to install, configure and use. The embedded Web-based configurator enables simple, straightforward management and maintenance. See the Quick Start Guide for instructions on how to - ZyXEL NWA-3500 | User Guide - Page 24
WLAN operating modes: • Access Point (AP) • Bridge / Repeater • AP + Bridge • MBSSID Applications for each operating mode are shown below. Note: A different channel should be configured for each WLAN interface to reduce the effects of radio interference. 1.2.1 Access Point The NWA is an ideal access - ZyXEL NWA-3500 | User Guide - Page 25
of peer sides match one another, the connection between devices is made. At the time of writing, WDS security is compatible with other ZyXEL access points only. Refer to your other access point's documentation for details. Figure 2 Bridge Application A B NWA-3500/NWA-3550 User's Guide 25 - ZyXEL NWA-3500 | User Guide - Page 26
you enable bridging in the NWA. Bridge loops cause broadcast traffic to circle the network endlessly, resulting in possible throughput degradation and disruption of communications. The following examples show two network topologies that can lead to this problem: 26 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 27
. Figure 5 Bridge Loop: Two Bridges Connected to Hub • If your NWA (in bridge mode) is connected to a wired LAN while communicating with Wireless screen or your NWA is not set to bridge mode while connected to both wired and wireless segments of the same LAN. NWA-3500/NWA-3550 User's Guide 27 - ZyXEL NWA-3500 | User Guide - Page 28
X Y A B 1.2.4 MBSSID A Basic Service Set (BSS) is the set of devices forming a single wireless network (usually an access point and one or more wireless clients). The Service Set IDentifier (SSID) is the name of a BSS. In Multiple BSS (MBSSID) mode, the NWA 28 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 29
wireless clients in the network, each SSID appears to be a different access point. As in any wireless network, clients can associate only with the access to the wired Land Area Network (LAN) behind the AP and can access only the Internet. Figure 8 Multiple BSSs NWA-3500/NWA-3550 User's Guide 29 - ZyXEL NWA-3500 | User Guide - Page 30
802.11b and IEEE 802.11g clients to access the wired network, and WLAN2 in AP+Bridge mode to allow an IEEE 802.11a AP to communicate with the wired network. Figure 9 Dual WLAN Adaptors Example Z WLAN2 802.11a AP + Bridge Internet WLAN1 802.11b/g Access Point 30 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 31
1.3 CAPWAP The NWA supports Control And Provisioning of Wireless Access Points (CAPWAP). This is ZyXEL's implementation of the Internet Engineering Task Force's (IETF) CAPWAP protocol. ZyXEL's CAPWAP allows a single access point to manage up to eight other access points. The managed APs receive all - ZyXEL NWA-3500 | User Guide - Page 32
recommended for everyday management of the NWA using a (supported) web browser. • Command Line Interface (CLI). Line commands are mostly used for troubleshooting by service engineers. • File Transfer Protocol (FTP). This protocol can be used for firmware upgrades and configuration backup and restore - ZyXEL NWA-3500 | User Guide - Page 33
button. If an unauthorized person has access to the reset button, they can then reset the device's password to its default password, log in and reconfigure its settings. • Change any default passwords on the NWA, such as the password used for accessing the NWA's web configurator (if it has a web - ZyXEL NWA-3500 | User Guide - Page 34
1.7 Hardware Connections See your Quick Start Guide for information on making hardware connections. 1.7.1 Antennas Your NWA has two wireless LAN adaptors, WLAN1 and WLAN2. wireless LAN adaptor. 1.8 LEDs This section applies to the NWA-3500 only. Figure 11 LEDs 34 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 35
mode, and has successfully established a Wireless Distribution System (WDS) connection. The NWA is starting up. Either The NWA is in Access Point or MBSSID mode and is functioning normally. The NWA is in AP + Bridge or Bridge/ Repeater mode and has not established a Wireless Distribution System (WDS - ZyXEL NWA-3500 | User Guide - Page 36
Ethernet connection. The NWA has a 10 Mbps Ethernet connection and is sending or receiving data. The NWA has a 100 Mbps Ethernet connection. The NWA has a 100 Mbps Ethernet connection and is sending/receiving data. The NWA does not have an Ethernet connection. 36 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 37
Accessing the Web Configurator 1 Make sure your hardware is properly connected and prepare your computer or computer network to connect to the NWA (refer to the Quick Start Guide). 2 Launch your web browser. 3 Type "http://192.168.1.2" as the URL (default). 4 Type "1234" (default) as the password - ZyXEL NWA-3500 | User Guide - Page 38
to blink). Use this method for cases when the password or IP address of the NWA is not known. • Use the web configurator to restore defaults (refer to Section 23.8 on page 282). • Transfer the configuration file to your NWA using File Transfer Protocol (FTP). 38 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 39
Balancing, and DCS. • Click MAINTENANCE to view information about your NWA or upgrade configuration and firmware files. Maintenance features include Association List, Channel Usage, F/W (Firmware) Upload, Configuration (Backup, Restore and Default) and Restart. NWA-3500/NWA-3550 User's Guide 39 - ZyXEL NWA-3500 | User Guide - Page 40
Chapter 2 The Web Configurator 40 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 41
security and Quality of Service (QoS) settings. See Section 1.2.1 on page 24 for details. • Use Bridge / Repeater operating mode if you want to use the NWA to communicate with other access points. See Section 1.2.2 on page 25 for details. The NWA is a bridge when other APs access your wired Ethernet - ZyXEL NWA-3500 | User Guide - Page 42
NWA's wireless network (see your Quick Start Guide for information on setting up your NWA and accessing the Web Configurator). Figure 13 Configuring Wireless LAN Select Operating Mode. Access Point Mode. Bridge / Repeater Mode. AP Check your settings and test. 42 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 43
network printer. To do this, you will take the following steps: 1 Change the operating mode from Access Point to MBSSID and reactivate the standard network. 2 Configure a wireless network for VoIP users. 3 Configure a wireless network for guests to your office. NWA-3500/NWA-3550 User's Guide 43 - ZyXEL NWA-3500 | User Guide - Page 44
you want to allow users of the guest network to access. The following table shows the addresses used in this example. Table 2 Tutorial: Example Information Network router (A) MAC address 00:AA:00:AA:00:AA Network printer (B) MAC address AA:00:AA:00:AA:00 44 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 45
NWA (see Section 2.2 on page 37). Click Wireless > Wireless. The Wireless screen appears. 3.3.1.1 Access Point Set the NWA's WLAN Interface WLAN1 is set to Access Point operating mode, and is currently using the SSID03 profile. Figure 15 Tutorial: Wireless LAN: Before NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 46
3 in this example). Select the Index box for the entry and click Apply to activate the profile. Your standard wireless network (SSID03) is now accessible to your wireless clients as before. You do not need to configure anything else for your standard network. 46 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 47
security profiles. Figure 17 Tutorial: WIRELESS > SSID The Voice over IP (VoIP) network will use the pre-configured SSID profile, so select VoIP_SSID's radio button and click Edit. The following screen displays. Figure 18 Tutorial: VoIP SSID Profile Edit NWA-3500/NWA-3550 User's Guide 47 - ZyXEL NWA-3500 | User Guide - Page 48
field. 4 Leave all the other fields at their defaults and click Apply. 3.3.2.1 Set Up Security for the VoIP Profile Now you need to configure the security settings to use on the VoIP wireless network. Click the Security tab. Figure 19 Tutorial: VoIP Security 48 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 49
screen displays. Ensure that the Profile Name for entry 2 displays "VoIP_Security" and that the Security Mode is WPA2-PSK. Figure 21 Tutorial: VoIP Security: Updated NWA-3500/NWA-3550 User's Guide 49 - ZyXEL NWA-3500 | User Guide - Page 50
network via the Guest_SSID profile can access only certain pre-defined devices on the network (see Section on page 174), and "intra-BSS traffic blocking" means that the client cannot access other clients on the same wireless network (see Section 8.3 on page 123). 50 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 51
VoIP network is using the security02 profile (renamed VoIP_Security) so select the security03 profile from the Security field. 4 Leave all the other fields at their defaults and click Apply. NWA-3500/NWA-3550 User's Guide 51 - ZyXEL NWA-3500 | User Guide - Page 52
Mode field. WPA-PSK provides strong security that is supported by most wireless clients. Even though your Guest_SSID clients do not have access to sensitive information on the network, you should not Mode is WPA-PSK. Figure 25 Tutorial: Guest Security: Updated 52 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 53
Layer 2 Isolation The Guest_SSID network uses the l2isolation01 profile by default, so select its entry and click Edit. The following screen displays to access: the main network router (00:AA:00:AA:00:AA) and the network printer (AA:00:AA:00:AA:00). Click Apply. NWA-3500/NWA-3550 User's Guide 53 - ZyXEL NWA-3500 | User Guide - Page 54
are correctly configured, do the following. • On a computer with a wireless client, scan for access points. You should see the Guest_SSID network, but not the VoIP_SSID network. If you can see the 2 isolation profile is enabled in the Guest_SSID profile screen. 54 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 55
and accessed from your floor of the building. There are no other static wireless networks in your coverage area. The following diagram shows the wireless networks in your area. Your access points are marked A, B, C and D. You also have a network mail/file server, NWA-3500/NWA-3550 User's Guide 55 - ZyXEL NWA-3500 | User Guide - Page 56
.168.1.1 Access Point B 192.168.1.2 Access Point C 192.168.1.3 Access Point D 192.168.1.4 File / Mail Server E 192.168.1.25 Access Point 1 UNKNOWN MAC ADDRESS 00:AA:00:AA:00:AA AA:00:AA:00:AA:00 A0:0A:A0:0A:A0:0A 0A:A0:0A:A0:0A:A0 N/A AF:AF:AF:FA:FA:FA 56 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 57
as in the following table. Click Add after you enter the details of each AP to include it in the list. MAC ADDRESS 00:AA:00:AA:00:AA AA:00:AA:00:AA:00 A0:0A:A0:0A:A0:0A DESCRIPTION My Access Point _A_ My Access Point _B_ My Access Point _C_ NWA-3500/NWA-3550 User's Guide 57 - ZyXEL NWA-3500 | User Guide - Page 58
Figure 31 Tutorial: Friendly AP (After Data Entry) 3 Next, you will save the list of friendly APs in order to provide a backup and upload it to your other access points. Click the Configuration tab.The following screen appears. Figure 32 Tutorial: Configuration 58 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 59
5 Save the friendly AP list somewhere it can be accessed by all the other access points on the network. In this example, save it on the network file server (E in Figure 29 on page 56). The default filename is "Flist". Figure 34 Tutorial: Save Friendly AP list NWA-3500/NWA-3550 User's Guide 59 - ZyXEL NWA-3500 | User Guide - Page 60
ten minutes to once every hour. In this example, enter "10". 3 In the Expiration Time field, enter how long an AP's entry can remain in the list before the NWA discards it from the list when the AP is no longer active. In this example, enter "30". 4 Click Apply. 60 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 61
for the alert e-mails in the Mail Subject field. Choose a subject that is eye-catching and identifies the access point - in this example, "ALERT_Access_Point_A". 4 Enter the email address to which you want alerts to be sent ([email protected], in this example). NWA-3500/NWA-3550 User's Guide 61 - ZyXEL NWA-3500 | User Guide - Page 62
following steps. 1 From a computer on the wired network, enter the access point's IP address and login to its Web configurator. See Table 3 on page 56 for the example IP addresses. 2 Import the friendly AP list. Click ROGUE AP > Configuration > Browse.... Find the "Flist" file where you previously - ZyXEL NWA-3500 | User Guide - Page 63
proprietary data. You have two secure servers (1 and 2 in the following figure). Wireless user "Alice" (A) needs to access server 1 (but should not access server 2) and wireless user "Bob" (B) needs to access server 2 (but should not access server 1). Your NWA-3500/NWA-3550 User's Guide 63 - ZyXEL NWA-3500 | User Guide - Page 64
to set up a second wireless network to allow only Bob to access Server 2 and the Internet. 3.5.3 Setup In this example, you have already set up the NWA in MBSSID mode (see Chapter 12 on page 173). It PSK Hide SSID Intra-BSS traffic blocking Enabled Enabled 64 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 65
4 Repeat steps access secure server 1 via the network switch. You will configure the MAC filter to restrict access to Alice alone, and then configure layer-2 isolation to allow her to access only the network switch, the file server and the Internet security gateway. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 66
Chapter 3 Tutorial Take the following steps to configure the SERVER_1 network. 1 Log into the NWA's Web Configurator and click Wireless > SSID. The following screen displays, showing the SSID profiles you already configured. Figure 38 Tutorial: SSID Profile 66 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 67
Name to "L-2-ISO_SERVER_1" and click Apply. You have restricted users on the SERVER_1 network to access only the devices with the MAC addresses you entered. 7 Click the MAC Filter tab. When the MAC Filter screen appears, select macfilter03's entry and click Edit. NWA-3500/NWA-3550 User's Guide 67 - ZyXEL NWA-3500 | User Guide - Page 68
, you will configure the SERVER_2 network that allows Bob to access secure server 2 and the Internet. To do this, repeat the procedure in Section 3.5.4 on page 65, substituting the Description: SERVER_2 MAC Address: 66:55:44:33:22:11 Description: GATEWAY 68 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 69
networks are set up correctly. 3.5.6.1 Checking Settings Take the following steps to check that the NWA is using the correct SSIDs, MAC filters and layer-2 isolation profiles. 1 Click Wireless > in the following figure. Figure 42 Tutorial: SSID Profiles Activated NWA-3500/NWA-3550 User's Guide 69 - ZyXEL NWA-3500 | User Guide - Page 70
so, MAC filtering is misconfigured. 2 Test the SERVER_2 network. • Using Bob's computer and wireless client, and the correct security settings, do the following. Attempt to access Server 2. You should be able to do so. 70 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 71
, it takes a lot of your time to edit profiles in the APs because of their location. You want to convert one of your NWA to a controller AP (A) which will allow you to manage all 4 NWA APs using the Web Configurator of this newly transformed NWA controller AP. NWA-3500/NWA-3550 User's Guide 71 - ZyXEL NWA-3500 | User Guide - Page 72
will have to copy each SSID profile to just one NWA (which will serve as the NWA controller AP.) Note: This tutorial covers only the MGNT MODE and Controller screens. You will need to do the following steps to configure the management modes of your NWAs. 72 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 73
originally in default standalone mode) to Managed AP mode. You can also manually enter the IP addresses of your primary and secondary NWA controller APs. 3 Add the newly converted managed APs (B, C and D, from step 4) to the Managed Access Points List of the NWA primary controller AP. 4 Check your - ZyXEL NWA-3500 | User Guide - Page 74
set your NWA in secondary controller AP mode, open the Controller > Redundacy screen (this screen only appears when the NWA is in Controller AP mode) in the Web Configurator of the NWA that you want to serve as backup. Figure 46 Tutorial: Secondary Controller AP 74 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 75
put it simply, the managed NWA is not directly configurable. This is because its controller AP is continuously managing it. You can switch the NWA to standalone AP mode by pressing the reset button on the casing (NWA-3500 only). Previous configurations are lost. NWA-3500/NWA-3550 User's Guide 75 - ZyXEL NWA-3500 | User Guide - Page 76
Access Points List At this point, you have 3 NWA managed APs (B, C and D) that can now be managed by the primary controller AP. First in the Web Configurator of your primary controller AP (A), go to Controller > Configuration. Figure 49 Tutorial: Registration Type 76 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 77
by filling in the Description field. Click Add. 3 The 2nd, 3rd and 4th floor NWA managed APs (B, C and D) should now be in the Manged Access Points List. By default, newly added managed APs in the list have their WLAN Radio Profile set to disabled. This means that their wireless functions are turned - ZyXEL NWA-3500 | User Guide - Page 78
: Managed AP WLAN Radio Profile In this example, the 1st floor NWA managed AP uses radio06 for its WLAN1 Radio Profile. The WLAN2 radio is disabled. Refer to Section 8.3 on page 123 for instructions on how to set up WLAN radio profiles in the NWA controller APs. 78 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 79
not the secondary controller AP when setting the congfiguration for the managed APs. If you accidentally set up the secondary controller AP instead, the changes you made will not take effect. They are overridden by the configurations of the primary controller AP. NWA-3500/NWA-3550 User's Guide 79 - ZyXEL NWA-3500 | User Guide - Page 80
Chapter 3 Tutorial 80 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 81
(109) Wireless Configuration (119) SSID Screen (145) Wireless Security Screen (155) RADIUS Screen (169) Layer-2 Isolation Screen (173) MAC Filter Screen (179) IP Screen (183) Rogue AP Detection (187) Remote Management Screens (195) Internal RADIUS Server (209) Certificates (217) Log Screens (235 - ZyXEL NWA-3500 | User Guide - Page 82
82 - ZyXEL NWA-3500 | User Guide - Page 83
about system statistics, associated wireless clients, and logs. 4.2 The Status Screen Use this screen to get a quick view of system, Ethernet, WLAN and other information regarding your NWA. Click Status. The following screen displays. Figure 54 The Status Screen NWA-3500/NWA-3550 User's Guide 83 - ZyXEL NWA-3500 | User Guide - Page 84
not active. You can enable or disable VLAN, or change the management VLAN ID, in the VLAN > Wireless VLAN screen. IP This field displays the current IP address of the NWA on the network. LAN MAC This displays the MAC (Media Access Control) address of the NWA on the LAN. Every network device has - ZyXEL NWA-3500 | User Guide - Page 85
It supports up VLAN This field displays the VLAN ID of each SSID in use, or Disabled if the SSID does not use VLAN NWA. See Chapter 19 on page 239. Rogue AP List Click this to see a list of unauthorized access points in the local area. See Section 15.2.2 on page 196. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 86
is configurable. The fields in this screen vary according to the current wireless mode of each WLAN adaptor. Figure 55 System Status: Show Statistics The following table describes the labels in this screen above. Click this button to stop refreshing statistics. 86 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 87
management mode. This screen determines whether the NWA is used in its default standalone mode, or as part of a Control And Provisioning of Wireless Access Points (CAPWAP) network. 5.2 About CAPWAP The NWA supports CAPWAP. This is ZyXEL's implementation of the IETF's CAPWAP protocol (RFC 4118). The - ZyXEL NWA-3500 | User Guide - Page 88
Mode Note: The NWA can be a controller AP, standalone AP (default) or a CAPWAP managed AP. 5.2.1 CAPWAP Discovery and Management The link between CAPWAP-enabled access points proceeds as follows: 1 An AP in managed AP mode joins a wired network (receives a dynamic IP address). 2 The AP sends out - ZyXEL NWA-3500 | User Guide - Page 89
TRAFFIC DHCP SERVER + OPTION 43 AP CONTROLLER (STATIC IP) MANAGED AP (DYNAMIC IP) 5.2.4 Notes on CAPWAP This section lists some additional features of ZyXEL's implementation of the CAPWAP protocol. • When the AP controller uses its internal Remote Authentication Dial In User Service (RADIUS - ZyXEL NWA-3500 | User Guide - Page 90
, it becomes a DHCP client. To discover its new IP address, check the DHCP server on your network. If your network has no DHCP server, the NWA's IP address remains the same. You can also check the Controller > AP Lists screen of the AP controller on your network. 90 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 91
before you attempt to log in again. If you changed the mode to Managed AP, you cannot log in as the web configurator is disabled; you must manage the NWA through the management AP on your network. Click this to return this screen to its previously-saved settings. NWA-3500/NWA-3550 User's Guide 91 - ZyXEL NWA-3500 | User Guide - Page 92
Chapter 5 Management Mode 92 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 93
Mode 6.1 Overview This chapter discusses the Controller AP management mode. When the NWA is used as a CAPWAP (Control And Provisioning of Wireless Access Points) controller AP, the Web Configurator changes to reflect this by including the Controller and Profile Edit screens. Refer to Section - ZyXEL NWA-3500 | User Guide - Page 94
Web Configurator. The NWA reboots and shows the following message. Figure 60 System Restart Note: The NWA reboots every time you change mode in the MGMT MODE screen. You can switch from Standalone AP to Controller AP (and vice versa) using the Web Configurator. 94 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 95
NWA is in AP controller mode, the Status screen displays some unique fields in the System Information, AP Status, WLAN Association and System Status sections. The System Status links take you to screens that provide information on the access points managed by the NWA. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 96
number of access points on the network that are not managed by the NWA, but are transmitting CAPWAP management requests. This field displays the number of wireless clients associated with APs managed by the NWA (including the NWA itself) using 802.11a radio mode. 96 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 97
by each SSID, and the number of wireless clients associated with each SSID. 6.4 AP Lists Screen Use this screen to view and add managed APs. By default, the controller NWA is always included in this table. Although you cannot remove it, you can edit its settings. NWA-3500/NWA-3550 User's Guide 97 - ZyXEL NWA-3500 | User Guide - Page 98
. This displays the IP address of the managed AP. This displays the MAC address of the managed AP. This displays the model name and 802.11 mode of the managed AP. This displays the description of the managed AP. You can assign this in Section 6.4.1 on page 100. 98 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 99
: the AP is upgrading its firmware. Edit Delete Un-Managed Access Points List Index Select IP MAC Address Model Description Add Automatic Refresh Interval Refresh Note: You can still edit a managed AP's settings even if it is offline. However, the changes only take effect when the NWA detects that - ZyXEL NWA-3500 | User Guide - Page 100
. Apply Reset Select Disable if you do not want to use a second radio profile. The AP's radio is not active when you select Disable. Click this to save the changes in this screen. Click this to return the fields in this screen to their previouslysaved values. 100 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 101
> AP Lists screen). • Select Always Accept to have the NWA manage any AP on your network that transmits a CAPWAP request for management. Click this to save the changes in this screen. Click this to return the fields in this screen to their previously-saved values. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 102
fields in this screen to their previously-saved values. 6.7 The Profile Edit Screens This section describes the Profile Edit screens, which are available only in AP controller mode. The following Profile Edit screens are identical to those in standalone mode: 102 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 103
. Radio profiles contain information about an AP's wireless settings and can be applied to APs managed by the NWA. In AP Controller mode, click Profile Edit > each radio profile on the NWA. This field displays the IEEE 802.11 wireless mode the radio profile uses. NWA-3500/NWA-3550 User's Guide 103 - ZyXEL NWA-3500 | User Guide - Page 104
Chapter 6 AP Controller Mode Table 16 Radio Screen LABEL Channel ID Edit DESCRIPTION This field displays the wireless channel the radio the Profile Edit > Radio screen, select a profile and click Edit. The following screen displays. Figure 68 Radio Edit Screen 104 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 105
DCS and select a channel ID manually. DCS is Disabled by default If the NWA is configured in Controller AP mode, it is recommended that you enable Dynamic Channel Selection (DCS). This allows the NWA to select channels with less intereference for Managed APs. NWA-3500/NWA-3550 User's Guide 105 - ZyXEL NWA-3500 | User Guide - Page 106
want access points using this radio profile to use. Each AP can use multiple SSID profiles simultaneously. Configure SSID profiles in the Profile Edit > SSID screens. Select this to use antenna diversity. Antenna diversity uses multiple antennas to reduce signal interference. 106 NWA-3500/NWA-3550 - ZyXEL NWA-3500 | User Guide - Page 107
Chapter 6 AP Controller Mode Table 17 Radio Edit Screen LABEL DESCRIPTION Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen afresh. NWA-3500/NWA-3550 User's Guide 107 - ZyXEL NWA-3500 | User Guide - Page 108
Chapter 6 AP Controller Mode 108 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 109
password for your NWA and have a RADIUS server authenticate management logins to the NWA. • Use the Time Setting screen (see Section 7.4 on page 115) to change your NWA's time and date. This screen allows you to configure the NWA's time based on your local time zone. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 110
assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not explicitly give you an IP network number, then most likely number identifies an individual computer on that network. 110 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 111
"-" and underscores "_" are accepted. Domain Name If you want to log into the NWA using the System Name, enter a name not longer than 15 alphanumeric characters. This is not a required field. Leave this field blank or enter the domain name here if you know it. NWA-3500/NWA-3550 User's Guide 111 - ZyXEL NWA-3500 | User Guide - Page 112
DNS servers. If you do not configure a DNS server, you must know the IP address of a machine in order to access it. Apply Reset The default setting is None. Click Apply to save your changes. Click Reset to reload the previous configuration for this screen. 112 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 113
fields in this section) to have a RADIUS server authenticate management logins to the NWA. Use old setting Select this to have a RADIUS server authenticate management logins to the NWA using the RADIUS username and password already configured on the device. NWA-3500/NWA-3550 User's Guide 113 - ZyXEL NWA-3500 | User Guide - Page 114
logins to the NWA. The NWA tests the user name and password against the RADIUS server when you apply your settings. • The user name and password must already be Apply to save your changes. Click Reset to reload the previous configuration for this screen. 114 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 115
and date you entered. New Time (hh:mm:ss) This field displays the last updated time from the time server or the last time configured manually. When you set Time and Date Setup to Manual, enter the new time in this field and then click Apply. NWA-3500/NWA-3550 User's Guide 115 - ZyXEL NWA-3500 | User Guide - Page 116
the time server or the last date configured manually. When you set Time and Date Setup to Manual, enter the new date in this field and this to have the NWA use the predefined list of time servers. User Defined Time Server Address Enter the IP address or URL of 116 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 117
00. Apply Reset Daylight Saving Time NWA for the first time, the date and time start at 2000-0101 00:00:00. When you select Auto in the System > Time Setting screen, the NWA then attempts to synchronize with one of the following pre-defined list of NTP time servers. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 118
it randomly selects one server and tries to synchronize with it. If the synchronization fails, then the NWA goes through the rest of the list in order from the first one tried until either it is successful or all the pre-defined NTP time servers have been tried. 118 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 119
those specified in your NWA. 8.2 What You Can Do in the Wireless Screen Use the Wireless > Wireless screen (see Section 8.3 on page 123) to configure the NWA to use a WLAN interface and operate in AP (Access Point), AP + Bridge, Bridge / Repeater or MBSSID mode. NWA-3500/NWA-3550 User's Guide 119 - ZyXEL NWA-3500 | User Guide - Page 120
Service set 120 A B ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 121
order to communicate. Figure 75 Extended Service Set Operating Mode The NWA can run in four operating modes as follows: • AP (Access Point). The NWA is a wireless access point that allows wireless communication to other devices in the network. • Bridge / Repeater. The NWA acts as a wireless network - ZyXEL NWA-3500 | User Guide - Page 122
Sets (BSSs). As well as the cost of buying extra APs, there was also the possibility of channel interference. The NWA's MBSSID (Multiple Basic Service Set IDentifier) function allows you to use one access point to provide several BSSs simultaneously. You can then assign varying levels of privilege - ZyXEL NWA-3500 | User Guide - Page 123
you select. Note: Some fields in this screen may not apply to your NWA model. 8.3.1 Access Point Mode Use this screen to use your NWA as an access point. Select Access Point as the Operating Mode. The following screen displays. Figure 76 Wireless: Access Point NWA-3500/NWA-3550 User's Guide 123 - ZyXEL NWA-3500 | User Guide - Page 124
LAN labels in this screen. Table 23 Wireless: Access Point LABEL DESCRIPTION WLAN Interface Select which WLAN adapter you want to configure. It is recommended that you configure the first WLAN adapter for AP functions and use the second WLAN adapter for bridge functions. Operating Mode 802.11 - ZyXEL NWA-3500 | User Guide - Page 125
: Access Point LABEL DESCRIPTION Disable DCS to unlock This appears if the DCS feature is enabled. Click this to disable DCS and select a channel ID manually. Operating Channel RTS/CTS Threshold Fragmentation Threshold Beacon Interval DTIM Output Power Note: DCS is Disabled by default This - ZyXEL NWA-3500 | User Guide - Page 126
Roaming allows wireless stations to switch from one access point to another as they move from one coverage area to another. Select this checkbox to enable roaming on the NWA if you have two or more NWAs on the same subnet. Apply Reset Note: All APs on the same subnet and the wireless stations must - ZyXEL NWA-3500 | User Guide - Page 127
DESCRIPTIONS WLAN Interface Select which WLAN adapter you want to configure. Operating Mode It is recommended that you configure the first WLAN adapter for AP functions and use the second WLAN adapter for bridge functions. Select Bridge / Repeater in this field. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 128
manually. Note: DCS is Disabled by default Operating Channel This field displays only when you select 802.11a in the 802.11 Radio Mode field. RTS/CTS Threshold This is the channel currently being used by your AP. sent. Enter an even number between 256 and 2346. 128 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 129
provides superior security to TKIP. Use AES if the other access points on your network support it for the WDS. This is the index number of the bridge connection. Select the check box to enable the bridge connection. Otherwise, clear the check box to disable it. NWA-3500/NWA-3550 User's Guide 129 - ZyXEL NWA-3500 | User Guide - Page 130
: Bridge / Repeater LABEL DESCRIPTIONS Remote box to disable the WLAN LED (light). Clear this box to LED enable the WLAN LED. Enable Spanning Tree NWA. Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen afresh. 130 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 131
Chapter 8 Wireless Configuration 8.3.3 AP + Bridge Mode Use this screen to have the NWA function as a bridge and access point simultaneously. Select AP + Bridge as the Operating Mode. The following screen diplays. Figure 78 AP + Bridge NWA-3500/NWA-3550 User's Guide 131 - ZyXEL NWA-3500 | User Guide - Page 132
is enabled. Click this to disable DCS and select a channel ID manually. Note: DCS is Disabled by default Operating Channel This field displays only when you select 802.11a in the 802.11 Radio Mode field. This is the channel currently being used by your AP. 132 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 133
Profile Note: Reducing the output power also reduces the NWA's effective broadcast radius. The SSID (Service Set IDentifier) identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID. Select an SSID Profile - ZyXEL NWA-3500 | User Guide - Page 134
ZyXEL access points that support WDS security. Use this if the other access points on your network support WDS security but do not have an AES option. AES Index Active Remote Bridge MAC PSK Note: Check your other AP device can use a different pre-shared key. 134 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 135
Roaming allows wireless stations to switch from one access point to another as they move from one coverage area to another. Select this checkbox to enable roaming on the NWA if you have two or more NWAs on the same subnet. Apply Reset Note: All APs on the same subnet and the wireless stations - ZyXEL NWA-3500 | User Guide - Page 136
Select which WLAN adapter you want to configure. Operating Mode It is recommended that you configure the first WLAN adapter for AP functions and use the second WLAN adapter for bridge functions. Select MBSSID in this field to display the screen as shown 136 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 137
ID manually. Operating Channel Note: DCS is Disabled by default This field displays only when you select 802.11a in the 802.11 Radio Mode field. This is the channel currently being used by your AP. RTS than the fragmentation threshold to turn RTS/CTS off. NWA-3500/NWA-3550 User's Guide 137 - ZyXEL NWA-3500 | User Guide - Page 138
. An SSID profile is the set of parameters relating to one of the NWA's BSSs. The SSID (Service Set IDentifier) identifies the Service Set with which a wireless station is associated. Wireless stations associating with the access point (AP) must have the same SSID. Index Active Note: If you are - ZyXEL NWA-3500 | User Guide - Page 139
the WLAN LED (light). Clear this box to enable the WLAN LED. access point to another as they move from one coverage area to another. Select this checkbox to enable roaming on the NWA if you have two or more NWAs on the same subnet. Apply Reset Note: All APs NWA-3500/NWA-3550 User's Guide 139 - ZyXEL NWA-3500 | User Guide - Page 140
to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology. 140 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 141
NWA detects radar activity on the channel you select, it automatically instructs the wireless clients to move to another channel, then resumes communications on the new channel. 8.4.3 Roaming A wireless station is a device with an IEEE 802.11a/b/g compliant wireless interface. An access point (AP - ZyXEL NWA-3500 | User Guide - Page 142
scans and detects the signal of access point AP 2. 3 Wireless station Y sends an association request to access point AP 2. 4 Access point AP 2 acknowledges the presence of wireless station Y and relays this information to access point AP 1 through the wired LAN. 142 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 143
use the same port number to relay roaming information. • The access points must be connected to the Ethernet and be able to get IP addresses from a DHCP server if using dynamic IP address assignment. To enable roaming on your NWA, click WIRELESS > Wireless. The screen appears as shown. Figure 81 - ZyXEL NWA-3500 | User Guide - Page 144
Chapter 8 Wireless Configuration 144 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 145
), and a guest profile that allows visitors access only the Internet and the network printer (Guest_SSID). 9.1.1 What You Can Do in the SSID Screen Use the Wireless > SSID screen (see Section 9.2 on page 147) to configure up to 16 SSID profiles for your NWA. NWA-3500/NWA-3550 User's Guide 145 - ZyXEL NWA-3500 | User Guide - Page 146
may help as you read through this chapter. When the NWA is set to Access Point, AP + Bridge or MBSSID mode, you need to choose the VLAN screen to set up wireless VLANs based on SSID Configure the fields in the above screens to use the settings in an SSID profile. 146 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 147
SSID profile on the NWA. This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate with, this displays the Quality of Service setting for this profile or NONE if QoS is not configured on a profile. NWA-3500/NWA-3550 User's Guide 147 - ZyXEL NWA-3500 | User Guide - Page 148
DESCRIPTION Profile Name Displays the name identifying this profile. SSID When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client field. See Section 11.2 on page 171 for more information. 148 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 149
Reset to begin configuring this screen afresh. 9.3 Technical Reference This section provides technical background information about the topics covered in this chapter. 9.3.1 WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless networks. It controls WLAN - ZyXEL NWA-3500 | User Guide - Page 150
applications such as Internet telephony (Voice over IP or VoIP) tend to have smaller packet sizes than non-time sensitive applications such as FTP (File Transfer Protocol). The following table shows some common applications, their time sensitivity, and their 150 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 151
Table 32 Typical Packet Sizes APPLICATION TIME SENSITIVITY Voice over IP (SIP) High Online Gaming High Web browsing (http) You should activate ATC on the NWA if your wireless network includes networking devices that do not support WMM QoS, or if you NWA-3500/NWA-3550 User's Guide 151 - ZyXEL NWA-3500 | User Guide - Page 152
coming from the LAN to the WLAN. Table 34 ATC + WMM Priority Assignment (LAN to WLAN) PACKET SIZE (BYTES) ATC VALUE service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route 152 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 153
configured policies. 9.3.4.3 ToS (Type of Service) and WMM QoS The DSCP value of outgoing packets is between 0 and 255. 0 is the default priority. WMM QoS checks the DSCP value . A Voice over IP (VoIP) device for example may allow you to define the DSCP value. NWA-3500/NWA-3550 User's Guide 153 - ZyXEL NWA-3500 | User Guide - Page 154
The following table lists which WMM QoS priority level the NWA uses for specific DSCP values. Table 36 ToS and , 32 background A. The NWA also uses best effort for any DSCP value for which another WMM QoS priority is not specified (255, 158 or 37 for example). 154 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 155
stations, access points and the wired network. Figure 86 Securing the Wireless Network In the figure above, the NWA (ZyXEL Device) checks the identity of devices (A and B) before giving them access to the .2 on page 157) to choose the security mode for your NWA. NWA-3500/NWA-3550 User's Guide 155 - ZyXEL NWA-3500 | User Guide - Page 156
and the access points to keep network communications private. • 802.1x-Only. This is a standard that extends the features of IEEE 802.11 to support extended authentication. It provides additional accounting and control features. This option does not support data encryption. 156 NWA-3500/NWA-3550 - ZyXEL NWA-3500 | User Guide - Page 157
• WPA. Wi-Fi Protected Access (WPA) is NWA when used as a wireless client employs Temporal Key Integrity Protocol (TKIP) data encryption. 10.2 The Security Screen Note: The following screens are configurable only in Access Point, AP + Bridge and MBSSID operating modes. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 158
the security mode this security profile uses. Edit Select an entry from the list and click Edit to configure security settings for that profile. 158 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 159
to identify this security profile. Security Mode Choose WEP in this field. WEP Encryption Select Disable to allow wireless stations to communicate with the access points without any data encryption. Select 64-bit WEP or 128-bit WEP to enable data encryption. NWA-3500/NWA-3550 User's Guide 159 - ZyXEL NWA-3500 | User Guide - Page 160
wireless station to the AP or peer computer. This requires you Reset You must configure all four keys, but only one key can be activated at any one time. The default key is key 1. Click Apply to save your changes. Click Reset to begin configuring this screen afresh. 160 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 161
. The wireless station needs to enter the user name and password again before access to the wired network is allowed. The default time interval is 3600 seconds (or 1 hour). Click Apply to save your changes. Click Reset to begin configuring this screen afresh. NWA-3500/NWA-3550 User's Guide 161 - ZyXEL NWA-3500 | User Guide - Page 162
for the keys must be set up exactly the same on the access points as they are on the wireless stations. The preceding "0x" is entered automatically. You must configure all four keys, but only one key can be activated at any one time. The default key is key 1. 162 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 163
and password again before access to the wired network is allowed. The default time interval is 3600 seconds (or 1 hour). Click Apply to save your changes. Click Reset to begin configuring this screen afresh. 10.2.4 Security: WPA Use this screen to set the selected profile to Wi-Fi Protected Access - ZyXEL NWA-3500 | User Guide - Page 164
changing the group key for an AP and all stations in a WLAN on a periodic basis. Setting of the Group Key Update Timer is also supported in WPA-PSK mode. The NWA default is 1800 seconds (30 minutes). Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen - ZyXEL NWA-3500 | User Guide - Page 165
which it is currently connected, before moving into the new AP's coverage area. This speeds up roaming. Select Enable to allow pre-authentication, or Disable to switch it off. Click Apply to save your changes. Click Reset to begin configuring this screen afresh. NWA-3500/NWA-3550 User's Guide 165 - ZyXEL NWA-3500 | User Guide - Page 166
disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. The default time interval is 3600 seconds (or 1 hour). 166 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 167
changing the group key for an AP and all stations in a WLAN on a periodic basis. Setting of the Group Key Update Timer is also supported in WPA-PSK mode. The NWA's default is 1800 seconds (30 minutes). Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen - ZyXEL NWA-3500 | User Guide - Page 168
Chapter 10 Wireless Security Screen 168 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 169
model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. Figure 95 RADIUS Server Setup Authentication In the figure above, wireless clients A and U are trying to access the Internet using the NWA (ZyXEL Device). The NWA in - ZyXEL NWA-3500 | User Guide - Page 170
server for your NWA. You can configure up to four RADIUS server profiles. Each profile also has one backup authentication server and a backup accounting server. These profiles can be assigned to an SSID profile in the Wireless > SSID configuration screen. 170 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 171
the Active check boxes are selected if you want to use backup servers. RADIUS Option The NWA will attempt to communicate three times before using the Backup servers. Requests can be issued from the of the ReAuthentication Timer field in the Security screen. NWA-3500/NWA-3550 User's Guide 171 - ZyXEL NWA-3500 | User Guide - Page 172
the external accounting server and the NWA. The key must be the same on the external accounting server and your NWA. The key is not sent over the network. Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen afresh. 172 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 173
APs, computers or routers in a network. In the following figure, layer-2 isolation is enabled on the NWA (Z) to allow a guest wireless client (A) to access the main network router (B). The router provides access Wireless > Layer-2 Isolation screen are blocked from NWA-3500/NWA-3550 User's Guide 173 - ZyXEL NWA-3500 | User Guide - Page 174
to know the MAC address of each device to configure MAC filtering on the NWA. If layer-2 isolation is enabled, you need to know the MAC address of each wireless client, AP, computer or router that you want to allow to communicate with the NWA's wireless clients. 174 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 175
a layer-2 isolation profile in the Layer-2 Isolation Configuration screen. Edit Select an entry from the list and click Edit to configure settings for that profile. NWA-3500/NWA-3550 User's Guide 175 - ZyXEL NWA-3500 | User Guide - Page 176
addresses These are the MAC address of a wireless client, AP, computer or router. A wireless client associated with the NWA can communicate with another wireless client, AP, computer or router only if the MAC addresses of those devices are listed in this table. 176 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 177
the MAC addresses of the wireless client, AP, computer or router that you want to allow the associated wireless clients to have access to in these address fields. Type NWA (A). Figure 100 Layer-2 Isolation Example Configuration 00:00:c5:00:00:66 00:00:c5:00:00:cc NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 178
point B and file server C but not wireless client 3. • Enter the server's and your NWA's MAC addresses in the MAC Address fields. Enter "File Server C" in C's Description field, and enter "Access Point B" in B's Description field. Layer-2 Isolation Example 2 178 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 179
which wireless station is allowed or denied access to the NWA. 13.1.2 What You Should Know About MAC Filter Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal NWA-3500/NWA-3550 User's Guide 179 - ZyXEL NWA-3500 | User Guide - Page 180
is a user-configured list of MAC addresses. Each SSID profile can reference one MAC filter profile. The NWA provides 16 MAC Filter profiles, each of which can hold up to 128 MAC addresses. Click Wireless > and click Apply. Figure 103 Wireless > MAC Filter > Edit 180 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 181
. Click Reset to begin configuring this screen afresh. Note: If you configure both the MAC Address Filter table and Group Settings table and a client matches a MAC address specified in both tables, the settings in the Group Settings is applied by the NWA first. NWA-3500/NWA-3550 User's Guide 181 - ZyXEL NWA-3500 | User Guide - Page 182
Chapter 13 MAC Filter Screen 182 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 183
the IP Screen (see Section 14.2 on page 184) to configure the IP address of your NWA. 14.1.2 What You Need To Know About IP The Ethernet parameters of the NWA are preset with the following values: • IP address of 192.168.1.2 • Subnet mask of 255.255.255.0 (24 bits) NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 184
. On the LAN, the gateway must be a router on the same segment as your NWA; over the WAN, the gateway must be the IP address of one of the remote nodes. Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen afresh. 184 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 185
situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. NWA-3500/NWA-3550 User's Guide 185 - ZyXEL NWA-3500 | User Guide - Page 186
Chapter 14 IP Screen 186 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 187
software to physically locate it. Note that it is not necessary for a network to have a legitimate wireless LAN component for rogue APs to open the network to an attacker. In this case, any AP detected can be classified as rogue. Figure 106 Rogue AP Example NWA-3500/NWA-3550 User's Guide 187 - ZyXEL NWA-3500 | User Guide - Page 188
that you export (save) your list of friendly APs often, especially if you have a network with a large number of access points. If you do not add them to the friendly AP list, these access points will appear in the Rogue AP list each time the NWA scans. 188 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 189
have no way of knowing that they are not associating with a legitimate company AP. The attacker can forward network traffic from associated clients to a legitimate AP, creating the impression of normal service. This is a variety of "man-in-the-middle" attack. NWA-3500/NWA-3550 User's Guide 189 - ZyXEL NWA-3500 | User Guide - Page 190
AP screen) to your computer. Enter the location of a previously-saved friendly AP list to upload to the NWA. Alternatively, click the Browse button to locate a list. Click this button to locate a previously-saved list of friendly APs to upload to the NWA. 190 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 191
the Media Access Control (MAC) address of the AP. All wireless devices have a MAC address that uniquely identifies them. This field displays the Service Set IDentifier (also known as the network name) of the AP. This field displays the wireless channel the AP is currently using. NWA-3500/NWA-3550 - ZyXEL NWA-3500 | User Guide - Page 192
of all wireless access points within the NWA's coverage area. Click Rogue AP > Rogue AP. The following screen displays. Figure 110 Rogue AP The following table describes the labels in this screen. Table 53 Rogue AP LABEL DESCRIPTION Rogue AP List This displays details of access points in the - ZyXEL NWA-3500 | User Guide - Page 193
this button to add the entry to the friendly AP list (see Section 15.2.1 on page 191). When the NWA next scans for rogue APs, the selected AP does not appear in the rogue AP list. Reset Click Reset to return all fields in this screen to their default values. NWA-3500/NWA-3550 User's Guide 193 - ZyXEL NWA-3500 | User Guide - Page 194
Chapter 15 Rogue AP Detection 194 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 195
WLAN and LAN • Neither (Disable) In the figure below, the NWA (A) is being managed by a desktop computer (B) connected via LAN (Land Area Network). It is also being accessed by a notebook (C) connected via WLAN (Wireless LAN). Figure 111 Remote Management Example B NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 196
. Your NWA supports SNMP agent functionality, which allows a manager station to manage and monitor the NWA through the network. The NWA supports SNMP version one (SNMPv1) and version two (SNMPv2c). The next figure illustrates an SNMP management operation. . 196 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 197
Limitations Remote management over LAN or WLAN will not work when: • You have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the NWA will disconnect the session immediately - ZyXEL NWA-3500 | User Guide - Page 198
default. Server Access You can change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Select the interface(s) through which a computer may access the NWA using Telnet. 198 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 199
the computer with the IP address that you specify to access the NWA using this service. Click Apply to save your customized settings and exit this screen. Click Reset to begin configuring this screen afresh. 16.3 The FTP Screen You can upload and download the NWA's firmware and configuration files - ZyXEL NWA-3500 | User Guide - Page 200
Click Reset to begin configuring this screen afresh. 16.4 The WWW Screen You can choose to configure your NWA via the World Wide Web (WWW) using a Web browser. This lets you specify which IP addresses or computers are able to communicate with and access the NWA. 200 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 201
labels in this screen. Table 56 Remote Management: WWW LABEL DESCRIPTION WWW Server Port This is set to port 80 by default. Server Access Secured Client IP Address You may change the server port number for a service if needed, however you must use the same port number in order to use that - ZyXEL NWA-3500 | User Guide - Page 202
service. Apply Reset Choose Selected to just allow the computer with the IP address that you specify to access the NWA using this service. Click Apply to save your customized settings and exit this screen. Click Reset to begin configuring this screen afresh. 202 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 203
all requests. Community Type the trap community, which is the password sent with each trap to the SNMP manager. The default is public and allows all requests. Trap Destination Type the IP address of the station to which you want the NWA to send SNMP traps. NWA-3500/NWA-3550 User's Guide 203 - ZyXEL NWA-3500 | User Guide - Page 204
service. Apply Reset Choose Selected to just allow the computer with the IP address that you specify to access the NWA using this service. Click Apply to save your customized settings and exit this screen. Click Reset to begin configuring this screen afresh. 204 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 205
authentication with managers using SNMP v3. Password Confirm Password Access Type Enter the password for the user name. Retype the password for verification. The default value for this is Set. This is generally considered stronger than MD5, but is slower. NWA-3500/NWA-3550 User's Guide 205 - ZyXEL NWA-3500 | User Guide - Page 206
SNMPv3User Enable SNMPv3User User Name Password Confirm Password Access Type • DES - Data password for the user name. Retype the password for verification. The default value You can choose one of the following: Apply Reset • DES - Data Encryption Standard is a widely NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 207
agent to inform the manager of some events. 16.6.2 Supported MIBs The NWA supports MIB II that is defined in RFC-1213 and RFC-1215 as well as the proprietary ZyXEL private MIB. The purpose of the MIBs is to let . This trap is sent when the Ethernet link is up. NWA-3500/NWA-3550 User's Guide 207 - ZyXEL NWA-3500 | User Guide - Page 208
receives any SNMP get or set requirements with the wrong community (password). Traps defined in the ZyXEL Private MIB. whyReboot 1.3.6.1.4.1.890.1.5.1 3.0.1 Note: snmpEnableAuthenTraps, OID 1.3.6.1.2.1.11 WLAN1 in WDS mode enet22 ~ enet26 WLAN2 in WDS mode 208 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 209
to access the network. Figure 118 RADIUS Server Access Request Z Wired Network A Allow / Deny The NWA can also serve as a RADIUS server to authenticate other APs and their wireless clients. For more background information on RADIUS, see Section 11.2 on page 175. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 210
Internal RADIUS Server Setting Screen Use this screen to turn the NWA's internal RADIUS server off or on and to view information about the NWA's certificates. Click AUTH. SERVER > Setting. The following screen displays. Figure 119 Internal RADIUS Server Setting 210 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 211
NWA use its internal RADIUS server to authenticate wireless clients or other APs represents the default self-signed certificate, which the NWA uses to sign NWA use certificates to authenticate wireless clients. Click Reset to start configuring this screen afresh. NWA-3500/NWA-3550 User's Guide 211 - ZyXEL NWA-3500 | User Guide - Page 212
sent over the network. This key must be the same on the AP and the NWA. Both the NWA's IP address and this shared secret must also be configured in the "external RADIUS" server fields of the trusted AP. Note: The first trusted AP fields are for the NWA itself. 212 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 213
same user name and password activated on their wireless utilities. User Name Enter the user name for this user account. This name can be up to 31 alphanumeric characters long, including spaces. The wireless client's utility must use this name as its login name. NWA-3500/NWA-3550 User's Guide 213 - ZyXEL NWA-3500 | User Guide - Page 214
password configured in the AUTH. SERVER > Trusted Users screen. The following figure shows how this is done. Wireless clients make access requests to trusted APs, which relay the requests to the NWA. Figure 122 Trusted APs Overview ZyXEL RADIUS Server Trusted APs Wireless clients 214 NWA-3500 - ZyXEL NWA-3500 | User Guide - Page 215
PEAP/MS-CHAPv2 settings, deselect the Use Windows logon name and password check box. When authentication begins, a pop-up dialog box requests you to type a Name, Password and Domain of the RADIUS server. Specify a name and password only, do not specify a domain. NWA-3500/NWA-3550 User's Guide 215 - ZyXEL NWA-3500 | User Guide - Page 216
Chapter 17 Internal RADIUS Server 216 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 217
import or create a new certificate. • Use the Trusted CAs screens (see Chapter 18 on page 229) to save CA certificates to the NWA. This screen displays a summary list of certificates of the certification authorities that you have set the NWA to accept as trusted. NWA-3500/NWA-3550 User's Guide 217 - ZyXEL NWA-3500 | User Guide - Page 218
#7 certificate into a printable form. 18.2 My Certificates Screen Use this screen to view the NWA's summary of certificates and certification requests. Click Certificates > My Certificates. The following screen displays. Figure 124 Certificates > My Certificates 218 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 219
. Click Create to go to the screen where you can have the NWA generate a certificate or a certification request. Click Import to open a screen where you can save the certificate that you have enrolled from a certification authority from your computer to the NWA. NWA-3500/NWA-3550 User's Guide 219 - ZyXEL NWA-3500 | User Guide - Page 220
Select the Default self-signed NWA. Note: You can import only a certificate that matches a corresponding certification request that was generated by the NWA. Click Certificates > My Certificates and then Import to open the My Certificate Import screen. 220 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 221
certificate file you want to upload. Apply Click Apply to save the certificate on the NWA. Cancel Note: The certificate you import replaces the corresponding request in the My Certificates screen. Click Cancel to quit and return to the My Certificates screen. NWA-3500/NWA-3550 User's Guide 221 - ZyXEL NWA-3500 | User Guide - Page 222
18 Certificates 18.2.2 My Certificates Create Screen Use this screen to have the NWA create a self-signed certificate, enroll a certificate with a certification authority or generate certificate. It is recommended that each certificate have unique subject information. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 223
to identify the certificate's owner by IP address, domain name or e-mail address. Type the IP address (in dotted decimal notation), domain later manual enrollment Select Create a certification request and save it locally for later manual enrollment to have the NWA NWA-3500/NWA-3550 User's Guide 223 - ZyXEL NWA-3500 | User Guide - Page 224
the Internet Engineering Task Force (IETF) and is specified in RFC 2510. Enter the IP address (or URL) of the certification authority server. Select the certification authority's certificate is working properly if you want the NWA to enroll a certificate online. 224 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 225
host certificates that you import to the NWA. Click Certificates > My Certificates to open the My Certificates screen (Figure 124 on page 218). Click the details button to open the My Certificate Details screen. Figure 127 Certificates > My Certificate Details NWA-3500/NWA-3550 User's Guide 225 - ZyXEL NWA-3500 | User Guide - Page 226
was used to sign the certificate. The NWA uses rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm). Some certification authorities may use ras-pkcs1-md5 (RSA public-private key encryption algorithm and the MD5 hash algorithm). 226 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 227
owner's IP address (IP), domain Alternative management computer for later manual enrollment. Export Apply Cancel default self-signed certificate that signs the imported trusted remote host certificates. Click Cancel to quit and return to the My Certificates screen. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 228
. Table 68 Trusted CAs LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the NWA's PKI storage space that is currently in use. When you are using 80% or less of the if the certificate is about to expire or has already expired. 228 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 229
revocation lists (CRL) check box in the certificate's details screen to have the NWA check the CRL before trusting any certificates issued by the certification authority. Otherwise the field import the certificate. Figure 129 Certificates > Trusted CAs Import NWA-3500/NWA-3550 User's Guide 229 - ZyXEL NWA-3500 | User Guide - Page 230
find the certificate file you want to upload. Apply Click Apply to save the certificate on the NWA. Cancel Click Cancel to quit and return to the Trusted CAs screen. 18.3.2 Trusted CAs Details Details screen. Figure 130 Certificates > Trusted CAs Details 230 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 231
be the only certification authority in the list (along with the end entity's own certificate). The NWA does not trust the end entity's certificate and displays "Not trusted" in this field if any Valid! message if the certificate has not yet become applicable. NWA-3500/NWA-3550 User's Guide 231 - ZyXEL NWA-3500 | User Guide - Page 232
the certificate's owner's IP address (IP), domain Alternative Name Points NWA to check the CRL that the certification authority issues before trusting a certificate issued by the certification authority. Click Cancel to quit and return to the Trusted CAs screen. 232 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 233
authorities like CyberTrust or VeriSign and government certification authorities. You can use the NWA to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority. NWA-3500/NWA-3550 User's Guide 233 - ZyXEL NWA-3500 | User Guide - Page 234
and Thumbprint fields. The secure method may vary according to your situation. Possible examples would be over the telephone or through an HTTPS connection. 234 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 235
monitor events, errors, progress, and so on. When network problems or system failures occur, the cause or origin can be traced Accessing Logs in the Network The figure above illustrates three ways to access logs. The user (U) can access logs directly from the NWA NWA-3500/NWA-3550 User's Guide 235 - ZyXEL NWA-3500 | User Guide - Page 236
IP access control. You can view logs and alert messages in this page. Once the log entries are all used, the log will wrap around and the old logs will be deleted. Click a column heading to sort the entries. A triangle indicates ascending or descending sort order. 236 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 237
the reason for the log. This field lists the source IP address and the port number of the incoming packet. This field lists the destination IP address and the port number of the incoming packet. This renew the log screen. Click Clear Log to clear all the logs. NWA-3500/NWA-3550 User's Guide 237 - ZyXEL NWA-3500 | User Guide - Page 238
Chapter 19 Log Screens 19.3 The Log Settings Screen Use this screen to configure where and when the NWA will send the logs, and which logs and/or immediate alerts to send. Click Logs > Log Settings. The following screen displays. Figure 135 Logs > Log Settings 238 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 239
password associated with the above username. Syslog Logging Syslog logging sends a log to an external syslog server used to store logs. Active Click Active to enable syslog logging. Syslog IP Address Enter the server name or IP 11:00 pm) to send the logs. NWA-3500/NWA-3550 User's Guide 239 - ZyXEL NWA-3500 | User Guide - Page 240
Successfully Someone has logged on to the NWA via telnet. TELNET Login Fail Someone has failed to log on to the NWA via telnet. FTP Login Successfully Someone has logged on to the NWA via FTP. FTP Login Fail Someone has failed to log on to the NWA via FTP. 240 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 241
the Type of Service and Host 8 Echo 0 Echo message 11 Time Exceeded 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates . The messages and notes are defined in this appendix's other charts. NWA-3500/NWA-3550 User's Guide 241 - ZyXEL NWA-3500 | User Guide - Page 242
E on page 357 for a discussion on how to access and use the commands). 19.4.3 Configuring What You Want the NWA to Log Use the sys logs load command to load logs in an individual NWA log category. Use the sys logs clear command to erase all of the NWA's logs. 242 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 243
and alerts and then view the results. ras> sys logs load ras> sys logs category error 3 ras> sys logs save ras> sys logs display access #. time source message 0 | 11/11/2002 15:10:12 | 172.22.3.80:137 BLOCK destination | 172.22.255.255:137 notes | ACCESS NWA-3500/NWA-3550 User's Guide 243 - ZyXEL NWA-3500 | User Guide - Page 244
Chapter 19 Log Screens 244 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 245
from an SSID with the VLAN ID you set in this screen. • Use the Radius VLAN screen (Section 20.2.1 on page 248) to configure your RADIUS Virtual LAN setup. Your RADIUS server assigns VLAN IDs to a user or user group's traffic based on what you set in this screen. NWA-3500/NWA-3550 User's Guide 245 - ZyXEL NWA-3500 | User Guide - Page 246
order to access and manage the NWA. If a device is not a member of this VLAN, then that device cannot manage the NWA. Note: If no devices are in the management VLAN, then you will be able to access the NWA only through the console port (not through the network). 246 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 247
this VLAN group. At least one device in your network must belong to this VLAN group in order to manage the NWA. Note: Mail and FTP servers must have the same management VLAN ID to communicate with the NWA. See Section 20.3.2 on page 250 for more information. NWA-3500/NWA-3550 User's Guide 247 - ZyXEL NWA-3500 | User Guide - Page 248
NWA. Click this to return this screen to its last-saved settings. 20.2.1 RADIUS VLAN Screen Use this screen to configure your RADIUS Virtual LAN setup. Your RADIUS server assigns VLAN IDs to a user or user group's traffic based on what you set in this screen. 248 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 249
20.3.3 on page 253 for more information. This is the index number of the SSID profile. Select a check box to enable the SSID profile. Type a VLAN ID. Incoming traffic from the WLAN is authorized and assigned a VLAN ID before it is sent to the LAN. NWA-3500/NWA-3550 User's Guide 249 - ZyXEL NWA-3500 | User Guide - Page 250
VLAN (VLAN ID 1). The following procedure shows you how to configure a tagged VLAN. Note: Use the out-of-band management port or console port to configure the switch if you misconfigure the management VLAN and lock yourself out from performing in-band management. 250 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 251
Packets (Tx) Tagging on the port which you want to connect to the NWA. Disable Tx Tagging on the port you are using to connect to your computer. 7 Under Control, select Fixed to set the port as a member of the VLAN. Figure 140 VLAN-Aware Switch - Static VLAN NWA-3500/NWA-3550 User's Guide 251 - ZyXEL NWA-3500 | User Guide - Page 252
to your computer and port 2 to connect to the NWA: Figure 139 on page 251. 1 In the NWA web configurator click VLAN to open the VLAN setup screen. 2 Select the Enable VLAN Tagging check box and type a Management VLAN ID (10 in this example) in the field provided. 252 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 253
Dynamic VLAN assignment allows network administrators to assign a specific VLAN (configured on the NWA) to an individual's Windows User Account. When a wireless station is successfully authenticated to the network, it is automatically placed into it's respective VLAN. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 254
VLAN ID. One VLAN Group must be created for each VLAN defined on the NWA. The VLAN Groups must be created as Global/Security groups. 1a Type a name for the VLAN Group that describes the VLAN Group's function. 1b Select the Global Group scope parameter check box. 254 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 255
Members 20.3.3.2 Configuring Remote Access Policies Once the VLAN Groups have been created, the IAS Remote Access Policy needs to be defined. This allows the IAS to compare the user account being authenticated against the group memberships of each VLAN Group. NWA-3500/NWA-3550 User's Guide 255 - ZyXEL NWA-3500 | User Guide - Page 256
. Each Remote Access Policy will be matched to one VLAN Group. An example may be, Allow - VLAN 10 Policy. 1c Click Next. Figure 146 New Remote Access Policy for VLAN Group 2 The Conditions window displays. Select Add to add a condition for this policy to act on. 256 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 257
with each policy. 5 Click OK and Next in the next few screens to accept the group value. Figure 148 Adding VLAN Group 6 When the Permissions options screen displays, select Grant remote access permission. 6a Click Next to grant access based on group membership. NWA-3500/NWA-3550 User's Guide 257 - ZyXEL NWA-3500 | User Guide - Page 258
Chapter 20 VLAN 6b Click the Edit Profile button. Figure 149 Granting Permissions and User Profile Screens 7 The Edit Dial-in Profile the check boxes for all other authentication types listed below the dropdown list box. Figure 150 Authentication Tab Settings 258 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 259
and select the Client may request an IP address check box for DHCP support. 10 Click the Advanced tab. The current default parameters returned to the NWA should be Service-Type and Framed-Protocol. • Click the Add button to add an additional three RADIUS VLAN attributes required for 802.1X Dynamic - ZyXEL NWA-3500 | User Guide - Page 260
Chapter 20 VLAN 11 The RADIUS Attribute screen displays. From the list, three RADIUS attributes will be added: • Tunnel-Medium-Type • Tunnel-Pvt-Group from the Attribute value drop-down list box. Click OK. Figure 154 802 Attribute Setting for Tunnel-Medium-Type 260 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 261
shown as Figure 153 on page 260. 15a Select Tunnel-Type. 15b Click Add. 16 The Enumerable Attribute Information screen displays. 16a Select Virtual LANs (VLAN) from the attribute value drop-down list box. NWA-3500/NWA-3550 User's Guide 261 - ZyXEL NWA-3500 | User Guide - Page 262
Advanced Tab Note: Repeat the Configuring Remote Access Policies procedure for each VLAN Group defined in the Active Directory. Remember to place the most general Remote Access Policies at the bottom of the list and the most specific at the top of the list. 262 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 263
. However, SSID02 has no second Rx VLAN ID configured, and the NWA forwards only packets tagged with VLAN ID 2 to it. 20.3.4.1 Second Rx VLAN Setup Example The following steps show you how to setup a second Rx VLAN ID on the NWA. 1 Log into the Web Configurator. NWA-3500/NWA-3550 User's Guide 263 - ZyXEL NWA-3500 | User Guide - Page 264
a Second Rx VLAN ID of 4. Figure 159 Configuring SSID: Second Rx VLAN ID Example 6 Click Apply to save these settings. Outgoing packets from clients in SSID03 are tagged with a VLAN ID of 3, and incoming packets with a VLAN ID of 3 or 4 are forwarded to SSID03. 264 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 265
access point (AP) or you limit the amount of wireless traffic transmitted and received on it. Because there is a hard upper limit on the AP NWA: • Load balancing by station number limits the number of devices allowed to connect to your AP number of connections to the NWA based on maximum bandwidth - ZyXEL NWA-3500 | User Guide - Page 266
does not want to overload itself) denies it if an identical AP is in range that can take on the burden of the new connection. Note: If no other APs with matching settings are in range of the NWA, then it will still accept the connection despite becoming overloaded. 266 NWA-3160 Series User's Guide - ZyXEL NWA-3500 | User Guide - Page 267
the AP allows to pass through it before it becomes overloaded and starts delaying or rejecting connections. • Low - Up to 6 Mbps before it becomes overloaded. • Medium - Up to 13 Mbps before it becomes overloaded. • High - Up to 20 Mbps before it becomes overloaded. NWA-3160 Series User's Guide - ZyXEL NWA-3500 | User Guide - Page 268
resume the connection. For example, here the AP has a balanced bandwidth allotment of 6 Mbps. If the red laptop (R) attempts to connect and it could potentially push the AP over its allotment, say to 7 Mbps, then the AP delays the red laptop's connection until it 268 NWA-3160 Series User's Guide - ZyXEL NWA-3500 | User Guide - Page 269
Delaying a Connection R The second response your AP can take is to kick the connections that are pushing it over its balanced bandwidth allotment. Figure 163 Kicking a Connection R Connections are kicked based on either idle timeout or signal strength. The NWA first looks to see which devices have - ZyXEL NWA-3500 | User Guide - Page 270
Chapter 21 Load Balancing 270 NWA-3160 Series User's Guide - ZyXEL NWA-3500 | User Guide - Page 271
and manually change the channel to one that no other AP is using (or at least a channel that has a lower level of interferrence) in order to give the connected stations a minimum degree of cross-channel interference. Figure 164 An example of cross-channel interference NWA-3160 Series User's Guide - ZyXEL NWA-3500 | User Guide - Page 272
broadcast radius. If the channel on which it is currently broadcasting suddenly comes into use by another AP, the NWA will then dynamically select the next available empty channel or a channel with markedly lower interference. This is set to 720 minutes by default. 272 NWA-3160 Series User's Guide - ZyXEL NWA-3500 | User Guide - Page 273
) DCS DFS Channel Aware (5G only) Apply Reset If you select Disable then the NWA switches channels immediately regardless of any client connections. connected to the AP when it switches channels are dropped. Select the range of non-overlapping channel numbers for which you want the NWA to scan and - ZyXEL NWA-3500 | User Guide - Page 274
Chapter 22 Dynamic Channel Selection 274 NWA-3160 Series User's Guide - ZyXEL NWA-3500 | User Guide - Page 275
factory defaults, backup configuration, and restoring configuration. • Use Restart screen (Section 23.9 on page 284) to reboot the NWA without turning the power off. 23.3 What You Need To Know The following terms and concepts may help as you read through this chapter. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 276
Version This is the ZyNOS Firmware version and date created. ZyNOS is ZyXEL's proprietary Network Operating System design. IP Address This is the Ethernet port IP address. IP Subnet Mask This is the Ethernet port subnet mask. DHCP This is the Ethernet port DHCP role - Client or None. Show - ZyXEL NWA-3500 | User Guide - Page 277
. The fields in this screen vary according to the current wireless mode of each WLAN adaptor. Figure 167 Maintenance > System Status: Show Statistics The following table describes the when wireless LAN adaptor WLAN1 is in AP + Bridge or Bridge / Repeater mode. NWA-3500/NWA-3550 User's Guide 277 - ZyXEL NWA-3500 | User Guide - Page 278
This section displays only when wireless LAN adaptor WLAN2 is in AP + Bridge or Bridge / Repeater mode. Bridge Link # This is the index number of station first associated with the NWA. SSID This field displays the SSID to which the wireless station is associated. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 279
is activated on one of the NWA's WLAN adaptors. Link No This field NWA, as well as the signal strength and network mode. Click Maintenance > Channel Usage. The following figure displays. Wait a moment while the NWA compiles the information. Figure 169 Channel Usage NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 280
Usage LABEL DESCRIPTION SSID This is the Service Set IDentification name of the AP in an Infrastructure wireless network or wireless firmware to your NWA. Click MAINTENANCE > F/W Upload. The following screen displays. . Figure 170 Maintenance > F/W Upload 280 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 281
systems, you may see the following icon on your desktop. Figure 172 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen. NWA-3500/NWA-3550 User's Guide 281 - ZyXEL NWA-3500 | User Guide - Page 282
> Configuration 23.8.1 Backup Configuration Backup configuration allows you to back up (save) the NWA's current configuration to a file on your computer. Once your NWA is configured and functioning properly, it is highly recommended that you back up your 282 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 283
systems, you may see the following icon on your desktop. Figure 176 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default NWA IP NWA-3500/NWA-3550 User's Guide 283 - ZyXEL NWA-3500 | User Guide - Page 284
. Figure 178 Reset Warning Message You can also press the RESET button to reset your NWA to its factory default settings. Refer to Section 2.3 on page 38 for more information. 23.9 Restart Screen Use this screen to restart the NWA without turning it off and on. 284 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 285
Chapter 23 Maintenance Click Maintenance > Restart. The following screen displays. Click Restart to have the NWA reboot. This does not affect the NWA's configuration. Figure 179 Restart Screen NWA-3500/NWA-3550 User's Guide 285 - ZyXEL NWA-3500 | User Guide - Page 286
Chapter 23 Maintenance 286 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 287
PART III Troubleshooting and Specifications Troubleshooting (289) Product Specifications (297) 287 - ZyXEL NWA-3500 | User Guide - Page 288
288 - ZyXEL NWA-3500 | User Guide - Page 289
you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • NWA Access and Login • AP Management Modes • Internet Access • Wireless Router/AP Troubleshooting 24.2 Power, Hardware Connections, and LEDs The NWA does not turn on. None - ZyXEL NWA-3500 | User Guide - Page 290
when accessing the NWA over the wired network, and use the WLAN MAC address when accessing the NWA over the wireless interface. • If this does not work, you have to reset the device to its factory defaults. See Section 2.3 on page 38. I forgot the password. 290 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 291
step.) • If there is no DHCP server on your network, make sure your computer's IP address is in the same subnet as the NWA. • Reset the device to its factory defaults, and try to access the NWA with the default IP address. See your Quick Start Guide. • If the problem continues, contact the network - ZyXEL NWA-3500 | User Guide - Page 292
when the Web Configurator is idle. 24.4 AP Management Modes The primary controller AP cannot connect to the secondary controller AP. 292 The controllers need to have static IP addresses in the same network. Make sure you set the IP addresses in the IP screen. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 293
be turned off if it is within range of its controller AP while the controller AP updates its settings. The managed AP retains the last settings acquired from the controller AP and is automatically updated once it is detected again by the controller AP. NWA-3500/NWA-3550 User's Guide 293 - ZyXEL NWA-3500 | User Guide - Page 294
same as the settings on the AP. • Disconnect all the cables from your device, and follow the directions in the Quick Start Guide again. • If the problem continues, contact your ISP. I cannot access the Internet anymore. I had access to the Internet (with the NWA), but my Internet connection is not - ZyXEL NWA-3500 | User Guide - Page 295
might consider raising or lowering the priority for some applications. 24.6 Wireless Router/AP Troubleshooting I cannot access the NWA or ping any computer from the WLAN. • Make sure the wireless LAN is enabled on the NWA • Make sure the wireless adapter on the wireless station is working properly - ZyXEL NWA-3500 | User Guide - Page 296
Chapter 24 Troubleshooting 296 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 297
Temperature: -40º C ~ 60º C Humidity: 5% ~ 95% RH Table 89 NWA-3500 Hardware Specifications Dimensions Power Specification Reset button Ethernet Port 212.5 (W) x 138.5 (D) x 52mm (H) mm 12 V DC, 1 A Returns all settings to their factory defaults. Auto-negotiating: 10 Mbps or 100 Mbps in either - ZyXEL NWA-3500 | User Guide - Page 298
8mm (0.24" ~ 0.31") head width. Table 90 Firmware Specifications Default IP Address Default Subnet Mask Default Password Wireless LAN Standards Wireless security Layer 2 isolation Multiple BSSID (MBSSID) Rogue AP detection Internal RADIUS server VLAN STP (Spanning Tree Protocol) / RSTP (Rapid STP - ZyXEL NWA-3500 | User Guide - Page 299
DFS (Dynamic Frequency Selection) allows a wider choice of 802.11a wireless channels. CAPWAP (Control and The NWA can be managed via CAPWAP, which allows multiple Provisioning of Wireless APs to be configured and managed by a single AP controller. Access Points) NWA-3500/NWA-3550 User's Guide 299 - ZyXEL NWA-3500 | User Guide - Page 300
(WEEE) Waste Electrical and Electronic Equipment Directive • European Parliament and Council Directive 94/62/EC of 20 December 1994 on packaging and packaging waste 300 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 301
Chapter 25 Product Specifications Compatible ZyXEL Antennas At the time of writing, you can use the following antennas in your NWA. Table 92 NWA Compatible Antennas MODEL EXT-108 FEATURE S ºC ~ 80ºC 95% at 55ºC 206 g -40ºC ~ 80ºC 95% at 55ºC 640 gw NWA-3500/NWA-3550 User's Guide 301 - ZyXEL NWA-3500 | User Guide - Page 302
ZyXEL Antenna Cables The following table shows you the cables you can use in the NWA to extend your connection to antennas at the time of writing. Table 93 NWA Jumper Cable, Surge Arrstor Power over Ethernet (PoE) Specifications You can use a power over - 302 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 303
PART IV Appendices and Index Setting Up Your Computer's IP Address (305) Wireless LANs (331) Pop-up Windows, JavaScripts and Java Permissions (347) Importing Certificates (355) IP Addresses and Subnetting (381) Text File Based Auto Configuration (391) Legal Information (399) Index (403) 303 - ZyXEL NWA-3500 | User Guide - Page 304
304 - ZyXEL NWA-3500 | User Guide - Page 305
.5 on page 316 • Linux: Ubuntu 8 (GNOME) on page 320 • Linux: openSUSE 10.3 (KDE) on page 325 Windows XP/NT/2000 The following example uses the default Windows XP display theme but can also apply to Windows 2000 and Windows NT. NWA-3500/NWA-3550 User's Guide 305 - ZyXEL NWA-3500 | User Guide - Page 306
Appendix A Setting Up Your Computer's IP Address 1 Click Start > Control Panel. Figure 180 Windows XP: Start Menu 2 In the Control Panel, click the Network Connections icon. Figure 181 Windows XP: Control Panel 306 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 307
Local Area Connection and then select Properties. Figure 182 Windows XP: Control Panel > Network Connections > Properties 4 On the General tab, select Internet Protocol (TCP/IP) and then click Properties. Figure 183 Windows XP: Local Area Connection Properties NWA-3500/NWA-3550 User's Guide 307 - ZyXEL NWA-3500 | User Guide - Page 308
IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP connection, click Status and then click the Support tab to view your IP address and connection information. 308 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 309
Appendix A Setting Up Your Computer's IP Address Windows Vista This section shows screens from Windows Vista Professional. 1 Click Start > Control Panel. Figure Panel 3 Click the Network and Sharing Center icon. Figure 187 Windows Vista: Network And Internet NWA-3500/NWA-3550 User's Guide 309 - ZyXEL NWA-3500 | User Guide - Page 310
Appendix A Setting Up Your Computer's IP Address 4 Click Manage network connections. Figure 188 Windows Vista: Network and Sharing Center 5 Right-click procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. 310 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 311
Appendix A Setting Up Your Computer's IP Address 6 Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties. Figure 190 Windows Vista: Local Area Connection Properties NWA-3500/NWA-3550 User's Guide 311 - ZyXEL NWA-3500 | User Guide - Page 312
IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP connection, click Status and then click the Support tab to view your IP address and connection information. 312 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 313
> System Preferences. Figure 192 Mac OS X 10.4: Apple Menu 2 In the System Preferences window, click the Network icon. Figure 193 Mac OS X 10.4: System Preferences NWA-3500/NWA-3550 User's Guide 313 - ZyXEL NWA-3500 | User Guide - Page 314
connection type list, and then click Configure. Figure 194 Mac OS X 10.4: Network Preferences 4 For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IP tab. Figure 195 Mac OS X 10.4: Network Preferences > TCP/IP Tab. 314 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 315
From the Configure IPv4 list, select Manually. • In the IP Address field, type your IP address. • In the Subnet Mask field, type your subnet mask. • In the Router field, type the IP address of your device. Figure 196 Mac OS X 10.4: Network Preferences > Ethernet NWA-3500/NWA-3550 User's Guide 315 - ZyXEL NWA-3500 | User Guide - Page 316
Address Click Apply Now and close the window.Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate .5. 1 Click Apple > System Preferences. Figure 198 Mac OS X 10.5: Apple Menu 316 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 317
Appendix A Setting Up Your Computer's IP Address 2 In System Preferences, click the Network icon. Figure 199 Mac OS X 10.5: Systems Preferences NWA-3500/NWA-3550 User's Guide 317 - ZyXEL NWA-3500 | User Guide - Page 318
list, select Using DHCP for dynamically assigned settings. 5 For statically assigned settings, do the following: • From the Configure list, select Manually. • In the IP Address field, enter your IP address. • In the Subnet Mask field, enter your subnet mask. 318 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 319
Appendix A Setting Up Your Computer's IP Address • In the Router field, enter the IP address of your NWA. Figure 201 Mac OS X 10.5: Network Preferences > Ethernet 6 Click Apply and close the window. NWA-3500/NWA-3550 User's Guide 319 - ZyXEL NWA-3500 | User Guide - Page 320
specific distribution, release version, and individual configuration. The following screens use the default Ubuntu 8 installation. Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in GNOME: 320 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 321
window opens, click Unlock to open the Authenticate window. (By default, the Unlock button is greyed out until clicked.) You cannot make changes to your configuration unless you first enter your admin password. Figure 204 Ubuntu 8: Network Settings > Connections NWA-3500/NWA-3550 User's Guide 321 - ZyXEL NWA-3500 | User Guide - Page 322
password then click the Authenticate button. Figure 205 Ubuntu 8: Administrator Account Authentication 4 In the Network Settings window, select the connection that you want to configure, then click Properties. Figure 206 Ubuntu 8: Network Settings > Connections 322 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 323
. • In the Configuration list, select Static IP address if you have a static IP address. Fill in the IP address, Subnet mask, and Gateway address fields. 6 Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen. NWA-3500/NWA-3550 User's Guide 323 - ZyXEL NWA-3500 | User Guide - Page 324
. Figure 208 Ubuntu 8: Network Settings > DNS 8 Click the Close button to apply the changes. Verifying Settings Check your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices 324 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 325
shows you how to configure your computer's TCP/IP settings in the K Desktop Environment (KDE) using default openSUSE 10.3 installation. Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in the KDE: NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 326
Computer's IP Address 1 Click K Menu > Computer > Administrator Settings (YaST). Figure 210 openSUSE 10.3: K Menu > Computer Menu 2 When the Run as Root - KDE su dialog opens, enter the admin password and click OK. Figure 211 openSUSE 10.3: K Menu > Computer Menu 326 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 327
Appendix A Setting Up Your Computer's IP Address 3 When the YaST Control Center window opens, select Network Devices and then click the Network Card icon connection Name from the list, and then click the Configure button. Figure 213 openSUSE 10.3: Network Settings NWA-3500/NWA-3550 User's Guide 327 - ZyXEL NWA-3500 | User Guide - Page 328
Dynamic Address (DHCP) if you have a dynamic IP address. Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields. 7 Click Next to save the changes and close the Network Card Setup window. 328 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 329
8 If you know your DNS server IP address(es), click the Hostname/DNS tab in Network Settings and then enter the DNS server information in the fields provided. Figure 215 openSUSE 10.3: Network Settings 9 Click Finish to save your settings and close the window. NWA-3500/NWA-3550 User's Guide 329 - ZyXEL NWA-3500 | User Guide - Page 330
Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP/IP properties. From the Options sub-menu, select Show Connection Information. Figure 216 openSUSE is working properly. Figure 217 openSUSE: Connection Status - KNetwork Manager 330 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 331
clients or between a wireless client and a wired network client go through one access point (AP). Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate NWA-3500/NWA-3550 User's Guide 331 - ZyXEL NWA-3500 | User Guide - Page 332
between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. 332 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 333
between 6 or 11. RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or NWA-3500/NWA-3550 User's Guide 333 - ZyXEL NWA-3500 | User Guide - Page 334
, they are considered hidden from each other. Figure 221 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send affect the throughput performance instead of providing a remedy. 334 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 335
to have the AP automatically use short preamble when wireless adapters support it, otherwise the AP uses long preamble. Note: The AP and the wireless adapters IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has NWA-3500/NWA-3550 User's Guide 335 - ZyXEL NWA-3500 | User Guide - Page 336
Filtering WEP Encryption IEEE802.1x EAP with RADIUS Server Authentication Wi-Fi Protected Access (WPA) WPA2 Most Secure Note: You must enable the same wireless security settings on the NWA and on all wireless clients that you want to associate with it. 336 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 337
between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. NWA-3500/NWA-3550 User's Guide 337 - ZyXEL NWA-3500 | User Guide - Page 338
EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. . For EAP-TLS authentication type, you must - ZyXEL NWA-3500 | User Guide - Page 339
only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. NWA-3500/NWA-3550 User's Guide 339 - ZyXEL NWA-3500 | User Guide - Page 340
No No Yes Moderate Moderate No WPA and WPA2 Wi-Fi Protected Access (WPA) is a subset of the IEEE 802 password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. 340 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 341
a Wi-Fi network password approach makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it's still an improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 342
IP address of the RADIUS server, its port number (default AP passes the wireless client's authentication request to the RADIUS server. 2 The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly. 342 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 343
characters (including spaces and symbols). 2 The AP checks each wireless client's password and (only) allows it to join the network if the password matches. 3 The AP and wireless clients use the pre-shared key to generate a common PMK (Pairwise Master Key). NWA-3500/NWA-3550 User's Guide 343 - ZyXEL NWA-3500 | User Guide - Page 344
B Wireless LANs 4 The AP and wireless clients use the TKIP Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL ENCRYPTIO N METHOD ENTER MANUAL KEY IEEE 802.1X Open None No Disable Enable without Dynamic WEP TKIP/AES Yes Disable 344 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 345
perfect antenna that sends out radio signals equally well in all directions. dBi represents the true gain that the antenna provides. Types of Antennas for WLAN There are two types of antennas used for wireless LAN applications. NWA-3500/NWA-3550 User's Guide 345 - ZyXEL NWA-3500 | User Guide - Page 346
with multiple access points. • point the antenna down. For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. 346 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 347
's IP address. Disable pop-up Blockers 1 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 224 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. NWA-3500/NWA-3550 User's Guide 347 - ZyXEL NWA-3500 | User Guide - Page 348
to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 348 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 349
Permissions 2 Select Settings...to open the Pop-up Blocker Settings screen. Figure 226 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix "http://". For example, http://192.168.167.1. NWA-3500/NWA-3550 User's Guide 349 - ZyXEL NWA-3500 | User Guide - Page 350
Appendix C Pop-up Windows, JavaScripts and Java Permissions 4 Click Add to move the IP address to the list of Allowed sites. Figure 227 Pop-up Blocker Settings 5 Click configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 350 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 351
. Figure 228 Internet Options: Security 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). NWA-3500/NWA-3550 User's Guide 351 - ZyXEL NWA-3500 | User Guide - Page 352
then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 352 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 353
(Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for under Java (Sun) is selected. NWA-3500/NWA-3550 User's Guide 353 - ZyXEL NWA-3500 | User Guide - Page 354
Appendix C Pop-up Windows, JavaScripts and Java Permissions 3 Click OK to close the window. Figure 231 Java (Sun) 354 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 355
to be issued to all visiting web browsers to let them know that the site is legitimate. Many ZyXEL products, such as the NSA-2401, issue their own public key certificates. These can be used by however, they can also apply to Internet Explorer on Windows Vista. NWA-3500/NWA-3550 User's Guide 355 - ZyXEL NWA-3500 | User Guide - Page 356
website (not recommended). Figure 233 Internet Explorer 7: Certification Error 3 In the Address Bar, click Certificate Error > View certificates. Figure 234 Internet Explorer 7: Certificate Error 356 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 357
Appendix D Importing Certificates 4 In the Certificate dialog box, click Install Certificate. Figure 235 Internet Explorer 7: Certificate 5 In the Certificate Import Wizard, click Next. Figure 236 Internet Explorer 7: Certificate Import Wizard NWA-3500/NWA-3550 User's Guide 357 - ZyXEL NWA-3500 | User Guide - Page 358
Explorer 7: Certificate Import Wizard 7 Otherwise, select Place all certificates in the following store and then click Browse. Figure 238 Internet Explorer 7: Certificate Import Wizard 358 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 359
OK. Figure 239 Internet Explorer 7: Select Certificate Store 9 In the Completing the Certificate Import Wizard screen, click Finish. Figure 240 Internet Explorer 7: Certificate Import Wizard NWA-3500/NWA-3550 User's Guide 359 - ZyXEL NWA-3500 | User Guide - Page 360
Wizard 12 The next time you start Internet Explorer and go to a ZyXEL web configurator page, a sealed padlock icon appears in the address bar. Click it to view the page's Website Identification information. Figure 243 Internet Explorer 7: Website Identification 360 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 361
Certificates Installing a Stand-Alone Certificate File in Internet Explorer Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted, you can install a how to remove a public key certificate in Internet Explorer 7. NWA-3500/NWA-3550 User's Guide 361 - ZyXEL NWA-3500 | User Guide - Page 362
Appendix D Importing Certificates 1 Open Internet Explorer and click Tools > Internet Options. Figure 246 Internet Explorer 7: Tools Menu 2 In the Internet Options dialog box, click Content > Certificates. Figure 247 Internet Explorer 7: Internet Options 362 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 363
Certificates confirmation, click Yes. Figure 249 Internet Explorer 7: Certificates 5 In the Root Certificate Store dialog box, click Yes. Figure 250 Internet Explorer 7: Root Certificate Store NWA-3500/NWA-3550 User's Guide 363 - ZyXEL NWA-3500 | User Guide - Page 364
it you are presented with a certification error. 2 Select Accept this certificate permanently and click OK. Figure 251 Firefox 2: Website Certified by an Unknown Authority 364 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 365
252 Firefox 2: Page Info Installing a Stand-Alone Certificate File in Firefox Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. NWA-3500/NWA-3550 User's Guide 365 - ZyXEL NWA-3500 | User Guide - Page 366
Appendix D Importing Certificates 1 Open Firefox and click Tools > Options. Figure 253 Firefox 2: Tools Menu 2 In the Options dialog box, click Advanced > Encryption > View Certificates. Figure 254 Firefox 2: Options 366 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 367
visit the web site, click the padlock in the address bar to open the Page Info > Security window to see the web page's security information. NWA-3500/NWA-3550 User's Guide 367 - ZyXEL NWA-3500 | User Guide - Page 368
Firefox and click Tools > Options. Figure 257 Firefox 2: Tools Menu 2 In the Options dialog box, click Advanced > Encryption > View Certificates. Figure 258 Firefox 2: Options 368 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 369
just removed, a certification error appears. Opera The following example uses Opera 9 on Windows XP Professional; however, the screens can apply to Opera 9 on all platforms. NWA-3500/NWA-3550 User's Guide 369 - ZyXEL NWA-3500 | User Guide - Page 370
the padlock in the address bar to open the Security information window to view the web page's security details. Figure 262 Opera 9: Security information 370 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 371
Opera Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. 1 Open Opera and click Tools > Preferences. Figure 263 Opera 9: Tools Menu NWA-3500/NWA-3550 User's Guide 371 - ZyXEL NWA-3500 | User Guide - Page 372
Appendix D Importing Certificates 2 In Preferences, click Advanced > Security > Manage certificates. Figure 264 Opera 9: Preferences 372 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 373
Appendix D Importing Certificates 3 In the Certificates Manager, click Authorities > Import. Figure 265 Opera 9: Certificate manager 4 Use the Import certificate dialog box to locate the certificate and then click Open. Figure 266 Opera 9: Import certificate NWA-3500/NWA-3550 User's Guide 373 - ZyXEL NWA-3500 | User Guide - Page 374
window to view the web page's security details. Removing a Certificate in Opera This section shows you how to remove a public key certificate in Opera 9. 374 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 375
1 Open Opera and click Tools > Preferences. Figure 269 Opera 9: Tools Menu Appendix D Importing Certificates 2 In Preferences, Advanced > Security > Manage certificates. Figure 270 Opera 9: Preferences NWA-3500/NWA-3550 User's Guide 375 - ZyXEL NWA-3500 | User Guide - Page 376
your device's web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. 376 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 377
padlock in the address bar to open the KDE SSL Information window and view the web page's security details. Figure 274 Konqueror 3.5: KDE SSL Information NWA-3500/NWA-3550 User's Guide 377 - ZyXEL NWA-3500 | User Guide - Page 378
Certificates Installing a Stand-Alone Certificate File in Konqueror Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted, you can install KDE certificate manager, Kleopatra. Figure 277 Konqueror 3.5: Kleopatra 378 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 379
dialog box, select Crypto. 3 On the Peer SSL Certificates tab, select the certificate you want to delete and then click Remove. Figure 279 Konqueror 3.5: Configure NWA-3500/NWA-3550 User's Guide 379 - ZyXEL NWA-3500 | User Guide - Page 380
: There is no confirmation when you remove a certificate authority, so be absolutely certain you want to go through with it before clicking the button. 380 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 381
, while the host ID determines to which host on the network the packets are delivered. Structure An IP address is made up of four parts, written in dotted decimal notation (for example, 192.168.1.1). of 00000000 to 11111111 in binary, or 0 to 255 in decimal. NWA-3500/NWA-3550 User's Guide 381 - ZyXEL NWA-3500 | User Guide - Page 382
the IP address IP address (192.168.1.2 in decimal). Table 100 Subnet Masks 1ST OCTET: 2ND OCTET: 3RD OCTET: 4TH OCTET IP Address (Binary) Subnet Mask (Binary) (192) (168) (1) (2) 11000000 10101000 00000001 00000010 11111111 11111111 11111111 00000000 382 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 383
IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 with a 24-bit subnet mask, for example). An IP address with host IDs of all ones is the broadcast address for that network (192.168.1.255 with a 24-bit subnet mask, for example). NWA-3500/NWA-3550 User's Guide 383 - ZyXEL NWA-3500 | User Guide - Page 384
and Subnetting As these two IP addresses cannot be used for individual hosts, calculate the maximum number of possible hosts in a network as follows: Table 102 24 /29 8 1111 1000 255.255.255.25 /30 2 1111 1100 LAST OCTET (DECIMAL) 0 128 192 224 240 248 252 384 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 385
Appendix E IP Addresses and Subnetting Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example " host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. NWA-3500/NWA-3550 User's Guide 385 - ZyXEL NWA-3500 | User Guide - Page 386
itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned to an actual host for subnet A is 192.168.1.1 and the highest is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192. 386 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 387
11000000 Highest Host ID: 192.168.1.190 Table 107 Subnet 4 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) NETWORK NUMBER LAST OCTET BIT VALUE 192.168.1. 192 11000000.10101000.00000001 11000000 . 11111111.11111111.11111111 11000000 . NWA-3500/NWA-3550 User's Guide 387 - ZyXEL NWA-3500 | User Guide - Page 388
to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 108 Eight Subnets SUBNET SUBNET ADDRESS 1 0 2 32 3 64 .255.252 (/30) 64 2 7 255.255.255.254 (/31) 128 1 388 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 389
(for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address. The subnet mask specifies the network number portion of an IP address. Your NWA will compute the subnet mask automatically based on the IP address that NWA-3500/NWA-3550 User's Guide 389 - ZyXEL NWA-3500 | User Guide - Page 390
situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. 390 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 391
renewing DHCP client information. Figure 283 Text File Based Auto Configuration Use one of the following methods to give the AP the IP address of the TFTP server where you store the configuration files and the name of the configuration file that it should download. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 392
server [IP] [filename] DESCRIPTION Specify the TFTP server IP address and file name from which the AP is to download a configuration file whenever the AP starts up. Configuration Via SNMP You can configure and trigger the auto configuration remotely via SNMP. 392 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 393
AP download the configuration file. Table 113 Configuration via SNMP STEPS MIB VARIABLE VALUE Step 1 pwTftpServer Set the IP ZYXEL PROWLAN !#VERSION 12 wcfg security 1 xxx wcfg security save wcfg ssid 1 xxx wcfg ssid save The first line must be !#ZYXEL PROWLAN. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 394
. You can zip each configuration file. You must use the store compression method and a .zip file extension. When zipping a configuration file, you can also add password protection using the same password that you use to log into the AP. 394 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 395
wcfg ssid 1 macfilter disable wcfg ssid save Figure 286 802.1X Configuration File Example !#ZYXEL PROWLAN !#VERSION 12 wcfg security 2 name Test-8021x wcfg security 2 mode 8021x-static128 ssid 2 l2isolation disable wcfg ssid 2 macfilter disable wcfg ssid save NWA-3500/NWA-3550 User's Guide 395 - ZyXEL NWA-3500 | User Guide - Page 396
macfilter disable wcfg ssid save Figure 288 WPA Configuration File Example !#ZYXEL PROWLAN !#VERSION 14 wcfg security 4 name Test-wpa wcfg save Wlan Command Configuration File Example This example configuration file uses the wlan command to configure the AP to use NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 397
WLAN profile wlan opmode 0 wlan ssidprofile ssid-wep !change operating mode -> MBSSID mode, !then select ssid-wpapsk, ssid-wpa2psk as running WLAN profiles wlan opmode 3 wlan ssidprofile ssid-wpapsk ssid-wpa2psk ! set output power level to 50% wlan output power 2 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 398
Appendix F Text File Based Auto Configuration 398 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 399
, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does two conditions: • This device may not cause harmful interference. NWA-3500/NWA-3550 User's Guide 399 - ZyXEL NWA-3500 | User Guide - Page 400
radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that maintained between the antenna of this device and all persons. 注意 ! NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 401
the equipment. This device has been designed for the WLAN 2.4 GHz and 5 GHz networks throughout the EC ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions. NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 402
the device at http:// www.zyxel.com/web/support_warranty_info.php. Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. 402 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 403
interference 333 Class of Service (CoS) 152 command interface 32 configuration 23 configuration file examples 395 format 393 configuration file rules 394 Control and Providioning of Wireless Access Points See CAPWAP copyright 399 CoS 152 CTS (Clear to Send) 334 NWA-3500/NWA-3550 User's Guide 403 - ZyXEL NWA-3500 | User Guide - Page 404
internal authentication server 23 Internal RADIUS Server Setting Screen 210 Internet Assigned Numbers Authority See IANA Internet telephony 29 IP address 110, 185, 298 IPSec VPN capability 298 isolation 23 L LAN 278 layer-2 isolation 23, 30 LEDs 34 log descriptions 240 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 405
IP address 110, 185 private networks 110 product registration 402 PSK 341 Q QoS 23, 149 Quick Start Guide 37 R radio 24 RADIUS 337 message types 337 messages 337 shared secret key 338 rapid STP 139 reauthentication time 161, 163, 164, 165, 166 registration product 402 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 406
402 wcfg command 395 WDS 25, 26, 28 web configurator 23, 37, 39 WEP 23 WEP encryption 159 Wi-Fi Multimedia QoS 149 Wi-Fi Protected Access 23, 340 wired network 23, 24, 25 wireless channel 295 wireless client WPA supplicants 342 Wireless Distribution System (WDS) 28 NWA-3500/NWA-3550 User's Guide - ZyXEL NWA-3500 | User Guide - Page 407
295 wireless modules (dual) 23 wireless security 29, 155, 295, 336 WLAN interference 333 security parameters 344 WLAN interface 24 WMM 149 WPA 23, 340 key caching 342 pre-authentication 342 341 application example 343 WPA-PSK 341 application example 343 Index NWA-3500/NWA-3550 User's Guide 407 - ZyXEL NWA-3500 | User Guide - Page 408
Index 408 NWA-3500/NWA-3550 User's Guide
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
 |
 |
www.zyxel.com
www.zyxel.com
NWA-3500/NWA-3550
802.11a/g Dual Radio Wireless Business AP
802.11a/g Dual Radio Outdoor WLAN Business AP
Copyright © 2009
ZyXEL Communications Corporation
Firmware Version 3.7
Edition 2, 8/2009
Default Login Details
IP Address
Password
1234