SMT Configuration
Part V:
SMT CONFIGURATION
This part contains SMT (System Management Terminal) configuration and background information for features only configurable by SMT.
See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
V
ZyAIR B-500 Wireless Access Point User’s Guide
Chapter 10
Introducing the SMT
This chapter describes how to access the SMT and provides an overview of its menus.
10.1 Connect to your ZyAIR Using Telnet
The following procedure details how to telnet into your ZyAIR.
Step 1. In Windows, click Start (usually in the bottom left corner), Run and then type “telnet 192.168.1.2” (the default IP address) and click OK.
Step 2. For your first login, enter the default password “1234”. As you type the password, the screen displays an asterisk “*” for each character you type.
Password : ****
Figure 10-1 Login Screen
Step 3. After entering the password you will see the main menu.
Please note that if there is no activity for longer than five minutes (default timeout period) after you log in, your ZyAIR will automatically log you out. You will then have to telnet into the ZyAIR again. You can use the web configurator or the CI commands to change the inactivity time out period.
10.2 Changing the System Password
Change the ZyAIR default password by following the steps shown next.
Step 1. From the main menu, enter 23 to display Menu 23 – System Security.
Step 2. Enter 1 to display Menu 23.1 – System Security – Change Password as shown next.
Step 3. Type your existing system password in the Old Password field, and press [ENTER].
Introducing the SMT |
10-1 |
ZyAIR B-500 Wireless Access Point User’s Guide
Menu 23.1 – System Security – Change Password
Old Password= ****
New Password= ?
Retype to confirm= ?
Enter here to CONFIRM or ESC to CANCEL:
Figure 10-2 Menu 23.1 System Security : Change Password
Step 4. Type your new system password in the New Password field (up to 30 characters), and press
[ENTER].
Step 5. Re-type your new system password in the Retype to confirm field for confirmation and press
[ENTER].
Note that as you type a password, the screen displays an asterisk “*” for each character you type.
10.3 ZyAIR SMT Menu Overview Example
The following figure gives you an example overview of the various SMT menu screens for your ZyAIR.
10-2 |
Introducing the SMT |
|
|
|
|
|
|
|
|
|
|
|
|
ZyAIR B-500 Wireless Access Point User’s Guide |
|||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ZyAIR B-500 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Main Menu |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Menu 1 |
|
|
|
|
Menu 3 |
|
|
|
Menu 14 |
|
|
|
Menu 22 |
|
Menu 23 |
|
|
|
|
|
||||||||
|
|
|
|
|
|
|
|
|
|
|
SNMP |
|
|
|
|
|
|
|
|||||||||||
|
General Setup |
|
|
|
|
LAN Setup |
|
|
Dial-in User Setup |
|
|
|
|
|
System Security |
|
|
|
|
|
|||||||||
|
|
|
|
|
|
|
|
|
Configuration |
|
|
|
|
|
|
|
|||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Menu 3.2 |
|
|
|
Menu14.1 |
|
|
|
|
|
|
|
Menu 23.1 |
|
|
|
|
|
|||||
|
|
|
|
|
|
TCP/IP Setup |
|
|
Edit Dial-in User |
|
|
|
|
|
|
|
System Security- |
|
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Change Password |
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Menu 3.5.1 |
|
|
|
|
Menu 3.5 |
|
|
Menu 3.5.2 |
|
|
|
|
|
|
|
Menu 23.2 |
|
|
|
|
|
|||||||
|
WLAN MAC |
|
|
|
Wireless LAN |
|
|
|
Roaming |
|
|
|
|
|
|
|
System Security- |
|
|
|
|
|
|||||||
|
Address Filter |
|
|
|
|
Setup |
|
|
Configuration |
|
|
|
|
|
|
|
RADIUS Server |
|
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Menu 23.4 |
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
System Security- |
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
IEEE802.1x |
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||
|
Menu 24.5 |
|
|
|
|
Menu 24.4 |
|
|
Menu 24.3 |
|
|
Menu 24.2 |
|
|
|
|
Menu 24 |
|
|
|
|||||||||
|
Backup |
|
|
|
System Maintenance |
|
System Maintenance |
|
|
System Information and |
|
|
|
System |
|
|
|||||||||||||
|
|
|
|
||||||||||||||||||||||||||
|
Configuration |
|
|
|
|
- Diagnostic |
|
- Log and Trace |
|
|
Console Port Speed |
|
|
|
Maintenance |
|
|
|
|||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||
|
Menu 24.6 |
|
|
|
|
|
|
|
|
Menu 24.3.1 |
|
|
Menu 24.2.1 |
|
|
|
Menu 24.1 |
|
|
||||||||||
|
Restore |
|
|
|
|
|
|
|
|
System Maintenance |
|
|
System Maintenance |
|
|
System Maintenance |
|
||||||||||||
|
Configuration |
|
|
|
|
|
|
|
|
- View Error Log |
|
|
- Information |
|
|
|
- Status |
|
|||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
Menu 24.7 |
|
|
|
|
Menu 24.7.1 |
|
|
Menu 24.7.2 |
|
|
Menu 24.2.2 |
|
|
|
|
|
|
|
|
|
||||||||
|
|
|
|
|
|
|
|
|
System Maintenance |
|
|
|
|
|
|
|
|
|
|||||||||||
|
Upload Firmware |
|
|
|
|
Upload System |
|
|
Upload System |
|
|
- Change Console Port |
|
|
|
|
|
|
|
|
|
||||||||
|
|
|
|
|
Firmware |
|
|
Configuration File |
|
|
Speed |
|
|
|
|
|
|
|
|
|
|
||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
Menu 24.8 |
|
|
|
|
Menu 24.10 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
Command |
|
|
|
|
Time and Date |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||
|
Interpreter Mode |
|
|
|
|
Setting |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Figure 10-3 ZyAIR B-500 SMT Menu Overview Example
Introducing the SMT |
10-3 |
ZyAIR B-500 Wireless Access Point User’s Guide
10.4 Navigating the SMT Interface
The SMT (System Management Terminal) is the interface that you use to configure your ZyAIR.
Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.
Table 10-1 Main Menu Commands
OPERATION |
KEYSTROKE |
DESCRIPTION |
|
|
|
Move down to |
[ENTER] |
To move forward to a submenu, type in the number of the desired |
another menu |
|
submenu and press [ENTER]. |
Move up to a |
[ESC] |
Press [ESC] to move back to the previous menu. |
previous menu |
|
|
|
|
|
Move to a “hidden” |
Press [SPACE |
Fields beginning with “Edit” lead to hidden menus and have a |
menu |
BAR] to change No |
default setting of No. Press [SPACE BAR] once to change No to |
|
to Yes then press |
Yes, then press [ENTER] to go to the “hidden” menu. |
|
[ENTER]. |
|
|
|
|
Move the cursor |
[ENTER] or |
Within a menu, press [ENTER] to move to the next field. You can |
|
[UP]/[DOWN] arrow |
also use the [UP]/[DOWN] arrow keys to move to the previous |
|
keys. |
and the next field, respectively. |
|
|
|
Entering |
Type in or press |
You need to fill in two types of fields. The first requires you to type |
information |
[SPACE BAR], then |
in the appropriate information. The second allows you to cycle |
|
press [ENTER]. |
through the available choices by pressing [SPACE BAR]. |
|
|
|
Required fields |
<?> or ChangeMe |
All fields with the symbol <?> must be filled in order to be able to |
|
|
save the new configuration. |
|
|
All fields with ChangeMe must not be left blank in order to be |
|
|
able to save the new configuration. |
|
|
|
N/A fields |
<N/A> |
Some of the fields in the SMT will show a <N/A>. This symbol |
|
|
refers to an option that is Not Applicable. |
|
|
|
Save your |
[ENTER] |
Save your configuration by pressing [ENTER] at the message |
configuration |
|
“Press ENTER to confirm or ESC to cancel”. Saving the data on |
|
|
the screen will take you, in most cases to the previous menu. |
|
|
|
Exit the SMT |
Type 99, then press |
Type 99 at the main menu prompt and press [ENTER] to exit the |
|
[ENTER]. |
SMT interface. |
|
|
|
After you enter the password, the SMT displays the main menu, as shown next.
10-4 |
Introducing the SMT |
ZyAIR B-500 Wireless Access Point User’s Guide
Copyright (c) 1994 - 2003 ZyXEL Communications Corp.
|
|
ZyAIR B-500 Main Menu |
|
Getting Started |
Advanced Management |
||
1. |
General Setup |
22. |
SNMP Configuration |
3. |
LAN Setup |
23. |
System Security |
|
|
24. |
System Maintenance |
Advanced Applications
14. Dial-in User Setup
99. Exit
Enter Menu Selection Number:
Figure 10-4 ZyAIR B-500 SMT Main Menu
10.4.1 System Management Terminal Interface Summary
|
|
Table 10-2 Main Menu Summary |
|
|
|
|
|
# |
MENU TITLE |
|
DESCRIPTION |
|
|
|
|
1 |
General Setup |
|
Use this menu to set up your general information. |
|
|
|
|
3 |
LAN Setup |
|
Use this menu to set up your LAN and WLAN connection. |
|
|
|
|
14 |
Dial-in User Setup |
|
Use this menu to set up local user profiles on the ZyAIR. |
|
|
|
|
22 |
SNMP Configuration |
|
Use this menu to set up SNMP related parameters. |
|
|
|
|
23 |
System Security |
|
Use this menu to change your password and enable network user |
|
|
|
authentication. |
|
|
|
|
24 |
System Maintenance |
|
This menu provides system status, diagnostics, software upload, etc. |
|
|
|
|
99 |
Exit |
|
Use this to exit from SMT and return to a blank screen. |
|
|
|
|
Introducing the SMT |
10-5 |
ZyAIR B-500 Wireless Access Point User’s Guide
Chapter 11
General Setup
The chapter shows you the information on general setup.
11.1 General Setup
Menu 1 – General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. It is recommended you type your computer's "Computer name".
The Domain Name entry is what is propagated to the DHCP clients on the LAN. This is not a required field. Leave this field blank or enter the domain name here if you know it.
11.1.1 Procedure To Configure Menu 1
Step 1. Enter 1 in the Main Menu to open Menu 1 – General Setup as shown next.
Menu 1 - General Setup
System Name= B-500
Domain Name=
First System DNS Server= From DHCP
IP Address= N/A
Second System DNS Server= None
IP Address= N/A
Third System DNS Server= None
IP Address= N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 11-1 Menu 1 General Setup
Step 2. Fill in the required fields. Refer to the following table for more information about these fields.
General Setup |
11-1 |
ZyAIR B-500 Wireless Access Point User’s Guide
Table 11-1 Menu 1 General Setup
FIELD |
DESCRIPTION |
EXAMPLE |
|
|
|
System Name |
Choose a descriptive name for identification purposes. This name can |
B-500 |
|
be up to 30 alphanumeric characters long. Spaces are not allowed, but |
|
|
dashes “-” and underscores "_" are accepted. |
|
|
|
|
Domain Name |
This is not a required field. Leave this field blank or enter the domain |
|
|
name here if you know it. |
|
|
|
|
First/Second/Third |
Press [SPACE BAR] to select From DHCP, User Defined or None and |
From DHCP |
System DNS |
press [ENTER]. |
|
Server |
These fields are not available on all models. |
|
|
|
|
|
|
|
IP Address |
Enter the IP addresses of the DNS servers. This field is available when |
N/A |
|
you select User-Defined in the field above. |
|
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.
11-2 |
General Setup |
ZyAIR B-500 Wireless Access Point User’s Guide
Chapter 12
LAN Setup
This chapter shows you how to configure the LAN on your ZyAIR..
12.1 LAN Setup
This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter 3 to display menu 3.
Menu 3 - LAN Setup
2.TCP/IP Setup
5.Wireless LAN Setup
Enter Menu Selection Number:
Figure 12-1 Menu 3 LAN Setup
12.2 TCP/IP Ethernet Setup
Use menu 3.2 to configure your ZyAIR for TCP/IP.
To edit menu 3.2, enter 3 from the main menu to display Menu 3-LAN Setup. When menu 3 appears, press 2 and press [ENTER] to display Menu 3.2-TCP/IP Setup, as shown next.
Menu 3.2 - TCP/IP Setup
IP Address Assignment= Static
IP Address= 192.168.1.2
IP Subnet Mask= 255.255.255.0
Gateway IP Address= 0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Figure 12-2 Menu 3.2 TCP/IP Setup
Follow the instructions in the following table on how to configure the fields in this menu.
LAN Setup |
12-1 |
ZyAIR B-500 Wireless Access Point User’s Guide
Table 12-1 Menu 3.2 TCP/IP Setup
FIELD |
DESCRIPTION |
EXAMPLE |
IP Address |
Press [SPACE BAR] and then [ENTER] to select Dynamic to have the |
|
Assignment |
ZyAIR obtain an IP address from a DHCP server. You must know the |
|
|
IP address assigned to the ZyAIR (by the DHCP server) to access the |
|
|
ZyAIR again. |
|
|
Select Static to give the ZyAIR a fixed, unique IP address. Enter a |
|
|
subnet mask appropriate to your network and the gateway IP address if |
|
|
applicable. |
|
|
|
|
IP Address Enter the (LAN) IP address of your ZyAIR in dotted decimal notation |
192.168.1.2 |
|
|
|
|
IP Subnet Mask Your ZyAIR will automatically calculate the subnet mask based on the |
255.255.255.0 |
|
|
IP address that you assign. Unless you are implementing subnetting, |
|
|
use the subnet mask computed by the ZyAIR. |
|
Gateway IP Type the IP address of the gateway. The gateway is an immediate Address neighbor of your ZyAIR that will forward the packet to the destination.
On the LAN, the gateway must be a router on the same network segment as your ZyAIR.
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.
12.3 Wireless LAN Setup
Use menu 3.5 to set up your ZyAIR as the wireless access point. To edit menu 3.5, enter 3 from the main menu to display Menu 3 – LAN Setup. When menu 3 appears, press 5 and then press [ENTER] to display
Menu 3.5 – Wireless LAN Setup as shown next.
12-2 |
LAN Setup |
ZyAIR B-500 Wireless Access Point User’s Guide
Menu 3.5 - Wireless LAN Setup
ESSID= Wireless
Hide ESSID= No
Channel ID= CH06 2437MHz
RTS Threshold= 2432
Frag. Threshold= 2432
WEP Encryption= Disable
Default Key= N/A
Key1= N/A
Key2= N/A
Key3= N/A
Key4= N/A
Authen. Method= N/A
Edit MAC Address Filter= No
Edit Roaming Configuration= No
Block Intra-BSS Traffic= No
Number of Associated Stations= 32
Output Power= 17dBm
Press ENTER to Confirm or ESC to Cancel:
Figure 12-3 Menu 3.5 Wireless LAN Setup
The following table describes the fields in this menu.
Table 12-2 Menu 3.5 Wireless LAN Setup
FIELD |
DESCRIPTION |
EXMAPLE |
|
|
|
ESSID |
The ESSID (Extended Service Set IDentity) identifies the AP the wireless |
Wireless |
|
station is to associate to. Wireless stations associating to the AP must have |
|
|
the same ESSID. Enter a descriptive name up to 32 printable 7-bit ASCII |
|
|
characters. |
|
Hide ESSID |
Press [SPACE BAR] and select Yes to hide the ESSID in the outgoing data |
No |
|
frame so an intruder cannot obtain the ESSID through passive scanning. |
|
Channel ID |
Press [SPACE BAR] to select a channel. This allows you to set the operating |
CH01 |
|
frequency/channel depending on your particular region. |
2412MHz |
RTS |
Setting this attribute to zero turns on the RTS/CTS handshake. Enter a value |
2432 |
Threshold |
between 0 and 2432. |
|
Frag. |
This is the maximum data fragment size that can be sent. Enter a value |
2432 |
Threshold |
between 256 and 2432. |
|
WEP |
Select Disable to allow wireless stations to communicate with the access |
Disable |
Encryption |
points without any data encryption. |
|
|
Select 64-bit WEP or 128-bit WEP to enable data encryption. |
|
|
|
|
LAN Setup |
12-3 |
ZyAIR B-500 Wireless Access Point User’s Guide
Table 12-2 Menu 3.5 Wireless LAN Setup
FIELD |
|
DESCRIPTION |
EXMAPLE |
|
|
|
|
|
|
Default Key |
Enter the key number (1 to 4) in this field. Only one key can be enabled at |
1 |
||
|
any one time. This key must be the same on the ZyAIR and the wireless |
|
||
|
stations to communicate. |
|
||
|
|
|
||
Key 1 to Key 4 |
The WEP keys are used to encrypt data. Both the ZyAIR and the wireless |
0x12345ab |
||
|
stations must use the same WEP key for data transmission. |
cde |
||
|
If you chose 64-bit WEP in the WEP Encryption field, then enter any 5 |
|
||
|
ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). |
|
||
|
If you chose 128-bit WEP in the WEP Encryption field, then enter 13 ASCII |
|
||
|
characters or 26 hexadecimal characters ("0-9", "A-F"). |
|
||
|
|
|
|
|
|
|
Enter “0x” before the key to denote a hexadecimal key. |
|
|
|
|
Don’t enter “0x” before the key to denote an ASCII key. |
|
|
|
|
|
||
Authen. |
Press [SPACE BAR] to select Auto, Open System Only or Shared Key |
Auto |
||
Method |
Only and press [ENTER]. |
|
||
|
This field is N/A if WEP is not activated. |
|
||
|
If WEP encryption is activated, the default setting is Auto. |
|
||
|
|
|
||
Edit MAC |
Press [SPACE BAR] to select Yes and press [ENTER] to display menu |
No |
||
Address Filter |
3.5.1. See the section on MAC address filter for more information. |
|
||
|
|
|
||
Edit Roaming |
Press [SPACE BAR] to select Yes and press [ENTER] to display menu |
No |
||
Configuration |
3.5.2. See the section on roaming configuration for more information. |
|
||
|
|
|
||
Block Intra- |
Press [SPACE BAR] to select Yes or No and press [ENTER]. |
No |
||
BSS Traffic |
|
|
|
|
|
|
|
||
Number of |
Enter the number of association stations. The number should be from 1 to |
32 |
||
Association |
32. |
|
|
|
Stations |
|
|
|
|
|
|
|
||
Output Power |
Press [SPACE BAR] to select 11dBm, 14dBm or 17dBm and press |
17dBm |
||
|
[ENTER]. |
|
||
|
|
|
|
|
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
12-4 |
LAN Setup |
ZyAIR B-500 Wireless Access Point User’s Guide
12.3.1 Configuring MAC Address Filter
Your ZyAIR checks the MAC address of the wireless station device against a list of allowed or denied MAC addresses. However, intruders could fake allowed MAC addresses so MAC-based authentication is less secure than EAP authentication.
Follow the steps below to create the MAC address table on your ZyAIR. Step 1. From the main menu, enter 3 to open Menu 3 – LAN Setup.
Step 2. Enter 5 to display Menu 3.5 – Wireless LAN Setup.
Menu 3.5 - Wireless LAN Setup
ESSID= Wireless
Hide ESSID= No
Channel ID= CH06 2437MHz
RTS Threshold= 2432
Frag. Threshold= 2432
WEP Encryption= Disable
Default Key= N/A
Key1= N/A
Key2= N/A
Key3= N/A
Key4= N/A
Authen. Method= N/A
Edit MAC Address Filter= Yes
Edit Roaming Configuration= No
Block Intra-BSS Traffic= No
Number of Associated Stations= 32
Output Power= 17dBm
Press ENTER to Confirm or ESC to Cancel:
Figure 12-4 Menu 3.5 Wireless LAN Setup
Step 3. In the Edit MAC Address Filter field, press [SPACE BAR] to select Yes and press
[ENTER]. Menu 3.5.1 – WLAN MAC Address Filter displays as shown next.
LAN Setup |
12-5 |
ZyAIR B-500 Wireless Access Point User’s Guide
Menu 3.5.1 - WLAN MAC Address Filter
Active= No
Filter Action= Allowed Association
------------------------------------------------------------------------------
1= |
00:00:00:00:00:00 |
13= |
00:00:00:00:00:00 |
25= |
00:00:00:00:00:00 |
2= |
00:00:00:00:00:00 |
14= |
00:00:00:00:00:00 |
26= |
00:00:00:00:00:00 |
3= |
00:00:00:00:00:00 |
15= |
00:00:00:00:00:00 |
27= |
00:00:00:00:00:00 |
4= |
00:00:00:00:00:00 |
16= |
00:00:00:00:00:00 |
28= |
00:00:00:00:00:00 |
5= |
00:00:00:00:00:00 |
17= |
00:00:00:00:00:00 |
29= |
00:00:00:00:00:00 |
6= |
00:00:00:00:00:00 |
18= |
00:00:00:00:00:00 |
30= |
00:00:00:00:00:00 |
7= |
00:00:00:00:00:00 |
19= |
00:00:00:00:00:00 |
31= |
00:00:00:00:00:00 |
8= |
00:00:00:00:00:00 |
20= |
00:00:00:00:00:00 |
32= |
00:00:00:00:00:00 |
9= |
00:00:00:00:00:00 |
21= |
00:00:00:00:00:00 |
|
|
10= |
00:00:00:00:00:00 |
22= |
00:00:00:00:00:00 |
|
|
11= |
00:00:00:00:00:00 |
23= |
00:00:00:00:00:00 |
|
|
12= |
00:00:00:00:00:00 |
24= |
00:00:00:00:00:00 |
|
|
------------------------------------------------------------------------------
Enter here to CONFIRM or ESC to CANCEL:
Figure 12-5 Menu 3.5.1 WLAN MAC Address Filter
The following table describes the fields in this menu.
|
Table 12-3 Menu 3.5.1 WLAN MAC Address Filter |
|
|
FIELD |
DESCRIPTION |
|
|
Active |
To enable MAC address filtering, press [SPACE BAR] to select Yes and press [ENTER]. |
|
|
Filter Action |
Define the filter action for the list of MAC addresses in the MAC address filter table. |
|
To deny access to the ZyAIR, press [SPACE BAR] to select Deny Association and press |
|
[ENTER]. MAC addresses not listed will be allowed to access the ZyAIR. |
|
The default action, Allowed Association, permits association with the ZyAIR. MAC |
|
addresses not listed will be denied access to the ZyAIR. |
|
|
MAC Address Filter
1..32 Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the client computers that are allowed or denied access to the ZyAIR in these address fields.
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
12-6 |
LAN Setup |
ZyAIR B-500 Wireless Access Point User’s Guide
12.3.2 Configuring Roaming
Enable the roaming feature if you have two or more ZyAIRs on the same subnet. Follow the steps below to allow roaming on your ZyAIR.
Step 1. From the main menu, enter 3 to display Menu 3 – LAN Setup.
Step 2. Enter 5 to display Menu 3.5 – Wireless LAN Setup.
Menu 3.5 - Wireless LAN Setup
ESSID= Wireless
Hide ESSID= No
Channel ID= CH06 2437MHz
RTS Threshold= 2432
Frag. Threshold= 2432
WEP Encryption= Disable
Default Key= N/A
Key1= N/A
Key2= N/A
Key3= N/A
Key4= N/A
Authen. Method= N/A
Edit MAC Address Filter= No
Edit Roaming Configuration= Yes
Block Intra-BSS Traffic= No
Number of Associated Stations= 32
Output Power= 17dBm
Press ENTER to Confirm or ESC to Cancel:
Figure 12-6 Menu 3.5 Wireless LAN Setup
Step 3. Move the cursor to the Edit Roaming Configuration field. Press [SPACE BAR] to select Yes and then press [ENTER]. Menu 3.5.2 – Roaming Configuration displays as shown next.
Menu 3.5.2 - Roaming Configuration
Active= Yes
Port #= 16290
Press ENTER to Confirm or ESC to Cancel:
Figure 12-7 Menu 3.5.2 Roaming Configuration
The following table describes the fields in this menu.
LAN Setup |
12-7 |
ZyAIR B-500 Wireless Access Point User’s Guide
|
Table 12-4 Menu 3.5.2 Roaming Configuration |
|
|
FIELD |
DESCRIPTION |
|
|
Active |
Press [SPACE BAR] and then [ENTER] to select Yes to enable roaming on the ZyAIR if you |
|
have two or more ZyAIRs on the same subnet. |
|
|
Port # |
Type the port number to communicate roaming information between access points. The port |
|
number must be the same on all access points. The default is 16290. Make sure this port is |
|
not used by other services. |
|
|
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
12-8 |
LAN Setup |
ZyAIR B-500 Wireless Access Point User’s Guide
Chapter 13
Dial-in User Setup
This chapter shows you how to create user accounts on the ZyAIR.
13.1 Dial-in User Setup
By storing user profiles locally, your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server.
Follow the steps below to set up user profiles on your ZyAIR.
Step 1. From the main menu, enter 14 to display Menu 14 - Dial-in User Setup.
|
|
Menu 14 - Dial-in User Setup |
|
|
|||
1. |
________ |
9. |
________ |
17. |
________ |
25. |
________ |
2. |
________ |
10. |
________ |
18. |
________ |
26. |
________ |
3. |
________ |
11. |
________ |
19. |
________ |
27. |
________ |
4. |
________ |
12. |
________ |
20. |
________ |
28. |
________ |
5. |
________ |
13. |
________ |
21. |
________ |
29. |
________ |
6. |
________ |
14. |
________ |
22. |
________ |
30. |
________ |
7. |
________ |
15. |
________ |
23. |
________ |
31. |
________ |
8. |
________ |
16. |
________ |
24. |
________ |
32. |
________ |
Enter Menu Selection Number:
Figure 13-1 Menu 14- Dial-in User Setup
Step 2. Type a number and press [ENTER] to edit the user profile.
Menu 14.1 - Edit Dial-in User
User Name= test
Active= Yes
Password= ********
Press ENTER to Confirm or ESC to Cancel:
Figure 13-2 Menu 14.1- Edit Dial-in User
The following table describes the fields in this screen.
Dial-in User Setup |
13-1 |
ZyAIR B-500 Wireless Access Point User’s Guide
|
Table 13-1 Menu 14.1- Edit Dial-in User |
|
|
FIELD |
DESCRIPTION |
|
|
User Name |
Enter a username up to 31 alphanumeric characters long for this user profile. |
|
This field is case sensitive. |
|
|
Active |
Press [SPACE BAR] to select Yes and press [ENTER] to enable the user profile. |
|
|
Password |
Enter a password up to 31 characters long for this user profile. |
|
|
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
13-2 |
Dial-in User Setup |
ZyAIR B-500 Wireless Access Point User’s Guide
Chapter 14
SNMP Configuration
This chapter explains SNMP Configuration menu 22.
14.1 About SNMP
Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyAIR supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyAIR through the network. The ZyAIR supports SNMP version one (SNMPv1) and version two c (SNMPv2c). The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured.
Figure 14-1 SNMP Management Model
An SNMP managed network consists of two main components: agents and a manager.
SNMP Configuration |
14-1 |
ZyAIR B-500 Wireless Access Point User’s Guide
An agent is a management software module that resides in a managed device (the ZyAIR). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.
The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects.
SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations:
•Get - Allows the manager to retrieve an object variable from the agent.
•GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations.
•Set - Allows the manager to set values for object variables within an agent.
•Trap - Used by the agent to inform the manager of some events.
14.2 Supported MIBs
The ZyAIR supports RFC-1215 and MIB II as defined in RFC-1213. The focus of the MIBs is to let administrators collect statistic data and monitor status and performance.
14.3 SNMP Configuration
To configure SNMP, select option 22 from the main menu to open Menu 22 – SNMP Configuration as shown next. The “community” for Get, Set and Trap fields is SNMP terminology for password.
14-2 |
SNMP Configuration |
ZyAIR B-500 Wireless Access Point User’s Guide
Menu 22 - SNMP Configuration
SNMP:
Get Community= public
Set Community= public
Trusted Host= 0.0.0.0
Trap:
Community= public
Destination= 0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Figure 14-2 Menu 22 SNMP Configuration
The following table describes the SNMP configuration parameters.
Table 14-1 Menu 22 SNMP Configuration
FIELD |
DESCRIPTION |
EXAMPLE |
|
|
|
SNMP: |
|
|
|
|
|
Get Community |
Type the Get Community, which is the password for the incoming |
public |
|
Getand GetNext requests from the management station. |
|
Set Community |
Type the Set Community, which is the password for incoming Set |
public |
|
requests from the management station. |
|
|
|
|
Trusted Host |
If you enter a trusted host, your ZyAIR will only respond to SNMP |
0.0.0.0 |
|
messages from this address. A blank (default) field means your |
|
|
ZyAIR will respond to all SNMP messages it receives, regardless |
|
|
of source. |
|
|
|
|
Trap: |
|
|
|
|
|
Community |
Type the trap community, which is the password sent with each |
public |
|
trap to the SNMP manager. |
|
Destination |
Type the IP address of the station to send your SNMP traps to. |
0.0.0.0 |
|
|
|
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
14.4 SNMP Traps
The ZyAIR will send traps to the SNMP manager when any one of the following events occurs:
SNMP Configuration |
14-3 |
ZyAIR B-500 Wireless Access Point User’s Guide
Table 14-2 SNMP Traps
TRAP # |
TRAP NAME |
DESCRIPTION |
|
|
|
1 |
coldStart (defined in RFC-1215) |
A trap is sent after booting (power on). |
|
|
|
2 |
warmStart (defined in RFC-1215) |
A trap is sent after booting (software reboot). |
|
|
|
3 |
linkUp (defined in RFC-1215) |
A trap is sent when the port is up. |
|
|
|
4 |
authenticationFailure (defined in |
A trap is sent to the manager when receiving any SNMP |
|
RFC-1215) |
get or set requirements with wrong community |
|
|
(password). |
|
|
|
6 |
linkDown (defined in RFC-1215) |
A trap is sent when the port is down. |
|
|
|
The following table maps the physical port and encapsulation to the interface type.
Table 14-3 Ports and Interface Types
PHYSICAL PORT/ENCAP |
INTERFACE TYPE |
|
|
LAN port(s) |
enet0 |
|
|
Wireless port |
enet1 |
|
|
PPPoE encap |
pppoe |
|
|
1483 encap |
mpoa |
|
|
Ethernet encap |
enet-encap |
|
|
PPPoA |
ppp |
|
|
14-4 |
SNMP Configuration |
ZyAIR B-500 Wireless Access Point User’s Guide
Chapter 15
System Security
This chapter describes how to configure the system security on the ZyAIR.
15.1 System Security
You can configure the system password, an external RADIUS server and 802.1x in this menu.
15.1.1 System Password
Menu 23 - System Security
1.Change Password
2.RADIUS Server
4. IEEE802.1x
Figure 15-1 Menu 23 System Security
You should change the default password. If you forget your password you have to restore the default configuration file. Refer to the section on changing the system password in the Introducing the SMT chapter and the section on resetting the ZyAIR in the Introducing the Web Configurator chapter.
15.1.2 Configuring External RADIUS Server
Enter 23 in the main menu to display Menu 23 – System Security.
Menu 23 - System Security
1.Change Password
2.RADIUS Server
4.IEEE802.1x
Figure 15-2 Menu 23 System Security
From Menu 23System Security, enter 2 to display Menu 23.2 – System Security – RADIUS Server as shown next.
System Security |
15-1 |
ZyAIR B-500 Wireless Access Point User’s Guide
Menu 23.2 - System Security - RADIUS Server
Authentication Server:
Active= No
Server Address= 10.11.12.13
Port #= 1812
Shared Secret= ?
Accounting Server:
Active= No
Server Address= 10.11.12.13
Port #= 1813
Shared Secret= ?
Press ENTER to Confirm or ESC to Cancel:
Figure 15-3 Menu 23.2 System Security : RADIUS Server
The following table describes the fields in this menu.
Table 15-1 Menu 23.2 System Security : RADIUS Server
FIELD |
DESCRIPTION |
EXAMPLE |
|
|
|
Authentication Server |
|
|
|
|
|
Active |
Press [SPACE BAR] to select Yes and press [ENTER] to enable |
No |
|
user authentication through an external authentication server. |
|
|
|
|
Server Address |
Enter the IP address of the external authentication server in |
10.11.12.13 |
|
dotted decimal notation. |
|
Port |
The default port of the RADIUS server for authentication is 1812. |
1812 |
|
You need not change this value unless your network |
|
|
administrator instructs you to do so with additional information. |
|
Shared Secret |
Specify a password (up to 31 alphanumeric characters) as the |
|
|
key to be shared between the external authentication server and |
|
|
the access points. |
|
|
The key is not sent over the network. This key must be the same |
|
|
on the external authentication server and ZyAIR. |
|
|
|
|
Accounting Server |
|
|
|
|
|
Active |
Press [SPACE BAR] to select Yes and press [ENTER] to enable |
No |
|
user authentication through an external accounting server. |
|
|
|
|
Server Address |
Enter the IP address of the external accounting server in dotted |
10.11.12.13 |
|
decimal notation. |
|
|
|
|
15-2 |
System Security |
ZyAIR B-500 Wireless Access Point User’s Guide
Table 15-1 Menu 23.2 System Security : RADIUS Server
FIELD |
DESCRIPTION |
EXAMPLE |
|
|
|
Port |
The default port of the RADIUS server for accounting is 1813. |
1813 |
|
You need not change this value unless your network |
|
|
administrator instructs you to do so with additional information. |
|
|
|
|
Shared Secret |
Specify a password (up to 31 alphanumeric characters) as the |
|
|
key to be shared between the external accounting server and the |
|
|
access points. |
|
|
The key is not sent over the network. This key must be the same |
|
|
on the external accounting server and ZyAIR. |
|
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
15.1.3 802.1x
The IEEE 802.1x standards outline enhanced security methods for both the authentication of wireless stations and encryption key management.
Follow the steps below to enable EAP authentication on your ZyAIR.
Step 1. From the main menu, enter 23 to display Menu23 – System Security.
Menu 23 - System Security
1.Change Password
2.RADIUS Server
4.IEEE802.1X
Figure 15-4 Menu 23 System Security
Step 2. Enter 4 to display Menu 23.4 – System Security – IEEE802.1x.
System Security |
15-3 |
ZyAIR B-500 Wireless Access Point User’s Guide
Menu 23.4 - System Security - IEEE802.1X
Wireless Port Control= Authentication Required
ReAuthentication Timer (in second)= 1800
Idle Timeout (in second)= 3600
Authentication Databases= Local User Database Only
Press ENTER to Confirm or ESC to Cancel:
Figure 15-5 Menu 23.4 System Security : IEEE802.1x
The following table describes the fields in this menu.
|
Table 15-2 Menu 23.4 System Security : IEEE802.1x |
|
|
FIELD |
DESCRIPTION |
|
|
Wireless Port |
Press [SPACE BAR] and select a security mode for the wireless LAN access. |
Control |
Select No Authentication Required to allow any wireless stations access to your |
|
|
|
wired network without entering usernames and passwords. This is the default setting. |
|
Selecting Authentication Required means wireless stations have to enter usernames |
|
and passwords before access to the wired network is allowed. |
|
Select No Access Allowed to block all wireless stations access to the wired network. |
|
|
ReAuthentica- |
Specify how often a wireless station has to re-enter username and password to stay |
tion Timer |
connected to the wired network. |
(in seconds) |
This field is activated only when you select Authentication Required in the Wireless |
|
|
|
Port Control field. Enter a time interval between 10 and 9999 (in seconds). The default |
|
time interval is 1800 seconds (or 30 minutes). |
Idle Timeout |
The ZyAIR automatically disconnects a wireless station from the wired network after a |
|
period of inactivity. The wireless station needs to enter the username and password |
|
again before access to the wired network is allowed. |
|
This field is activated only when you select Authentication Required in the Wireless |
|
Port Control field. The default time interval is 3600 seconds (or 1 hour). |
15-4 |
System Security |
|
|
ZyAIR B-500 Wireless Access Point User’s Guide |
|
|
|
Table 15-2 Menu 23.4 System Security : IEEE802.1x |
|
|
|
|
|
|
FIELD |
DESCRIPTION |
|
|
|
|
|
|
Authentication |
This field is activated only when you select Authentication Required in the Wireless |
|
|
Databases |
Port Control field. |
|
|
|
The authentication database contains wireless station login information. The local user |
|
|
|
database is the built-in database on the ZyAIR. The RADIUS is an external server. Use |
|
|
|
this field to decide which database the ZyAIR should use (first) to authenticate a |
|
|
|
wireless station. |
|
|
|
Before you specify the priority, make sure you have set up the corresponding database |
|
|
|
correctly first. |
|
|
|
Select Local User Database Only to have the ZyAIR just check the built-in user |
|
|
|
database on the ZyAIR for a wireless station's username and password. |
|
|
|
Select RADIUS Only to have the ZyAIR just check the user database on the specified |
|
|
|
RADIUS server for a wireless station's username and password. |
|
|
|
Select Local first, then RADIUS to have the ZyAIR first check the user database on |
|
|
|
the ZyAIR for a wireless station's username and password. If the user name is not |
|
|
|
found, the ZyAIR then checks the user database on the specified RADIUS server. |
|
|
|
Select RADIUS first, then Local to have the ZyAIR first check the user database on |
|
|
|
the specified RADIUS server for a wireless station's username and password. If the |
|
|
|
ZyAIR cannot reach the RADIUS server, the ZyAIR then checks the local user |
|
|
|
database on the ZyAIR. When the user name is not found or password does not match |
|
|
|
in the RADIUS server, the ZyAIR will not check the local user database and the |
|
|
|
authentication fails. |
|
|
|
|
|
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
Once you enable user authentication, you need to specify an external RADIUS server or create local user accounts on the ZyAIR for authentication.
System Security |
15-5 |