Home » ZyXEL Manuals » Networking » ZyXEL NWA-3500 » Manual Viewer

ZyXEL NWA-3500 User Guide - Page 63

Using MAC Filters and L-2 Isolation Profiles

Get ZyXEL NWA-3500 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 63 highlights

Chapter 3 Tutorial 3.4.5 Test the Setup Next, test your setup to ensure it is correctly configured. • Log into each AP's Web configurator and click ROGUE AP > Rogue AP. Click Refresh. If any of the MAC addresses from Section 3.4.1 on page 57 appear in the list, the friendly AP function may be incorrectly configured - check the ROGUE AP > Friendly AP screen. If any entries appear in the rogue AP list that are not in Section 3.4.1 on page 57, write down the AP's MAC address for future reference and check your e-mail inbox. If you have received a rogue AP alert, email alerts are correctly configured on that NWA. • If you have another access point that is not used in your network, make a note of its MAC address and set it up next to each of your NWAs in turn while the network is running. Either wait for at least ten minutes (to ensure the NWA performs a scan in that time) or login to the NWA's Web configurator and click ROGUE AP > Rogue AP > Refresh to have the NWA perform a scan immediately. • Check the ROGUE AP > Rogue AP screen. You should see an entry in the list with the same MAC address as your "rogue" AP. • Check the LOGS > View Logs screen. You should see a Rogue AP Detection entry in red text, including the MAC address of your "rogue" AP. • Check your e-mail. You should have received at least one e-mail alert (your other NWAs may also have sent alerts, depending on their proximity and the output power of your "rogue" AP). 3.5 Using MAC Filters and L-2 Isolation Profiles This example shows you how to allow certain users to access only specific parts of your network. You can do this by using multiple MAC filters and layer-2 isolation profiles. 3.5.1 Scenario In this example, you run a company network in which certain employees must wirelessly access secure file servers containing valuable proprietary data. You have two secure servers (1 and 2 in the following figure). Wireless user "Alice" (A) needs to access server 1 (but should not access server 2) and wireless user "Bob" (B) needs to access server 2 (but should not access server 1). Your NWA-3500/NWA-3550 User's Guide 63

Section	Page
NWA-3500/NWA-3550	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
Introduction	21
Introducing the NWA	23
1.1 Overview	23
1.2 Applications for the NWA	24
1.2.1 Access Point	24
1.2.2 Bridge / Repeater	25
1.2.3 AP + Bridge	28
1.2.4 MBSSID	28
1.2.5 Pre-Configured SSID Profiles	30
1.2.6 Configuring Dual WLAN Adaptors	30
1.3 CAPWAP	31
1.4 Ways to Manage the NWA	32
1.5 Good Habits for Managing the NWA	32
1.6 Configuring Your NWA’s Security Features	32
1.6.1 Control Access to Your Device	33
1.6.2 Wireless Security	33
1.7 Hardware Connections	34
1.7.1 Antennas	34
1.8 LEDs	34
The Web Configurator	37
2.1 Overview	37
2.2 Accessing the Web Configurator	37
2.3 Resetting the NWA	38
2.3.1 Methods of Restoring Factory-Defaults	38
2.4 Navigating the Web Configurator	39
Tutorial	41
3.1 Overview	41
3.2 How to Configure the Wireless LAN	41
3.2.1 Choosing the Wireless Mode	41
3.2.2 Wireless LAN Configuration Overview	42
3.2.3 Further Reading	43
3.3 How to Configure Multiple Wireless Networks	43
3.3.1 Change the Operating Mode	45
3.3.2 Configure the VoIP Network	47
3.3.3 Configure the Guest Network	50
3.3.4 Testing the Wireless Networks	54
3.4 How to Set Up and Use Rogue AP Detection	55
3.4.1 Set Up and Save a Friendly AP list	57
3.4.2 Activate Periodic Rogue AP Detection	60
3.4.3 Set Up E-mail Logs	61
3.4.4 Configure Your Other Access Points	62
3.4.5 Test the Setup	63
3.5 Using MAC Filters and L-2 Isolation Profiles	63
3.5.1 Scenario	63
3.5.2 Your Requirements	64
3.5.3 Setup	64
3.5.4 Configure the SERVER_1 Network	65
3.5.5 Configure the SERVER_2 Network	68
3.5.6 Checking your Settings and Testing the Configuration	69
3.6 How to Configure Management Modes	71
3.6.1 Scenario	71
3.6.2 Your Requirements	72
3.6.3 Setup	72
3.6.4 Configure Your NWA in Controller AP Mode	73
3.6.5 Setting Your NWA in Managed AP Mode	75
3.6.6 Configuring the Managed Access Points List	76
3.6.7 Checking your Settings and Testing the Configuration	79
The Web Configurator	81
Status Screens	83
4.1 Overview	83
4.2 The Status Screen	83
4.2.1 System Statistics Screen	86
Management Mode	87
5.1 Overview	87
5.2 About CAPWAP	87
5.2.1 CAPWAP Discovery and Management	88
5.2.2 CAPWAP and DHCP	88
5.2.3 CAPWAP and IP Subnets	88
5.2.4 Notes on CAPWAP	89
5.3 The Management Mode Screen	90
AP Controller Mode	93
6.1 Overview	93
6.1.1 What You Can Do in AP Controller Mode	93
6.1.2 What You Need to Know	93
6.1.3 Before You Begin	94
6.2 Controller AP Navigation Menu	94
6.3 Controller AP Status Screen	95
6.4 AP Lists Screen	97
6.4.1 The AP Lists Edit Screen	100
6.5 Configuration Screen	101
6.6 Redundancy Screen	102
6.7 The Profile Edit Screens	102
6.7.1 The Radio Profile Screen	103
6.7.2 The Radio Profile Edit Screen	104
System Screens	109
7.1 Overview	109
7.1.1 What You Can Do in the System Screens	109
7.1.2 What You Need To Know About the System Screens	110
7.2 General Screen	111
7.3 Password Screen	113
7.4 Time Setting Screen	115
7.5 Technical Reference	117
7.5.1 Administrator Authentication on RADIUS	117
7.5.2 Pre-defined NTP Time Servers List	117
Wireless Configuration	119
8.1 Overview	119
8.2 What You Can Do in the Wireless Screen	119
8.2.1 What You Need To Know About the Wireless Screen	120
8.3 The Wireless Screen	123
8.3.1 Access Point Mode	123
8.3.2 Bridge / Repeater Mode	126
8.3.3 AP + Bridge Mode	131
8.3.4 MBSSID Mode	136
8.4 Technical Reference	139
8.4.1 Spanning Tree Protocol (STP)	139
8.4.2 DFS	141
8.4.3 Roaming	141
SSID Screen	145
9.1 Overview	145
9.1.1 What You Can Do in the SSID Screen	145
9.1.2 What You Need To Know About SSID	146
9.2 The SSID Screen	147
9.2.1 Configuring SSID	148
9.3 Technical Reference	149
9.3.1 WMM QoS	149
9.3.2 ATC	150
9.3.3 ATC+WMM	151
9.3.4 Type Of Service (ToS)	152
Wireless Security Screen	155
10.1 Overview	155
10.1.1 What You Can Do in the Wireless Security Screen	155
10.1.2 What You Need To Know About Wireless Security	156
10.2 The Security Screen	157
10.2.1 Security: WEP	159
10.2.2 Security: 802.1x Only	161
10.2.3 Security: 802.1x Static 64-bit, 802.1x Static 128-bit	162
10.2.4 Security: WPA	163
10.2.5 Security: WPA2 or WPA2-MIX	164
10.2.6 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX	166
10.3 Technical Reference	167
RADIUS Screen	169
11.1 Overview	169
11.1.1 What You Can Do in the RADIUS Screen	170
11.1.2 What You Need To Know About RADIUS	170
11.2 The RADIUS Screen	171
Layer-2 Isolation Screen	173
12.1 Overview	173
12.1.1 What You Can Do in the Layer-2 Isolation Screen	174
12.1.2 What You Need To Know About Layer-2 Isolation	174
12.2 The Layer-2 Isolation Screen	175
12.2.1 Configuring Layer-2 Isolation	176
12.3 Technical Reference	177
MAC Filter Screen	179
13.1 Overview	179
13.1.1 What You Can Do in the MAC Filter Screen	179
13.1.2 What You Should Know About MAC Filter	179
13.2 The MAC Filter Screen	180
13.2.1 Configuring the MAC Filter	180
IP Screen	183
14.1 Overview	183
14.1.1 What You Can Do in the IP Screen	183
14.1.2 What You Need To Know About IP	183
14.2 The IP Screen	184
14.3 Technical Reference	185
14.3.1 WAN IP Address Assignment	185
Rogue AP Detection	187
15.1 Overview	187
15.1.1 What You Can Do in the Rogue AP Screen	188
15.1.2 What You Need To Know About Rogue AP	188
15.2 Configuration Screen	190
15.2.1 Friendly AP Screen	191
15.2.2 Rogue AP Screen	192
Remote Management Screens	195
16.1 Overview	195
16.1.1 What You Can Do in the Remote Management Screens	196
16.1.2 What You Need To Know About Remote Management	196
16.2 The Telnet Screen	198
16.3 The FTP Screen	199
16.4 The WWW Screen	200
16.5 The SNMP Screen	203
16.5.1 SNMPv3 User Profile	205
16.6 Technical Reference	206
16.6.1 MIB	206
16.6.2 Supported MIBs	207
16.6.3 SNMP Traps	207
Internal RADIUS Server	209
17.1 Overview	209
17.1.1 What You Can Do in this Chapter	210
17.1.2 What You Need To Know	210
17.2 Internal RADIUS Server Setting Screen	210
17.3 The Trusted AP Screen	212
17.4 The Trusted Users Screen	213
17.5 Technical Reference	214
Certificates	217
18.1 Overview	217
18.1.1 What You Can Do in the Certificates Screen	217
18.1.2 What You Need To Know About Certificates	218
18.2 My Certificates Screen	218
18.2.1 My Certificates Import Screen	220
18.2.2 My Certificates Create Screen	222
18.2.3 My Certificates Details Screen	225
18.3 Trusted CAs Screen	228
18.3.1 Trusted CAs Import Screen	229
18.3.2 Trusted CAs Details Screen	230
18.4 Technical Reference	233
18.4.1 Private-Public Certificates	233
18.4.2 Certification Authorities	233
18.4.3 Checking the Fingerprint of a Certificate	234
Log Screens	235
19.1 Overview	235
19.1.1 What You Can Do in the Log Screens	235
19.1.2 What You Need To Know About Logs	236
19.2 The View Log Screen	236
19.3 The Log Settings Screen	238
19.4 Technical Reference	240
19.4.1 Example Log Messages	240
19.4.2 Log Commands	242
19.4.3 Configuring What You Want the NWA to Log	242
19.4.4 Displaying Logs	242
19.4.5 Log Command Example	243
VLAN	245
20.1 Overview	245
20.1.1 What You Can Do in the VLAN Screen	245
20.1.2 What You Need To Know About VLAN	246
20.2 Wireless VLAN Screen	247
20.2.1 RADIUS VLAN Screen	248
20.3 Technical Reference	250
20.3.1 VLAN Tagging	250
20.3.2 Configuring Management VLAN Example	250
20.3.3 Configuring Microsoft’s IAS Server Example	253
20.3.4 Second Rx VLAN ID Example	263
Load Balancing	265
21.1 Overview	265
21.1.1 What You Need to Know About Load Balancing	265
21.2 The Load Balancing Screen	267
21.2.1 Disassociating and Delaying Connections	268
Dynamic Channel Selection	271
22.1 Overview	271
22.2 The DCS Screen	272
Maintenance	275
23.1 Overview	275
23.2 What You Can Do in the Maintenance Screens	275
23.3 What You Need To Know	275
23.4 System Status Screen	276
23.4.1 Show Statistics Screen	276
23.5 Association List Screen	278
23.6 Channel Usage Screen	279
23.7 F/W Upload Screen	280
23.8 Configuration Screen	282
23.8.1 Backup Configuration	282
23.8.2 Restore Configuration	283
23.8.3 Back to Factory Defaults	284
23.9 Restart Screen	284
Troubleshooting and Specifications	287
Troubleshooting	289
24.1 Overview	289
24.2 Power, Hardware Connections, and LEDs	289
24.3 NWA Access and Login	290
24.4 AP Management Modes	292
24.5 Internet Access	294
24.6 Wireless Router/AP Troubleshooting	295
Product Specifications	297
Appendices and Index	303
Setting Up Your Computer’s IP Address	305
Wireless LANs	331
Pop-up Windows, JavaScripts and Java Permissions	347
Importing Certificates	355
IP Addresses and Subnetting	381
Text File Based Auto Configuration	391
Legal Information	399

Match case Limit results 1 per page

Chapter 3 Tutorial

NWA-3500/NWA-3550 User’s Guide

3.4.5

Test the Setup

Next, test your setup to ensure it is correctly configured.

•

Log into each AP’s Web configurator and click

ROGUE AP

Rogue AP

. Click

Refresh

. If any of the MAC addresses from

Section 3.4.1 on page 57

appear in

the list, the friendly AP function may be incorrectly configured - check the

ROGUE AP

Friendly AP

screen.

If any entries appear in the rogue AP list that are not in

Section 3.4.1 on page

, write down the AP’s MAC address for future reference and check your e-mail

inbox. If you have received a rogue AP alert, email alerts are correctly

configured on that NWA.

•

If you have another access point that is not used in your network, make a note

of its MAC address and set it up next to each of your NWAs in turn while the

network is running.

Either wait for at least ten minutes (to ensure the NWA performs a scan in that

time) or login to the NWA’s Web configurator and click

ROGUE AP

Rogue AP

Refresh

to have the NWA perform a scan immediately.

•

Check the

ROGUE AP

Rogue AP

screen. You should see an entry in the list

with the same MAC address as your “rogue” AP.

• Check the

LOGS

View Logs

screen. You should see a

Rogue AP

Detection

entry in red text, including the MAC address of your “rogue” AP.

• Check your e-mail. You should have received at least one e-mail alert (your

other NWAs may also have sent alerts, depending on their proximity and the

output power of your “rogue” AP).

3.5

Using MAC Filters and L-2 Isolation Profiles

This example shows you how to allow certain users to access only specific parts of

your network. You can do this by using multiple MAC filters and layer-2 isolation

profiles.

3.5.1

Scenario

In this example, you run a company network in which certain employees must

wirelessly access secure file servers containing valuable proprietary data.

You have two secure servers (

and

in the following figure). Wireless user

“Alice” (

) needs to access server

(but should not access server

) and wireless

user “Bob” (

) needs to access server

(but should not access server

). Your