ZyXEL NWA3560-N User Guide
ZyXEL NWA3560-N Manual
 |
View all ZyXEL NWA3560-N manuals
Add to My Manuals
Save this manual to your list of manuals |
ZyXEL NWA3560-N manual content summary:
- ZyXEL NWA3560-N | User Guide - Page 1
NWA3000-N Series Wireless N Business WLAN 3000 Series Access Point Default Login Details IP Address https://192.168.1.2 User Name admin Password 1234 Versionww2w..2zy3xel.com Edition 1, 1/2011 www.zyxel.com Copyright © 2011 ZyXEL Communications Corporation - ZyXEL NWA3560-N | User Guide - Page 2
- ZyXEL NWA3560-N | User Guide - Page 3
Disc Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. User Guide Feedback Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following - ZyXEL NWA3560-N | User Guide - Page 4
Conventions • The product in this book may be referred to as the "NWA3000-N series AP", the "device", the "AP", or the "system" in this User's Guide. • Product labels, screen names, field labels and field choices are all in bold font. • A key stroke is denoted by square brackets and uppercase text - ZyXEL NWA3560-N | User Guide - Page 5
Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. The NWA3000-N series AP icon is not an exact representation of your device. NWA3000-N series AP Computer Notebook computer - ZyXEL NWA3560-N | User Guide - Page 6
will step on them or stumble over them. • Always disconnect all cables from this device before servicing or disassembling. • Use ONLY an appropriate power adaptor or cord for your device. • Connect the ). This product is recyclable. Dispose of it properly. 6 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 7
...6 Table of Contents...7 Part I: User's Guide 15 Chapter 1 Introduction ...17 1.1 Overview ...17 1.2 Applications for the NWA3000-N series AP 18 1.2.1 Bridge / Repeater ...18 1.2.2 AP + Bridge ...22 1.2.3 MBSSID ...22 1.3 Management Mode ...23 1.4 Ways to Manage the NWA3000-N series AP 24 - ZyXEL NWA3560-N | User Guide - Page 8
...55 4.1 Sample Network Setup ...55 4.1.1 Set the Management Modes 56 4.1.2 Set the LAN IP Address and Management VLAN (vlan99 57 4.1.3 Set Up Wireless User Authentication 58 4.1.4 Create the 75 5.2 Dashboard ...76 5.2.1 CPU Usage ...80 5.2.2 Memory Usage ...81 8 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 9
CAPWAP Discovery and Management 104 7.2.2 Managed AP Finds the Controller 104 7.2.3 CAPWAP and IP Subnets 104 7.2.4 Notes on CAPWAP 105 7.3 The Management Mode Screen Chapter 111 9.1.2 What You Need to Know 111 9.2 Controller ...112 9.3 AP Management ...113 NWA3000-N Series User's Guide 9 - ZyXEL NWA3560-N | User Guide - Page 10
.1.1 What You Can Do in this Chapter 147 12.1.2 What You Need To Know 147 12.2 Radio ...149 12.2.1 Add/Edit Radio Profile 150 12.3 SSID ...154 12.3.1 SSID List ...154 12.3.2 Security List ...158 12.3.3 MAC Filter List ...161 Chapter 13 MON Profile ...165 10 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 11
Service Control 201 15.5.5 HTTPS Example ...203 15.6 SSH ...209 15.6.1 How SSH Works ...210 15.6.2 SSH Implementation on the NWA3000-N series AP 211 15.6.3 Requirements for Using SSH 211 15.6.4 Configuring SSH ...212 15.6.5 Examples of Secure Telnet Using SSH 213 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 12
Supported MIBs ...218 15.9.2 SNMP Traps ...218 15.9.3 Configuring SNMP 219 15.9.4 Adding or Editing an SNMPv3 User Active Log Summary 238 Chapter 17 File Manager ...241 17.1 Overview ...241 17.1.1 241 17.2 Configuration File ...243 17.3 Firmware Package ...248 17.4 Shell Script ...249 User's Guide - ZyXEL NWA3560-N | User Guide - Page 13
21.4 Internet Access ...270 21.5 Wireless AP Troubleshooting 272 21.6 Resetting the NWA3000-N series AP 277 21.7 Getting More Troubleshooting Help 278 Chapter 22 Product Specifications ...279 22.1 Wall-Mounting Instructions 282 Appendix A Log Descriptions 285 Appendix B Importing Certificates - ZyXEL NWA3560-N | User Guide - Page 14
Table of Contents 14 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 15
PART I User's Guide 15 - ZyXEL NWA3560-N | User Guide - Page 16
16 - ZyXEL NWA3560-N | User Guide - Page 17
high-performance applications. It uses Multiple BSSID and VLAN to provide up to eight simultaneous independent virtual APs. Additionally, innovations in roaming technology and QoS features eliminate voice call disruptions. It can serve as an AP, Bridge, Repeater or even as an RF monitor to search - ZyXEL NWA3560-N | User Guide - Page 18
channel should be configured for each WLAN interface to reduce the effects of radio interference. 1.2.1 Bridge / Repeater The NWA3000-N series AP can act as a wireless network bridge and establish wireless links with other , the connection between devices is made. 18 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 19
Chapter 1 Introduction At the time of writing, WDS security is compatible with other ZyXEL access points only. Refer to your other access point's documentation for details. Figure 1 Bridge Application Figure 2 Repeater Application NWA3000-N Series User's Guide 19 - ZyXEL NWA3560-N | User Guide - Page 20
bridging in the NWA3000-N series AP. Bridge loops cause broadcast traffic to circle the network endlessly, resulting in possible throughput degradation and disruption of communications. The following examples show two network topologies that can lead to this problem: 20 NWA3000-N Series User - ZyXEL NWA3560-N | User Guide - Page 21
Loop: Bridge Connected to Wired LAN To prevent bridge loops, ensure that you enable Spanning Tree Protocol (STP) in the Wireless screen or your NWA3000-N series AP is not set to bridge mode while connected to both wired and wireless segments of the same LAN. NWA3000-N Series User's Guide 21 - ZyXEL NWA3560-N | User Guide - Page 22
Y X A B 1.2.3 MBSSID A Basic Service Set (BSS) is the set of devices forming a single wireless network (usually an access point and one or more wireless clients). The Service Set IDentifier (SSID) is the name of a BSS. In Multiple BSS (MBSSID) mode, the 22 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 23
As in any wireless network, clients can associate only with the SSIDs for which they have the correct security settings. See Section 4.1 on page 55 for an example of using MBSS. 1.3 Management Mode One NWA3000-N series AP uses Control And Provisioning of Wireless Access Points (CAPWAP, see RFC 5415 - ZyXEL NWA3560-N | User Guide - Page 24
AP. Web Configurator The Web Configurator allows easy NWA3000-N series AP setup and management using an Internet browser. This User's Guide provides information about the Web Configurator. Command-Line Interface (CLI) The CLI allows you to use text-based commands to configure the NWA3000-N series - ZyXEL NWA3560-N | User Guide - Page 25
Transfer Protocol (FTP) This protocol can be used for firmware upgrades and configuration backup and restore. Simple Network Management Protocol (SNMP) The NWA3000-N series AP can be monitored by an SNMP manager. See the SNMP chapter in this User's Guide. Controller Set one NWA3000-N series AP to be - ZyXEL NWA3560-N | User Guide - Page 26
unstable or even crashes. If you forget your password, you will have to reset the NWA3000-N series AP to its factory default settings. If you backed up an earlier 1.6 Hardware Connections See your Quick Start Guide for information on making hardware connections. 26 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 27
Chapter 1 Introduction 1.7 LEDs The following are the LED descriptions for your NWA3000-N series AP. Figure 8 LEDs Table 2 LEDs LABEL COLOR WLAN Green STATUS On Blinking Off DESCRIPTION The wireless LAN is active. The wireless LAN is active, and transmitting or receiving data. The wireless - ZyXEL NWA3560-N | User Guide - Page 28
up. or • If the LED blinks after the boot up process, the system has failed. The NWA3000-N series AP successfully boots up. 28 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 29
the power. Not doing so can cause the firmware to become corrupt. Table 3 Starting and Stopping RESET button If you press the RESET button, the NWA3000-N series AP sets the configuration to its default for the device to shut down and then manually turn off or remove the power. It User's Guide 29 - ZyXEL NWA3560-N | User Guide - Page 30
Chapter 1 Introduction 30 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 31
management using an Internet browser. In order to use the Web Configurator, you must: • Use Internet Explorer 7.0 and later or Firefox 1.5 and later • Allow pop-up windows • Enable JavaScript (enabled by default ) • Enable Java permissions (enabled by default) • Enable - ZyXEL NWA3560-N | User Guide - Page 32
, the Update Admin Info screen appears. Otherwise, the dashboard appears. This screen appears every time you log in using the default user name and default password. If you change the password for the default user account, this screen does not appear anymore. 32 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 33
Chapter 2 The Web Configurator 2.3 The Main Screen The Web Configurator's main screen is divided into these parts: Figure 9 The Web Configurator's Main Screen A B C • A - Title Bar • B - Navigation Panel • C - Main Window NWA3000-N Series User's Guide 33 - ZyXEL NWA3560-N | User Guide - Page 34
items reference an object. Console Click this to open the console in which you can use the command line interface (CLI). See the NWA3000-N series AP CLI Reference Guide for details. CLI Click this to open a menus and their screens. Figure 11 Navigation Panel 34 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 35
TAB FUNCTION MGNT Mode Set whether the NWA3000-N series AP is controlling other NWA3000-N series APs, working as a standalone AP, or being managed by another NWA3000-N series AP. LAN Setting Manage the LAN Ethernet interface including VLAN settings. Wireless NWA3000-N Series User's Guide 35 - ZyXEL NWA3560-N | User Guide - Page 36
-N series AP is in controller mode. Active-Passive Mode Configure active-passive mode device HA. Object Users User Create and manage users. Setting Manage default settings for all users, general settings for user sessions, and rules to force user authentication. AP Profile Radio Create - ZyXEL NWA3560-N | User Guide - Page 37
FTP server settings. SNMP Configure SNMP communities and services. Auth. Server Configure settings for the NWA3000-N 2.3.2.4 Maintenance Menu Use the maintenance menu screens to manage configuration and firmware files, run diagnostics, and reboot or shut down NWA3000-N Series User's Guide 37 - ZyXEL NWA3560-N | User Guide - Page 38
to open the Object Reference screen. Select the type of object and the individual object and click Refresh to show which configuration 38 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 39
shows which configuration settings reference the ldap-users user object (in this case the first . Service This is the type of setting that references the selected object. Click a service's name to display the service's here. Refresh Click this to update the information in this screen. Cancel - ZyXEL NWA3560-N | User Guide - Page 40
within the Web Configurator rather than having to use a separate terminal program. In addition to logging in directly to the NWA3000-N series AP's CLI, you can also log into other devices on the network through this Console. It uses SSH to establish a connection. 40 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 41
. If you are logged into the NWA3000-N series AP, see the CLI Reference Guide for details on using the command line to configure it. This is the IP address of the device that you are currently logged into. Logged-In User This displays the username of the account currently logged into the NWA3000 - ZyXEL NWA3560-N | User Guide - Page 42
/ download activity. The faster and more frequently an LED flashes, the faster the data connection. Before you use the Console, Console: 1 Click the Console button on the Web Configurator title bar. 2 Enter the IP address of the NWA3000-N series AP and click OK. 42 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 43
your account password, depending on the type of device that you are logging into. Enter the password and click OK. 5 If your login is successful, the command line appears and the status bar at the bottom of the Console updates to reflect your connection state. NWA3000-N Series User's Guide 43 - ZyXEL NWA3560-N | User Guide - Page 44
• Select which columns to display • Group entries by field • Show entries in groups • Filter by mathematical operators (, or =) or searching for text. 44 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 45
and drag to re-size the column. 4 Select a column heading and drag and drop it to change the column order. A green check mark displays next to the column's title when you drag the column to different pages of entries and control how many entries display at a time. NWA3000-N Series User's Guide 45 - ZyXEL NWA3560-N | User Guide - Page 46
Select an entry and click Object Reference to open a screen that shows which settings use the entry. Move To change an entry's position in a numbered list, select it and click Move to display a field to type a (if there is one) gets pushed up (or down) one. 46 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 47
] key to select multiple entries, and then use the arrow button to move them to the other list. Figure 17 Working with Lists NWA3000-N Series User's Guide 47 - ZyXEL NWA3560-N | User Guide - Page 48
Chapter 2 The Web Configurator 48 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 49
an object, you can reuse it in configuring other features. When you change an object's settings, the NWA3000-N series AP automatically updates all the settings or rules that use the object. For example, if you . Each feature description is organized as shown below. NWA3000-N Series User's Guide 49 - ZyXEL NWA3560-N | User Guide - Page 50
AP to control other NWA3000-N series APs, work as a standalone AP, or be managed by another VLAN settings. MENU ITEM(S) Configuration > LAN Setting. 3.3.4 Wireless Use these screens to manage your wireless Access Points. MENU ITEM(S) Configuration > Wireless. 50 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 51
. Table 13 User Types TYPE ABILITIES admin Change NWA3000-N series AP configuration (web, CLI) limited-admin Look at NWA3000-N series AP configuration (web, CLI). Perform basic diagnostics (CLI) user Access network services. Browse user-mode commands (CLI) NWA3000-N Series User's Guide 51 - ZyXEL NWA3560-N | User Guide - Page 52
SSID Create SSID management Use Console Speed to set the console speed services or protocols can be used to access the NWA3000-N series AP. MENU ITEM(S) Configuration > System > WWW, SSH, TELNET, FTP, SNMP, Auth. Server PREREQUISITES certificates (WWW, SSH, FTP) 52 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 53
. Use shell scripts to run a series of CLI commands. These are useful for large, repetitive configuration changes and for troubleshooting. You can edit configuration files and shell scripts in any text editor. MENU ITEM(S) Maintenance > File Manager 3.5.4 Diagnostics The NWA3000-N series AP can - ZyXEL NWA3560-N | User Guide - Page 54
Chapter 3 Configuration Basics 54 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 55
B Managed APs Requirements: A DHCP server (A) with Option 138, an AD server, a switch (B) that supports 802.1q, a Layer-3 routing device and a firewall (C). Note: In this topology the firewall, such as a ZyWALL, controls what services traffic from different VLANs can use. NWA3000-N Series User - ZyXEL NWA3560-N | User Guide - Page 56
102 Managed APs In this example, the guest VLAN (102) can only access the Internet while the staff VLAN (101) has access to all aspects of the network. 4.1.1 Set the Management Modes Use this section to set the management modes for the controller and managed APs. 56 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 57
through the controller AP on your network. 4.1.2 Set the LAN IP Address and Management VLAN (vlan99) This section shows you how to set up the LAN IP address and the VLAN for managing the controller. This is only for network administrators to manage the controller. NWA3000-N Series User's Guide 57 - ZyXEL NWA3560-N | User Guide - Page 58
VLAN ID tag. • Click Apply to save these changes. 2 Configure your DHCP server with the controller's IP address configured as option 138 so the managed NWA3000-N series APs can get the controller's IP address from it. See Chapter 7 on page 103 for details. 4.1.3 Set Up Wireless User Authentication - ZyXEL NWA3560-N | User Guide - Page 59
Chapter 4 Tutorials 1 Open the Configuration > System > Auth. Server screen. Turn on the authentication server and select the certificate to use. Click Apply. 2 Open the Configuration > Object > User > User screen and click Add. 3 The Add A User window opens. NWA3000-N Series User's Guide 59 - ZyXEL NWA3560-N | User Guide - Page 60
User Name: Enter 'guest1'. 3b User Type: User 3c Password: Enter 'guest1', and re-enter it in the Retype field to confirm. 3d Click OK to save these settings. 4 Repeat Configuration > Object > AP Profile > SSID > Security List screen and then click the Add button. 60 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 61
. 2c Under Security Mode, select 802.1X then set the Radius Server Type to Internal. 2d Click OK. 3 Next, open the Configuration > Object > AP Profile > SSID > SSID List screen and click the Add button. NWA3000-N Series User's Guide 61 - ZyXEL NWA3560-N | User Guide - Page 62
these settings. 5 Repeat steps 3 and 4 to create the guest SSID profile with the same settings except 'guest' as the profile name and SSID and 102 for the VLAN ID. 6 Open the Configuration > Object> AP Profile > Radio screen and then double-click the default entry. 62 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 63
SSID profile. These are the two profiles you created in steps 3 to 5 of this procedure. 7c Click OK to save these settings. 4.2 Rogue AP Detection Rogue APs are wireless access points interacting with the network managed by the NWA3000-N series AP but which are not under the control User's Guide 63 - ZyXEL NWA3560-N | User Guide - Page 64
4 Tutorials In this example, an employee illicitly connects his own AP (RG) to the network that the NWA3000-N series AP manages. While not necessarily a malicious act, it can nonetheless have severe security consequences on the network. Figure 20 Rogue AP Example A 64 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 65
the network, which he uses in an attempt to mimic an NWA3000-N series AP-controlled SSID in order to capture passwords and other information when authorized wireless clients mistakenly connect to it. Figure 21 Rogue the MON Profile screen and click the Add button. NWA3000-N Series User's Guide 65 - ZyXEL NWA3560-N | User Guide - Page 66
of this tutorial set this to 'Monitor01'. Channel Dwell Time: Leave this as the default 100 milliseconds. This field is the number of milliseconds that the monitor AP scans each Click OK to save your changes. 4 Next, click Configuration > Wireless > AP Management. 66 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 67
newly created 'Monitor01' profile from the list. 6 Click OK to save your changes. See also: Chapter 6 on page 83 and Chapter 13 on page 165. of the NWA3000-N series AP), then the network administrator must manually disconnect it. The NWA3000-N series AP does not allow the Series User's Guide 67 - ZyXEL NWA3560-N | User Guide - Page 68
. Figure 22 Containing a Rogue AP This tutorial shows you how to quarantine a rogue AP on your network: 1 Click Configuration > Wireless > MON Mode. 68 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 69
other screen in the corresponding field, set its Role as Rogue AP and then click OK to save your changes. 3 The new rogue AP appears in the Rogue/Friendly AP List. Select it, then click the how to configure the NWA3000-N series AP's load balancing feature. NWA3000-N Series User's Guide 69 - ZyXEL NWA3560-N | User Guide - Page 70
weakness of their connection signal strength. 5 Click Apply to save your changes. See also: Chapter 9 on page 111. 4.4 Dynamic Channel Selection great, then the network administrator must open his AP configuration options and manually change the channel to one that no other AP is using (or at - ZyXEL NWA3560-N | User Guide - Page 71
of competing APs, set this number lower to ensure that your device can adjust quickly changing conditions. 4 Select DCS Sensitivity Level. This is how sensitive the APs on your network allowed. 8 Click Apply to save your changes. See also: Chapter 9 on page 111. NWA3000-N Series User's Guide 71 - ZyXEL NWA3560-N | User Guide - Page 72
Chapter 4 Tutorials 72 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 73
PART II Technical Reference 73 - ZyXEL NWA3560-N | User Guide - Page 74
74 - ZyXEL NWA3560-N | User Guide - Page 75
-N series AP's general device information, system status, system resource usage, and interface status. You can also display other status screens for more information. NWA3000-N Series User's Guide 75 - ZyXEL NWA3560-N | User Guide - Page 76
collapse a widget. Refresh Time Setting (C) Set the interval for refreshing the information displayed in the widget. Refresh Now (D) Click this to update the widget's information immediately. Close Widget (E) Click this to close the widget. Use Widget Setting to re-open it. Device Information - ZyXEL NWA3560-N | User Guide - Page 77
change it Range This Firmware Version This field displays the version number and date of the firmware controller mode. Online Management AP This displays the number of currently connected managed APs. Offline Management AP This displays the number of currently offline managed User's Guide 77 - ZyXEL NWA3560-N | User Guide - Page 78
after firmware update - The application of the configuration failed after a firmware upgrade. System default configuration - The NWA3000-N series AP successfully applied the system default configuration. This occurs when the NWA3000-N series AP starts for the first time or you intentionally reset - ZyXEL NWA3560-N | User Guide - Page 79
) or the management IP address (if it is a backup). This field displays how the interface gets its IP address. Static - This interface has a static IP address. Action DHCP Client - This interface gets its IP address from a DHCP server. Use this field to get or to update the IP address for the - ZyXEL NWA3560-N | User Guide - Page 80
. time The x-axis shows the time period over which the CPU usage occurred Refresh Interval Enter how often you want this window to be automatically updated. Refresh Now Click this to update the information in the window right away. 80 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 81
usage. The x-axis shows the time period over which the RAM usage occurred Refresh Interval Enter how often you want this window to be automatically updated. Refresh Now Click this to update the information in the window right away. NWA3000-N Series User's Guide 81 - ZyXEL NWA3560-N | User Guide - Page 82
Chapter 5 Dashboard 82 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 83
when the NWA3000-N series AP is in controller mode. • The Radio List screen (Section controller mode. • The View Log screen (Section 6.9 on page 96) displays the NWA3000-N series AP's current log messages. You can change NWA3000-N series AP is in controller mode. 6.2 What You Need to Know - ZyXEL NWA3560-N | User Guide - Page 84
points operating in a network's coverage area that are not under the control of the network's administrators, and can open up holes in a network updating automatically. You can start it again by setting the Poll Interval and clicking Set Interval. Interface Summary 84 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 85
available when the NWA3000-N series AP is in controller mode. This field displays the status of DHCP Client - This interface gets its IP address from a DHCP server. Use this field to get or to update the IP address for the interface. Click Renew to send a new DHCP request to a DHCP User's Guide 85 - ZyXEL NWA3560-N | User Guide - Page 86
, on the physical port in the one-second interval before the screen updated. Rx This field displays the reception speed, in bytes per second, on window to be automatically updated. Refresh Now Click this to update the information in the window right away. 86 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 87
connected. Last Update This field displays the date and time the information in the window was last updated. 6.4 AP controller mode. To access this screen, click Monitor > Wireless > AP Information > AP List. Figure 28 Monitor > Wireless > AP Information > AP List NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 88
an AP that is not on the management list. This is an AP that is on the management list and which is online. This is an AP that is in the process of having its firmware updated. This is an AP that is both on the management list and which is offline. 88 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 89
of connected stations. Time The x-axis shows the time over which a station was connected. Last Update This field displays the date and time the information in the window was last updated. 6.5 Radio List Use this screen to view statistics for the NWA3000-N series AP's wireless radio transmitters - ZyXEL NWA3560-N | User Guide - Page 90
24 hour period. # When the NWA3000-N series AP is in controller mode, this is the radio's index number in this list. Status series AP is in standalone mode, this displays whether or not the WLAN interface is activated. Loading This indicates the AP's load balance status. User's Guide - ZyXEL NWA3560-N | User Guide - Page 91
this window, click the More Information button in the Radio List Statistics screen. Figure 31 Monitor > Wireless > AP Information > Radio List > More Information NWA3000-N Series User's Guide 91 - ZyXEL NWA3560-N | User Guide - Page 92
the security mode in which the SSID is operating. VLAN This displays the VLAN ID associated with the SSID. WDS Link Detail When the NWA3000-N series AP is in standalone mode and you set the wireless operating mode to AP+Bridge or Bridge/Repeater this displays information about the Wireless - ZyXEL NWA3560-N | User Guide - Page 93
AP This is available when the NWA3000-N series AP is in controller mode. This indicates the AP through which the station is connected to the network. SSID Name This indicates the name of the wireless network to which to refresh the items displayed on this page. NWA3000-N Series User's Guide 93 - ZyXEL NWA3560-N | User Guide - Page 94
of the APs the NWA3000-N series AP is managing must be set to Monitor mode in order AP as a friendly AP. For more on managing friendly APs, see the Configuration > Wireless > address. SSID Name This indicates the detected device's SSID. description. For more on managing friendly and rogue APs, - ZyXEL NWA3560-N | User Guide - Page 95
refresh the items displayed on this page. 6.8 Legacy Device Info When the NWA3000-N series AP is in controller mode you can use this screen to configure and maintain a list of compatible legacy (NWA-3000 series) APs go to the legacy AP's Web Configurator screens. NWA3000-N Series User's Guide 95 - ZyXEL NWA3560-N | User Guide - Page 96
Chapter 6 Monitor Table 29 Monitor > Wireless > Legacy Device Info (continued) LABEL DESCRIPTION IP This is the IP address of the legacy AP. Description This is manually entered information about the legacy AP represented by this entry. 6.8.1 Legacy Device Info Add or Edit Use this screen to - ZyXEL NWA3560-N | User Guide - Page 97
the table entries by that column's criteria. Click the heading cell again to reverse the sort order. Figure 36 Monitor > Log > View Log NWA3000-N Series User's Guide 97 - ZyXEL NWA3560-N | User Guide - Page 98
, Destination Address, Service, Keyword, and Type the source IP address of the . Type the IP address of the service protocol whose log messages you would like to see. This displays when you show the filter. Click this button to update Click this to update the list of has the same range of values as - ZyXEL NWA3560-N | User Guide - Page 99
into this one. Source This field displays the source IP address and the port number in the event that generated the log message. Destination This field displays the destination IP address and the port number of the event that generated the log - ZyXEL NWA3560-N | User Guide - Page 100
Chapter 6 Monitor 6.10 View AP Log Use this screen to view a managed AP's log. Click Monitor > Log > View AP Log to access this screen. Figure 37 Monitor > Log > success - Indicates the query succeeded. AP Information This displays the MAC address for the selected AP. NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 101
criterion only appears when you Show Filter. Enter a destination IP address to display only the log messages that include it regardless. Email Log Now Click this open a new e-mail in your default e-mail program with the selected log attached. Refresh Click this to refresh Series User's Guide 101 - ZyXEL NWA3560-N | User Guide - Page 102
6 Monitor Table 32 Monitor > Log > View AP Log (continued) LABEL DESCRIPTION Source This displays the source IP address of the selected log message. Destination This displays the source IP address of the selected log message. Note This displays any notes associated with the selected log - ZyXEL NWA3560-N | User Guide - Page 103
(DTLS). The following figure illustrates a CAPWAP wireless network. You (U) configure the AP controller (C), which then automatically updates the configurations of the managed APs (M1 ~ M4). Figure 38 CAPWAP Network Example U DHCP SERVER C M1 M2 M3 M4 NWA3000-N Series User's Guide 103 - ZyXEL NWA3560-N | User Guide - Page 104
Controller A managed NWA3000-N series AP can find the controller in one of the following ways: • Manually specify the controller's IP address using the commands. See the NWA3000-N series AP CLI Reference Guide for details. • Get the controller's IP address from a DHCP server with the controller's IP - ZyXEL NWA3560-N | User Guide - Page 105
CAPWAP TRAFFIC DHCP SERVER + OPTION 138 AP CONTROLLER (STATIC IP) MANAGED AP 7.2.4 Notes on CAPWAP This section lists some additional features of ZyXEL's implementation of the CAPWAP protocol. • When the AP controller uses its internal Remote Authentication Dial In User Service (RADIUS) server - ZyXEL NWA3560-N | User Guide - Page 106
ONLY by the management AP. If you do not have an AP controller on your network and want to return the NWA3000-N series AP to standalone mode, you must use the its physical RESET button or the commands. All settings are returned to their default values. Click this to save your changes. Reset If you - ZyXEL NWA3560-N | User Guide - Page 107
fields. • If your ISP dynamically assigns the DNS server IP addresses (along with the NWA3000-N series AP's WAN IP address), set the DNS server fields to get the DNS server address from the ISP. • You can manually enter the IP addresses of other DNS servers. NWA3000-N Series User's Guide 107 - ZyXEL NWA3560-N | User Guide - Page 108
Chapter 8 LAN Setting 8.2 LAN Setting This screen lists every Ethernet interface. To access this screen, click Configuration > LAN Setting. Figure 41 Configuration > LAN Setting 108 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 109
IP address is the same for all computers in the network. Gateway Enter the IP by one when you take this action. To change an entry's position in the numbered list, select IP address is assigned by a DHCP server dynamically (From DHCP), is configured manually (User-Defined), or is the default - ZyXEL NWA3560-N | User Guide - Page 110
Management Enter a VLAN ID for the NWA3000-N series AP. VLAN ID As Native VLAN Select this option to treat this VLAN ID as a VLAN created on the NWA3000-N series AP and not one assigned to it from outside the network. Apply Click Apply to save your changes back to the NWA3000-N series AP. Reset - ZyXEL NWA3560-N | User Guide - Page 111
the network. This is available when the NWA3000-N series AP is in controller mode. • The AP Management screen (Section 9.3 on page 113) manages the NWA3000-N series AP's general wireless settings if it is in standalone are currently being used by other devices. NWA3000-N Series User's Guide 111 - ZyXEL NWA3560-N | User Guide - Page 112
rogue APs, see Section 6.7 on page 94. Apply Reset APs must be connected to the NWA3000-N series AP by a wired connection or network. Click Apply to save your changes back to the NWA3000-N series AP. Click Reset to return the screen to its last-saved settings. 112 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 113
Management (Controller Mode) LABEL DESCRIPTION Edit Select an AP and click this button to edit its properties. Remove Select an AP and click this button to remove it from the list. Reboot # IP Address MAC Model R1 Mode / Profile R2 Mode / Profile Mgnt. VLAN displays the IP address of the - ZyXEL NWA3560-N | User Guide - Page 114
the NNWA3000-N series AP is in standalone mode. Table 38 Configuration > Wireless > AP Management (Standalone Mode) LABEL DESCRIPTION Model This field displays the AP's hardware model information. It radio this field displays the AP or MON profile for Radio 2. 114 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 115
managed AP's general wireless settings. Figure 46 Configuration > Wireless > Edit AP List Each field is described in the following table. Table 39 Configuration > Wireless > Edit AP List LABEL DESCRIPTION Create new Object Use this menu to create a new Radio or SSID -N Series User's Guide 115 - ZyXEL NWA3560-N | User Guide - Page 116
rogue AP is a wireless access point operating in a network's coverage area that is not under the control of the network administrator, and which can potentially open up holes in a network's security. Click Configuration > Wireless > MON Mode to access this screen. 116 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 117
Containment Role MAC Address A quarantined AP cannot grant access to any network services. Any stations that attempt to connect to a quarantined AP are disconnected AP is a rogue-ap or a friendly-ap. To change the AP's role, click the Edit button. This field indicates the AP's radio MAC - ZyXEL NWA3560-N | User Guide - Page 118
modify this by clicking the Edit button. Importing/Exporting These controls allow you to export the current list of rogue and APs or friendly APS. Click Apply to save your changes back to the NWA3000-N series AP. Click Reset to return the screen to its last-saved settings. -N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 119
Friendly LABEL DESCRIPTION OK Click OK to save your changes back to the NWA3000-N series AP. Cancel Click Cancel to close the window with changes unsaved. 9.5 Load Balancing Use this screen to begins load balancing its connections (low, medium, high). NWA3000-N Series User's Guide 119 - ZyXEL NWA3560-N | User Guide - Page 120
continuously and never be allowed to connect. Click Apply to save your changes back to the NWA3000-N series AP. Click Reset to return the screen to its last-saved settings. 9.5.1 Disassociating and Delaying the AP over its allotment, say to 7 Mbps, then the AP 120 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 121
connections are idle, the next criteria the NWA3000-N series AP analyzes is signal strength. Devices with the weakest signal strength are kicked first. NWA3000-N Series User's Guide 121 - ZyXEL NWA3560-N | User Guide - Page 122
use by another AP, the NWA3000-N series AP will then dynamically select the next available clean channel or a channel with lower interference. 122 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 123
use to limit channel switching to 3 or 4 channels. 2.4-GHz Channel Deployment Select manual to select the individual channels the NWA3000-N series AP switches between. Select channels from the channels while keeping the channel interference to a minimum. NWA3000-N Series User's Guide 123 - ZyXEL NWA3560-N | User Guide - Page 124
manual to select the individual channels the NWA3000-N series AP switches between. Select channels from the Available channels list and use the right arrow button to move them to the Channels selected list. Click Apply to save your changes back to the NWA3000-N series AP. Click Reset User's Guide - ZyXEL NWA3560-N | User Guide - Page 125
scheme for ETSI, consisting of channels 1, 5, 9, 13. This offers significantly less overlap that the other one. Figure 55 An Alternative Four-Channel Deployment NWA3000-N Series User's Guide 125 - ZyXEL NWA3560-N | User Guide - Page 126
any new connections are rejected or delayed provided that there are other APs in range. Imagine a coffee shop in a crowded business district that offers free wireless connectivity to its customers. The coffee shop owner can get shunted to the nearest identical AP. 126 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 127
when the NWA3000-N series AP is in controller mode. Device HA lets a backup NWA3000-N series AP (also in controller mode) automatically take over if the master , view and manage the list of monitored interfaces, and synchronize backup NWA3000-N series APs. NWA3000-N Series User's Guide 127 - ZyXEL NWA3560-N | User Guide - Page 128
a text editor for example). 10.1.3 Before You Begin • Configure a static IP address for each interface that you will have device HA monitor. Note: Subscribe to services on the backup NWA3000-N series AP before synchronizing it with the master NWA3000-N series AP. 128 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 129
) with device HA. Device HA Mode This displays active-passive mode by default. Legacy mode device HA is not supported by the NWA3000-N series AP. Monitored Interface Summary # Interface Virtual Router IP / Netmask Management IP / Netmask Link Status The master and its backups must all use the - ZyXEL NWA3560-N | User Guide - Page 130
in the virtual router. It is not using the virtual IP address and subnet mask. Apply Reset Fault - This interface is not functioning in the virtual router your changes back to the NWA3000-N series AP. Click Reset to return the screen to its last-saved settings. 130 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 131
10.3 Active-Passive Mode The Device HA Active-Passive Mode screen lets you configure general activepassive mode device HA settings, view and manage the list of monitored interfaces, and synchronize backup NWA3000-N series APs. To access this screen, click Configuration > Device HA > Active-Passive - ZyXEL NWA3560-N | User Guide - Page 132
virtual IP address for by default.) password for authentication. Type the password in the field next to the radio button. The password can consist of alphanumeric characters, the underscore, and some punctuation marks and it can be up to eight characters long. 132 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 133
FTP port number. Click the link if you need to change the FTP port number. Every NWA3000-N series AP in the virtual router must use the same port number. If the master NWA3000-N series AP changes, you have to manually change this port number in the backups. NWA3000-N Series User's Guide 133 - ZyXEL NWA3560-N | User Guide - Page 134
HA. Click Apply to save your changes back to the NWA3000-N series AP. Click Reset to return the screen to its last-saved settings. 10.3.1 Edit Monitored Interface This screen lets you enable or disable monitoring of an interface and set the interface's management IP address and subnet mask. To - ZyXEL NWA3560-N | User Guide - Page 135
management IP address should be in the same subnet as the interface IP address. Manage IP Subnet Mask Enter the subnet mask of the interface's management IP address. OK Click OK to save your changes AP B form a virtual router. Figure 60 Virtual Router A B NWA3000-N Series User's Guide 135 - ZyXEL NWA3560-N | User Guide - Page 136
. This is a virtual router IP address. NWA3000-N series AP A keeps it's LAN management IP address of 192.168.1.5 and NWA3000-N series AP B has its own LAN management IP address of 192.168.1.6. These do not change when NWA3000-N series AP B becomes the master. 136 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 137
are used in controlling access to configuration and services in the NWA3000-N series AP. User Types These are the types of user accounts the NWA3000-N series AP uses. Table 47 Types of User Accounts TYPE ABILITIES Admin Users admin Change NWA3000-N series AP configuration (web, CLI) LOGIN - ZyXEL NWA3560-N | User Guide - Page 138
CLI) Access Users user Perform basic diagnostics (CLI) Used for the embedded RADIUS server and SNMPv3 user access Browse user-mode commands (CLI) LOGIN METHOD(S) WWW, TELNET, SSH, Console Note: The default value, and it is not associated with a specific user. 138 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 139
than user group names. • Here are the reserved user names: • adm • debug • ldap-users • operator • sync • admin • any • devicehaecived • ftp • lp • mail • radius-users • root • uucp • zyxel • bin • games • news • shutdown • daemon • halt • nobody • sshd NWA3000-N Series User's Guide 139 - ZyXEL NWA3560-N | User Guide - Page 140
ASCII characters. Default descriptions are provided. Authentication If you want to set authentication timeout to a value other than the Timeout Settings default settings, select Use Manual Settings then fill your preferred values in the fields that follow. 140 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 141
Click Cancel to exit this screen without saving your changes. 11.3 Setting This screen controls default settings, login settings, lockout settings, and other user settings for the NWA3000-N series AP. You can also use this screen to specify when users must log in to the NWA3000-N series AP before - ZyXEL NWA3560-N | User Guide - Page 142
These authentication timeout settings are used by default when you create a new user account. They also control the settings for any existing user accounts that are set to use the default settings. You can still manually configure any user account's authentication timeout settings. Edit Double - ZyXEL NWA3560-N | User Guide - Page 143
default reauthentication time in minutes for each type of user account. It defines the number of minutes the user user can login unsuccessfully (for example, wrong password) before the IP changes. Reset Click Reset to return the screen to its last-saved settings. NWA3000-N Series User's Guide 143 - ZyXEL NWA3560-N | User Guide - Page 144
timeout settings for the selected type of user account. These default authentication timeout settings also control the settings for any existing user accounts that are set to use the default settings. You can still manually configure any user account's authentication timeout settings. To access this - ZyXEL NWA3560-N | User Guide - Page 145
of minutes this type of user account can be logged into the NWA3000-N series AP in one session before the user has to log in again. unlimited. Unlike Lease Time, the user has no opportunity to renew the session without logging out. OK Click OK to save your changes back to the NWA3000-N series - ZyXEL NWA3560-N | User Guide - Page 146
Chapter 11 User 146 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 147
The SSID screen • SSID - SSIDs. You can have a maximum of 32 SSID profiles on the NWA3000-N series AP. • Security - This profile type defines the security settings used by a single SSID. It controls the encryption method required for a wireless client to associate itself with the SSID - ZyXEL NWA3560-N | User Guide - Page 148
of security for an SSID, allowing you to block access or allow access to that SSID based on wireless client AP. SSID The SSID (Service Set IDentifier) is the name that identifies the Service Set with management than WPA. Key differences between WPA(2) and WEP are improved data encryption and user - ZyXEL NWA3560-N | User Guide - Page 149
selected radio profile. # This field is a sequential value, and it is not associated with a specific user. Status This field shows whether or not the entry is activated. Profile Name This field indicates the which this radio profile is configured to use. NWA3000-N Series User's Guide 149 - ZyXEL NWA3560-N | User Guide - Page 150
select a radio profile from the list and click the Edit button. Figure 67 Configuration > Object > AP Profile > Add/Edit Profile (Standalone Mode) 150 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 151
Bridge to have the radio function as an access point and bridge simultaneously. Select Bridge/Repeater to have the radio function as a wireless network bridge / repeater which this radio profile should use. SSID Profile It is recommended that you choose data transmission from users in order to - ZyXEL NWA3560-N | User Guide - Page 152
have wireless clients that are associated with the same AP but out of range of one another. When enabled, a wireless client sends an RTS ( multicast packets are transmitted to mobile clients in the Active Power Management mode. A high DTIM value can cause clients to lose connectivity User's Guide - ZyXEL NWA3560-N | User Guide - Page 153
Rate Configuration This section controls the data rates permitted to AP+Bridge or Bridge/Repeater. Configure the ZyXEL access points that support WDS security. Use this if the other access points on your network support user. This field shows whether or not the entry is activated. NWA3000-N Series - ZyXEL NWA3560-N | User Guide - Page 154
. Each peer device can use a different pre-shared key. Support Non-11n Select this to be able to include compatible legacy SSID List This screen allows you to create and manage SSID configurations that can be used by the APs. An SSID, or Service Profile > SSID. 154 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 155
This field indicates the QoS type associated with the SSID profile. MAC Filtering This field indicates which (if any) MAC Filter Profile is associated with the Profile SSID profile. VLAN ID This field indicates the VLAN ID associated with the SSID profile. NWA3000-N Series User's Guide 155 - ZyXEL NWA3560-N | User Guide - Page 156
SSID profile from the list and click the Edit button. Figure 69 Configuration > Object > AP Profile > Add/Edit SSID is only for management purposes. Spaces and underscores are allowed. SSID Enter the SSID name for profile from this list to associate with this SSID. If none exist, you can use the - ZyXEL NWA3560-N | User Guide - Page 157
SSID SSID Service (QoS) access category to associate with this SSID this SSID. All the SSID by SSID is tagged as voice data. This is recommended if an SSID SSID VLAN ID Hidden SSID WMM_BACKGROUND: All wireless traffic to the SSID SSID is by manually entering the SSID name in your wireless connection setup - ZyXEL NWA3560-N | User Guide - Page 158
Cancel to exit this screen without saving your changes. 12.3.2 Security List This screen allows you to manage wireless security configurations that can be used by your SSIDs. Wireless security is implemented strictly between the AP broadcasting the SSID and the stations that are connected to it - ZyXEL NWA3560-N | User Guide - Page 159
RADIUS server to be used for IP Address authentication. Radius Server Enter the port number of the RADIUS server to be used for Port authentication. Radius Server Enter the shared secret password of the RADIUS server to be used for Secret authentication. NWA3000-N Series User's Guide 159 - ZyXEL NWA3560-N | User Guide - Page 160
Enter the port number of the external accounting server. The default port number is 1813. You need not change this value unless your network administrator instructs you to do so with additional information. Accounting Share Secret Enter a password (up to 128 alphanumeric characters) as the key to - ZyXEL NWA3560-N | User Guide - Page 161
support support this. Enter the interval (in seconds) at which the AP updates changes. 12.3.3 MAC Filter List This screen allows you to create and manage security configurations that can be used by your SSIDs. To access this screen click Configuration > Object > AP Profile > SSID Profile > SSID > - ZyXEL NWA3560-N | User Guide - Page 162
SSID profile). # This field is a sequential value, and it is not associated with a specific user Figure 73 SSID > MAC Filter List > Add/ this screen. Table 59 SSID > MAC Filter List and is only for management purposes. Spaces and the network through the associated SSID; select deny to block - ZyXEL NWA3560-N | User Guide - Page 163
Chapter 12 AP Profile Table 59 SSID > MAC Filter List > Add/Edit MAC Filter Profile (continued) LABEL DESCRIPTION Edit Click this to edit the selected MAC can click the description to make it editable. Enter up to 60 characters, spaces and underscores allowed. NWA3000-N Series User's Guide 163 - ZyXEL NWA3560-N | User Guide - Page 164
Chapter 12 AP Profile 164 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 165
the MON Mode screen (Chapter 9 on page 111) to classify them as either rogue or friendly and then manage them accordingly. 13.1.1 What You Can Do in this Chapter The MON Profile screen (Section 13.2 on other wireless devices broadcasting on the 802.11 frequencies. NWA3000-N Series User's Guide 165 - ZyXEL NWA3560-N | User Guide - Page 166
click Inactivate. Object Reference Click this to view which other objects are linked to the selected monitor mode profile (for example, an AP management profile). # This field is a sequential value, and it is not associated with a specific profile. Status This field shows whether or not the - ZyXEL NWA3560-N | User Guide - Page 167
monitoring. Scan Channel Mode Select auto to have the AP switch to the next sequential channel once the Channel dwell time expires. Select manual to set specific channels through which to cycle sequentially when the Channel dwell time expires. Selecting this options makes the Scan Channel List - ZyXEL NWA3560-N | User Guide - Page 168
that channel when Scan Channel Mode is set to manual. OK Cancel These channels are limited to the 5 GHz range (802.11 a/n). Click OK to save your changes back to the NWA3000-N series AP. Click Cancel locate it. Figure 76 Rogue AP Example X A RG C B 168 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 169
is recommended that you export (save) your list of friendly APs often, especially if you have a network with a large number of access points. NWA3000-N Series User's Guide 169 - ZyXEL NWA3560-N | User Guide - Page 170
Chapter 13 MON Profile 170 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 171
Overview The NWA3000-N series AP can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner's identity whether data was signed by you, or by someone else. NWA3000-N Series User's Guide 171 - ZyXEL NWA3560-N | User Guide - Page 172
verify the message. The NWA3000-N series AP uses certificates based on public-key cryptology to authenticate users attempting to establish a connection, not to encrypt the data that you send after establishing a connection how many devices you need to authenticate. 172 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 173
on. This certificate is referred to in the GUI as the factory default certificate. Certificate File Formats Any certificate that you want to import within a password-encrypted envelope. The file's password is not connected to your certificate's public or private passwords. Exporting User's Guide 173 - ZyXEL NWA3560-N | User Guide - Page 174
fields. The secure method may very based on your situation. Possible examples would be over the telephone or through an HTTPS connection. 174 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 175
series AP keeps all of your certificates unless you specifically delete them. Uploading a new firmware or default configuration file does not delete your certificates. To remove an entry, select it and is recommended that you give each certificate a unique name. NWA3000-N Series User's Guide 175 - ZyXEL NWA3560-N | User Guide - Page 176
a screen where you can save a certificate to the NWA3000-N series AP. Click Refresh to display the current validity status of the certificates. 176 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 177
-N series AP create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request. Figure 78 Configuration > Object > Certificate > My Certificates > Add NWA3000-N Series User's Guide 177 - ZyXEL NWA3560-N | User Guide - Page 178
of the certificate. You do not have to fill in every field, although you must specify a Host IP Address, Host Domain Name, or E-Mail. The certification authority may add fields (such as a serial number need to apply to a certification authority for certificates. 178 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 179
and save it locally for later manual enrollment Select this to have the enroll for a certificate immediately online. Enter the IP address (or URL) of the certification authority manage) the NWA3000-N series AP's list of certificates of trusted certification authorities. NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 180
information is correct and that your Internet connection is working properly if you want the NWA3000-N series AP to enroll a certificate online. 180 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 181
Certificates and then the Edit icon to open the My Certificate Edit screen. You can use this screen to view in-depth certificate information and change the certificate's name. Figure 79 Configuration > Object > Certificate > My Certificates > Edit NWA3000-N Series User's Guide 181 - ZyXEL NWA3560-N | User Guide - Page 182
certificate expires. The text displays in red and includes an Expired! message if the certificate has expired. "none" displays for a certification request. 182 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 183
certificate owner's IP address (IP), domain management computer for later manual enrollment. Export Export Certificate Only Password Save in the File Download screen. The Save password and type it here. Make sure you keep this password password and click this button. Click Save in the File Download - ZyXEL NWA3560-N | User Guide - Page 184
change the name. Cancel Click Cancel to quit and return to the My Certificates screen. 14.2.3 Import Certificates Click Configuration > Object > Certificate > My Certificates > Import to open the My Certificate Import screen. Follow the instructions to upload. 184 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 185
continued) LABEL DESCRIPTION Password This field only applies when you import a binary PKCS#12 format file. Type the file's password that was created certificates unless you specifically delete them. Uploading a new firmware or default configuration file does not delete your certificates. To remove - ZyXEL NWA3560-N | User Guide - Page 186
trust, from your computer to the NWA3000-N series AP. Refresh Click this button to display the current validity status of the certificates. 186 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 187
Certificates Edit screen. Use this screen to view in-depth information about the certificate, change the certificate's name and set whether or not you want the NWA3000-N series AP to Figure 82 Configuration > Object > Certificate > Trusted Certificates > Edit NWA3000-N Series User's Guide 187 - ZyXEL NWA3560-N | User Guide - Page 188
certificate. You can change the name. You ). URL Type the protocol, IP address and pathname of the authority). Password Type the password (up to certificates. Address Type the IP address (in dotted server uses. 389 is the default server port number for LDAP. ID ). Password Type the password ( - ZyXEL NWA3560-N | User Guide - Page 189
key set in bits (1024 bits for example). Subject This field displays the certificate's owner's IP address (IP), domain Alternative Name name (DNS) or e-mail address (EMAIL). Key Usage This field displays for example) that this is actually their certificate. NWA3000-N Series User's Guide 189 - ZyXEL NWA3560-N | User Guide - Page 190
can copy and paste the certificate into a text editor and save the file on a management computer for later distribution (via floppy disk for example). Export Certificate Click this button and then Save in the File Download screen. The Save As screen opens, browse to the location that you want to - ZyXEL NWA3560-N | User Guide - Page 191
valid. With OCSP the NWA3000-N series AP checks the status of individual certificates instead of downloading a Certificate Revocation List (CRL). OCSP has two main advantages over a CRL. The first OCSP server returns a "expired", "current" or "unknown" response. NWA3000-N Series User's Guide 191 - ZyXEL NWA3560-N | User Guide - Page 192
Chapter 14 Certificates 192 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 193
Console Speed screen (Section 15.4 on page 199) configures the console port speed when you connect to the NWA3000-N series AP via the console port FTP server settings. You can upload and download the NWA3000-N series AP's firmware and configuration files using FTP. Please also User's Guide 193 - ZyXEL NWA3560-N | User Guide - Page 194
clients connected to interfaces with the DHCP server enabled. This name can be up to 254 alphanumeric characters long. Spaces are not allowed, but dashes "-" are accepted. Apply Click Apply to save your changes back to the NWA3000-N series AP. Reset Click Reset to return the screen to its last - ZyXEL NWA3560-N | User Guide - Page 195
uses the new setting once you click Apply. New Time (hhmm-ss) This field displays the last updated time from the time server or the last time configured manually. When you set Time and Date Setup to Manual, enter the new time in this field and then click Apply. NWA3000-N Series User's Guide 195 - ZyXEL NWA3560-N | User Guide - Page 196
updated date from the time server or the last date configured manually. When you set Time and Date Setup to Manual starting up. Time Server Address Enter the IP address or URL of your time server. saves your changes (except the daylight saving settings). Time Zone Setup Time Zone User's Guide - ZyXEL NWA3560-N | User Guide - Page 197
at 10:30 P.M. Click Apply to save your changes back to the NWA3000-N series AP. Click Reset to return the screen to its last-saved settings. or it cannot synchronize with the time server you specified. Table 71 Default Time Servers 0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org User's Guide 197 - ZyXEL NWA3560-N | User Guide - Page 198
manually set the NWA3000-N series AP date and time: 1 Click System > Date/Time. 2 Select Manual under Time and Date Setup. Setup. 3 Under Time Zone Setup, select your Time Zone from the list. 4 Under Time and Date Setup, enter a Time Server Address. 5 Click Apply. 198 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 199
Speed Use the drop-down list box to change the speed of the console port. Your NWA3000-N series AP supports 9600, 19200, 38400, 57600, and 115200 bps (default) for the console port. Apply Reset The Console Port Speed applies to a console port connection using terminal emulation software and NOT - ZyXEL NWA3560-N | User Guide - Page 200
this timeout period. The management session does not time out when a statistics screen is polling. Each user is also forced to log in the NWA3000-N series AP for authentication again when the reauthentication time expires. You can change the timeout settings in the User screens. 15.5.3 HTTPS You - ZyXEL NWA3560-N | User Guide - Page 201
(you know if data has been changed). It relies upon certificates, public keys 443 (by default) on the NWA3000-N series AP's web server. 2 HTTP connection Service Control Click Configuration > System > WWW to open the WWW screen. Use this screen to specify HTTP or HTTPS settings. NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 202
IP address that matches the IP address(es) in the Service Control table to access the NWA3000-N series AP Web Configurator using secure HTTPs connections. Server Port The HTTPS server listens on port 443 by default. If you change IP address that matches the IP address(es) in the Service Control - ZyXEL NWA3560-N | User Guide - Page 203
service to access the NWA3000-N series AP. Apply Click Apply to save your changes back to the NWA3000-N series AP. Reset Click Reset to return the screen to its last-saved settings. 15.5.5 HTTPS Example If you haven't changed the default (Internet Explorer) NWA3000-N Series User's Guide 203 - ZyXEL NWA3560-N | User Guide - Page 204
browser's trusted certificate authorities. The issuing certificate authority of the NWA3000-N series AP's factory default certificate is the NWA3000-N series AP itself since the certificate is a self-signed certificate (see the Certificates chapter for details). 204 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 205
screen). Figure 93 Trusted Certificates The CA sends you a package containing the CA's trusted certificate(s), your personal certificate(s) and a password to install the personal certificate(s). 15.5.5.5 Installing the CA's Certificate 1 Double click the CA's trusted certificate to produce a screen - ZyXEL NWA3560-N | User Guide - Page 206
shown earlier in this appendix. 15.5.5.6 Installing a Personal Certificate You need a password in advance. The CA may issue the password or you may have to specify it during the enrollment. Double-click the Browse if you wish to import a different certificate. 206 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 207
3 Enter the password given to you by the CA. Chapter 15 System 4 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location. NWA3000-N Series User's Guide 207 - ZyXEL NWA3560-N | User Guide - Page 208
on your computer. 15.5.5.7 Using a Certificate When Accessing the NWA3000-N series AP To access the NWA3000-N series AP via HTTPS: 1 Enter 'https://NWA3000-N series AP IP Address/ in your browser's web address field. 208 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 209
encryption to provide secure encrypted communication between two hosts over an unsecured network. In the following figure, computer B on the Internet uses SSH NWA3000-N Series User's Guide 209 - ZyXEL NWA3560-N | User Guide - Page 210
15 System to securely connect to the WAN port of the NWA3000-N series AP (A) for a management session. Figure 94 SSH Communication Over the WAN Example 15.6.1 How SSH Works The following figure public key is checked against the saved version on the client computer. 210 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 211
on the NWA3000-N series AP for management using port 22 (by default). 15.6.3 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the NWA3000-N series AP over SSH. NWA3000-N Series User's Guide 211 - ZyXEL NWA3560-N | User Guide - Page 212
with the IP address that matches the IP address(es) in the Service Control table to access the NWA3000-N series AP CLI using this service. Version 1 changes back to the NWA3000-N series AP. Reset Click Reset to return the screen to its last-saved settings. 212 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 213
for most SSH client programs. Refer to your SSH client program user's guide. 15.6.5.1 Example 1: Microsoft Windows This section describes how to 97 SSH Example 1: Store Host Key Enter the password to log in to the NWA3000-N series AP. The CLI screen displays next. 15.6.5.2 Example 2: Linux This - ZyXEL NWA3560-N | User Guide - Page 214
NWA3000-N series AP (using the default IP address of 192.168.1.2). A message displays indicating the SSH protocol version supported by the NWA3000-N series AP. to the list of known hosts. [email protected]'s password: 3 The CLI screen displays next. 15.7 Telnet You can use Telnet User's Guide - ZyXEL NWA3560-N | User Guide - Page 215
in order to use that service for remote management. Apply Click Apply to save your changes back to the NWA3000-N series AP. Reset Click Reset to return the screen to its last-saved settings. 15.8 FTP You can upload and download the NWA3000-N series AP's firmware and configuration files using - ZyXEL NWA3560-N | User Guide - Page 216
Port Server Certificate Apply Reset This implements TLS as a security mechanism to secure FTP clients and/ or servers. You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Select the certificate - ZyXEL NWA3560-N | User Guide - Page 217
device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices. The managed devices contain object variables/managed objects that define each piece of - ZyXEL NWA3560-N | User Guide - Page 218
manager of some events. 15.9.1 Supported MIBs The NWA3000-N series AP supports MIB II that is defined in RFC-1213 and RFC1215. The NWA3000-N series AP also supports private MIBs (ZYXEL-ESCAPWAP.MIB, ZYXEL-ES-COMMON.MIB, ZYXEL-ES-HYBRIDAP.MIB, ZYXEL-ESPROWLAN.MIB, ZYXEL NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 219
the same port number in order to use that service for remote management. Trap Community Type the trap community, which is the password sent with each trap to the SNMP manager. The default is public and allows all requests. Destination Type the IP address of the station to send your SNMP traps - ZyXEL NWA3560-N | User Guide - Page 220
) LABEL DESCRIPTION Set Community Enter the Set community, which is the password for incoming Set requests from the management station. The default is private and allows all requests. SNMPv3 Select this to allow SNMP managers using SNMPv3 to access the NWA3000-N series AP. Add Click this - ZyXEL NWA3560-N | User Guide - Page 221
this screen without saving your changes. 15.10 Internal RADIUS Server The NWA3000-N series AP can use its internal Remote Authentication Dial In User Service (RADIUS) server to authenticate the wireless clients of trusted APs. RADIUS is a protocol that enables you to control access to a network by - ZyXEL NWA3560-N | User Guide - Page 222
APs. A trusted AP is an AP that uses the NWA3000-N series AP's internal RADIUS server to authenticate its wireless clients. Each wireless client must have a user name and password configured in the Object > Users screen. 222 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 223
that you replace the factory default certificate with one that uses your NWA3000-N series AP's MAC address. Do this when you first log in to the NWA3000N series AP or in the Object > Certificate > My Certificates screen. Use this table to manage User's Guide 223 - ZyXEL NWA3560-N | User Guide - Page 224
trusted AP profile. IP Address This field indicates the IP address of the mask indicates what part of the IP address is the same for all save your changes back to the NWA3000-N series AP. Reset Click Reset to start for the trusted AP profile. IP Address Type the IP address of the trusted AP - ZyXEL NWA3560-N | User Guide - Page 225
AP's IP address and changes back to the NWA3000-N series AP. Click Cancel to exit this screen without saving your changes support domain accounts (DOMAIN/ user). When you configure your Windows XP SP2 Wireless Zero Configuration PEAP/MS-CHAPv2 settings, clear the Use Windows logon name and password - ZyXEL NWA3560-N | User Guide - Page 226
Chapter 15 System 226 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 227
view various statistics about traffic passing through your NWA3000-N series AP. Note: Data collection may decrease the NWA3000-N series AP's traffic throughput rate. NWA3000-N Series User's Guide 227 - ZyXEL NWA3560-N | User Guide - Page 228
to have the NWA3000-N series AP e-mail you system statistics every day. Figure 108 Configuration > Log & Report > Email Daily Report (Standalone Mode) 228 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 229
Type the name or IP address of the outgoing user name and Authentication password to the SMTP server. User changes back to the NWA3000-N series AP. Reset Click Reset to return the screen to its last-saved settings. 16.3 Log Setting These screens control log and supports e-mail profiles and - ZyXEL NWA3560-N | User Guide - Page 230
destinations, and the other four logs are stored on specified syslog servers. The Log Setting tab also controls what information is saved in each log. For the system log, you can also specify which log Setting. Figure 109 Configuration > Log & Report > Log Setting 230 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 231
system log; you can view the log on the View Log tab. VRPT/Syslog - ZyXEL's Vantage Report, syslog-compatible format. Summary Active Log Summary Apply CEF/Syslog - Common this button to save your changes (activate and deactivate logs) and make them take effect. NWA3000-N Series User's Guide 231 - ZyXEL NWA3560-N | User Guide - Page 232
Edit Log Settings This screen controls the detailed settings for each log in the system log (which includes the e-mail profiles). Go to the Log Settings Summary screen and click the system log Edit icon. Figure 110 Configuration > Log & Report > Log Setting > Edit 232 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 233
Mail Server Type the name or IP address of the outgoing SMTP server. a user name and password to the SMTP server. User Name This box is password to provide to the SMTP server when the log is e-mailed. Active Log and Alert System log Use the System Log drop-down list to change User's Guide 233 - ZyXEL NWA3560-N | User Guide - Page 234
E-mail Server 1 Use the E-Mail Server 1 drop-down list to change the settings for e-mailing logs to e-mail server 1 for all log the Display and Category fields in the View Log tab. The Default category includes debugging messages generated by open source software. Select which User's Guide - ZyXEL NWA3560-N | User Guide - Page 235
the text "[count=x]", where x is the number of original log messages, appended at the end of the Message field. OK Click this to save your changes and return to the previous screen. Cancel Click this to return to the previous screen without saving your - ZyXEL NWA3560-N | User Guide - Page 236
and Report 16.3.3 Edit Remote Server This screen controls the settings for each log in the remote server (syslog). Go to the Log Settings Summary screen and click a remote server Edit icon. Figure 111 Configuration > Log & Report > Log Setting > Edit Remote Server 236 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 237
only. VRPT/Syslog - ZyXEL's Vantage Report, syslog- the server name or the IP address of the syslog server Use the Selection drop-down list to change the log settings for all of the the View Log tab. The Default category includes debugging messages generated by changes and return to the - ZyXEL NWA3560-N | User Guide - Page 238
e-mail profiles, and remote servers at the same time. It does not let you change other log settings (for example, where and how often log information is e-mailed or each alert. (The Default category includes debugging messages generated by open source software.) 238 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 239
to controller mode, the AC section controls logs generated by the controller and the AP section controls logs generated by the managed APs. System log Use the System Log drop-down list to change the log value, and it is not associated with a specific address. NWA3000-N Series User's Guide 239 - ZyXEL NWA3560-N | User Guide - Page 240
used in the Display and Category fields in the View Log tab. The Default category includes debugging messages generated by open source software. System log Select which from this category Click this to save your changes and return to the previous screen. Click this to return to the - ZyXEL NWA3560-N | User Guide - Page 241
file, the NWA3000-N series AP uses the factory default settings for any features that the configuration file does not include. When you run a shell script, the NWA3000-N series AP only applies the commands that it contains. Other settings do not change. NWA3000-N Series User's Guide 241 - ZyXEL NWA3560-N | User Guide - Page 242
17 File Manager These files have the same syntax, which is also identical to the way you run CLI commands manually. An example is shown below # enter configuration mode configure terminal # change administrator password username admin password 4321 user-type admin #configure default radio profile - ZyXEL NWA3560-N | User Guide - Page 243
Chapter 17 File Manager In the following example lines 1 and 2 are comments. Line 5 exits sub command mode. ! this is from Joe # on 2010/12/05 wlan-ssid-profile default ssid Joe-AP qos wmm security default ! Errors in Configuration Files or Shell Scripts When you apply a configuration file or run a - ZyXEL NWA3560-N | User Guide - Page 244
17 File Manager • If an error, the NWA3000-N series AP applies the system-default.conf configuration file. • You can change the way the startup-config.conf file is applied. a log for any errors. Figure 113 Maintenance > File Manager > Configuration File Do not turn off the NWA3000-N series AP - ZyXEL NWA3560-N | User Guide - Page 245
Manager > Configuration File LABEL DESCRIPTION Rename Use this button to change the label of a configuration file on the NWA3000-N series AP. You can only rename manually . Remove Download Copy Specify manually saved configuration files. You cannot delete the system-default User's Guide 245 - ZyXEL NWA3560-N | User Guide - Page 246
Chapter 17 File Manager Table 88 Maintenance > File Manager > Configuration File (continued) LABEL DESCRIPTION blank. If the interfaces were not configured before the first error, the console port may be the only way to access the device. Immediately stop applying NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 247
reset all of the NWA3000-N series AP settings to the factory defaults. This configuration file is included when you upload a firmware package. The startup-config.conf file is the configuration file that the NWA3000N series AP is currently using. If you make and save changes during your management - ZyXEL NWA3560-N | User Guide - Page 248
recover the firmware. See the CLI Reference Guide for how to determine if you need to recover the firmware and how to recover it. Find the firmware package at www.zyxel.com in a file that (usually) uses a .bin extension. The firmware update can take up to five minutes. Do not turn off or reset the - ZyXEL NWA3560-N | User Guide - Page 249
minutes, log in again and check your new firmware version in the Dashboard screen. 17.4 Shell Script changes will be lost when the NWA3000-N series AP restarts. You could use multiple write commands in a long script. Figure 116 Maintenance > File Manager > Shell Script NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 250
table. Table 90 Maintenance > File Manager > Shell Script LABEL DESCRIPTION Rename Use this button to change the label of a shell script without deleting the shell script file. Download Click a shell script file's row to select it and click Download to save the configuration to your User's Guide - ZyXEL NWA3560-N | User Guide - Page 251
17 File Manager Table 90 Maintenance > File Manager > Shell Script (continued) LABEL DESCRIPTION Browse... Click Browse... to find the .zysh file you want to upload. Upload Click Upload to begin the upload process. This process may take up to several minutes. NWA3000-N Series User's Guide 251 - ZyXEL NWA3560-N | User Guide - Page 252
Chapter 17 File Manager 252 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 253
AP's configuration and diagnostic information if you need to provide it to customer support during troubleshooting. • The Packet Capture screen (Section 18.3 on page 254) captures data to generate this file and send it to customer support during troubleshooting. NWA3000-N Series User's Guide 253 - ZyXEL NWA3560-N | User Guide - Page 254
Click this to have the NWA3000-N series AP create a new diagnostic file. Download Click this to save the most recent diagnostic file to a computer. 18.3 . Studying these packet captures may help you identify network problems. Click Maintenance > Diagnostics > Packet Capture to open the packet - ZyXEL NWA3560-N | User Guide - Page 255
overwrite existing files of the same name. Change the File Suffix field's setting to avoid User Defined to be able to enter an IP address. Host Port This field is configurable when you set the IP Type to any, tcp, or udp. Specify the port number of traffic to capture. NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 256
larger or delete existing capture files. Duration File Suffix The valid range is 1 to 10000. The NWA3000-N series AP stops the while a packet capture is in progress. Stop Reset After the NWA3000-N series AP finishes the capture download the files to your 256 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 257
multiple files. A pop-up window asks you to confirm that you want to delete. Download Click a file to select it and click Download to save it to your computer. # This column displays the number for each packet capture The NWA3000-N series AP truncated the frame NWA3000-N Series User's Guide 257 - ZyXEL NWA3560-N | User Guide - Page 258
to capture wireless network traffic going through the AP interfaces connected to your NWA3000-N series AP. Studying these frame captures may help you identify network problems. Click Maintenance > Diagnostics > Wireless Frame Capture to display this screen. 258 NWA3000-N Series - ZyXEL NWA3560-N | User Guide - Page 259
capture files overwrite existing files of the same name. Change the File Suffix field's setting to avoid this. series AP is set to the controller mode. Configure AP to MON Mode Click this to go the Configuration > Wireless > AP Management screen, where you can set one Series User's Guide 259 - ZyXEL NWA3560-N | User Guide - Page 260
files you may need to set this size larger or delete existing capture files. File Prefix Capture Stop Reset The valid range is 1 to 50000. The NWA3000-N series AP stops the capture and generates the capture file when return the screen to its last-saved settings. 260 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 261
multiple files. A pop-up window asks you to confirm that you want to delete. Download Click a file to select it and click Download to save it to your computer. # This column displays the number for each packet date and time that the individual files were saved. NWA3000-N Series User's Guide 261 - ZyXEL NWA3560-N | User Guide - Page 262
Chapter 18 Diagnostics 262 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 263
you made changes in the CLI, however, you have to use the write command to save the configuration before you reboot. Otherwise, the changes are lost when you reboot. Reboot is different to reset; reset returns the device to its default configuration. 19.2 Reboot This screen allows remote users can - ZyXEL NWA3560-N | User Guide - Page 264
Chapter 19 Reboot 264 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 265
Click the Shutdown button to shut down the NWA3000-N series AP. Wait for the device to shut down before you manually turn off or remove the power. It does not turn off the power. You can also use the CLI command shutdown to shutdown the NWA3000-N series AP. NWA3000-N Series User's Guide 265 - ZyXEL NWA3560-N | User Guide - Page 266
Chapter 20 Shutdown 266 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 267
problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • NWA3000-N series AP Access and Login • Internet Access • Wireless AP Troubleshooting • Resetting NWA3000-N series AP vendor. NWA3000-N Series User's Guide 267 - ZyXEL NWA3560-N | User Guide - Page 268
its factory defaults. See Section 21.6 on page 277. I cannot see or access the Login screen in the web configurator. 1 Make sure you are using the correct IP address. • The default IP address is 192.168.1.2. • If you changed the IP address, use the new IP address. 268 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 269
is no DHCP server on your network, make sure your computer's IP address is in the same subnet as the NWA3000-N series AP. 5 Reset the device to its factory defaults, and try to access the NWA3000-N series AP with the default IP address. See your Quick Start Guide. 6 If the problem continues, contact - ZyXEL NWA3560-N | User Guide - Page 270
is the default speed on leaving the factory. Try other speeds in case the speed has been changed. No parity, 8 data bits, 1 stop bit, data flow set to none. I cannot use FTP to upload / download the configuration file. / I cannot use FTP to upload new firmware. See the troubleshooting suggestions - ZyXEL NWA3560-N | User Guide - Page 271
Troubleshooting 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide the Quick Start Guide again. 5 If the problem continues, contact Guide and Section 1.7 on page 27. 2 Reboot the NWA3000-N series AP. 3 If the problem If the problem continues, - ZyXEL NWA3560-N | User Guide - Page 272
Troubleshooting I cannot access the NWA3000-N series AP or ping any computer from the WLAN supports the same wireless standard as the NWA3000-N series AP. 4 Make sure your computer (with a wireless adapter installed) is within the transmission range WLAN interface. Check your remote management support. - ZyXEL NWA3560-N | User Guide - Page 273
or disable the bridge interfaces, connect the bridge interfaces, activate device HA, and finally reactivate the bridge interfaces. I cannot get the Device HA synchronization to work. Only NWA3000-N series APs of the same model and firmware version can synchronize. NWA3000-N Series User's Guide 273 - ZyXEL NWA3560-N | User Guide - Page 274
21 Troubleshooting I cannot is within a password-encrypted envelope. The file's password is not connected to your certificate's public or private passwords. Exporting a easy for this to occur since many programs use text files by default. I can only see newer logs. Older logs are missing. When - ZyXEL NWA3560-N | User Guide - Page 275
Chapter 21 Troubleshooting The commands in my interface if you need to recover the firmware. See the CLI Reference Guide for how to determine if you need to recover the firmware and how to recover it. My name. Change the File Suffix field's setting to avoid this. NWA3000-N Series User's Guide 275 - ZyXEL NWA3560-N | User Guide - Page 276
reconnect it and see if that resolves the issue. • The CAPWAP daemon may be down. Use the NWA3000-N series AP's built-in diagnostic tools and CLI console to get CAPWAP debug messages which can later be sent to customer service for analysis. 276 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 277
Troubleshooting Wireless clients are not being load balanced among my APs. • Make sure that all the APs used by the wireless clients in question share the same SSID you forget the administrator password(s), you can reset the NWA3000-N series AP to its factory-default settings. Any configuration - ZyXEL NWA3560-N | User Guide - Page 278
Chapter 21 Troubleshooting 21.7 Getting More Troubleshooting Help Search for support information for your model at www.zyxel.com for more troubleshooting suggestions. 278 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 279
AP's hardware and firmware features. Table 96 Hardware Specifications Power Specification 12 V DC, 1.5 A Reset button Returns all settings to their factory defaults. Ethernet Port slot Operating Temperature 0 ~ 40 º C Storage Temperature -30 ~ 70 º C NWA3000-N Series User's Guide 279 - ZyXEL NWA3560-N | User Guide - Page 280
. Table 97 Firmware Specifications Default IP Address 192.168.1.2 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 Wireless LAN Standards IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, IEEE 802.11n Security and Control • WPA and WPA2 (Wi-Fi Protected Access) support, Mixed WPA - ZyXEL NWA3560-N | User Guide - Page 281
Control) from IEEE 802.11h allows a wider choice of 802.11a wireless channels. CAPWAP The ZyXEL Device can be managed via CAPWAP (Control And Provisioning of Wireless Access Points), which allows multiple APs to be configured and managed by a single AP controller. NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 282
Chapter 22 Product Specifications 22.1 Wall-Mounting Instructions Complete the following steps to hang your NWA3000-N series AP on a wall. Note: See Table 96 on page 279 on the wall. Hang the NWA3000-N series AP on the screws. Figure 125 Wall-mounting Example 282 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 283
Chapter 22 Product Specifications The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm). Figure 126 Masonry Plug and M4 Tap Screw NWA3000-N Series User's Guide 283 - ZyXEL NWA3560-N | User Guide - Page 284
Chapter 22 Product Specifications 284 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 285
DESCRIPTION Invalid message queue. Maybe someone starts another zysh daemon. ZySH daemon is instructed to reset by %d 1st:pid num System integrity error! Group OPS cannot close property group name %s: cannot retrieve entries from list! 1st:zysh list name NWA3000-N Series User's Guide 285 - ZyXEL NWA3560-N | User Guide - Page 286
retrieve entries from table! 1st:zysh table name %s: index is out of range! 1st:zysh table name %s: cannot set entry #%d 1st:zysh table name, name Unable to delete entry 1st:zysh entry num #%d! Unable to change entry 1st:zysh entry num #%d! %s: cannot retrieve entries from table User's Guide - ZyXEL NWA3560-N | User Guide - Page 287
NWA3000-N series AP is blocking login attempts on the console port. Too many failed login attempts were made from an IP address so the NWA3000-N series AP is blocking login attempts from that IP address. %u.%u.%u.%u: the source address of the user's login attempt NWA3000-N Series User's Guide 287 - ZyXEL NWA3560-N | User Guide - Page 288
to the access from %s access control configuration. User %s has been denied access from %s %s: service name The NWA3000-N series AP blocked a login attempt by the specified user name because of an invalid user name or password. LDAP/AD: Wrong IP or Port. IP:%s, Port: %d Domain-auth fail Failed - ZyXEL NWA3560-N | User Guide - Page 289
console port baud rate back to reset to %d. the default (115200). Set timezone to %s. %d is default baud rate An administrator changed the time zone. Set timezone to default. %s is time zone value An administrator changed the time zone back to the default (0). NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 290
Services Logs (continued) LOG MESSAGE DESCRIPTION Enable daylight saving. An administrator turned on daylight saving. Disable daylight saving. An administrator turned off daylight saving. The default is incorrect. 1st %s: Daemon Name, 2nd %s: date and time 290 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 291
received the specified total number of ARP response packets for the requested IP address. Clear arp cache successfully. The ARP cache was cleared successfully. Client MAC address is not an Ethernet address A client MAC address is not an Ethernet address. NWA3000-N Series User's Guide 291 - ZyXEL NWA3560-N | User Guide - Page 292
(%s:%s), src_mac: %s with requested IP: %s The device received a DHCP request through the specified interface. IP confliction is detected. Send back DHCP-NAK. IP conflict was detected. Send back DHCP-NAK. Clear ARP cache done Clear ARP cache done. NTP update successful, The device successfully - ZyXEL NWA3560-N | User Guide - Page 293
firmware versions are the same between the Master and the Backup. Device HA Sync has failed when syncing %s for %s due to bad \"Sync Password\". The synchronization password The Sync From IP address or firmware versions. Update %s for %s has failed. Updating a certain object failed when updating - ZyXEL NWA3560-N | User Guide - Page 294
Device HA has skipped syncing %s since %s is %s. A certain service has no license or the license is expired, so it was not aborted from Master %s. %s: IP or FQDN of Master Master configuration file does not exist. Skip updating ZySH Startup Configuration. System NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 295
MESSAGE DESCRIPTION VRRP interface %s has %s: The name of the VRRP interface. been brought up. Version for %s is the same, skip update CODE 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 failed. Path was not verified. Maximum path length reached. NWA3000-N Series User's Guide 295 - ZyXEL NWA3560-N | User Guide - Page 296
authentication. Interface: %s, MAC: %s. A wireless client used an incorrect WPA or WPA2 user password and failed authentication by the NWA3000-N series AP's local user database while trying to connect to the specified WLAN interface (first %s). The MAC address of the wireless client is listed - ZyXEL NWA3560-N | User Guide - Page 297
. changed. 1st %s: profile type, 2nd %s: profile name. Account %s %s has been A user added a new ISP account profile. added. 1st %s: profile type, 2nd %s: profile name. Table 105 File Manager Logs LOG MESSAGE DESCRIPTION ERROR:#%s, %s Apply configuration failed, this log will be what CLI - ZyXEL NWA3560-N | User Guide - Page 298
Appendix A Log Descriptions Table 105 File Manager Logs (continued) LOG MESSAGE DESCRIPTION WARNING:#%s, %s Run script failed, this log will be what wrong CLI command is and what warning message is. 1st %s is CLI command. Resetting system... System resetted. Now apply %s.. 2nd %s is warning - ZyXEL NWA3560-N | User Guide - Page 299
be a problem with the NWA3000-N series AP's or the server's network connection. Table 108 CAPWAP Server Logs LOG MESSAGE DESCRIPTION WLAN Controller Start. Indicates that AP management services has started. Registration Type:%s WLAN Controller Reset. The AP management service has reset. WLAN - ZyXEL NWA3560-N | User Guide - Page 300
Managed AP. MACAddr:%02x%02x%02x%0 2x%02x%02x, Model:%s, Name:%s Indicates that a Send Configuration Response was received from an AP on the Managed List. 1st %02x ~ 6th %02x: Managed AP MAC Address. 7th %s: Managed AP Model Name. 8th %s: Managed AP Description. 300 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 301
: Managed AP MAC Address. 7th %s: Managed AP's description. STA Roaming. Managed AP [%s] is Full 8th %s: Destination AP's description. Indicates that the number of stations connecting to the specified AP has reached its upper limit. 1st %s: Managed AP's description. NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 302
Complete Updating" Managed AP Configuration Flush. %s The managed AP reset ZySH for flushing its running-config & reapplied the startup-config. 1st %s: Reset ZySH Daemon AC IP Change. New Changed the managed AP's AC IP. Discovery Type:%s, WLAN Controller IP: %s 1st %s: Discovery type {By DHCP - ZyXEL NWA3560-N | User Guide - Page 303
Managed AP Receiving Updating ZySH Configuration from AC The AP is receiving configuration settings from the NWA3000N series AP because the NWA3000-N series AP changed . STA Roaming. MAC Addr:%02x:%02x:%02x: %02x:%02x:%02x, From=%s, To=%s The specified station roamed from the User's Guide 303 - ZyXEL NWA3560-N | User Guide - Page 304
DCS Logs LOG MESSAGE dcs init failed!\n init zylog fail\n channel changed: %s %d -> %d\n DESCRIPTION Indicates that the NWA3000-N series AP Indicates that the NWA3000-N series AP failed to initialize zylog. DCS has changed the wireless interface %s channel from %d to channel %d. 1st %s: interface - ZyXEL NWA3560-N | User Guide - Page 305
to be issued to all visiting web browsers to let them know that the site is legitimate. Many ZyXEL products, such as the NSA-2401, issue their own public key certificates. These can be used by web window (not all browsers show the padlock in the same location.) NWA3000-N Series User's Guide 305 - ZyXEL NWA3560-N | User Guide - Page 306
you are presented with a certification error. 2 Click Continue to this website (not recommended). 3 In the Address Bar, click Certificate Error > View certificates. 306 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 307
Appendix B Importing Certificates 4 In the Certificate dialog box, click Install Certificate. 5 In the Certificate Import Wizard, click Next. NWA3000-N Series User's Guide 307 - ZyXEL NWA3560-N | User Guide - Page 308
then click Browse. 8 In the Select Certificate Store dialog box, choose a location in which to save the certificate and then click OK. 308 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 309
Appendix B Importing Certificates 9 In the Completing the Certificate Import Wizard screen, click Finish. 10 If you are presented with another Security Warning, click Yes. 11 Finally, click OK when presented with the successful certificate installation message. NWA3000-N Series User's Guide 309 - ZyXEL NWA3560-N | User Guide - Page 310
12 The next time you start Internet Explorer and go to a ZyXEL Web Configurator page, a sealed padlock icon appears in the address a Stand-Alone Certificate File in Internet Explorer Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can - ZyXEL NWA3560-N | User Guide - Page 311
in Internet Explorer 7 on Windows XP. 1 Open Internet Explorer and click Tools > Internet Options. 2 In the Internet Options dialog box, click Content > Certificates. NWA3000-N Series User's Guide 311 - ZyXEL NWA3560-N | User Guide - Page 312
Yes. 6 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. 312 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 313
appears in the address bar, which you can click to open the Page Info > Security window to view the web page's security information. NWA3000-N Series User's Guide 313 - ZyXEL NWA3560-N | User Guide - Page 314
Certificates Installing a Stand-Alone Certificate File in Firefox Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can install a the Options dialog box, click Advanced > Encryption > View Certificates. 314 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 315
Appendix B Importing Certificates 3 In the Certificate Manager dialog box, click Web Sites > Import. 4 Use the Select File dialog box to locate the certificate and then address bar to open the Page Info > Security window to see the web page's security information. NWA3000-N Series User's Guide 315 - ZyXEL NWA3560-N | User Guide - Page 316
Appendix B Importing Certificates Removing a Certificate in Firefox This section shows you how to remove a public key certificate in Firefox 2. 1 Open Firefox and click Tools > Options. 2 In the Options dialog box, click Advanced > Encryption > View Certificates. 316 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 317
Appendix B Importing Certificates 3 In the Certificate Manager dialog box, select the Web Sites tab, select the certificate that you want to remove, and then to the web site that issued the public key certificate you just removed, a certification error appears. NWA3000-N Series User's Guide 317 - ZyXEL NWA3560-N | User Guide - Page 318
Appendix B Importing Certificates 318 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 319
Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each A and B can access the wired network and communicate NWA3000-N Series User's Guide 319 - ZyXEL NWA3560-N | User Guide - Page 320
communicate with each other. Figure 128 Basic Service Set ESS An Extended Service Set (ESS) consists of a series WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. 320 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 321
the same ESSID in order to communicate. Figure 129 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a NWA3000-N Series User's Guide 321 - ZyXEL NWA3560-N | User Guide - Page 322
The AP then responds with a CTS (Clear to Send) message to all other stations within its range to notify them to defer their transmission. It also reserves and confirms with the requesting station the time affect the throughput performance instead of providing a remedy. NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 323
on the network support, and to provide more reliable communications in busy wireless networks. Use short preamble if you are sure all wireless devices on the network support it, and to (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has NWA3000-N Series User's Guide 323 - ZyXEL NWA3560-N | User Guide - Page 324
Table 115 Wireless Security Levels SECURITY LEVEL SECURITY TYPE Least Secure Unique SSID (Default) Unique SSID with Hide SSID Enabled MAC Address Filtering WEP Encryption IEEE802.1x EAP with RADIUS Server wireless clients that you want to associate with it. 324 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 325
of IEEE 802.1x are: • User based identification that allows for roaming. • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC - ZyXEL NWA3560-N | User Guide - Page 326
of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP- password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. 326 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 327
only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. NWA3000-N Series User's Guide 327 - ZyXEL NWA3560-N | User Guide - Page 328
RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. 328 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 329
and management password approach makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it's still an improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 330
) User Authentication be supported in enables fast roaming by allowing the operating system instructing the wireless patch is a free download that adds WPA capability to the IP address of the RADIUS server, its port number (default is then checks the user's identification against its - ZyXEL NWA3560-N | User Guide - Page 331
hierarchy and management system, password and allows it to join the network only if the password matches. 3 The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 332
security features. Table 117 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL ENCRYPTIO N METHOD ENTER MANUAL KEY IEEE 802.1X Open None No Disable Enable without Dynamic WEP No Enable WPA2-PSK TKIP/AES Yes Disable 332 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 333
. ("ZyXEL") grants you a non-exclusive, non-sublicense, non-transferable license to use the program with which this license is distributed (the "Software"), including any documentation files accompanying the Software ("Documentation"), for internal business use only, for up to the number of users - ZyXEL NWA3560-N | User Guide - Page 334
ZyXEL ZyXEL is not obligated to provide any maintenance, technical or other support a service bureau ZyXEL ZyXEL has no express or implied obligation to provide any technical or other support support and customer service ZyXEL ZyXEL ZyXEL BUSINESS, LOSS OF PROFITS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS - ZyXEL NWA3560-N | User Guide - Page 335
by destroying or returning to ZyXEL all copies of the Software and Documentation in your possession or under your control. ZyXEL may terminate this License Agreement , we will give to anyone who contacts us at the ZyXEL Technical Support ([email protected]), for a charge of no more than our - ZyXEL NWA3560-N | User Guide - Page 336
of such. Notice Information herein is subject to change without notice. Companies, names, and data used , except the express written permission of ZyXEL Communications Corporation. This Product includes ntp and this permission notice appear in supporting documentation, and that the name User's Guide - ZyXEL NWA3560-N | User Guide - Page 337
are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact [email protected]. OpenSSL License NWA3000-N Series User's Guide 337 - ZyXEL NWA3560-N | User Guide - Page 338
"OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following 338 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 339
INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER (C) 1995-1998 Eric Young ([email protected]) * All rights reserved. * NWA3000-N Series User's Guide 339 - ZyXEL NWA3560-N | User Guide - Page 340
cryptographic software written by * Eric Young ([email protected])" * The word 'cryptographic' can be left out if the rouines from the library 340 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 341
TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under Series User's Guide 341 - ZyXEL NWA3560-N | User Guide - Page 342
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY includes bind and dhcp software under the ISC License ISC license Copyright (c) 4-digit year, Company or Person's Name 342 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 343
that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such work (an example is provided in the Appendix below). NWA3000-N Series User's Guide 343 - ZyXEL NWA3560-N | User Guide - Page 344
on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 345
License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights NWA3000-N Series User's Guide 345 - ZyXEL NWA3560-N | User Guide - Page 346
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [This is the first released version of the Lesser - ZyXEL NWA3560-N | User Guide - Page 347
referring to freedom of use, not price. Our General Public Licenses are designed to service if you wish); that you receive source code or can get it if you want it; that you can change author's reputation will not be affected by problems that might be introduced by others. Finally User's Guide 347 - ZyXEL NWA3560-N | User Guide - Page 348
interface definition files, plus the scripts used to control compilation and installation of the library. Activities other the files modified to carry prominent notices stating that you changed the files and the date of any change. c) You must cause the whole of the work -N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 349
entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. In instead if you wish.) Do not make any other change in these notices. Once this change is made in a given copy, it is irreversible User's Guide 349 - ZyXEL NWA3560-N | User Guide - Page 350
to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the enforcing compliance by third parties with this License. 350 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 351
to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. IN NO EVENT UNLESS REQUIRED BY User's Guide 351 - ZyXEL NWA3560-N | User Guide - Page 352
bridge-utils, busybox, dhcpcd, dhcp change free software--to make sure the software is free for all its users price. Our service if you wish), that you receive source code or can get it if you want it, that you can change problems introduced by others will not reflect on the original authors' reputations - ZyXEL NWA3560-N | User Guide - Page 353
modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. User's Guide 353 - ZyXEL NWA3560-N | User Guide - Page 354
any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent - ZyXEL NWA3560-N | User Guide - Page 355
to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY User's Guide 355 - ZyXEL NWA3560-N | User Guide - Page 356
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT to use, copy, modify and distribute this software and its NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 357
appears in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of CMU and The Regents of the University of California not notice, this list of conditions and the following disclaimer in the NWA3000-N Series User's Guide 357 - ZyXEL NWA3560-N | User Guide - Page 358
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN Redistributions in binary form must reproduce the above copyright 358 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 359
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN of Sun Microsystems, Inc. in the U.S. and other countries. NWA3000-N Series User's Guide 359 - ZyXEL NWA3560-N | User Guide - Page 360
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN Sparta, Inc copyright notice (BSD) ----- Copyright (c) 2003-2009, Sparta, Inc NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 361
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER notice (BSD) ----- Copyright (c) 2004, Cisco, Inc and Information Network NWA3000-N Series User's Guide 361 - ZyXEL NWA3560-N | User Guide - Page 362
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN Part 7: Fabasoft R&D Software GmbH & Co KG copyright notice (BSD) ----- 362 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 363
; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. NWA3000-N Series User's Guide 363 - ZyXEL NWA3560-N | User Guide - Page 364
; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 364 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 365
, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH NWA3000-N Series User's Guide 365 - ZyXEL NWA3560-N | User Guide - Page 366
following disclaimer in the documentation and/or other materials provided with the distribution, and 3. Redistributions must contain a verbatim copy of this document. 366 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 367
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN this sentence. This code is released under the libpng license. NWA3000-N Series User's Guide 367 - ZyXEL NWA3560-N | User Guide - Page 368
with all faults, and the entire risk of satisfactory quality, performance, accuracy, and effort is with the user. libpng versions 0.97, January 1998, through 1.0.6, March 20, 2000, are Copyright (c) 1998, 1999 added to the list of Contributing Authors: Tom Lane 368 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 369
, expressed or implied, including, without limitation, the warranties of merchantability and of fitness for any purpose. The Contributing Authors and Group 42, Inc. NWA3000-N Series User's Guide 369 - ZyXEL NWA3560-N | User Guide - Page 370
. specifically permit, without fee, and encourage the use of this source code as a component to supporting the PNG file format in commercial products. If you use this source code in a product, acknowledgment .png" and "pngbar.jpg (88x31) and "pngnow.png" (98x31). 370 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 371
Source is a certification mark of the Open Source Initiative. Glenn Randers-Pehrson glennrp at users.sourceforge.net February 25, 2010 This Product includes libmd5-rfc software under the Zlib/libpng may not be removed or altered from any source distribution. NWA3000-N Series User's Guide 371 - ZyXEL NWA3560-N | User Guide - Page 372
Appendix D Open Software Announcements 372 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 373
notice. This publication is subject to change without notice. Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in two conditions: • This device may not cause harmful interference. NWA3000-N Series User's Guide 373 - ZyXEL NWA3560-N | User Guide - Page 374
, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is help. FCC Caution: Any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate this - ZyXEL NWA3560-N | User Guide - Page 375
reduce potential radio interference to other users, the antenna type and its gain users should also be cautioned to take note that high-power radars are allocated as primary users users must follow the specific operating instructions for satisfying RF exposure compliance. 注意 ! Notices Changes - ZyXEL NWA3560-N | User Guide - Page 376
Information This device is designed for the WLAN 2.4 GHz and/or 5 GHz networks throughout Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects 376 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 377
may also refer to the warranty policy for the region in which you bought the device at http:// www.zyxel.com/web/support_warranty_info.php. Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com. NWA3000-N Series User's Guide 377 - ZyXEL NWA3560-N | User Guide - Page 378
Appendix E Legal Information 378 NWA3000-N Series User's Guide - ZyXEL NWA3560-N | User Guide - Page 379
(access point) 321 AP+Bridge 18 AP/Bridge 22 applications 18 AP/Bridge 22 Bridge/Repeater 18 MBSSID 22 B backing up configuration files 243 Basic Service Set see BSS Basic Service Set, See BSS 319 boot module 248 bridge 18, 22 NWA3000-N Series User's Guide Index Index Bridge/Repeater 18 BSS 22, 23 - ZyXEL NWA3560-N | User Guide - Page 380
257, 261 downloading with FTP 215 editing 241 how applied 242 lastgood.conf 244, 247 managing 243 startup-config.conf 247 startup-config-bad.conf 244 syntax 242 system-default.conf 247 uploading 247 uploading with FTP 215 use without restart 241 console port 25 speed 199 Control and Provisioning of - ZyXEL NWA3560-N | User Guide - Page 381
Service Set, See ESS 320 F FCC interference statement 373 file extensions configuration files 241 shell scripts 241 file manager 241 configuration overview 53 Firefox 31 firmware and restart 248 boot module, see boot module current version 77, 248 getting updated Series User's Guide Index HyperText - ZyXEL NWA3560-N | User Guide - Page 382
types of 229 M MAC address range 77 MAC filtering 281 maintenance 17 management 17 management access and device HA 128 Management Information Base (MIB) 217, 218 Management Mode 103 CAPWAP and DHCP 104 CAPWAP and IP Subnets 104 managed AP 104 standalone mode 103 managing the device good habits 25 - ZyXEL NWA3560-N | User Guide - Page 383
Socket Layer, see SSL security 18 serial number 77 service control and users 200 limitations 200 timeouts 200 Service Set 148 Service Set Identifier see SSID shell scripts 241 downloading 250 editing 249 how applied 242 managing 249 syntax 242 uploading 251 shutdown 29 Simple Certificate Enrollment - ZyXEL NWA3560-N | User Guide - Page 384
17 user authentication 137 user group objects 137 user groups 137 configuration overview 51 user name rules 139 user objects 137 users 137 access, see also access users admin (type) 137 admin, see also admin users and service control 200 configuration overview 51 currently logged in 78 default lease - ZyXEL NWA3560-N | User Guide - Page 385
Web Configurator 24, 31 access 32 requirements 31 supported browsers 31 web configurator 17 WEP (Wired Equivalent wireless security 23, 272, 324 WLAN interference 321 security parameters 332 WLAN interface 18 WPA 148, 328 key caching 330 pre-authentication 330 user authentication 330 vs WPA-PSK - ZyXEL NWA3560-N | User Guide - Page 386
Index 386 NWA3000-N Series User's Guide
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
 |
 |
www.zyxel.com
www.zyxel.com
NWA3000-N Series
Wireless N Business WLAN 3000 Series Access Point
Copyright © 2011
ZyXEL Communications Corporation
Version 2.23
Edition 1, 1/2011
Default Login Details
IP Address
User Name
admin
Password
1234