ZyXEL NWA3160-N User Guide
ZyXEL NWA3160-N Manual
 |
View all ZyXEL NWA3160-N manuals
Add to My Manuals
Save this manual to your list of manuals |
ZyXEL NWA3160-N manual content summary:
- ZyXEL NWA3160-N | User Guide - Page 1
NWA3000-N Series Wireless N Business WLAN 3000 Series Access Point Default Login Details IP Address https://192.168.1.2 User Name admin Password 1234 Versionww2w..2zy3xel.com Edition 1, 1/2011 www.zyxel.com Copyright © 2011 ZyXEL Communications Corporation - ZyXEL NWA3160-N | User Guide - Page 2
- ZyXEL NWA3160-N | User Guide - Page 3
This User's Guide Intended Audience This manual is intended for people who want to configure a NWA3000-N series AP using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation • Quick Start Guide The Quick Start Guide is - ZyXEL NWA3160-N | User Guide - Page 4
for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The product in this book may be referred to as the "NWA3000-N series AP", the "device", the "AP", or the "system" in this User's Guide. • Product labels, screen names, field labels and field - ZyXEL NWA3160-N | User Guide - Page 5
Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. The NWA3000-N series AP icon is not an exact representation of your device. NWA3000-N series AP Computer Notebook computer Server Printer Firewall Telephone Switch Router NWA3000-N - ZyXEL NWA3160-N | User Guide - Page 6
over them. • Always disconnect all cables from this device before servicing or disassembling. • Use ONLY an appropriate power adaptor or cord electrical lines, gas or water pipes will be damaged. • The PoE (Power over Ethernet) devices that supply or receive power and their -N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 7
...4 Safety Warnings...6 Table of Contents...7 Part I: User's Guide 15 Chapter 1 Introduction ...17 1.1 Overview ...17 1.2 Applications for the NWA3000-N series AP 18 1.2.1 Bridge / Repeater ...18 1.2.2 AP + Bridge ...22 1.2.3 MBSSID ...22 1.3 Management Mode ...23 1.4 Ways to Manage the NWA3000 - ZyXEL NWA3160-N | User Guide - Page 8
...55 4.1 Sample Network Setup ...55 4.1.1 Set the Management Modes 56 4.1.2 Set the LAN IP Address and Management VLAN (vlan99 57 4.1.3 Set Up Wireless User Authentication 58 4.1.4 Create the AP Profiles (staff, guest 60 4.2 Rogue AP Detection ...63 4.2.1 Rogue AP Containment 67 4.3 Load - ZyXEL NWA3160-N | User Guide - Page 9
107 8.1.2 What You Need to Know 107 8.2 LAN Setting ...108 8.2.1 Add or Edit a DNS Setting 110 Chapter 9 Wireless ...111 9.1 Overview ...111 9.1.1 What You Can Do in this Chapter 111 9.1.2 What You Need to Know 111 9.2 Controller ...112 9.3 AP Management ...113 NWA3000-N Series User's Guide 9 - ZyXEL NWA3160-N | User Guide - Page 10
129 10.3 Active-Passive Mode ...131 10.3.1 Edit Monitored Interface 134 10.4 Technical Reference ...135 Chapter 11 User ...137 11.1 Overview .2 User Summary ...138 11.2.1 Add/Edit User ...139 11.3 Setting ...141 11.3.1 Edit User Authentication Timeout Settings 144 Chapter 12 AP Profile User's Guide - ZyXEL NWA3160-N | User Guide - Page 11
Service Control 201 15.5.5 HTTPS Example ...203 15.6 SSH ...209 15.6.1 How SSH Works ...210 15.6.2 SSH Implementation on the NWA3000-N series AP 211 15.6.3 Requirements for Using SSH 211 15.6.4 Configuring SSH ...212 15.6.5 Examples of Secure Telnet Using SSH 213 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 12
...214 15.8 FTP ...215 15.9 SNMP ...217 15.9.1 Supported MIBs ...218 15.9.2 SNMP Traps ...218 15.9.3 Configuring SNMP 219 15.9.4 Adding or Editing an SNMPv3 User Profile 220 15.10 Internal RADIUS Server 221 15.10.1 Configuring the Internal RADIUS Server 222 15.10.2 Adding or Editing a Trusted - ZyXEL NWA3160-N | User Guide - Page 13
267 21.3 NWA3000-N series AP Access and Login 268 21.4 Internet Access ...270 21.5 Wireless AP Troubleshooting 272 21.6 Resetting the NWA3000-N series AP 277 21.7 Getting More Troubleshooting Help 278 Chapter 22 Product Specifications ...279 22.1 Wall-Mounting Instructions 282 Appendix A Log - ZyXEL NWA3160-N | User Guide - Page 14
Table of Contents 14 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 15
PART I User's Guide 15 - ZyXEL NWA3160-N | User Guide - Page 16
16 - ZyXEL NWA3160-N | User Guide - Page 17
call disruptions. It can serve as an AP, Bridge, Repeater or even as an RF monitor to search for rouge APs to help eliminate network threats. The NWA3000-N series AP controls network access with Media Access Control (MAC) address filtering, rogue Access Point (AP) detection and containment, and an - ZyXEL NWA3160-N | User Guide - Page 18
• Bridge / Repeater • AP + Bridge • MBSSID Applications for each operating mode are shown below. Note: A different channel should be configured for each WLAN interface to reduce the effects of radio interference. 1.2.1 Bridge / Repeater The NWA3000-N series AP can act as a wireless network bridge - ZyXEL NWA3160-N | User Guide - Page 19
Chapter 1 Introduction At the time of writing, WDS security is compatible with other ZyXEL access points only. Refer to your other access point's documentation for details. Figure 1 Bridge Application Figure 2 Repeater Application NWA3000-N Series User's Guide 19 - ZyXEL NWA3160-N | User Guide - Page 20
in the NWA3000-N series AP. Bridge loops cause broadcast traffic to circle the network endlessly, resulting in possible throughput degradation and disruption of communications. The following examples show two network topologies that can lead to this problem: 20 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 21
5 Bridge Loop: Bridge Connected to Wired LAN To prevent bridge loops, ensure that you enable Spanning Tree Protocol (STP) in the Wireless screen or your NWA3000-N series AP is not set to bridge mode while connected to both wired and wireless segments of the same LAN. NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 22
Bridge Application Y X A B 1.2.3 MBSSID A Basic Service Set (BSS) is the set of devices forming a single wireless network (usually an access point and one or more wireless clients). The Service Set IDentifier (SSID) is the name of a BSS. In Multiple BSS (MBSSID) mode, the 22 NWA3000-N Series User - ZyXEL NWA3160-N | User Guide - Page 23
settings. See Section 4.1 on page 55 for an example of using MBSS. 1.3 Management Mode One NWA3000-N series AP uses Control And Provisioning of Wireless Access Points (CAPWAP, see RFC 5415) to allow one AP to configure and manage up to 24 others. This centralized management can greatly reduce the - ZyXEL NWA3160-N | User Guide - Page 24
Chapter 1 Introduction The following figure illustrates a CAPWAP wireless network. The user (U) configures the controller AP (C), which then automatically updates the configurations of the managed APs (M1 ~ M4). Figure 7 CAPWAP Network Example U C M1 M2 M3 M4 1.4 Ways to Manage the NWA3000-N - ZyXEL NWA3160-N | User Guide - Page 25
can be used for firmware upgrades and configuration backup and restore. Simple Network Management Protocol (SNMP) The NWA3000-N series AP can be monitored by an SNMP manager. See the SNMP chapter in this User's Guide. Controller Set one NWA3000-N series AP to be a controller and set other NWA3000 - ZyXEL NWA3160-N | User Guide - Page 26
your password, you will have to reset the NWA3000-N series AP to its factory default settings. If you backed up an earlier configuration file, you won't have to totally re-configure the NWA3000-N series AP; you can simply restore your last configuration. 1.6 Hardware Connections See your Quick Start - ZyXEL NWA3160-N | User Guide - Page 27
LED descriptions for your NWA3000-N series AP. Figure 8 LEDs Table 2 LEDs LABEL COLOR WLAN Green STATUS On Blinking Off DESCRIPTION The wireless LAN is active. The wireless LAN is active, and transmitting or receiving data. The wireless LAN is not active. NWA3000-N Series User's Guide 27 - ZyXEL NWA3160-N | User Guide - Page 28
properly. The NWA3000-N series AP is not receiving power. Either • If the LED blinks during the boot up process, the system is starting up. or • If the LED blinks after the boot up process, the system has failed. The NWA3000-N series AP successfully boots up. 28 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 29
. Wait for the device to shut down and then manually turn off or remove the power. It does not turn AP does not stop or start the system processes when you apply configuration files or run shell scripts although you may temporarily lose access to network resources. NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 30
Chapter 1 Introduction 30 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 31
Overview The NWA3000-N series AP Web Configurator allows easy management using an Internet browser. In order to use the Web Configurator, you must: • Use Internet Explorer 7.0 and later or Firefox 1.5 and later • Allow pop-up windows • Enable JavaScript (enabled by default) • Enable Java permissions - ZyXEL NWA3160-N | User Guide - Page 32
Chapter 2 The Web Configurator 2.2 Access 1 Make sure your NWA3000-N series AP hardware is properly connected. See the Quick Start Guide. 2 Browse to https://192.168.1.2. The Login screen appears. 3 Enter the user name (default: "admin") and password (default: "1234"). 4 Click Login. If you logged - ZyXEL NWA3160-N | User Guide - Page 33
Chapter 2 The Web Configurator 2.3 The Main Screen The Web Configurator's main screen is divided into these parts: Figure 9 The Web Configurator's Main Screen A B C • A - Title Bar • B - Navigation Panel • C - Main Window NWA3000-N Series User's Guide 33 - ZyXEL NWA3160-N | User Guide - Page 34
(CLI). See the NWA3000-N series AP CLI Reference Guide for details. CLI Click this to open a popup window that displays the CLI commands sent by the Web Configurator. the NWA3000-N series AP's navigation panel menus and their screens. Figure 11 Navigation Panel 34 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 35
TAB FUNCTION MGNT Mode Set whether the NWA3000-N series AP is controlling other NWA3000-N series APs, working as a standalone AP, or being managed by another NWA3000-N series AP. LAN Setting Manage the LAN Ethernet interface including VLAN settings. Wireless NWA3000-N Series User's Guide 35 - ZyXEL NWA3160-N | User Guide - Page 36
controller mode. Active-Passive Mode Configure active-passive mode device HA. Object Users User Create and manage users. Setting Manage default settings for all users, general settings for user sessions, and rules to force user authentication. AP Profile Radio Create and manage wireless - ZyXEL NWA3160-N | User Guide - Page 37
AP. Diagnostics Diagnostic Collect diagnostic information. Packet Capture Capture packets for analysis. Wireless Frame Capture wireless frames from APs for analysis. Capture Reboot Restart the NWA3000-N series AP. Shutdown Turn off the NWA3000-N series AP. NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 38
12 Warning Message 2.3.4 Site Map Click Site MAP to see an overview of links to the Web Configurator screens. Click a screen's link to go to that screen. Figure 13 Site Map 2.3.5 Object and the individual object and click Refresh to show which configuration 38 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 39
the configuration item that references the object. Description If the referencing configuration item has a description configured, it displays here. Refresh Click this to update the information in this screen. Cancel Click Cancel to close the screen. NWA3000-N Series User's Guide 39 - ZyXEL NWA3160-N | User Guide - Page 40
within the Web Configurator rather than having to use a separate terminal program. In addition to logging in directly to the NWA3000-N series AP's CLI, you can also log into other devices on the network through this Console. It uses SSH to establish a connection. 40 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 41
into here. If you are logged into the NWA3000-N series AP, see the CLI Reference Guide for details on using the command line to configure it. This is the IP address of the device that you are currently logged into. Logged-In User This displays the username of the account currently logged into the - ZyXEL NWA3160-N | User Guide - Page 42
logout, then this displays 'Not Connected'. This displays the current upload / download activity. The faster and more frequently an LED flashes, the faster the on the Web Configurator title bar. 2 Enter the IP address of the NWA3000-N series AP and click OK. 42 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 43
your account password, depending on the type of device that you are logging into. Enter the password and click OK. 5 If your login is successful, the command line appears and the status bar at the bottom of the Console updates to reflect your connection state. NWA3000-N Series User's Guide 43 - ZyXEL NWA3160-N | User Guide - Page 44
entries. 2.3.6.1 Manipulating Table Display Here are some of the ways you can manipulate the Web Configurator tables. 1 Click a column heading to sort the table's entries according to that column's by mathematical operators (, or =) or searching for text. 44 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 45
Chapter 2 The Web Configurator 3 Select a column heading cell's right border and drag to re-size the column. 4 Select a column the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time. NWA3000-N Series User's Guide 45 - ZyXEL NWA3160-N | User Guide - Page 46
Chapter 2 The Web Configurator 2.3.6.2 Working with Table Entries The tables applied. Remove To remove an entry, select it and click Remove. The NWA3000-N series AP confirms you want to remove it before doing so. Activate To turn on an entry up (or down) one. 46 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 47
Chapter 2 The Web Configurator 2.3.6.3 Working with Lists When a list of available entries displays next to a list of selected entries, you can often just double- entries, and then use the arrow button to move them to the other list. Figure 17 Working with Lists NWA3000-N Series User's Guide 47 - ZyXEL NWA3160-N | User Guide - Page 48
Chapter 2 The Web Configurator 48 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 49
Configuration Overview This section provides information about configuring the main features in the NWA3000-N series AP. The features are listed in the same sequence as the menu item(s) in the Web Configurator. Each feature description is organized as shown below. NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 50
MGNT Mode. 3.3.3 LAN Setting Use this screen to configure the LAN Ethernet interface including VLAN settings. MENU ITEM(S) Configuration > LAN Setting. 3.3.4 Wireless Use these screens to manage your wireless Access Points. MENU ITEM(S) Configuration > Wireless. 50 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 51
. Table 13 User Types TYPE ABILITIES admin Change NWA3000-N series AP configuration (web, CLI) limited-admin Look at NWA3000-N series AP configuration (web, CLI). Perform basic diagnostics (CLI) user Access network services. Browse user-mode commands (CLI) NWA3000-N Series User's Guide 51 - ZyXEL NWA3160-N | User Guide - Page 52
screens to configure preset profiles for the Access Points (APs) connected to your NWA3000-N series AP's wireless network. Table 14 AP Profile Types TYPE ABILITIES Radio Create radio profiles for the APs on your network. SSID Create SSID profiles for the APs on your network. Security Create - ZyXEL NWA3160-N | User Guide - Page 53
files in the NWA3000-N series AP and switch between them without restarting. • Shell scripts. Use shell scripts to run a series of CLI commands. These are useful for large, repetitive configuration changes and for troubleshooting. You can edit configuration files and shell scripts in any - ZyXEL NWA3160-N | User Guide - Page 54
Chapter 3 Configuration Basics 54 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 55
-N series AP control other NWA3000-N series APs to create a wireless network that allows two types of connections: staff and guest. Staff connections have full access to the network, while guests are limited to Internet access (DNS, HTTP and HTTPS services). Figure 18 Tutorial Network Topology - ZyXEL NWA3160-N | User Guide - Page 56
102 Managed APs In this example, the guest VLAN (102) can only access the Internet while the staff VLAN (101) has access to all aspects of the network. 4.1.1 Set the Management Modes Use this section to set the management modes for the controller and managed APs. 56 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 57
Chapter 4 Tutorials 4.1.1.1 Controller 1 Use the Configuration > MGNT MODE screen to set the NWA3000-N series AP to controller mode. 2 The NWA3000-N series AP resets to its default settings for the controller mode including the IP address of 192.168.1.2 and restarts. Wait a short while before you - ZyXEL NWA3160-N | User Guide - Page 58
VLAN ID tag. • Click Apply to save these changes. 2 Configure your DHCP server with the controller's IP address configured as option 138 so the managed NWA3000-N series APs can get the controller's IP address from it. See Chapter 7 on page 103 for details. 4.1.3 Set Up Wireless User Authentication - ZyXEL NWA3160-N | User Guide - Page 59
Chapter 4 Tutorials 1 Open the Configuration > System > Auth. Server screen. Turn on the authentication server and select the certificate to use. Click Apply. 2 Open the Configuration > Object > User > User screen and click Add. 3 The Add A User window opens. NWA3000-N Series User's Guide 59 - ZyXEL NWA3160-N | User Guide - Page 60
User Type: User 3c Password: Enter 'guest1', and re-enter it in the Retype field to confirm. 3d Click OK to save these settings. 4 Repeat steps 2 and 3 to create accounts for the staff members. 4.1.4 Create the AP Profiles (staff, guest) This section shows you how to configure the Access Point (AP - ZyXEL NWA3160-N | User Guide - Page 61
from the list of available wireless security encryption methods. 2c Under Security Mode, select 802.1X then set the Radius Server Type to Internal. 2d Click OK. 3 Next, open the Configuration > Object > AP Profile > SSID > SSID List screen and click the Add button. NWA3000-N Series User's Guide 61 - ZyXEL NWA3160-N | User Guide - Page 62
these settings. 5 Repeat steps 3 and 4 to create the guest SSID profile with the same settings except 'guest' as the profile name and SSID and 102 for the VLAN ID. 6 Open the Configuration > Object> AP Profile > Radio screen and then double-click the default entry. 62 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 63
are wireless access points interacting with the network managed by the NWA3000-N series AP but which are not under the control of the network administrator. In short, they are a security risk because they circumvent network security policy. AP detection only works when at least 1 AP is configured - ZyXEL NWA3160-N | User Guide - Page 64
4 Tutorials In this example, an employee illicitly connects his own AP (RG) to the network that the NWA3000-N series AP manages. While not necessarily a malicious act, it can nonetheless have severe security consequences on the network. Figure 20 Rogue AP Example A 64 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 65
mimic an NWA3000-N series AP-controlled SSID in order to capture passwords and other information when authorized wireless clients mistakenly connect to it. Figure 21 Rogue AP Example B This tutorial shows you how to detect rogue APs on your network: 1 Click Configuration > Object > MON Profile to - ZyXEL NWA3160-N | User Guide - Page 66
the number of milliseconds that the monitor AP scans each channel before moving on to the next. Scan Channel Mode: Set this to auto to automatically scan channels in the area. 3 Click OK to save your changes. 4 Next, click Configuration > Wireless > AP Management. 66 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 67
manually disconnect it. The NWA3000-N series AP does not allow the isolation of a rogue AP connected directly to the network. However, if a rogue AP independent of the NWA3000-N series AP mimics a legitimate one, then the NWA3000-N series AP can interfere with it by NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 68
broadcasting dummy packets so that it cannot makes connections with employee clients and capture data from them. Figure 22 Containing a Rogue AP This tutorial shows you how to quarantine a rogue AP on your network: 1 Click Configuration > Wireless > MON Mode. 68 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 69
to connect regardless.) The second response is to kick the connections until the AP is no longer considered overloaded. Both of these tactics are known as 'load balancing'. This tutorial shows you how to configure the NWA3000-N series AP's load balancing feature. NWA3000-N Series User's Guide 69 - ZyXEL NWA3160-N | User Guide - Page 70
on the same radio channel. This can make accessing the network potentially rather difficult for the stations connected to them. If the interference becomes too great, then the network administrator must open his AP configuration options and manually change the channel to one that no other - ZyXEL NWA3160-N | User Guide - Page 71
1 Click Configuration > Wireless > DCS. Chapter 4 Tutorials 2 Select Enable Dynamic Channel Selection to turn on this feature. 3 Set the DCS Time Interval. This is how often the NWA3000-N series AP surveys the other APs within its broadcast radius. If you place your APs in an area with a large - ZyXEL NWA3160-N | User Guide - Page 72
Chapter 4 Tutorials 72 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 73
PART II Technical Reference 73 - ZyXEL NWA3160-N | User Guide - Page 74
74 - ZyXEL NWA3160-N | User Guide - Page 75
Can Do in this Chapter • The main Dashboard screen (Section 5.2 on page 76) displays the NWA3000-N series AP's general device information, system status, system resource usage, and interface status. You can also display other status screens for more information. NWA3000-N Series User's Guide 75 - ZyXEL NWA3160-N | User Guide - Page 76
the first thing you see when you log into the NWA3000-N series AP. It also appears every time you click the Dashboard icon in the refreshing the information displayed in the widget. Refresh Now (D) Click this to update the widget's information immediately. Close Widget (E) Click this to close the - ZyXEL NWA3160-N | User Guide - Page 77
summary of connected wireless Access Points (APs). All AP This section displays a summary for all connected wireless APs when the NWA3000-N series AP is in controller mode. Online Management AP This displays the number of currently connected managed APs. Offline Management AP This displays the - ZyXEL NWA3160-N | User Guide - Page 78
settings when the NWA3000-N series AP is in controller mode and configured to use WDS. Radio This field displays which radio the NWA3000-N series AP is configured to use for WDS. Link ID This field displays the name of the bridge connection. Peer MAC Address This field displays the hardware - ZyXEL NWA3160-N | User Guide - Page 79
to get or to update the IP address for the interface. Click Renew to send a new DHCP request to a DHCP server. Top 5 Station When the NWA3000-N series AP is in controller mode this displays the top 5 Access Points (AP) with the highest number of station (aka wireless client) connections during - ZyXEL NWA3160-N | User Guide - Page 80
AP. Band This indicates the wireless frequency band currently being used by the radio. OP Mode This indicates the radio's operating mode. Operating modes are AP (access point updated. Refresh Now Click this to update the information in the window right away. 80 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 81
this screen to look at a chart of the NWA3000-N series AP's recent memory (RAM) usage. To access this screen, click Memory Usage in the dashboard. Figure 25 to be automatically updated. Refresh Now Click this to update the information in the window right away. NWA3000-N Series User's Guide 81 - ZyXEL NWA3160-N | User Guide - Page 82
Chapter 5 Dashboard 82 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 83
6.10 on page 100) displays the NWA3000-N series AP's current wireless AP log messages. This is available when the NWA3000-N series AP is in controller mode. 6.2 What You Need to Know The following terms and concepts may help as you read through the chapter. NWA3000-N Series User's Guide 83 - ZyXEL NWA3160-N | User Guide - Page 84
Rogue AP Rogue APs are wireless access points operating in a network's coverage area that are not under the control of the network's administrators, and can open up holes in a network's security. See Chapter 13 on page 165 for details. Friendly AP Friendly APs are other wireless access points that - ZyXEL NWA3160-N | User Guide - Page 85
NWA3000-N series AP is in controller mode. This field IP address. Static - This interface has a static IP address. Action Port Statistics Table Switch to Graphic View Status DHCP Client - This interface gets its IP address from a DHCP server. Use this field to get or to update the IP address - ZyXEL NWA3160-N | User Guide - Page 86
graph to look at a line graph of packet statistics for the NWA3000-N series AP's physical LAN port. To view, in the LAN Status screen click the Switch to to be automatically updated. Refresh Now Click this to update the information in the window right away. 86 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 87
which APs are currently connected to the NWA3000-N series AP. This is available when the NWA3000-N series AP is in controller mode. To access this screen, click Monitor > Wireless > AP Information > AP List. Figure 28 Monitor > Wireless > AP Information > AP List NWA3000-N Series User's Guide 87 - ZyXEL NWA3160-N | User Guide - Page 88
is an AP that is not on the management list. This is an AP that is on the management list and which is online. This is an AP that is in the process of having its firmware updated. This is an AP that is both on the management list and which is offline. 88 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 89
Update This field displays the date and time the information in the window was last updated. 6.5 Radio List Use this screen to view statistics for the NWA3000-N series AP's wireless radio transmitters when it is in standalone mode or the radios in each of the APs NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 90
Chapter 6 Monitor connected to the NWA3000-N series AP when it is in controller mode. To access this screen, click Monitor > Wireless > AP Information > Radio List. Figure 30 Monitor > Wireless > AP Information > Radio List (Controller Mode) The following table describes the labels in this screen. - ZyXEL NWA3160-N | User Guide - Page 91
's MBSSID details, wireless traffic statistics and station count for the preceding 24 hours. To access this window, click the More Information button in the Radio List Statistics screen. Figure 31 Monitor > Wireless > AP Information > Radio List > More Information NWA3000-N Series User's Guide 91 - ZyXEL NWA3160-N | User Guide - Page 92
and you set the wireless operating mode to AP+Bridge or Bridge/Repeater this displays information about the Wireless Distribution System (WDS) connections. Link ID This field displays the name of the bridge connection. Peer MAC Address This field displays the hardware address of the peer device - ZyXEL NWA3160-N | User Guide - Page 93
in this list. MAC Address This is the station's MAC address. Associated AP This is available when the NWA3000-N series AP is in controller mode. This indicates the AP through which the station is connected to the network. SSID Name This indicates the name of the wireless network to which the - ZyXEL NWA3160-N | User Guide - Page 94
's role (such as friendly or rogue). MAC Address This indicates the detected device's MAC address. SSID Name This indicates the detected device's SSID on managing friendly and rogue APs, see the Configuration > Wireless > MON Mode screen (Chapter 9 on page 111). 94 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 95
in controller mode you can use this screen to configure and maintain a list of compatible legacy (NWA-3000 series) APs. Use the list to link to their Web Configurators. Click Monitor > Wireless > Rogue AP > Legacy Device Info to access this screen. Compatible legacy APs: • NWA-3160 • NWA-3163 • NWA - ZyXEL NWA3160-N | User Guide - Page 96
for linking to a compatible legacy AP's Web Configurator. The legacy AP must also be in controller mode. Click Monitor > Wireless > Rogue AP > Legacy Device Info and then click the Add button or select a radio profile from the list and click the Edit button to access this screen. Figure 35 Monitor - ZyXEL NWA3160-N | User Guide - Page 97
messages, new log messages automatically overwrite existing log messages, starting with the oldest existing log message first. • For individual 285. • For the maximum number of log messages in the NWA3000-N series AP, see Chapter 22 on page 279. Events that generate an alert (as well User's Guide 97 - ZyXEL NWA3160-N | User Guide - Page 98
the Display, Priority, Source Address, Destination Address, Service, Keyword, and Search fields when you show the filter. Type the IP address of the destination of the incoming packet when addresses specified in the Send Log To field on the Log Settings page. Click this to update User's Guide - ZyXEL NWA3160-N | User Guide - Page 99
destination IP address and the port number of the event that generated the log message. Note This field displays any additional information about the log message. The Web Configurator saves the filter settings if you leave the View Log screen and return to it later. NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 100
. init - Indicates the query has not been initialized. querying - Indicates the query is in process. fail - Indicates the query failed. success - Indicates the query succeeded. AP Information This displays the MAC address for the selected AP. NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 101
AP that you want displayed. Priority Note: This criterion only appears when you Show Filter. Select a priority level to use for filtering displayed log messages. Source Address Note: This criterion only appears when you Show Filter. Enter a source IP address Click this to start the log query - ZyXEL NWA3160-N | User Guide - Page 102
AP Log (continued) LABEL DESCRIPTION Source This displays the source IP address of the selected log message. Destination This displays the source IP address of the selected log message. Note This displays any notes associated with the selected log message. 102 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 103
, which determines whether the NWA3000-N series AP is used in its default standalone mode, or as part of a Control And Provisioning of Wireless Access Points (CAPWAP) network. 7.2 About CAPWAP The NWA3000-N series AP supports CAPWAP. This is ZyXEL's implementation of the CAPWAP protocol (RFC 5415 - ZyXEL NWA3160-N | User Guide - Page 104
can be a standalone AP (default), a CAPWAP managed AP, or a CAPWAP AP controller. 7.2.1 CAPWAP Discovery and Management The link between CAPWAP-enabled access points proceeds as follows: 1 An AP in managed AP mode joins a wired network (receives a dynamic IP address). 2 The AP sends out a discovery - ZyXEL NWA3160-N | User Guide - Page 105
Mode • Configure DHCP option 138 with the IP address of the CAPWAP AP controller on your network. DHCP Option 138 allows the CAPWAP management request (from the AP in managed AP mode) to reach the AP controller in a different subnet, as shown in the following figure. Figure 39 CAPWAP and DHCP - ZyXEL NWA3160-N | User Guide - Page 106
the NWA3000-N series AP can be configured ONLY by the management AP. If you do not have an AP controller on your network and want to return the NWA3000-N series AP to standalone mode, you must use the its physical RESET button or the commands. All settings are returned to their default values. Click - ZyXEL NWA3160-N | User Guide - Page 107
fields. • If your ISP dynamically assigns the DNS server IP addresses (along with the NWA3000-N series AP's WAN IP address), set the DNS server fields to get the DNS server address from the ISP. • You can manually enter the IP addresses of other DNS servers. NWA3000-N Series User's Guide 107 - ZyXEL NWA3160-N | User Guide - Page 108
Chapter 8 LAN Setting 8.2 LAN Setting This screen lists every Ethernet interface. To access this screen, click Configuration > LAN Setting. Figure 41 Configuration > LAN Setting 108 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 109
get a reply for any of the other servers. This displays whether the DNS server IP address is assigned by a DHCP server dynamically (From DHCP), is configured manually (User-Defined), or is the default entry the NWA3000-N series AP uses if it cannot get a reply for any of the other servers. NWA3000 - ZyXEL NWA3160-N | User Guide - Page 110
to access this screen. Figure 42 Configuration > LAN Setting > Add The following table describes the labels in this screen. Table 35 Configuration > LAN Setting > Add LABEL DESCRIPTION Type Select User-Defined to manually enter a DNS server's IP address. DNS Server OK Cancel Select From DHCP - ZyXEL NWA3160-N | User Guide - Page 111
9.1 Overview Use the Wireless screens to configure how the NWA3000-N series AP manages the Access Point that are connected to it. 9.1.1 What You Can Do in this Chapter • The Controller screen (Section 9.2 on page 112) sets how the NWA3000-N series AP allows new APs to connect to the network. This is - ZyXEL NWA3160-N | User Guide - Page 112
screen to set how the NWA3000-N series AP allows new APs to connect to the network. This is available when the NWA3000-N series AP is in controller mode. Click Configuration > Wireless > Controller to access this screen. Figure 43 Configuration > Wireless > Controller Each field is described in the - ZyXEL NWA3160-N | User Guide - Page 113
37 Configuration > Wireless > AP Management (Controller Mode) LABEL DESCRIPTION Edit Select an AP and click this button to edit its properties. Remove Select an AP and click this button to remove it from the list. Reboot # IP Address MAC Model R1 Mode / Profile R2 Mode / Profile Mgnt. VLAN ID - ZyXEL NWA3160-N | User Guide - Page 114
Chapter 9 Wireless Figure 45 Configuration > Wireless > AP Management (Standalone Mode) The following fields display if the NNWA3000-N series AP is in standalone mode. Table 38 Configuration > Wireless > AP Management (Standalone Mode) LABEL DESCRIPTION Model This field displays the AP's - ZyXEL NWA3160-N | User Guide - Page 115
is described in the following table. Table 39 Configuration > Wireless > Edit AP List LABEL DESCRIPTION Create new Object Use this menu to create a new Radio or SSID object to associate with this AP. MAC Address This displays the MAC address of the selected AP. Model This field displays the - ZyXEL NWA3160-N | User Guide - Page 116
rogue AP is a wireless access point operating in a network's coverage area that is not under the control of the network administrator, and which can potentially open up holes in a network's security. Click Configuration > Wireless > MON Mode to access this screen. 116 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 117
remove. Containment Click this button to quarantine the selected AP. Dis-Containment # Containment Role MAC Address A quarantined AP cannot grant access to any network services. Any stations that attempt to connect to a quarantined AP are disconnected automatically. Click this button to stop the - ZyXEL NWA3160-N | User Guide - Page 118
Each field is described in the following table. Table 41 Configuration > Wireless > MON Mode > Add/Edit Rogue/Friendly LABEL DESCRIPTION MAC Address Enter the MAC address of the AP you want to add to the list. A MAC address is a unique hardware identifier in the following hexadecimal format: xx - ZyXEL NWA3160-N | User Guide - Page 119
with changes unsaved. 9.5 Load Balancing Use this screen to configure wireless network traffic load balancing between the APs on your network. Click Configuration > Wireless > Load Balancing to access this screen. Figure 49 Configuration > Wireless > Load Balancing Each field is described in the - ZyXEL NWA3160-N | User Guide - Page 120
the weakest signal strength will be kicked first. Apply Reset Note: If you enable this function, you should ensure that there are multiple APs within the broadcast radius that can accept any rejected or kicked wireless clients; otherwise, a wireless client attempting to connect to an overloaded - ZyXEL NWA3160-N | User Guide - Page 121
to see which devices have been idle the longest, then starts kicking them in order of highest idle time. If no connections are idle, the next criteria the NWA3000-N series AP analyzes is signal strength. Devices with the weakest signal strength are kicked first. NWA3000-N Series User's Guide 121 - ZyXEL NWA3160-N | User Guide - Page 122
Configuration > Wireless > DCS to access this screen. Figure 52 Configuration > Wireless > DCS Each field is described in the following table. Table 43 Configuration > Wireless > DCS LABEL DESCRIPTION Enable Dynamic Channel Selection Select this to have the NWA3000-N series AP automatically - ZyXEL NWA3160-N | User Guide - Page 123
-N series AP uses channels 1, 4, 7, 11 in this configuration; otherwise, the NWA3000-N series AP uses channels 1, 5, 9, 13 in this configuration. Four channel deployment expands your pool of possible channels while keeping the channel interference to a minimum. NWA3000-N Series User's Guide 123 - ZyXEL NWA3160-N | User Guide - Page 124
Wireless Table 43 Configuration > Wireless > DCS (continued) LABEL DESCRIPTION Enable 5-GHz DFS Aware Select this if your APs great, then the network administrator must open his AP configuration options and manually change the channel to one that no other AP is using (or Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 125
Wireless Three channels are situated in such a way as to create almost no interference with one another if used exclusively: 1, 6 and 11. When an AP broadcasts on any of these three channels, it should not interfere with neighboring APs : proximity to the affected AP, signal strength, activity, and - ZyXEL NWA3160-N | User Guide - Page 126
This means anyone can connect to his wireless network as long as the AP has the bandwidth to spare. If too many people connect and the AP hits its bandwidth cap then all new connections must basically wait for their turn or get shunted to the nearest identical AP. 126 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 127
series AP (also in controller mode) automatically take over if the master NWA3000-N series AP fails. Figure 56 Device HA Backup Taking Over for the Master A B In this example, device B is the backup for device A in the event something happens to it and prevents it from managing the wireless network - ZyXEL NWA3160-N | User Guide - Page 128
a text editor for example). 10.1.3 Before You Begin • Configure a static IP address for each interface that you will have device HA monitor. Note: Subscribe to services on the backup NWA3000-N series AP before synchronizing it with the master NWA3000-N series AP. 128 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 129
This field displays the interface's management IP address and subnet mask. You can use this IP address and subnet mask to access the NWA3000-N series AP whether it is in master or backup mode. This tells whether the monitored interface's connection is down or up. NWA3000-N Series User's Guide 129 - ZyXEL NWA3160-N | User Guide - Page 130
is a backup interface in the virtual router. It is not using the virtual IP address and subnet mask. Apply Reset Fault - This interface is not functioning in the virtual router right now. In active-passive mode (or in legacy mode with link monitoring enabled), if one of the master NWA3000-N series - ZyXEL NWA3160-N | User Guide - Page 131
activepassive mode device HA settings, view and manage the list of monitored interfaces, and synchronize backup NWA3000-N series APs. To access this screen, click Configuration > Device HA > Active-Passive Mode. Figure 58 Configuration > Device HA > Active-Passive Mode NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 132
number of configuration fields. Device Role Select the device HA role that the NWA3000-N series AP plays in the virtual router. Choices are: Master - This NWA3000-N series AP is the master NWA3000-N series AP in the virtual router. This NWA3000-N series AP uses the virtual IP address for each - ZyXEL NWA3160-N | User Guide - Page 133
Fully-Qualified Domain Name (FQDN) of the NWA3000-N series AP from which to get updated configuration. Usually, you should enter the IP address or FQDN of a virtual router on a secure network. Sync. Now Server Port If this NWA3000-N series AP is set to master role, this field displays the NWA3000 - ZyXEL NWA3160-N | User Guide - Page 134
enable or disable monitoring of an interface and set the interface's management IP address and subnet mask. To access this screen, click Configuration > Device HA > Active-Passive Mode > Edit. Figure 59 Device HA > Active-Passive Mode > Edit Monitored Interface 134 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 135
fields are blank if the interface is a DHCP client or has no IP settings. Manage IP Enter the interface's IP address for management access. You can use this IP address to access the NWA3000-N series AP whether it is the master or a backup. This management IP address should be in the same subnet as - ZyXEL NWA3160-N | User Guide - Page 136
. This is a virtual router IP address. NWA3000-N series AP A keeps it's LAN management IP address of 192.168.1.5 and NWA3000-N series AP B has its own LAN management IP address of 192.168.1.6. These do not change when NWA3000-N series AP B becomes the master. 136 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 137
are used in controlling access to configuration and services in the NWA3000-N series AP. User Types These are the types of user accounts the NWA3000-N series AP uses. Table 47 Types of User Accounts TYPE ABILITIES Admin Users admin Change NWA3000-N series AP configuration (web, CLI) LOGIN - ZyXEL NWA3160-N | User Guide - Page 138
Look at NWA3000-N series AP configuration (web, CLI) Access Users user Perform basic diagnostics (CLI) Used for the embedded RADIUS server and SNMPv3 user access Browse user-mode commands (CLI) LOGIN METHOD(S) WWW, TELNET, SSH, Console Note: The default admin account is always authenticated - ZyXEL NWA3160-N | User Guide - Page 139
as. Description • admin - this user can look at and change the configuration of the NWA3000-N series AP • limited-admin - this user can look at the configuration of the NWA3000-N series AP but not to change it • user - this user has access to the NWA3000-N series AP's services but cannot look at - ZyXEL NWA3160-N | User Guide - Page 140
Choices are: Password • admin - this user can look at and change the configuration of the NWA3000-N series AP • limited-admin - this user can look at the configuration of the NWA3000-N series AP but not to change it • user - this is used for embedded RADIUS server and SNMPv3 user access This field - ZyXEL NWA3160-N | User Guide - Page 141
screen controls default settings, login settings, lockout settings, and other user settings for the NWA3000-N series AP. You can also use this screen to specify when users must log in to the NWA3000-N series AP before it routes traffic for them. To access this screen, login to the Web Configurator - ZyXEL NWA3160-N | User Guide - Page 142
These authentication timeout settings are used by default when you create a new user account. They also control the settings for any existing user accounts that are set to use the default settings. You can still manually configure any user account's authentication timeout settings. Edit Double - ZyXEL NWA3160-N | User Guide - Page 143
can look at and change the configuration of the NWA3000-N series AP • limited-admin - this user can look at the configuration of the NWA3000-N series AP but not to change it • user - this is used for embedded RADIUS server and SNMPv3 user access This is the default lease time in minutes for each - ZyXEL NWA3160-N | User Guide - Page 144
for the selected type of user account. These default authentication timeout settings also control the settings for any existing user accounts that are set to use the default settings. You can still manually configure any user account's authentication timeout settings. To access this screen, go to - ZyXEL NWA3160-N | User Guide - Page 145
number of minutes this type of user account can be logged into the NWA3000-N series AP in one session before the user has to log in again. You Time, the user has no opportunity to renew the session without logging out. OK Click OK to save your changes back to the NWA3000-N series AP. Cancel Click - ZyXEL NWA3160-N | User Guide - Page 146
Chapter 11 User 146 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 147
12.1 Overview This chapter shows you how to configure preset profiles for the Access Points (APs) connected to your NWA3000-N series AP's wireless network. 12.1.1 What You Can Do in this Chapter • The Radio screen (Section 12.2 on page 149) creates radio configurations that can be used by the - ZyXEL NWA3160-N | User Guide - Page 148
Set IDentifier) is the name that identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID. In other words, it is the name of the wireless network that clients use to connect to it. WEP WEP (Wired Equivalent - ZyXEL NWA3160-N | User Guide - Page 149
allows you to create radio profiles for the APs on your network. A radio profile is a list of settings that an NWA3000-N series AP AP can use to configure either one of its two radio transmitters. To access this screen click Configuration > Object > AP Profile. Note: You can have a maximum of 32 - ZyXEL NWA3160-N | User Guide - Page 150
allows you to create a new radio profile or edit an existing one. To access this screen, click the Add button or select a radio profile from the list and click the Edit button. Figure 67 Configuration > Object > AP Profile > Add/Edit Profile (Standalone Mode) 150 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 151
if the NWA3000-N series AP is set to standalone mode. Select AP+Bridge to have the radio function as an access point and bridge simultaneously. Select Bridge/Repeater to have the radio function as a wireless network bridge / repeater and establish wireless links with other APs. 802.11 Band Select - ZyXEL NWA3160-N | User Guide - Page 152
sends the beacon again. The interval tells receiving devices on the network how long they can wait in low-power mode before waking up to handle the beacon. A high value helps save current consumption of the access point. Delivery Traffic Indication Message (DTIM) is the time period after which - ZyXEL NWA3160-N | User Guide - Page 153
support it for the WDS. Note: At the time of writing, this option is compatible with other ZyXEL NWA access points only. When you enable WDS security, for each access point in your WDS enter the AP's MAC address and a pre-shared key. Each access point can use a different pre-shared key. Configure - ZyXEL NWA3160-N | User Guide - Page 154
text to any device capable of scanning for wireless frequencies (such as the WiFi adapter in a laptop), and is displayed as the wireless network name when a person makes a connection to it. To access this screen click Configuration > Object > AP Profile > SSID. 154 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 155
AP. Figure 68 Configuration > Object > AP Profile > SSID List The following table describes the labels in this screen. Table 54 Configuration > Object > AP appears to wireless clients. VLAN ID This field indicates the VLAN ID associated with the SSID profile. NWA3000-N Series User's Guide 155 - ZyXEL NWA3160-N | User Guide - Page 156
the profile name. This name is only visible in the Web Configurator and is only for management purposes. Spaces and underscores are allowed. SSID Enter the SSID name for this profile. This is the name visible on the network to wireless clients. Enter up to 32 characters, spaces and underscores are - ZyXEL NWA3160-N | User Guide - Page 157
to your network through a particular SSID by wireless client MAC addresses. Any clients that have MAC addresses not in the MAC filtering profile of allowed addresses are denied connections. QoS The disable setting means no MAC filtering is used. Select a Quality of Service (QoS) access category to - ZyXEL NWA3160-N | User Guide - Page 158
allows you to manage wireless security configurations that can be used by your SSIDs. Wireless security is implemented strictly between the AP broadcasting the SSID and the stations that are connected to it. To access this screen click Configuration > Object > AP Profile > SSID > Security List - ZyXEL NWA3160-N | User Guide - Page 159
RADIUS server to be used for IP Address authentication. Radius Server Enter the port number of the RADIUS server to be used for Port authentication. Radius Server Enter the shared secret password of the RADIUS server to be used for Secret authentication. NWA3000-N Series User's Guide 159 - ZyXEL NWA3160-N | User Guide - Page 160
Server IP Address Enter the IP address of the external accounting server in dotted decimal notation. Accounting Server Port Enter the port number of the external accounting server. The default port number is 1813. You need not change this value unless your network administrator instructs you - ZyXEL NWA3160-N | User Guide - Page 161
Encryption Standard encryption method. It is a more recent development over TKIP and considerably more robust. Not all wireless clients may support this. Enter the interval (in seconds) at which the AP updates the group WPA encryption key. This is available when the profile is set to use wpa2 or - ZyXEL NWA3160-N | User Guide - Page 162
allow to permit the wireless client with the MAC addresses in this profile to connect to the network through the associated SSID; select deny to block the wireless clients with the specified MAC addresses. Add Click this to add a MAC address to the profile's list. NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 163
specifies a MAC address associated with this profile. Description This field displays a description for the MAC address associated with this profile. You can click the description to make it editable. Enter up to 60 characters, spaces and underscores allowed. NWA3000-N Series User's Guide 163 - ZyXEL NWA3160-N | User Guide - Page 164
Chapter 12 AP Profile 164 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 165
to set up monitor mode configurations that allow your connected APs to scan for other wireless devices in the vicinity. Once detected, you can use the MON Mode screen (Chapter 9 on of channels for other wireless devices broadcasting on the 802.11 frequencies. NWA3000-N Series User's Guide 165 - ZyXEL NWA3160-N | User Guide - Page 166
13.2 MON Profile This screen allows you to create monitor mode configurations that can be used by the APs. To access this screen, login to the Web Configurator, and click Configuration > Object > MON Profile. Figure 74 Configuration > Object > MON Profile The following table describes the labels in - ZyXEL NWA3160-N | User Guide - Page 167
the AP switch to the next sequential channel once the Channel dwell time expires. Select manual to set specific channels through which to cycle sequentially when the Channel dwell time expires. Selecting this options makes the Scan Channel List options available. NWA3000-N Series User's Guide 167 - ZyXEL NWA3160-N | User Guide - Page 168
information about the features described in this chapter. Rogue APs Rogue APs are wireless access points operating in a network's coverage area that are not under the control of the network's administrators, and can open up holes in a network's security. Attackers can take advantage of a rogue - ZyXEL NWA3160-N | User Guide - Page 169
, including sensitive data stored on the file server (C). Friendly APs If you have more than one AP in your wireless network, you should also configure a list of "friendly" APs. Friendly APs are other wireless access points that are detected in your network, as well as any others that you know are - ZyXEL NWA3160-N | User Guide - Page 170
Chapter 13 MON Profile 170 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 171
CHAPTER 14 Certificates 14.1 Overview The NWA3000-N series AP can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the whether data was signed by you, or by someone else. NWA3000-N Series User's Guide 171 - ZyXEL NWA3160-N | User Guide - Page 172
The NWA3000-N series AP uses certificates based on public-key cryptology to authenticate users attempting to establish . The NWA3000-N series AP does not trust a List). The NWA3000-N series AP can check a peer's certificate benefits. • The NWA3000-N series AP only has to store the certificates of - ZyXEL NWA3160-N | User Guide - Page 173
you never need to transmit private keys. Self-signed Certificates You can have the NWA3000-N series AP act as a certification authority and sign its own certificates. Factory Default Certificate The NWA3000-N series AP generates its own unique self-signed certificate when you first turn it on. This - ZyXEL NWA3160-N | User Guide - Page 174
fields. The secure method may very based on your situation. Possible examples would be over the telephone or through an HTTPS connection. 174 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 175
the certificate. Remove The NWA3000-N series AP keeps all of your certificates unless you specifically delete them. Uploading a new firmware or default configuration file does not delete your certificates. To that you give each certificate a unique name. NWA3000-N Series User's Guide 175 - ZyXEL NWA3160-N | User Guide - Page 176
Chapter 14 Certificates Table 62 Configuration > Object > Certificate > My Certificates (continued) LABEL DESCRIPTION Type This you can save a certificate to the NWA3000-N series AP. Click Refresh to display the current validity status of the certificates. 176 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 177
Add screen. Use this screen to have the NWA3000-N series AP create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request. Figure 78 Configuration > Object > Certificate > My Certificates > Add NWA3000-N Series User's Guide 177 - ZyXEL NWA3160-N | User Guide - Page 178
Configuration specify a Host IP Address, Host Domain Name IP address, domain name or e-mail address. Type the IP address (in dotted decimal notation), domain name or e-mail address in the field provided. The domain name or e-mail address . An e-mail address can be up NWA3000-N series AP generate the - ZyXEL NWA3160-N | User Guide - Page 179
Chapter 14 Certificates Table 63 Configuration > Object > Certificate > My Certificates > Add (continued) LABEL DESCRIPTION Create a certification request and save it locally for later manual enrollment Select this to have the NWA3000-N series AP generate and store a request for a certificate. - ZyXEL NWA3160-N | User Guide - Page 180
and return to the My Certificates screen. If you configured the My Certificate Create screen to have the NWA3000-N series AP enroll a certificate and the certificate enrollment is not properly if you want the NWA3000-N series AP to enroll a certificate online. 180 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 181
to open the My Certificate Edit screen. You can use this screen to view in-depth certificate information and change the certificate's name. Figure 79 Configuration > Object > Certificate > My Certificates > Edit NWA3000-N Series User's Guide 181 - ZyXEL NWA3160-N | User Guide - Page 182
table describes the labels in this screen. Table 64 Configuration > Object > Certificate > My Certificates > Edit the certificate itself is the only one in the list. The NWA3000-N series AP does not trust the certificate and displays "Not trusted" in this field . 182 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 183
AP uses RSA encryption) and the length of the key set in bits (1024 bits for example). Subject This field displays the certificate owner's IP address (IP), domain Alternative Name name (DNS) or e-mail address certificate's password and click this button. Click Save in the File Download screen. - ZyXEL NWA3160-N | User Guide - Page 184
Certificates screen. 14.2.3 Import Certificates Click Configuration > Object > Certificate > My Certificates > Import to open the My Certificate Import screen. Follow the instructions in this screen to save an existing certificate to the NWA3000-N series AP. Note: You can import a certificate that - ZyXEL NWA3160-N | User Guide - Page 185
new firmware or default configuration file does not delete your certificates. To remove an entry, select it and click Remove. The NWA3000-N series AP confirms you want to remove it before doing so. Subsequent certificates move up by one when you take this action. NWA3000-N Series User's Guide 185 - ZyXEL NWA3160-N | User Guide - Page 186
You cannot delete certificates that any of the NWA3000-N series AP's features are configured to use. Select an entry and click Object References to the NWA3000-N series AP. Refresh Click this button to display the current validity status of the certificates. 186 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 187
set whether or not you want the NWA3000-N series AP to check a certification authority's list of revoked certificates before trusting a certificate issued by the certification authority. Figure 82 Configuration > Object > Certificate > Trusted Certificates > Edit NWA3000-N Series User's Guide 187 - ZyXEL NWA3160-N | User Guide - Page 188
Type the IP address (in dotted decimal notation) of the directory server. Port Use this field to specify the LDAP server port number. You must use the same server port number that the directory server uses. 389 is the default server port number for LDAP. ID The NWA3000-N series AP may need - ZyXEL NWA3160-N | User Guide - Page 189
67 Configuration > the certificate's key pair (the NWA3000-N series AP uses RSA encryption) and the length of the 's owner's IP address (IP), domain Alternative Name name (DNS) or e-mail address (EMAIL). Key message digest that the NWA3000-N series AP calculated using the MD5 algorithm. You can - ZyXEL NWA3160-N | User Guide - Page 190
the instructions in this screen to save a trusted certificate to the NWA3000-N series AP. Note: You must remove any spaces from the certificate's filename before you can import the certificate. Figure 83 Configuration > Object > Certificate > Trusted Certificates > Import 190 NWA3000-N Series User - ZyXEL NWA3160-N | User Guide - Page 191
network traffic since the NWA3000-N series AP only gets information on the certificates that it needs to verify, not a huge list. When the NWA3000-N series AP requests certificate status information, the OCSP server returns a "expired", "current" or "unknown" response. NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 192
Chapter 14 Certificates 192 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 193
(Section 15.7 on page 214) configures Telnet for accessing the NWA3000-N series AP's command line interface. • The FTP screen (Section 15.8 on page 215) specifies FTP server settings. You can upload and download the NWA3000-N series AP's firmware and configuration files using FTP. Please also see - ZyXEL NWA3160-N | User Guide - Page 194
last-saved settings. 15.3 Date and Time For effective scheduling and logging, the NWA3000-N series AP system time must be accurate. The NWA3000-N series AP has a software mechanism to set the time manually or get the current time and date from an external server. 194 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 195
AP uses the new setting once you click Apply. New Time (hhmm-ss) This field displays the last updated time from the time server or the last time configured manually. When you set Time and Date Setup to Manual, enter the new time in this field and then click Apply. NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 196
following circumstances. • When the NWA3000-N series AP starts up. • When you click Apply or Synchronize Now in this screen. • 24-hour intervals after starting up. Time Server Address Enter the IP address or URL of your time server. Check with your ISP/ network administrator if you are unsure of - ZyXEL NWA3160-N | User Guide - Page 197
Configure Apply Reset For AP for the first time, the date and time start at 2003-01-01 00:00:00. The NWA3000-N series AP then attempts to synchronize with one of the following pre-defined list of Network Default Time Servers 0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org When the NWA3000-N series AP AP - ZyXEL NWA3160-N | User Guide - Page 198
series AP date and time from a time server: 1 Click System > Date/Time. 2 Select Get from Time Server under Time and Date Setup. 3 Under Time Zone Setup, select your Time Zone from the list. 4 Under Time and Date Setup, enter a Time Server Address. 5 Click Apply. 198 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 199
Your NWA3000-N series AP supports 9600, 19200, 38400, 57600, and 115200 bps (default) for the console port. Apply Reset The Console Port Speed applies to a console port connection using terminal emulation software and NOT the Console in the NWA3000-N series AP Web Configurator Status screen. Click - ZyXEL NWA3160-N | User Guide - Page 200
Service Access From the WAN 15.5.1 Service Access Limitations A service cannot be used to access the NWA3000-N series AP when you have disabled that service the User screens. 15.5.3 HTTPS You can set the NWA3000-N series AP to use HTTP or HTTPS (HTTPS adds security) for Web Configurator User's Guide - ZyXEL NWA3160-N | User Guide - Page 201
Note: If you disable HTTP in the WWW screen, then the NWA3000-N series AP blocks all HTTP connection attempts. 15.5.4 Configuring WWW Service Control Click Configuration > System > WWW to open the WWW screen. Use this screen to specify HTTP or HTTPS settings. NWA3000-N Series User's Guide 201 - ZyXEL NWA3160-N | User Guide - Page 202
requests to the HTTPS server. HTTP Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA3000-N series AP Web Configurator using HTTP connections. 202 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 203
System Table 73 Configuration > System > WWW > Service Control (continued) LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service to access the NWA3000-N series AP. Apply Click Apply - ZyXEL NWA3160-N | User Guide - Page 204
series AP's factory default certificate is the NWA3000-N series AP itself since AP. You must have imported at least one trusted CA to the NWA3000-N series AP in order for the Authenticate Client Certificates to be active (see the Certificates chapter for details). 204 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 205
the NWA3000-N series AP's Trusted CA Web Configurator screen). Figure 93 Trusted Certificates The CA sends you a package containing the CA's trusted certificate(s), your personal certificate(s) and a password to install the personal certificate(s). 15.5.5.5 Installing the CA's Certificate 1 Double - ZyXEL NWA3160-N | User Guide - Page 206
shown earlier in this appendix. 15.5.5.6 Installing a Personal Certificate You need a password in advance. The CA may issue the password or you may have to specify it during the enrollment. Double-click the Browse if you wish to import a different certificate. 206 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 207
3 Enter the password given to you by the CA. Chapter 15 System 4 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location. NWA3000-N Series User's Guide 207 - ZyXEL NWA3160-N | User Guide - Page 208
when the certificate is correctly installed on your computer. 15.5.5.7 Using a Certificate When Accessing the NWA3000-N series AP To access the NWA3000-N series AP via HTTPS: 1 Enter 'https://NWA3000-N series AP IP Address/ in your browser's web address field. 208 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 209
AP's command line interface. SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. In the following figure, computer B on the Internet uses SSH NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 210
Chapter 15 System to securely connect to the WAN port of the NWA3000-N series AP (A) for a management session. Figure 94 SSH Communication Over the WAN Example 15.6.1 How SSH Works The server public key is checked against the saved version on the client computer. 210 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 211
on the NWA3000-N series AP for management using port 22 (by default). 15.6.3 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the NWA3000-N series AP over SSH. NWA3000-N Series User's Guide 211 - ZyXEL NWA3160-N | User Guide - Page 212
in this screen. Table 74 Configuration > System > SSH LABEL DESCRIPTION Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA3000-N series AP CLI using this service. Version 1 Select the - ZyXEL NWA3160-N | User Guide - Page 213
client program user's guide. 15.6.5.1 Example 1: Microsoft Windows This section describes how to access the NWA3000-N series AP using the Secure Shell Client program. 1 Launch the SSH client and specify the connection information (IP address, port number) for the NWA3000-N series AP. 2 Configure the - ZyXEL NWA3160-N | User Guide - Page 214
hosts. [email protected]'s password: 3 The CLI screen displays next. 15.7 Telnet You can use Telnet to access the NWA3000-N series AP's command line interface. Click Configuration > System > TELNET to configure your NWA3000-N series AP for remote Telnet access. Use this screen to enable - ZyXEL NWA3160-N | User Guide - Page 215
this screen. Table 75 Configuration > System > TELNET LABEL DESCRIPTION Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA3000-N series AP CLI using this service. Server Port You may - ZyXEL NWA3160-N | User Guide - Page 216
in this screen. Table 76 Configuration > System > FTP LABEL DESCRIPTION Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA3000-N series AP using this service. TLS required Select the - ZyXEL NWA3160-N | User Guide - Page 217
a manager station to manage and monitor the NWA3000-N series AP through the network. The NWA3000-N series AP supports SNMP version one (SNMPv1), version two (SNMPv2c), and SNMP allows a manager and agents to communicate for the purpose of accessing these objects. NWA3000-N Series User's Guide 217 - ZyXEL NWA3160-N | User Guide - Page 218
that is defined in RFC-1213 and RFC1215. The NWA3000-N series AP also supports private MIBs (ZYXEL-ESCAPWAP.MIB, ZYXEL-ES-COMMON.MIB, ZYXEL-ES-HYBRIDAP.MIB, ZYXEL-ESPROWLAN.MIB, ZYXEL-ES-RFMGMT.MIB, ZYXEL-ES-SMI.MIB, and ZYXEL-ESWIRELESS.MIB) to collect information about CPU and memory usage and VPN - ZyXEL NWA3160-N | User Guide - Page 219
, which is the password sent with each trap to the SNMP manager. The default is public and allows all requests. Destination Type the IP address of the station to send your SNMP traps to. SNMPv2c Select this to allow SNMP managers using SNMPv2c to access the NWA3000-N series AP. Get Community - ZyXEL NWA3160-N | User Guide - Page 220
back to the NWA3000-N series AP. Reset Click Reset to return the screen to its last-saved settings. 15.9.4 Adding or Editing an SNMPv3 User Profile This screen allows you to add or edit an SNMPv3 user profile. To access this screen, click the Configuration > System > SNMP screen's Add button - ZyXEL NWA3160-N | User Guide - Page 221
The NWA3000-N series AP can use its internal Remote Authentication Dial In User Service (RADIUS) server to authenticate the wireless clients of trusted APs. RADIUS is a protocol that enables you to control access to a network by authenticating user credentials. NWA3000-N Series User's Guide 221 - ZyXEL NWA3160-N | User Guide - Page 222
uses, and maintain a list of trusted client APs. A trusted AP is an AP that uses the NWA3000-N series AP's internal RADIUS server to authenticate its wireless clients. Each wireless client must have a user name and password configured in the Object > Users screen. 222 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 223
series AP's internal RADIUS server uses for authenticating wireless clients connecting to trusted APs. Trusted Client Add Edit Remove Activate Inactivate # Status Note: It is recommended that you replace the factory default certificate with one that uses your NWA3000-N series AP's MAC address. Do - ZyXEL NWA3160-N | User Guide - Page 224
what part of the IP address is the same for all computers in the network. Description This field shows the information listed to help identify the trusted AP profile. Apply Click OK to save your changes back to the NWA3000-N series AP. Reset Click Reset to start configuring this screen afresh - ZyXEL NWA3160-N | User Guide - Page 225
the types of EAP authentication and the internal RADIUS authentication method used in your NWA3000-N series AP. Note: The internal RADIUS server does not support domain accounts (DOMAIN/ user). When you configure your Windows XP SP2 Wireless Zero Configuration PEAP/MS-CHAPv2 settings, clear the Use - ZyXEL NWA3160-N | User Guide - Page 226
Chapter 15 System 226 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 227
(Section 16.2 on page 227) configures how and where to send daily start or stop data collection and view various statistics about traffic passing through your NWA3000-N series AP. Note: Data collection may decrease the NWA3000-N series AP's traffic throughput rate. NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 228
Click Configuration > Log & Report > Email Daily Report to display the following screen. Configure this screen to have the NWA3000-N series AP e-mail you system statistics every day. Figure 108 Configuration > Log & Report > Email Daily Report (Standalone Mode) 228 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 229
this to discard all report data and start all of the counters over at zero. Apply Click Apply to save your changes back to the NWA3000-N series AP. Reset Click Reset to return the screen to its last-saved settings. 16.3 Log Setting These screens control log messages and alerts. A log message - ZyXEL NWA3160-N | User Guide - Page 230
. The Log Setting tab also controls what information is saved in each (such as log categories, e-mail addresses, server names, etc.) for any access this screen, click Configuration > Log & Report > Log Setting. Figure 109 Configuration > Log & Report > Log Setting 230 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 231
table describes the labels in this screen. Table 83 Configuration > Log & Report > Log Setting LABEL DESCRIPTION Edit you can view the log on the View Log tab. VRPT/Syslog - ZyXEL's Vantage Report, syslog-compatible format. Summary Active Log Summary Apply CEF/Syslog Series User's Guide 231 - ZyXEL NWA3160-N | User Guide - Page 232
Edit Log Settings This screen controls the detailed settings for each log in the system log (which includes the e-mail profiles). Go to the Log Settings Summary screen and click the system log Edit icon. Figure 110 Configuration > Log & Report > Log Setting > Edit 232 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 233
Table 84 Configuration > Log IP address of the outgoing SMTP server address from which the outgoing e-mail is delivered. This address is used in replies. Send Log To Type the e-mail address user name and password to the SMTP server. User Name This box , the NWA3000-N series AP will email logs to them - ZyXEL NWA3160-N | User Guide - Page 234
Configuration (red exclamation point) - e- red exclamation point) - address. This field displays each category of messages. It is the same value used in the Display and Category fields in the View Log tab. The Default AP point) for the e-mail settings specified in EMail Server 1. The NWA3000-N series AP - ZyXEL NWA3160-N | User Guide - Page 235
Chapter 16 Log and Report Table 84 Configuration > Log & Report > Log Setting > Edit (continued) LABEL DESCRIPTION Active Select this to activate log consolidation. Log screen. Cancel Click this to return to the previous screen without saving your changes. NWA3000-N Series User's Guide 235 - ZyXEL NWA3160-N | User Guide - Page 236
and Report 16.3.3 Edit Remote Server This screen controls the settings for each log in the remote server (syslog). Go to the Log Settings Summary screen and click a remote server Edit icon. Figure 111 Configuration > Log & Report > Log Setting > Edit Remote Server 236 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 237
screen. Table 85 Configuration > Log & Report /Syslog - ZyXEL's Vantage Report, syslog-compatible format. Server Address Log Facility the server name or the IP address of the syslog server to in the View Log tab. The Default category includes debugging messages generated by open User's Guide 237 - ZyXEL NWA3160-N | User Guide - Page 238
, where and how often log information is e-mailed or remote server names). To access this screen, go to the Log Settings Summary screen, and click the Active Log and each alert. (The Default category includes debugging messages generated by open source software.) 238 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 239
Configuration > Log & Report > Log Setting > Active Log Summary LABEL DESCRIPTION Active Log Summary If the NWA3000-N series AP is set to controller mode, the AC section controls logs generated by the controller and the AP section controls point) address. NWA3000-N Series User's Guide 239 - ZyXEL NWA3160-N | User Guide - Page 240
included in the log messages when it is e-mailed (green check mark) and/or in alerts (red exclamation point) for the e-mail settings specified in E-Mail Server 1. The NWA3000-N series AP does not e-mail debugging information, even if it is recorded in the System log. E-mail Server 2 E-mail Select - ZyXEL NWA3160-N | User Guide - Page 241
a configuration file, the NWA3000-N series AP uses the factory default settings for any features that the configuration file does not include. When you run a shell script, the NWA3000-N series AP only applies the commands that it contains. Other settings do not change. NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 242
scripts. This is explained below. Table 87 Configuration Files and Shell Scripts in the NWA3000-N series AP Configuration Files (.conf) Shell Scripts (.zysh) • Resets to default configuration. • Goes into CLI Privilege mode. • Goes into CLI Configuration mode. • Runs the commands in the shell - ZyXEL NWA3160-N | User Guide - Page 243
.conf when you restart the NWA3000-N series AP (whether through a management interface or by physically turning the power off and back on), the NWA3000-N series AP uses the systemdefault.conf configuration file with the NWA3000-N series AP's default settings. NWA3000-N Series User's Guide 243 - ZyXEL NWA3160-N | User Guide - Page 244
config.conf file and applies all of the valid commands. The NWA3000-N series AP still generates a log for any errors. Figure 113 Maintenance > File Manager > Configuration File Do not turn off the NWA3000-N series AP while configuration file upload is in progress. 244 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 245
file's row to select it and click Remove to delete it from the NWA3000-N series AP. You can only delete manually saved configuration files. You cannot delete the system-default.conf, startup-config.conf and lastgood.conf files. A pop-up window asks you to confirm that you want to delete - ZyXEL NWA3160-N | User Guide - Page 246
, the console port may be the only way to access the device. Immediately stop applying the configuration file and roll back to the previous configuration - this gets the NWA3000-N series AP started with a fully valid configuration file as quickly as possible. Ignore errors and finish applying the - ZyXEL NWA3160-N | User Guide - Page 247
. Select this file and click Apply to reset all of the NWA3000-N series AP settings to the factory defaults. This configuration file is included when you upload a firmware package. The startup-config.conf file is the configuration file that the NWA3000N series AP is currently using. If you make and - ZyXEL NWA3160-N | User Guide - Page 248
the CLI Reference Guide for how to determine if you need to recover the firmware and how to recover it. Find the firmware package at www.zyxel.com in a file that (usually) uses a .bin extension. The firmware update can take up to five minutes. Do not turn off or reset the NWA3000-N series AP while - ZyXEL NWA3160-N | User Guide - Page 249
see the following icon on your desktop. Figure 115 Network Temporarily Disconnected After five minutes, log in again and check your new firmware version in the Dashboard screen. 17.4 Shell Script Use shell script files to have the NWA3000-N series AP use commands that you specify. Use a text editor - ZyXEL NWA3160-N | User Guide - Page 250
configuration file. Click AP. Download Click a shell script file's row to select it and click Download to save the configuration to your computer. Copy Use this button to save a duplicate of a shell script file on the NWA3000-N series AP -N series AP. File - ZyXEL NWA3160-N | User Guide - Page 251
the .zysh file you want to upload. Upload Click Upload to begin the upload process. This process may take up to several minutes. NWA3000-N Series User's Guide 251 - ZyXEL NWA3160-N | User Guide - Page 252
Chapter 17 File Manager 252 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 253
-N series AP. 18.2 Diagnostics This screen provides an easy way for you to generate a file containing the NWA3000-N series AP's configuration and diagnostic information. You may need to generate this file and send it to customer support during troubleshooting. NWA3000-N Series User's Guide 253 - ZyXEL NWA3160-N | User Guide - Page 254
Packet Capture Use this screen to capture network traffic going through the NWA3000-N series AP's interfaces. Studying these packet captures may help you identify network problems. Click Maintenance > Diagnostics > Packet Capture to open the packet capture screen. 254 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 255
for which to capture packets. Select any to capture packets for all hosts. Select User Defined to be able to enter an IP address. Host Port This field is configurable when you set the IP Type to any, tcp, or udp. Specify the port number of traffic to capture. NWA3000-N Series User's Guide 255 - ZyXEL NWA3160-N | User Guide - Page 256
have the NWA3000-N series AP capture packets according to the settings configured in this screen. You can configure the NWA3000-N series AP while a packet capture is files of packet captures the NWA3000-N series AP has performed. You can download the files to your 256 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 257
(also known as a network or protocol analyzer) such that you want to delete. Download Click a file to select it and click Download to save it to your computer the size (in bytes) of a configuration file. Last Modified This column displays AP truncated the frame NWA3000-N Series User's Guide 257 - ZyXEL NWA3160-N | User Guide - Page 258
screen to capture wireless network traffic going through the AP interfaces connected to your NWA3000-N series AP. Studying these frame captures may help you identify network problems. Click Maintenance > Diagnostics > Wireless Frame Capture to display this screen. 258 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 259
network are currently configured for monitor mode. Capture MON Mode APs Misc Setting Use the arrow buttons to move APs off this list and onto the Captured MON Mode APs list. This column displays the monitor-mode configured APs selected to for wireless frame capture. NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 260
have the NWA3000-N series AP capture frames according to the settings configured in this screen. You can configure the NWA3000-N series AP while a frame capture is combined capture file for all APs. Click this button to return the screen to its last-saved settings. 260 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 261
wireless frame captures the NWA3000-N series AP has performed. You can download the files to your computer where you can study them using a packet analyzer (also known as a network displays the size (in bytes) of a configuration file. Last Modified This column displays the date and time that - ZyXEL NWA3160-N | User Guide - Page 262
Chapter 18 Diagnostics 262 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 263
; reset returns the device to its default configuration. 19.2 Reboot This screen allows remote users can restart the device. To access this screen, click Maintenance > Reboot. Figure 123 Maintenance > Reboot Click the Reboot button to restart the NWA3000-N series AP. Wait a few minutes until the - ZyXEL NWA3160-N | User Guide - Page 264
Chapter 19 Reboot 264 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 265
different to reset; reset returns the device to its default configuration. 20.2 Shutdown To access this screen, click Maintenance > Shutdown. Figure 124 Maintenance > Shutdown Click the Shutdown button to shut down the NWA3000-N series AP. Wait for the device to shut down before you manually turn - ZyXEL NWA3160-N | User Guide - Page 266
Chapter 20 Shutdown 266 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 267
you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • NWA3000-N series AP Access and Login • Internet Access • Wireless AP Troubleshooting • Resetting the NWA3000-N series AP 21.2 Power, Hardware Connections, and LEDs - ZyXEL NWA3160-N | User Guide - Page 268
its factory defaults. See Section 21.6 on page 277. I cannot see or access the Login screen in the web configurator. 1 Make sure you are using the correct IP address. • The default IP address is 192.168.1.2. • If you changed the IP address, use the new IP address. 268 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 269
is no DHCP server on your network, make sure your computer's IP address is in the same subnet as the NWA3000-N series AP. 5 Reset the device to its factory defaults, and try to access the NWA3000-N series AP with the default IP address. See your Quick Start Guide. 6 If the problem continues, contact - ZyXEL NWA3160-N | User Guide - Page 270
21 Troubleshooting 1 Make sure you have entered the user name and password correctly. The default password is 1234. This fields are case-sensitive, so make sure [Caps Lock] is not on. 2 You cannot log in to the web configurator while someone is using Telnet to access the NWA3000-N series AP. Log - ZyXEL NWA3160-N | User Guide - Page 271
. 3 If you are trying to access the Internet wirelessly, make sure the wireless settings on the wireless client are the same as the settings on the AP. 4 Disconnect all the cables from your device, and follow the directions in the Quick Start Guide again. 5 If the problem continues, contact your ISP - ZyXEL NWA3160-N | User Guide - Page 272
that you use a more effective security mechanism. Use the strongest security mechanism that all the wireless devices in your network support. WPA2 or WPA2-PSK is recommended. The wireless security is not following the re-authentication timer setting I specified. 272 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 273
all use the same device HA mode (active- passive). • Configure a static IP address for each interface that you will have device HA monitor. • Configure a separate management IP address for each interface. You can use it to access the NWA3000-N series AP for management whether the NWA3000-N series - ZyXEL NWA3160-N | User Guide - Page 274
many programs use text files by default. I can only see newer logs. Older logs are missing. When a log reaches the maximum number of log messages, new log messages automatically overwrite existing log messages, starting with the oldest existing log message first. 274 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 275
the NWA3000-N series AP exit sub command mode. I cannot get the firmware uploaded using the commands. The Web Configurator is the recommended method for uploading firmware. You only need to use the command line interface if you need to recover the firmware. See the CLI Reference Guide for how to - ZyXEL NWA3160-N | User Guide - Page 276
21 Troubleshooting Wireless clients cannot connect to an AP. • There may be a configuration mismatch between the wireless clients and the AP. or an incorrect VLAN topology. See Chapter 4 on page 55 for a simple primer on basic network topology and management. • The wireless client's MAC address may - ZyXEL NWA3160-N | User Guide - Page 277
the power off and then on again. If you still cannot access the NWA3000-N series AP by any method or you forget the administrator password(s), you can reset the NWA3000-N series AP to its factory-default settings. Any configuration files or shell scripts that you saved on the NWA3000-N series - ZyXEL NWA3160-N | User Guide - Page 278
Chapter 21 Troubleshooting 21.7 Getting More Troubleshooting Help Search for support information for your model at www.zyxel.com for more troubleshooting suggestions. 278 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 279
series AP's hardware and firmware features. Table 96 Hardware Specifications Power Specification 12 V DC, 1.5 A Reset button Returns all settings to their factory defaults. Ethernet slot Operating Temperature 0 ~ 40 º C Storage Temperature -30 ~ 70 º C NWA3000-N Series User's Guide 279 - ZyXEL NWA3160-N | User Guide - Page 280
. Table 97 Firmware Specifications Default IP Address 192.168.1.2 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 Wireless LAN Standards IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, IEEE 802.11n Security and Control • WPA and WPA2 (Wi-Fi Protected Access) support, Mixed WPA - ZyXEL NWA3160-N | User Guide - Page 281
Control) from IEEE 802.11h allows a wider choice of 802.11a wireless channels. CAPWAP The ZyXEL Device can be managed via CAPWAP (Control And Provisioning of Wireless Access Points), which allows multiple APs to be configured and managed by a single AP controller. NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 282
to the wall. They need to hold the weight of the NWA3000-N series AP with the connection cables. 5 Align the holes on the back of the NWA3000-N series AP with the screws on the wall. Hang the NWA3000-N series AP on the screws. Figure 125 Wall-mounting Example 282 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 283
Chapter 22 Product Specifications The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm). Figure 126 Masonry Plug and M4 Tap Screw NWA3000-N Series User's Guide 283 - ZyXEL NWA3160-N | User Guide - Page 284
Chapter 22 Product Specifications 284 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 285
ZySH Logs LOG MESSAGE DESCRIPTION Invalid message queue. Maybe someone starts another zysh daemon. ZySH daemon is instructed to reset by %d 1st:pid num System integrity error! Group OPS entry name %s: cannot retrieve entries from list! 1st:zysh list name NWA3000-N Series User's Guide 285 - ZyXEL NWA3160-N | User Guide - Page 286
! 1st:zysh table name %s: apply failed at main stage! 1st:zysh table name %s: apply failed at closing stage! 1st:zysh table name 286 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 287
NWA3000-N series AP is blocking login attempts on the console port. Too many failed login attempts were made from an IP address so the NWA3000-N series AP is blocking login attempts from that IP address. %u.%u.%u.%u: the source address of the user's login attempt NWA3000-N Series User's Guide 287 - ZyXEL NWA3160-N | User Guide - Page 288
according to the access from %s access control configuration. User %s has been denied access from %s %s: service name The NWA3000-N series AP blocked a login attempt by the specified user name because of an invalid user name or password. LDAP/AD: Wrong IP or Port. IP:%s, Port: %d Domain-auth - ZyXEL NWA3160-N | User Guide - Page 289
convert it to a key used for SSH. service will not work. %s is certificate name assigned by user TELNET port has been changed to port %s. user Console baud has been An administrator changed the console port baud rate back to reset to %d. the default (115200). Set timezone to %s. %d is default - ZyXEL NWA3160-N | User Guide - Page 290
Services Logs (continued) LOG MESSAGE DESCRIPTION Enable daylight saving. An administrator turned on daylight saving. Disable daylight saving. An administrator turned off daylight saving. The default trap to a remote host due to network error Table 101 System Logs LOG MESSAGE User's Guide - ZyXEL NWA3160-N | User Guide - Page 291
received the specified total number of ARP response packets for the requested IP address. Clear arp cache successfully. The ARP cache was cleared successfully. Client MAC address is not an Ethernet address A client MAC address is not an Ethernet address. NWA3000-N Series User's Guide 291 - ZyXEL NWA3160-N | User Guide - Page 292
HA Syncing from Master starts when user click "Sync %s starts. Now" using Auto Sync, %s: The IP of FQDN of Master. %s has no file to sync, Skip syncing it for %s. There is no file to be synchronized from the Master when syncing a object (AV/AS/IDP/Certificate/System Configuration), But in fact - ZyXEL NWA3160-N | User Guide - Page 293
be synchronized. Update %s for %s has failed: %s. Updating a certain object failed when updating (AS/AV/IDP/ Certificate/System Configuration) due to some reason. 1st %s: The object to be synchronized, 2ed %s: The feature name for the object to be synchronized. NWA3000-N Series User's Guide 293 - ZyXEL NWA3160-N | User Guide - Page 294
specified object failed. One of VRRP groups has became avtive. Device HA Sync has aborted from Master %s. %s: IP or FQDN of Master Master configuration file does not exist. Skip updating ZySH Startup Configuration. System internal error: 1st %s: error string, 2ed %s: the syncing object %s. Skip - ZyXEL NWA3160-N | User Guide - Page 295
MESSAGE DESCRIPTION VRRP interface %s has %s: The name of the VRRP interface. been brought up. Version for %s is the same, skip update CODE 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 failed. Path was not verified. Maximum path length reached. NWA3000-N Series User's Guide 295 - ZyXEL NWA3160-N | User Guide - Page 296
A wireless client used an incorrect WPA or WPA2 user password and failed authentication by the NWA3000-N series AP's local user database while trying to connect to the specified WLAN interface (first %s). The MAC address of the wireless client is listed (second %s). NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 297
MAC address of the wireless client. Station accounting start. RADIUS accounting started. If you don't receive the success message, it may have failed. Station accounting success. RADIUS accounting succeeded. Table 104 Account Logs LOG MESSAGE DESCRIPTION Account %s %s has been A user deleted - ZyXEL NWA3160-N | User Guide - Page 298
is warning message when apply CLI command. Before apply configuration file. After the system reset, it started to apply the configuration file. Running %s... %s is configuration file name. An administrator ran the listed shell script. %s is script file name. Table 106 DHCP Logs LOG MESSAGE Can - ZyXEL NWA3160-N | User Guide - Page 299
(%s). The address configured for the server may be incorrect or there may be a problem with the NWA3000-N series AP's or the server's network connection. Table 108 CAPWAP Server Logs LOG MESSAGE DESCRIPTION WLAN Controller Start. Indicates that AP management services has started. Registration - ZyXEL NWA3160-N | User Guide - Page 300
2x%02x%02x, Model:%s, Name:%s Indicates that the AP on the Managed List had its firmware upgraded. 1st %02x ~ 6th %02x: Managed AP MAC Address. 7th %s: Managed AP Model Name. 8th %s: Managed AP Description. Start Send Configuration to Managed AP. MACAddr:%02x%02x%02x%0 2x%02x%02x, Model:%s, Name - ZyXEL NWA3160-N | User Guide - Page 301
LOG MESSAGE DESCRIPTION Start Send Updating Configuration to Managed AP. MACAddr:%02x%02x%02x%0 2x%02x%02x, Model:%s, Name:%s Indicates that a Send Updating Configuration request was sent to an AP on the Managed List. 1st %02x ~ 6th %02x: Managed AP MAC Address. 7th %s: Managed AP Model Name. 8th - ZyXEL NWA3160-N | User Guide - Page 302
client's firmware was upgraded by the WLAN controller. 1st %s: WLAN Controller IP Address." Apply configuration by The WLAN controller successfully applied configuration. a WLAN Controller Success. %s 1st %s: Complete Updating" Managed AP Configuration Flush. %s The managed AP reset ZySH for - ZyXEL NWA3160-N | User Guide - Page 303
the specified station was removed from an AP's %02x:%02x:%02x:%02x wireless network because the AP became overloaded. :%02x:%02x Table 111 Rogue AP Logs LOG MESSAGE DESCRIPTION rogue ap detection is enabled. Indicates that rogue AP detection is enabled. NWA3000-N Series User's Guide 303 - ZyXEL NWA3160-N | User Guide - Page 304
that the NWA3000-N series AP failed to initialize zylog. DCS has changed the wireless interface %s channel from %d to channel %d. 1st %s: interface name 1st %d: current channel dcs is terminated! 2nd %d: new channel DCS was terminated for an unknown reason. 304 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 305
such as VeriSign, Comodo, or Network Solutions, to name a few that the site is legitimate. Many ZyXEL products, such as the NSA-2401, you will need to import the ZyXEL-created certificate into your web browser website if the URL in your web browser's address bar begins with https:// or there is a - ZyXEL NWA3160-N | User Guide - Page 306
device's Web Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. 2 Click Continue to this website (not recommended). 3 In the Address Bar, click Certificate Error > View certificates. 306 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 307
Appendix B Importing Certificates 4 In the Certificate dialog box, click Install Certificate. 5 In the Certificate Import Wizard, click Next. NWA3000-N Series User's Guide 307 - ZyXEL NWA3160-N | User Guide - Page 308
then click Browse. 8 In the Select Certificate Store dialog box, choose a location in which to save the certificate and then click OK. 308 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 309
Appendix B Importing Certificates 9 In the Completing the Certificate Import Wizard screen, click Finish. 10 If you are presented with another Security Warning, click Yes. 11 Finally, click OK when presented with the successful certificate installation message. NWA3000-N Series User's Guide 309 - ZyXEL NWA3160-N | User Guide - Page 310
Appendix B Importing Certificates 12 The next time you start Internet Explorer and go to a ZyXEL Web Configurator page, a sealed padlock icon appears in the address bar. Click it to view the page's Website Identification information. Installing a Stand-Alone Certificate File in Internet Explorer - ZyXEL NWA3160-N | User Guide - Page 311
in Internet Explorer 7 on Windows XP. 1 Open Internet Explorer and click Tools > Internet Options. 2 In the Internet Options dialog box, click Content > Certificates. NWA3000-N Series User's Guide 311 - ZyXEL NWA3160-N | User Guide - Page 312
Yes. 6 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. 312 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 313
can also apply to Firefox 2 on all platforms. 1 If your device's Web Configurator is set to use SSL certification, then the first time you browse to it stored and you can now connect securely to the Web Configurator. A sealed padlock appears in the address bar, which you can click to open the Page - ZyXEL NWA3160-N | User Guide - Page 314
Certificates Installing a Stand-Alone Certificate File in Firefox Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can install a stand- Options dialog box, click Advanced > Encryption > View Certificates. 314 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 315
Select File dialog box to locate the certificate and then click Open. 5 The next time you visit the web site, click the padlock in the address bar to open the Page Info > Security window to see the web page's security information. NWA3000-N Series User's Guide 315 - ZyXEL NWA3160-N | User Guide - Page 316
Appendix B Importing Certificates Removing a Certificate in Firefox This section shows you how to remove a public key certificate in Firefox 2. 1 Open Firefox and click Tools > Options. 2 In the Options dialog box, click Advanced > Encryption > View Certificates. 316 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 317
, click OK. 5 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. NWA3000-N Series User's Guide 317 - ZyXEL NWA3160-N | User Guide - Page 318
Appendix B Importing Certificates 318 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 319
wireless clients or between a wireless client and a wired network client go through one access point (AP). Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 320
between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. 320 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 321
channels and an adjacent AP is using channel 1, then you need to select a channel between 6 or 11. RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a NWA3000-N Series User's Guide 321 - ZyXEL NWA3160-N | User Guide - Page 322
node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy. NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 323
. IEEE 802.11g Wireless LAN IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has NWA3000-N Series User's Guide 323 - ZyXEL NWA3160-N | User Guide - Page 324
is vital to your network to protect wireless communication between wireless clients, access points and the wired network. Wireless security methods available on the NWA3000-N series AP are data encryption, wireless client authentication, restricting access by device MAC address and hiding the - ZyXEL NWA3160-N | User Guide - Page 325
User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients - ZyXEL NWA3160-N | User Guide - Page 326
multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802 - ZyXEL NWA3160-N | User Guide - Page 327
access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key. You must configure Layer Service) EAP - ZyXEL NWA3160-N | User Guide - Page 328
AP and the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless - ZyXEL NWA3160-N | User Guide - Page 329
WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. Encryption WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP - ZyXEL NWA3160-N | User Guide - Page 330
patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it. WPA(2) with RADIUS Application Example To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and - ZyXEL NWA3160-N | User Guide - Page 331
checks each wireless client's password and allows it to join the network only if the password matches. 3 The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. NWA3000-N Series User's Guide 331 - ZyXEL NWA3160-N | User Guide - Page 332
Appendix C Wireless LANs 4 The AP and wireless clients use the TKIP or AES configure for each authentication method or key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 117 Wireless Yes Disable 332 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 333
User License Agreement for "NWA3160-N" WARNING: ZyXEL ZYXEL MAY HAVE DISTRIBUTED TO YOU HARDWARE AND/OR SOFTWARE, OR MADE AVAILABLE FOR ELECTRONIC DOWNLOADS , for up to the number of users specified in sales order and invoice. You have the ZyXEL. You may not remove NWA3000-N Series User's Guide 333 - ZyXEL NWA3160-N | User Guide - Page 334
part thereof, in the operation of a service bureau or for the benefit of any other access to certain third party software as a convenience. To the extent that the Software contains third party software, ZyXEL has no express or implied obligation to provide any technical or other support User's Guide - ZyXEL NWA3160-N | User Guide - Page 335
by destroying or returning to ZyXEL all copies of the Software and Documentation in your possession or under your control. ZyXEL may terminate this License Agreement , we will give to anyone who contacts us at the ZyXEL Technical Support ([email protected]), for a charge of no more than our - ZyXEL NWA3160-N | User Guide - Page 336
, for any purpose, except the express written permission of ZyXEL Communications Corporation. This Product includes ntp software under the NTP both the copyright notice and this permission notice appear in supporting documentation, and that the name University of Delaware not -N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 337
are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact [email protected]. OpenSSL License NWA3000-N Series User's Guide 337 - ZyXEL NWA3160-N | User Guide - Page 338
"OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following 338 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 339
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND (C) 1995-1998 Eric Young ([email protected]) * All rights reserved. * NWA3000-N Series User's Guide 339 - ZyXEL NWA3160-N | User Guide - Page 340
cryptographic software written by * Eric Young ([email protected])" * The word 'cryptographic' can be left out if the rouines from the library 340 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 341
, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY itself to be used under the three-clause license. NWA3000-N Series User's Guide 341 - ZyXEL NWA3160-N | User Guide - Page 342
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED OF SUCH DAMAGE. This Product includes bind and dhcp software under the ISC License ISC license Copyright (c) 4-digit year, Company or - ZyXEL NWA3160-N | User Guide - Page 343
other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the limited to software source code, documentation source, and configuration files. "Object" form shall mean any form Series User's Guide 343 - ZyXEL NWA3160-N | User Guide - Page 344
or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor Your modifications, or for any such Derivative Works as a whole, NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 345
License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights NWA3000-N Series User's Guide 345 - ZyXEL NWA3160-N | User Guide - Page 346
, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY License, version 2, hence the version number 2.1. Preamble 346 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 347
freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can version, so that the original author's reputation will not be affected by problems that might be introduced by others. Finally, software patents pose a User's Guide 347 - ZyXEL NWA3160-N | User Guide - Page 348
General Public License (also called "this License"). Each licensee is addressed as "you". A "library" means a collection of software associated interface definition files, plus the scripts used to control compilation and installation of the library. Activities other than NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 349
entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. In of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from User's Guide 349 - ZyXEL NWA3160-N | User Guide - Page 350
the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. e) Verify that the user has already received a copy of enforcing compliance by third parties with this License. 350 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 351
to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. IN NO EVENT UNLESS REQUIRED BY User's Guide 351 - ZyXEL NWA3160-N | User Guide - Page 352
END OF TERMS AND CONDITIONS. This Product includes arp-sk, bridge-utils, busybox, dhcpcd, dhcp-helper, freeradius-server, gd, hostapd, iproute2, ipset, iptables, , so that any problems introduced by others will not reflect on the original authors' reputations. 352 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 353
"modification".) Each licensee is addressed as "you". Activities other than when run, you must cause it, when started running for such interactive use in the most rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the User's Guide 353 - ZyXEL NWA3160-N | User Guide - Page 354
any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 355
to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY User's Guide 355 - ZyXEL NWA3160-N | User Guide - Page 356
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY to use, copy, modify and distribute this software and its NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 357
both that copyright notice and this permission notice appear in supporting documentation, and that the name of CMU and The Regents . ---- Part 2: Networks Associates Technology, Inc copyright notice (BSD) ----- Copyright (c) 2001-2003, Networks Associates Technology, Inc All Series User's Guide 357 - ZyXEL NWA3160-N | User Guide - Page 358
with the distribution. * Neither the name of the Networks Associates Technology, Inc nor the names of its contributors (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 359
INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) (BSD) ----Copyright © 2003 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. NWA3000-N Series User's Guide 359 - ZyXEL NWA3160-N | User Guide - Page 360
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY , Inc copyright notice (BSD) ----- Copyright (c) 2003-2009, Sparta, Inc NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 361
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND copyright notice (BSD) ----- Copyright (c) 2004, Cisco, Inc and Information Network NWA3000-N Series User's Guide 361 - ZyXEL NWA3160-N | User Guide - Page 362
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 7: Fabasoft R&D Software GmbH & Co KG copyright notice (BSD) ----- 362 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 363
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY , EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. NWA3000-N Series User's Guide 363 - ZyXEL NWA3160-N | User Guide - Page 364
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 364 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 365
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH NWA3000-N Series User's Guide 365 - ZyXEL NWA3160-N | User Guide - Page 366
following disclaimer in the documentation and/or other materials provided with the distribution, and 3. Redistributions must contain a verbatim copy of this document. 366 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 367
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) holders must not be used in advertising or otherwise to promote the sale, use or other dealing in this Software without specific, written prior Series User's Guide 367 - ZyXEL NWA3160-N | User Guide - Page 368
with all faults, and the entire risk of satisfactory quality, performance, accuracy, and effort is with the user. libpng versions 0.97, January 1998, through 1.0.6, March 20, 2000, are Copyright (c) 1998, 1999 added to the list of Contributing Authors: Tom Lane 368 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 369
, expressed or implied, including, without limitation, the warranties of merchantability and of fitness for any purpose. The Contributing Authors and Group 42, Inc. NWA3000-N Series User's Guide 369 - ZyXEL NWA3160-N | User Guide - Page 370
. specifically permit, without fee, and encourage the use of this source code as a component to supporting the PNG file format in commercial products. If you use this source code in a product, acknowledgment .png" and "pngbar.jpg (88x31) and "pngnow.png" (98x31). 370 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 371
Source is a certification mark of the Open Source Initiative. Glenn Randers-Pehrson glennrp at users.sourceforge.net February 25, 2010 This Product includes libmd5-rfc software under the Zlib/libpng may not be removed or altered from any source distribution. NWA3000-N Series User's Guide 371 - ZyXEL NWA3160-N | User Guide - Page 372
Appendix D Open Software Announcements 372 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 373
manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimers ZyXEL ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc User's Guide 373 - ZyXEL NWA3160-N | User Guide - Page 374
can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference Rules. Operation is subject to the following two conditions: NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 375
ohms. To reduce potential radio interference to other users, the antenna type and its gain should be systems; users should also be cautioned to take note that high-power radars are allocated as primary users (meaning they . End users must follow the specific operating instructions for satisfying - ZyXEL NWA3160-N | User Guide - Page 376
designed for the WLAN 2.4 GHz and/or 5 GHz networks throughout the EC region and Switzerland, with restrictions in the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any -N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 377
may also refer to the warranty policy for the region in which you bought the device at http:// www.zyxel.com/web/support_warranty_info.php. Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com. NWA3000-N Series User's Guide 377 - ZyXEL NWA3160-N | User Guide - Page 378
Appendix E Legal Information 378 NWA3000-N Series User's Guide - ZyXEL NWA3160-N | User Guide - Page 379
AP 18, 22 AP (access point) 321 AP+Bridge 18 AP/Bridge 22 applications 18 AP/Bridge 22 Bridge/Repeater 18 MBSSID 22 B backing up configuration files 243 Basic Service Set see BSS Basic Service Set, See BSS 319 boot module 248 bridge 18, 22 NWA3000-N Series User's Guide Index Index Bridge/Repeater - ZyXEL NWA3160-N | User Guide - Page 380
-default.conf 247 uploading 247 uploading with FTP 215 use without restart 241 console port 25 speed 199 Control and Provisioning of Wireless Access Points See CAPWAP cookies 31 copyright 373 CPU usage 77, 80 CTS (Clear to Send) 322 current date/time 78, 194 daylight savings 196 setting manually - ZyXEL NWA3160-N | User Guide - Page 381
(IV) 329 installation 17 interface status 78 interfaces 107 as DHCP servers 194 configuration overview 50 prerequisites 51 interference 18 Internal RADIUS Server Setting Screen 222, 224 Internet Explorer 31 Internet security gateway 17 IP address 280 IPSec VPN capability 281 J Java permissions 31 - ZyXEL NWA3160-N | User Guide - Page 382
Check (MIC) 329 messages CLI 40 warning 38 mobile access 17 mode 18 model name 77 monitored interfaces 136 device HA 134 My Certificates, see also certificates 175 N Netscape Navigator 31 network 17 network bridge 18 Network Time Protocol (NTP) 197 O object-based configuration 49 objects 49, 51 - ZyXEL NWA3160-N | User Guide - Page 383
control and users 200 limitations 200 timeouts 200 Service Set 148 Service Set Identifier see SSID shell scripts 241 downloading 250 editing 249 how applied 242 managing 249 syntax 242 uploading 251 shutdown 29 Simple Certificate Enrollment Protocol (SCEP) 179 Simple Network Management Protocol - ZyXEL NWA3160-N | User Guide - Page 384
17 user authentication 137 user group objects 137 user groups 137 configuration overview 51 user name rules 139 user objects 137 users 137 access, see also access users admin (type) 137 admin, see also admin users and service control 200 configuration overview 51 currently logged in 78 default lease - ZyXEL NWA3160-N | User Guide - Page 385
24, 31 access 32 requirements 31 supported browsers 31 web configurator 17 WEP (Wired Equivalent Privacy) 148 Wi-Fi Protected Access 148, 328 wired network 17, 18 wireless channel 272 wireless client WPA supplicants 330 Wireless Distribution System (WDS) 22 wireless LAN 272 wireless security 23 - ZyXEL NWA3160-N | User Guide - Page 386
Index 386 NWA3000-N Series User's Guide
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
 |
 |
www.zyxel.com
www.zyxel.com
NWA3000-N Series
Wireless N Business WLAN 3000 Series Access Point
Copyright © 2011
ZyXEL Communications Corporation
Version 2.23
Edition 1, 1/2011
Default Login Details
IP Address
User Name
admin
Password
1234