Home » ZyXEL Manuals » Wireless » ZyXEL NWA50AX » Manual Viewer

ZyXEL NWA50AX User Guide - Page 114

Show Advanced Settings, LABEL, DESCRIPTION, enhanced-open, wpa2-mix, Security Mode

Add to My Manuals
Save this manual to your list of manuals

Page 114 highlights

Chapter 12 AP Profile Table 47 Configuration > Object > AP Profile > SSID > Security List > AAdd/Edit Security Profile> Security Mode: wpa3 (continued) LABEL DESCRIPTION Security Mode Select a security mode from the list: none, enhanced-open, wep, wpa2, wpa2-mix or wpa3. Authentication Settings Personal enhanced-open uses Opportunistic Wireless Encryption (OWE) which encrypts the wireless connection when possible. This field is available when you select the wpa2, wpa2-mix or wpa3 security mode. Pre-Shared Key Transition Mode Select this option to use a Pre-Shared Key (PSK) with WPA2 encryption or Simultaneous Authentication of Equals (SAE) with WPA3 encryption. Enter a pre-shared key of between 8 and 63 case-sensitive ASCII characters (including spaces and symbols) or 64 hexadecimal characters. Enable this for backwards compatibility. This option is only available if the Security Mode is wpa3 or enhanced-open. This creates two virtual APs (VAPs) with a primary (wpa3 or enhanced-open) and fallback (wpa2 or none) security method. Advance If the Security Mode is wpa3, enabling this will force Management Frame Protection to be set to Optional. If this is disabled or if the Security Mode is enhanced-open, Management Frame Protection will be set to Required. Note: Click on the Show Advanced Settings button to show the fields describe below. Idle Timeout Group Key Update Timer Pre-Authentication Management Frame Protection Enter the idle interval (in seconds) that a client can be idle before authentication is discontinued. Enter the interval (in seconds) at which the AP updates the group WPA2 encryption key. Select Enable to allow pre-authentication. Otherwise, select Disable. This field is available only when you select wpa2 in the Security Mode field and set Cipher Type to aes. Data frames in 802.11 WLANs can be encrypted and authenticated with WEP, WPA or WPA2. But 802.11 management frames, such as beacon/probe response, association request, association response, de-authentication and disassociation are always unauthenticated and unencrypted. IEEE 802.11w Protected Management Frames allows APs to use the existing security mechanisms (encryption and authentication methods defined in IEEE 802.11i WPA/WPA2) to protect management frames. This helps prevent wireless DoS attacks. Select the check box to enable management frame protection (MFP) to add security to 802.11 management frames. Select Optional if you do not require the wireless clients to support MFP. Management frames will be encrypted if the clients support MFP. OK Cancel Select Required and wireless clients must support MFP in order to join the Zyxel Device's wireless network. Click OK to save your changes back to the Zyxel Device. Click Cancel to exit this screen without saving your changes. NWA50AX User's Guide 114

Section	Page
NWA50AX	1
Document Conventions	3
Contents Overview	4
Table of Contents	5
Introduction	12
1.1 Overview	12
1.2 Zyxel Device Roles	12
1.2.1 Root AP	13
1.2.2 Wireless Repeater	13
1.2.3 Radio Frequency (RF) Monitor	14
1.3 Sample Feature Applications	16
1.3.1 MBSSID	16
1.3.2 Dual-Radio	17
1.4 Zyxel Device Product Feature	18
AP Management	20
2.1 Management Mode	20
2.1.1 Standalone	20
2.1.2 Nebula Control Center	20
2.2 Switching Management Modes	22
2.3 Zyxel One Network (ZON) Utility	22
2.3.1 Requirements	22
2.3.2 Run the ZON Utility	23
2.4 Ways to Access the Zyxel Device	26
2.5 Good Habits for Managing the Zyxel Device	27
Hardware	28
3.1 Zyxel Device Single LED	28
3.1.1 Zyxel Device LED	28
Web Configurator	30
4.1 Overview	30
4.2 Accessing the Web Configurator	30
4.3 Navigating the Web Configurator	33
4.3.1 Title Bar	34
4.3.2 Navigation Panel	35
4.3.3 Standalone Mode Navigation Panel Menus	35
4.3.4 Cloud Mode Navigation Panel Menus	37
4.3.5 Tables and Lists	38
Standalone Configuration	41
Standalone Configuration	42
5.1 Overview	42
5.2 Starting and Stopping the Zyxel Device	42
Dashboard	44
6.1 Overview	44
6.1.1 CPU Usage	47
6.1.2 Memory Usage	48
Setup Wizard	49
7.1 Accessing the Wizard	49
7.2 Using the Wizard	49
7.2.1 Step 1 Time Settings	49
7.2.2 Step 2 Password and Uplink Connection	50
7.2.3 Step 3 Radio	51
7.2.4 Step 4 SSID	52
7.2.5 Summary	52
Monitor	54
8.1 Overview	54
8.1.1 What You Can Do in this Chapter	54
8.2 What You Need to Know	54
8.3 Network Status	55
8.3.1 Port Statistics Graph	56
8.4 Radio List	57
8.4.1 AP Mode Radio Information	59
8.5 Station List	61
8.6 WDS Link Info	62
8.7 Detected Device	63
8.8 View Log	66
Network	69
9.1 Overview	69
9.1.1 What You Can Do in this Chapter	69
9.2 IP Setting	69
9.3 VLAN	71
9.4 NCC Discovery	73
Wireless	75
10.1 Overview	75
10.1.1 What You Can Do in this Chapter	75
10.1.2 What You Need to Know	76
10.2 AP Management	76
10.3 Rogue AP	79
10.3.1 Add/Edit Rogue/Friendly List	83
10.4 DCS	83
10.5 Technical Reference	84
User	86
11.1 Overview	86
11.1.1 What You Can Do in this Chapter	86
11.1.2 What You Need To Know	86
11.2 User Summary	87
11.2.1 Add/Edit User	87
11.3 Setting	89
11.3.1 Edit User Authentication Timeout Settings	91
AP Profile	93
12.1 Overview	93
12.1.1 What You Can Do in this Chapter	93
12.1.2 What You Need To Know	93
12.2 Radio	94
12.2.1 Add/Edit Radio Profile	95
12.3 SSID	100
12.3.1 SSID List	101
12.3.2 Add/Edit SSID Profile	102
12.4 Security List	105
12.4.1 Add/Edit Security Profile	105
12.5 MAC Filter List	115
12.5.1 Add/Edit MAC Filter Profile	115
MON Profile	117
13.1 Overview	117
13.1.1 What You Can Do in this Chapter	117
13.2 MON Profile	117
13.2.1 Add/Edit MON Profile	118
WDS Profile	120
14.1 Overview	120
14.1.1 What You Can Do in this Chapter	120
14.2 WDS Profile	120
14.2.1 Add/Edit WDS Profile	121
Certificates	122
15.1 Overview	122
15.1.1 What You Can Do in this Chapter	122
15.1.2 What You Need to Know	122
15.1.3 Verifying a Certificate	124
15.2 My Certificates	125
15.2.1 Add My Certificates	126
15.2.2 Edit My Certificates	128
15.2.3 Import Certificates	131
15.3 Trusted Certificates	132
15.3.1 Edit Trusted Certificates	133
15.3.2 Import Trusted Certificates	136
15.4 Technical Reference	137
System	138
16.1 Overview	138
16.1.1 What You Can Do in this Chapter	138
16.2 Host Name	138
16.3 Date and Time	139
16.3.1 Pre-defined NTP Time Servers List	141
16.3.2 Time Server Synchronization	142
16.4 WWW Overview	143
16.4.1 Service Access Limitations	143
16.4.2 System Timeout	143
16.4.3 HTTPS	143
16.4.4 Configuring WWW Service Control	144
16.4.5 HTTPS Example	145
16.5 SSH	151
16.5.1 How SSH Works	152
16.5.2 SSH Implementation on the Zyxel Device	153
16.5.3 Requirements for Using SSH	153
16.5.4 Configuring SSH	153
16.5.5 Examples of Secure Telnet Using SSH	154
16.6 FTP	155
Log and Report	157
17.1 Overview	157
17.1.1 What You Can Do In this Chapter	157
17.2 Log Setting	157
17.2.1 Log Setting Screen	157
17.2.2 Edit System Log Settings	159
17.2.3 Edit Remote Server	163
17.2.4 Active Log Summary	164
File Manager	167
18.1 Overview	167
18.1.1 What You Can Do in this Chapter	167
18.1.2 What you Need to Know	167
18.2 Configuration File	168
18.2.1 Example of Configuration File Download Using FTP	172
18.3 Firmware Package	173
18.3.1 Example of Firmware Upload Using FTP	174
18.4 Shell Script	175
Diagnostics	178
19.1 Overview	178
19.1.1 What You Can Do in this Chapter	178
19.2 Diagnostics	178
19.3 Remote Capture	179
LEDs	180
20.1 Overview	180
20.1.1 What You Can Do in this Chapter	180
20.2 Suppression Screen	180
20.3 Locator Screen	181
Reboot	183
21.1 Overview	183
21.1.1 What You Need To Know	183
21.2 Reboot	183
Shutdown	184
22.1 Overview	184
22.1.1 What You Need To Know	184
22.2 Shutdown	184
Local Configuration in Cloud Mode	185
Cloud Mode	186
23.1 Overview	186
23.2 Cloud Mode Web Configurator Screens	186
23.3 Dashboard	187
Network	189
24.1 Overview	189
24.1.1 What You Can Do in this Chapter	189
24.2 IP Setting	189
24.3 VLAN	191
Maintenance	192
25.1 Overview	192
25.1.1 What You Can Do in this Chapter	192
25.2 Shell Script	192
25.3 Diagnostics	193
25.4 View Log	194
Appendices and Troubleshooting	197
Troubleshooting	198
26.1 Overview	198
26.2 Power, Hardware Connections, and LED	198
26.3 Zyxel Device Management, Access, and Login	199
26.4 Internet Access	202
26.5 WiFi Network	203
26.6 Resetting the Zyxel Device	205
26.7 Getting More Troubleshooting Help	205
Importing Certificates	206
IPv6	230
Customer Support	238
Legal Information	244

Match case Limit results 1 per page

Chapter 12 AP Profile

NWA50AX User’s Guide

114

Security Mode

Select a security mode from the list:

none

enhanced-open

wep

wpa2

wpa2-mix

wpa3

enhanced-open

uses Opportunistic Wireless Encryption (OWE) which encrypts the

wireless connection when possible.

Authentication Settings

Personal

This field is available when you select the

wpa2

wpa2-mix

wpa3

security mode.

Select this option to use a Pre-Shared Key (PSK) with WPA2 encryption or Simultaneous

Authentication of Equals (SAE) with WPA3 encryption.

Pre-Shared Key

Enter a pre-shared key of between 8 and 63 case-sensitive ASCII characters (including

spaces and symbols) or 64 hexadecimal characters.

Transition Mode

Enable this for backwards compatibility. This option is only available if the

Security Mode

wpa3

enhanced-open

. This creates two virtual APs (VAPs) with a primary (

wpa3

enhanced-open

) and fallback (

wpa2

none

) security method.

If the

Security Mode

wpa3

, enabling this will force

Management Frame Protection

to be

set to

Optional

. If this is disabled or if the

Security Mode

enhanced-open

Management

Frame Protection

will be set to

Required

Advance

Note: Click on the

Show Advanced Settings

button to show the fields describe below.

Idle Timeout

Enter the idle interval (in seconds) that a client can be idle before authentication is

discontinued.

Group Key Update

Timer

Enter the interval (in seconds) at which the AP updates the group WPA2 encryption key.

Pre-Authentication

Select

Enable

to allow pre-authentication. Otherwise, select

Disable

Management Frame

Protection

This field is available only when you select

wpa2

in the

Security Mode

field and set

Cipher

Type

aes

Data frames in 802.11 WLANs can be encrypted and authenticated with WEP, WPA or

WPA2. But 802.11 management frames, such as beacon/probe response, association

request, association response, de-authentication and disassociation are always

unauthenticated and unencrypted. IEEE 802.11w Protected Management Frames allows

APs to use the existing security mechanisms (encryption and authentication methods

defined in IEEE 802.11i WPA/WPA2) to protect management frames. This helps prevent

wireless DoS attacks.

Select the check box to enable management frame protection (MFP) to add security to

802.11 management frames.

Select

Optional

if you do not require the wireless clients to support MFP. Management

frames will be encrypted if the clients support MFP.

Select

Required

and wireless clients must support MFP in order to join the Zyxel Device’s

wireless network.

Click

to save your changes back to the Zyxel Device.

Cancel

Click

Cancel

to exit this screen without saving your changes.

Table 47

Configuration > Object > AP Profile > SSID > Security List > AAdd/Edit Security Profile> Security

Mode: wpa3 (continued)

LABEL

DESCRIPTION