ZyXEL B500 Users Manual
SMT Configuration
BETA DRAFT
Part V:
SMT CONFIGURATION
This part contains SMT (System Management Terminal) configuration and background
information for features only configurable by SMT.
See the web configurator parts of this guide for background information on
features configurable by web configurator and SMT.
V
ZyAIR B-500 Wireless Access Point User’s Guide
Chapter 10
Introducing the SMT
This chapter describes how to access the SMT and provides an overview of its menus.
10.1 Connect to your ZyAIR Using Telnet
The following procedure details how to telnet into your ZyAIR.
Step 1. In Windows, click Start (usually in the bottom left corner), Run and then type “telnet
192.168.1.2” (the default IP address) and click OK.
Step 2. For your first login, enter the default password “1234”. As you type the password, the screen
displays an asterisk “*” for each character you type.
Password : ****
Figure 10-1 Login Screen
Step 3. After entering the password you will see the main menu.
Please note that if there is no activity for longer than five minutes (default timeout period) after you log in,
your ZyAIR will automatically log you out. You will then have to telnet into the ZyAIR again. You can use
the web configurator or the CI commands to change the inactivity time out period.
10.2 Changing the System Password
Change the ZyAIR default password by following the steps shown next.
Step 1. From the main menu, enter 23 to display Menu 23 – System Security.
Step 2. Enter 1 to display Menu 23.1 – System Security – Change Password as shown next.
Step 3. Type your existing system password in the Old Password field, and press [ENTER].
Introducing the SMT 10-1
ZyAIR B-500 Wireless Access Point User’s Guide
Menu 23.1 – System Security – Change Password
Old Password= ****
New Password= ?
Retype to confirm= ?
Enter here to CONFIRM or ESC to CANCEL:
Figure 10-2 Menu 23.1 System Security : Change Password
Step 4. Type your new system password in the New Password field (up to 30 characters), and press
[ENTER].
Step 5. Re-type your new system password in the Retype to confirm field for confirmation and press
[ENTER].
Note that as you type a password, the screen displays an asterisk “*” for each character you type.
10.3 ZyAIR SMT Menu Overview Example
The following figure gives you an example overview of the various SMT menu screens for your ZyAIR.
10-2 Introducing the SMT
ZyAIR B-500
Main Menu
ZyAIR B-500 Wireless Access Point User’s Guide
Menu 1
General Setup
Menu 3.5.1
WLAN MAC
Address Filter
Menu 24.5
Backup
Configuration
Menu 24.6
Restore
Configuration
Menu 24.7
Upload Firmware
LAN Setup
TCP/IP Setup
Wireless LAN
System Maintenance
Menu 3
Menu 3.2
Menu 3.5
Setup
Menu 24.4
- Diagnostic
Menu 24.7.1
Upload System
Firmware
Menu 14
Dial-in User Setup
Menu14.1
Edit Dial-in User
Menu 3.5.2
Roaming
Configuration
Menu 24.3
System Maintenance
- Log and Trace
Menu 24.3.1
System Maintenance
- View Error Log
Menu 24.7.2
Upload System
Configuration File
Menu 22
SNMP
Configuration
System Information and
Console Port Speed
System Maintenance
System Maintenance
- Change Console Port
Menu 24.2
Menu 24.2.1
- Information
Menu 24.2.2
Spe ed
Menu 23
System Security
Menu 23.1
System Security-
Change Password
Menu 23.2
System Security-
RADIUS Server
Menu 23.4
System Security-
IEEE802.1x
Maintenance
System Maintenance
Menu 24.1
Menu 24
System
- Status
Menu 24.8
Command
Interpreter Mode
Menu 24.10
Time and Date
Setting
Figure 10-3 ZyAIR B-500 SMT Menu Overview Example
Introducing the SMT 10-3
ZyAIR B-500 Wireless Access Point User’s Guide
10.4 Navigating the SMT Interface
The SMT (System Management Terminal) is the interface that you use to configure your ZyAIR.
Several operations that you should be familiar with before you attempt to modify the configuration are
listed in the table below.
Table 10-1 Main Menu Commands
OPERATION KEYSTROKE DESCRIPTION
Move down to
another menu
Move up to a
previous menu
Move to a “hidden”
menu
Move the cursor [ENTER] or
Entering
information
Required fields
N/A fields <N/A> Some of the fields in the SMT will show a <N/A>. This symbol
Save your
configuration
Exit the SMT Type 99, then press
[ENTER] To move forward to a submenu, type in the number of the desired
submenu and press [ENTER].
[ESC] Press [ESC] to move back to the previous menu.
Press [SPACE
BAR] to change No
to Yes then press
[ENTER].
[UP]/[DOWN] arrow
keys.
Type in or press
[SPACE BAR], then
press [ENTER].
<?> or ChangeMe
[ENTER] Save your configuration by pressing [ENTER] at the message
[ENTER].
Fields beginning with “Edit” lead to hidden menus and have a
default setting of No. Press [SPACE BAR] once to change No to
Yes, then press [ENTER] to go to the “hidden” menu.
Within a menu, press [ENTER] to move to the next field. You can
also use the [UP]/[DOWN] arrow keys to move to the previous
and the next field, respectively.
You need to fill in two types of fields. The first requires you to type
in the appropriate information. The second allows you to cycle
through the available choices by pressing [SPACE BAR].
All fields with the symbol <?> must be filled in order to be able to
save the new configuration.
All fields with ChangeMe must not be left blank in order to be
able to save the new configuration.
refers to an option that is Not Applicable.
“Press ENTER to confirm or ESC to cancel”. Saving the data on
the screen will take you, in most cases to the previous menu.
Type 99 at the main menu prompt and press [ENTER] to exit the
SMT interface.
After you enter the password, the SMT displays the main menu, as shown next.
10-4 Introducing the SMT
ZyAIR B-500 Wireless Access Point User’s Guide
Copyright (c) 1994 - 2003 ZyXEL Communications Corp.
ZyAIR B-500 Main Menu
Getting Started Advanced Management
1. General Setup 22. SNMP Configuration
3. LAN Setup 23. System Security
24. System Maintenance
Advanced Applications
14. Dial-in User Setup
99. Exit
Enter Menu Selection Number:
Figure 10-4 ZyAIR B-500 SMT Main Menu
10.4.1 System Management Terminal Interface Summary
Table 10-2 Main Menu Summary
# MENU TITLE DESCRIPTION
1 General Setup Use this menu to set up your general information.
3 LAN Setup Use this menu to set up your LAN and WLAN connection.
14 Dial-in User Setup Use this menu to set up local user profiles on the ZyAIR.
22 SNMP Configuration Use this menu to set up SNMP related parameters.
23 System Security Use this menu to change your password and enable network user
authentication.
24 System Maintenance This menu provides system status, diagnostics, software upload, etc.
99 Exit Use this to exit from SMT and return to a blank screen.
Introducing the SMT 10-5
ZyAIR B-500 Wireless Access Point User’s Guide
Chapter 11
General Setup
The chapter shows you the information on general setup.
11.1 General Setup
Menu 1 – General Setup contains administrative and system-related information (shown next). The
System Name field is for identification purposes. It is recommended you type your computer's "Computer
name".
The Domain Name entry is what is propagated to the DHCP clients on the LAN. This is not a required
field. Leave this field blank or enter the domain name here if you know it.
11.1.1 Procedure To Configure Menu 1
Step 1. Enter 1 in the Main Menu to open Menu 1 – General Setup as shown next.
Menu 1 - General Setup
System Name= B-500
Domain Name=
First System DNS Server= From DHCP
IP Address= N/A
Second System DNS Server= None
IP Address= N/A
Third System DNS Server= None
IP Address= N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 11-1 Menu 1 General Setup
Step 2. Fill in the required fields. Refer to the following table for more information about these fields.
General Setup 11-1
ZyAIR B-500 Wireless Access Point User’s Guide
Table 11-1 Menu 1 General Setup
FIELD DESCRIPTION EXAMPLE
System Name Choose a descriptive name for identification purposes. This name can
be up to 30 alphanumeric characters long. Spaces are not allowed, but
dashes “-” and underscores "_" are accepted.
Domain Name This is not a required field. Leave this field blank or enter the domain
name here if you know it.
First/Second/Third
System DNS
Server
IP Address Enter the IP addresses of the DNS servers. This field is available when
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save
your configuration, or press [ESC] at any time to cancel.
Press [SPACE BAR] to select From DHCP, User Defined or None and
press [ENTER].
These fields are not available on all models.
you select User-Defined in the field above.
B-500
From DHCP
N/A
11-2 General Setup
ZyAIR B-500 Wireless Access Point User’s Guide
Chapter 12
LAN Setup
This chapter shows you how to configure the LAN on your ZyAIR..
12.1 LAN Setup
This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu,
enter 3 to display menu 3.
Menu 3 - LAN Setup
2. TCP/IP Setup
5. Wireless LAN Setup
Enter Menu Selection Number:
Figure 12-1 Menu 3 LAN Setup
12.2 TCP/IP Ethernet Setup
Use menu 3.2 to configure your ZyAIR for TCP/IP.
To edit menu 3.2, enter 3 from the main menu to display Menu 3-LAN Setup. When menu 3 appears, press
2 and press [ENTER] to display Menu 3.2-TCP/IP Setup, as shown next.
Menu 3.2 - TCP/IP Setup
IP Address Assignment= Static
IP Address= 192.168.1.2
IP Subnet Mask= 255.255.255.0
Gateway IP Address= 0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Figure 12-2 Menu 3.2 TCP/IP Setup
Follow the instructions in the following table on how to configure the fields in this menu.
LAN Setup 12-1
ZyAIR B-500 Wireless Access Point User’s Guide
Table 12-1 Menu 3.2 TCP/IP Setup
FIELD DESCRIPTION EXAMPLE
IP Address
Assignment
IP Address Enter the (LAN) IP address of your ZyAIR in dotted decimal notation 192.168.1.2
IP Subnet Mask Your ZyAIR will automatically calculate the subnet mask based on the
Gateway IP
Address
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save
your configuration, or press [ESC] at any time to cancel.
Press [SPACE BAR] and then [ENTER] to select Dynamic to have the
ZyAIR obtain an IP address from a DHCP server. You must know the
IP address assigned to the ZyAIR (by the DHCP server) to access the
ZyAIR again.
Select Static to give the ZyAIR a fixed, unique IP address. Enter a
subnet mask appropriate to your network and the gateway IP address if
applicable.
IP address that you assign. Unless you are implementing subnetting,
use the subnet mask computed by the ZyAIR.
Type the IP address of the gateway. The gateway is an immediate
neighbor of your ZyAIR that will forward the packet to the destination.
On the LAN, the gateway must be a router on the same network
segment as your ZyAIR.
255.255.255.0
12.3 Wireless LAN Setup
Use menu 3.5 to set up your ZyAIR as the wireless access point. To edit menu 3.5, enter 3 from the main
menu to display Menu 3 – LAN Setup. When menu 3 appears, press 5 and then press [ENTER] to display
Menu 3.5 – Wireless LAN Setup as shown next.
12-2 LAN Setup
ZyAIR B-500 Wireless Access Point User’s Guide
Menu 3.5 - Wireless LAN Setup
ESSID= Wireless
Hide ESSID= No
Channel ID= CH06 2437MHz
RTS Threshold= 2432
Frag. Threshold= 2432
WEP Encryption= Disable
Default Key= N/A
Key1= N/A
Key2= N/A
Key3= N/A
Key4= N/A
Authen. Method= N/A
Edit MAC Address Filter= No
Edit Roaming Configuration= No
Block Intra-BSS Traffic= No
Number of Associated Stations= 32
Output Power= 17dBm
Press ENTER to Confirm or ESC to Cancel:
Figure 12-3 Menu 3.5 Wireless LAN Setup
The following table describes the fields in this menu.
Table 12-2 Menu 3.5 Wireless LAN Setup
FIELD DESCRIPTION EXMAPLE
ESSID The ESSID (Extended Service Set IDentity) identifies the AP the wireless
station is to associate to. Wireless stations associating to the AP must have
the same ESSID. Enter a descriptive name up to 32 printable 7-bit ASCII
characters.
Hide ESSID
Press [SPACE BAR] and select Yes to hide the ESSID in the outgoing data
frame so an intruder cannot obtain the ESSID through passive scanning.
Channel ID Press [SPACE BAR] to select a channel. This allows you to set the operating
frequency/channel depending on your particular region.
RTS
Threshold
Frag.
Threshold
Setting this attribute to zero turns on the RTS/CTS handshake. Enter a value
between 0 and 2432.
This is the maximum data fragment size that can be sent. Enter a value
between 256 and 2432.
Wireless
No
CH01
2412MHz
2432
2432
WEP
Encryption
Select Disable to allow wireless stations to communicate with the access
points without any data encryption.
Disable
Select 64-bit WEP or 128-bit WEP to enable data encryption.
LAN Setup 12-3
ZyAIR B-500 Wireless Access Point User’s Guide
Table 12-2 Menu 3.5 Wireless LAN Setup
FIELD DESCRIPTION EXMAPLE
Default Key Enter the key number (1 to 4) in this field. Only one key can be enabled at
any one time. This key must be the same on the ZyAIR and the wireless
stations to communicate.
Key 1 to Key 4 The WEP keys are used to encrypt data. Both the ZyAIR and the wireless
stations must use the same WEP key for data transmission.
If you chose 64-bit WEP in the WEP Encryption field, then enter any 5
ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
If you chose 128-bit WEP in the WEP Encryption field, then enter 13 ASCII
characters or 26 hexadecimal characters ("0-9", "A-F").
Enter “0x” before the key to denote a hexadecimal key.
Don’t enter “0x” before the key to denote an ASCII key.
Authen.
Method
Edit MAC
Address Filter
Edit Roaming
Configuration
Block IntraBSS Traffic
Press [SPACE BAR] to select Auto, Open System Only or Shared Key
Only and press [ENTER].
This field is N/A if WEP is not activated.
If WEP encryption is activated, the default setting is Auto.
Press [SPACE BAR] to select Yes and press [ENTER] to display menu
3.5.1. See the section on MAC address filter for more information.
Press [SPACE BAR] to select Yes and press [ENTER] to display menu
3.5.2. See the section on roaming configuration for more information.
Press [SPACE BAR] to select Yes or No and press [ENTER]. No
1
0x12345ab
cde
Auto
No
No
Number of
Association
Stations
Output Power
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to
cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
Enter the number of association stations. The number should be from 1 to
32.
Press [SPACE BAR] to select 11dBm, 14dBm or 17dBm and press
[ENTER].
32
17dBm
12-4 LAN Setup
ZyAIR B-500 Wireless Access Point User’s Guide
12.3.1 Configuring MAC Address Filter
Your ZyAIR checks the MAC address of the wireless station device against a list of allowed or denied
MAC addresses. However, intruders could fake allowed MAC addresses so MAC-based authentication is
less secure than EAP authentication.
Follow the steps below to create the MAC address table on your ZyAIR.
Step 1. From the main menu, enter 3 to open Menu 3 – LAN Setup.
Step 2. Enter 5 to display Menu 3.5 – Wireless LAN Setup.
Menu 3.5 - Wireless LAN Setup
ESSID= Wireless
Hide ESSID= No
Channel ID= CH06 2437MHz
RTS Threshold= 2432
Frag. Threshold= 2432
WEP Encryption= Disable
Default Key= N/A
Key1= N/A
Key2= N/A
Key3= N/A
Key4= N/A
Authen. Method= N/A
Edit Roaming Configuration= No
Block Intra-BSS Traffic= No
Number of Associated Stations= 32
Output Power= 17dBm
Press ENTER to Confirm or ESC to Cancel:
Edit MAC Address Filter= Yes
Figure 12-4 Menu 3.5 Wireless LAN Setup
Step 3. In the Edit MAC Address Filter field, press [SPACE BAR] to select Yes and press
[ENTER]. Menu 3.5.1 – WLAN MAC Address Filter displays as shown next.
LAN Setup 12-5
ZyAIR B-500 Wireless Access Point User’s Guide
Menu 3.5.1 - WLAN MAC Address Filter
Active= No
Filter Action= Allowed Association
----------------------------------------------------------------------------- 1= 00:00:00:00:00:00 13= 00:00:00:00:00:00 25= 00:00:00:00:00:00
2= 00:00:00:00:00:00 14= 00:00:00:00:00:00 26= 00:00:00:00:00:00
3= 00:00:00:00:00:00 15= 00:00:00:00:00:00 27= 00:00:00:00:00:00
4= 00:00:00:00:00:00 16= 00:00:00:00:00:00 28= 00:00:00:00:00:00
5= 00:00:00:00:00:00 17= 00:00:00:00:00:00 29= 00:00:00:00:00:00
6= 00:00:00:00:00:00 18= 00:00:00:00:00:00 30= 00:00:00:00:00:00
7= 00:00:00:00:00:00 19= 00:00:00:00:00:00 31= 00:00:00:00:00:00
8= 00:00:00:00:00:00 20= 00:00:00:00:00:00 32= 00:00:00:00:00:00
9= 00:00:00:00:00:00 21= 00:00:00:00:00:00
10= 00:00:00:00:00:00 22= 00:00:00:00:00:00
11= 00:00:00:00:00:00 23= 00:00:00:00:00:00
12= 00:00:00:00:00:00 24= 00:00:00:00:00:00
----------------------------------------------------------------------------- Enter here to CONFIRM or ESC to CANCEL:
Figure 12-5 Menu 3.5.1 WLAN MAC Address Filter
The following table describes the fields in this menu.
Table 12-3 Menu 3.5.1 WLAN MAC Address Filter
FIELD DESCRIPTION
Active
Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table.
To enable MAC address filtering, press [SPACE BAR] to select Yes and press [ENTER].
To deny access to the ZyAIR, press [SPACE BAR] to select Deny Association and press
[ENTER]. MAC addresses not listed will be allowed to access the ZyAIR.
The default action, Allowed Association, permits association with the ZyAIR. MAC
addresses not listed will be denied access to the ZyAIR.
MAC Address Filter
1..32 Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the client computers that are
allowed or denied access to the ZyAIR in these address fields.
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to
cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
12-6 LAN Setup
ZyAIR B-500 Wireless Access Point User’s Guide
12.3.2 Configuring Roaming
Enable the roaming feature if you have two or more ZyAIRs on the same subnet. Follow the steps below to
allow roaming on your ZyAIR.
Step 1. From the main menu, enter 3 to display Menu 3 – LAN Setup.
Step 2. Enter 5 to display Menu 3.5 – Wireless LAN Setup.
Menu 3.5 - Wireless LAN Setup
ESSID= Wireless
Hide ESSID= No
Channel ID= CH06 2437MHz
RTS Threshold= 2432
Frag. Threshold= 2432
WEP Encryption= Disable
Default Key= N/A
Key1= N/A
Key2= N/A
Key3= N/A
Key4= N/A
Authen. Method= N/A
Edit MAC Address Filter= No
Block Intra-BSS Traffic= No
Number of Associated Stations= 32
Output Power= 17dBm
Press ENTER to Confirm or ESC to Cancel:
Edit Roaming Configuration= Yes
Figure 12-6 Menu 3.5 Wireless LAN Setup
Step 3. Move the cursor to the Edit Roaming Configuration field. Press [SPACE BAR] to select Yes
and then press [ENTER]. Menu 3.5.2 – Roaming Configuration displays as shown next.
Menu 3.5.2 - Roaming Configuration
Active= Yes
Port #= 16290
Press ENTER to Confirm or ESC to Cancel:
Figure 12-7 Menu 3.5.2 Roaming Configuration
The following table describes the fields in this menu.
LAN Setup 12-7
ZyAIR B-500 Wireless Access Point User’s Guide
Table 12-4 Menu 3.5.2 Roaming Configuration
FIELD DESCRIPTION
Active
Port # Type the port number to communicate roaming information between access points. The port
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to
cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
Press [SPACE BAR] and then [ENTER] to select Yes to enable roaming on the ZyAIR if you
have two or more ZyAIRs on the same subnet.
number must be the same on all access points. The default is 16290. Make sure this port is
not used by other services.
12-8 LAN Setup
ZyAIR B-500 Wireless Access Point User’s Guide
Chapter 13
Dial-in User Setup
This chapter shows you how to create user accounts on the ZyAIR.
13.1 Dial-in User Setup
By storing user profiles locally, your ZyAIR is able to authenticate wireless users without interacting with a
network RADIUS server.
Follow the steps below to set up user profiles on your ZyAIR.
Step 1. From the main menu, enter 14 to display Menu 14 - Dial-in User Setup.
Menu 14 - Dial-in User Setup
1. ________ 9. ________ 17. ________ 25. ________
2. ________ 10. ________ 18. ________ 26. ________
3. ________ 11. ________ 19. ________ 27. ________
4. ________ 12. ________ 20. ________ 28. ________
5. ________ 13. ________ 21. ________ 29. ________
6. ________ 14. ________ 22. ________ 30. ________
7. ________ 15. ________ 23. ________ 31. ________
8. ________ 16. ________ 24. ________ 32. ________
Enter Menu Selection Number:
Figure 13-1 Menu 14- Dial-in User Setup
Step 2. Type a number and press [ENTER] to edit the user profile.
User Name= test
Active= Yes
Password= ********
Press ENTER to Confirm or ESC to Cancel:
Menu 14.1 - Edit Dial-in User
Figure 13-2 Menu 14.1- Edit Dial-in User
The following table describes the fields in this screen.
Dial-in User Setup 13-1
ZyAIR B-500 Wireless Access Point User’s Guide
Table 13-1 Menu 14.1- Edit Dial-in User
FIELD DESCRIPTION
User Name Enter a username up to 31 alphanumeric characters long for this user profile.
This field is case sensitive.
Active
Password Enter a password up to 31 characters long for this user profile.
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to
cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
Press [SPACE BAR] to select Yes and press [ENTER] to enable the user profile.
13-2 Dial-in User Setup
ZyAIR B-500 Wireless Access Point User’s Guide
Chapter 14
SNMP Configuration
This chapter explains SNMP Configuration menu 22.
14.1 About SNMP
Simple Network Management Protocol is a protocol used for exchanging management information between
network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyAIR supports SNMP agent
functionality, which allows a manager station to manage and monitor the ZyAIR through the network. The
ZyAIR supports SNMP version one (SNMPv1) and version two c (SNMPv2c). The next figure illustrates
an SNMP management operation. SNMP is only available if TCP/IP is configured.
Figure 14-1 SNMP Management Model
An SNMP managed network consists of two main components: agents and a manager.
SNMP Configuration 14-1
ZyAIR B-500 Wireless Access Point User’s Guide
An agent is a management software module that resides in a managed device (the ZyAIR). An agent
translates the local management information from the managed device into a form compatible with SNMP.
The manager is the console through which network administrators perform network management functions.
It executes applications that control and monitor managed devices.
The managed devices contain object variables/managed objects that define each piece of information to be
collected about a device. Examples of variables include the number of packets received, node port status
etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager
and agents to communicate for the purpose of accessing these objects.
SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a
request and the agent returns responses using the following protocol operations:
• Get - Allows the manager to retrieve an object variable from the agent.
• GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent.
In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get
operation, followed by a series of GetNext operations.
• Set - Allows the manager to set values for object variables within an agent.
• Trap - Used by the agent to inform the manager of some events.
14.2 Supported MIBs
The ZyAIR supports RFC-1215 and MIB II as defined in RFC-1213. The focus of the MIBs is to let
administrators collect statistic data and monitor status and performance.
14.3 SNMP Configuration
To configure SNMP, select option 22 from the main menu to open Menu 22 – SNMP Configuration as
shown next. The “community” for Get, Set and Trap fields is SNMP terminology for password.
14-2 SNMP Configuration
ZyAIR B-500 Wireless Access Point User’s Guide
Menu 22 - SNMP Configuration
Press ENTER to Confirm or ESC to Cancel:
SNMP:
Get Community= public
Set Community= public
Trusted Host= 0.0.0.0
Trap:
Community= public
Destination= 0.0.0.0
Figure 14-2 Menu 22 SNMP Configuration
The following table describes the SNMP configuration parameters.
Table 14-1 Menu 22 SNMP Configuration
FIELD DESCRIPTION EXAMPLE
SNMP:
Get Community
Type the Get Community, which is the password for the incoming
Get- and GetNext requests from the management station.
Set Community
Type the Set Community, which is the password for incoming Set
requests from the management station.
Trusted Host If you enter a trusted host, your ZyAIR will only respond to SNMP
messages from this address. A blank (default) field means your
ZyAIR will respond to all SNMP messages it receives, regardless
of source.
Trap:
Community Type the trap community, which is the password sent with each
trap to the SNMP manager.
Destination Type the IP address of the station to send your SNMP traps to. 0.0.0.0
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to
cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
public
public
0.0.0.0
public
14.4 SNMP Traps
The ZyAIR will send traps to the SNMP manager when any one of the following events occurs:
SNMP Configuration 14-3
ZyAIR B-500 Wireless Access Point User’s Guide
Table 14-2 SNMP Traps
TRAP # TRAP NAME DESCRIPTION
1 coldStart (defined in RFC-1215) A trap is sent after booting (power on).
2 warmStart (defined in RFC-1215) A trap is sent after booting (software reboot).
3 linkUp (defined in RFC-1215) A trap is sent when the port is up.
4 authenticationFailure (defined in
RFC-1215)
6 linkDown (defined in RFC-1215) A trap is sent when the port is down.
A trap is sent to the manager when receiving any SNMP
get or set requirements with wrong community
(password).
The following table maps the physical port and encapsulation to the interface type.
Table 14-3 Ports and Interface Types
PHYSICAL PORT/ENCAP INTERFACE TYPE
LAN port(s) enet0
Wireless port enet1
PPPoE encap pppoe
1483 encap mpoa
Ethernet encap enet-encap
PPPoA ppp
14-4 SNMP Configuration
ZyAIR B-500 Wireless Access Point User’s Guide
Chapter 15
System Security
This chapter describes how to configure the system security on the ZyAIR.
15.1 System Security
You can configure the system password, an external RADIUS server and 802.1x in this menu.
15.1.1 System Password
2. RADIUS Server
4. IEEE802.1x
Figure 15-1 Menu 23 System Security
You should change the default password. If you forget your password you have to restore the default
configuration file. Refer to the section on changing the system password in the Introducing the SMT chapter
and the section on resetting the ZyAIR in the Introducing the Web Configurator chapter.
Menu 23 - System Security
1. Change Password
15.1.2 Configuring External RADIUS Server
Enter 23 in the main menu to display Menu 23 – System Security.
1. Change Password
4. IEEE802.1x
Figure 15-2 Menu 23 System Security
From Menu 23- System Security, enter 2 to display Menu 23.2 – System Security – RADIUS Server as
shown next.
System Security 15-1
Menu 23 - System Security
2. RADIUS Server
ZyAIR B-500 Wireless Access Point User’s Guide
Menu 23.2 - System Security - RADIUS Server
Authentication Server:
Active= No
Server Address= 10.11.12.13
Port #= 1812
Shared Secret= ?
Accounting Server:
Active= No
Server Address= 10.11.12.13
Port #= 1813
Shared Secret= ?
Press ENTER to Confirm or ESC to Cancel:
Figure 15-3 Menu 23.2 System Security : RADIUS Server
The following table describes the fields in this menu.
Table 15-1 Menu 23.2 System Security : RADIUS Server
FIELD DESCRIPTION EXAMPLE
Authentication Server
Active
Server Address Enter the IP address of the external authentication server in
Shared Secret Specify a password (up to 31 alphanumeric characters) as the
Accounting Server
Active
Server Address Enter the IP address of the external accounting server in dotted
Press [SPACE BAR] to select Yes and press [ENTER] to enable
user authentication through an external authentication server.
10.11.12.13
dotted decimal notation.
The default port of the RADIUS server for authentication is 1812.
Port
You need not change this value unless your network
administrator instructs you to do so with additional information.
key to be shared between the external authentication server and
the access points.
The key is not sent over the network. This key must be the same
on the external authentication server and ZyAIR.
Press [SPACE BAR] to select Yes and press [ENTER] to enable
user authentication through an external accounting server.
10.11.12.13
decimal notation.
No
1812
No
15-2 System Security
ZyAIR B-500 Wireless Access Point User’s Guide
Table 15-1 Menu 23.2 System Security : RADIUS Server
FIELD DESCRIPTION EXAMPLE
The default port of the RADIUS server for accounting is 1813.
Port
You need not change this value unless your network
administrator instructs you to do so with additional information.
Shared Secret Specify a password (up to 31 alphanumeric characters) as the
key to be shared between the external accounting server and the
access points.
The key is not sent over the network. This key must be the same
on the external accounting server and ZyAIR.
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to
cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
1813
15.1.3 802.1x
The IEEE 802.1x standards outline enhanced security methods for both the authentication of wireless
stations and encryption key management.
Follow the steps below to enable EAP authentication on your ZyAIR.
Step 1. From the main menu, enter 23 to display Menu23 – System Security.
Menu 23 - System Security
1. Change Password
2. RADIUS Server
Figure 15-4 Menu 23 System Security
Step 2. Enter 4 to display Menu 23.4 – System Security – IEEE802.1x.
System Security 15-3
ZyAIR B-500 Wireless Access Point User’s Guide
Menu 23.4 - System Security - IEEE802.1X
Wireless Port Control= Authentication Required
ReAuthentication Timer (in second)= 1800
Idle Timeout (in second)= 3600
Authentication Databases= Local User Database Only
Press ENTER to Confirm or ESC to Cancel:
Figure 15-5 Menu 23.4 System Security : IEEE802.1x
The following table describes the fields in this menu.
Table 15-2 Menu 23.4 System Security : IEEE802.1x
FIELD DESCRIPTION
Wireless Port
Control
ReAuthentication Timer
(in seconds)
Idle Timeout The ZyAIR automatically disconnects a wireless station from the wired network after a
Press [SPACE BAR] and select a security mode for the wireless LAN access.
Select No Authentication Required to allow any wireless stations access to your
wired network without entering usernames and passwords. This is the default setting.
Selecting Authentication Required means wireless stations have to enter usernames
and passwords before access to the wired network is allowed.
Select No Access Allowed to block all wireless stations access to the wired network.
Specify how often a wireless station has to re-enter username and password to stay
connected to the wired network.
This field is activated only when you select Authentication Required in the Wireless
Port Control field. Enter a time interval between 10 and 9999 (in seconds). The default
time interval is 1800 seconds (or 30 minutes).
period of inactivity. The wireless station needs to enter the username and password
again before access to the wired network is allowed.
This field is activated only when you select Authentication Required in the Wireless
Port Control field. The default time interval is 3600 seconds (or 1 hour).
15-4 System Security
ZyAIR B-500 Wireless Access Point User’s Guide
Table 15-2 Menu 23.4 System Security : IEEE802.1x
FIELD DESCRIPTION
Authentication
Databases
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to
cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
This field is activated only when you select Authentication Required in the Wireless
Port Control field.
The authentication database contains wireless station login information. The local user
database is the built-in database on the ZyAIR. The RADIUS is an external server. Use
this field to decide which database the ZyAIR should use (first) to authenticate a
wireless station.
Before you specify the priority, make sure you have set up the corresponding database
correctly first.
Select Local User Database Only to have the ZyAIR just check the built-in user
database on the ZyAIR for a wireless station's username and password.
Select RADIUS Only to have the ZyAIR just check the user database on the specified
RADIUS server for a wireless station's username and password.
Select Local first, then RADIUS to have the ZyAIR first check the user database on
the ZyAIR for a wireless station's username and password. If the user name is not
found, the ZyAIR then checks the user database on the specified RADIUS server.
Select RADIUS first, then Local to have the ZyAIR first check the user database on
the specified RADIUS server for a wireless station's username and password. If the
ZyAIR cannot reach the RADIUS server, the ZyAIR then checks the local user
database on the ZyAIR. When the user name is not found or password does not match
in the RADIUS server, the ZyAIR will not check the local user database and the
authentication fails.
Once you enable user authentication, you need to specify an external RADIUS
server or create local user accounts on the ZyAIR for authentication.
System Security 15-5
Loading...