ZyXEL G-1000 User Guide

Download

G-1000

802.11g Wireless Access Point

User’s Guide

Version 3.50

11/2005

G-1000 User’s Guide

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.

Copyright

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

2 Copyright

G-1000 User’s Guide

Federal Communications

Commission (FCC) Interference

Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause undesired operations.

This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and the receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

Caution

1. To comply with FCC RF exposure compliance requirements, a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons.

2. This Transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

Information for Canadian Users

This Class B digital apparatus complies with Canadian ICES-003.

Federal Communications Commission (FCC) Interference Statement 3

G-1000 User’s Guide

Cet appareil numerique de la classe B est conforme a la norme NMB-003 du Canada.

Certifications

Go to www.zyxel.com

1 Select your product from the drop-down list box on the ZyXEL home page to go to that

product's page.

2 Select the certification you wish to view from this page.

4 Federal Communications Commission (FCC) Interference Statement

G-1000 User’s Guide

Safety Warnings

For your safety, be sure to read and follow all warning notices and instructions.

• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel can service the device. Please contact your vendor for further information.

• Use ONLY the dedicated power supply for your device. Connect the power cord or power adaptor to the right supply voltage (110V AC in North America or 230V AC in Europe).

• Do NOT use the device if the power supply is damaged as it might cause electrocution.

• If the power supply is damaged, remove it from the power outlet.

• Do NOT attempt to repair the power supply. Contact your local vendor to order a new power supply.

• Place connecting cables carefully so that no one will step on them or stumble over them. Do NOT allow anything to rest on the power cord and do NOT locate the product where anyone can walk on the power cord.

• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of electric shock from lightning.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.

• Make sure to connect the cables to the correct ports.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.

• Do NOT store things on the device.

• Connect ONLY suitable accessories to the device.

• Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the included antenna(s).

Safety Warnings 5

G-1000 User’s Guide

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.

ZyXEL Limited Warranty

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

6 ZyXEL Limited Warranty

G-1000 User’s Guide

Customer Support

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

METHOD

LOCATION

CORPORATE HEADQUARTERS (WORLDWIDE)

CZECH REPUBLIC

DENMARK

FINLAND

FRANCE

GERMANY

HUNGARY

KAZAKHSTAN

NORTH AMERICA

NORWAY

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com

info@cz.zyxel.com +420-241-091-350 www.zyxel.cz ZyXEL Communications

info@cz.zyxel.com +420-241-091-359

support@zyxel.dk +45-39-55-07-00 www.zyxel.dk ZyXEL Communications A/S

sales@zyxel.dk +45-39-55-07-07

support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy

sales@zyxel.fi +358-9-4780 8448

info@zyxel.fr +33-4-72-52-97-97 www.zyxel.fr ZyXEL France

+33-4-72-52-19-20

support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.

sales@zyxel.de +49-2405-6909-99

support@zyxel.hu +36-1-3361649 www.zyxel.hu ZyXEL Hungary

info@zyxel.hu +36-1-3259100

http://zyxel.kz/support +7-3272-590-698 www.zyxel.kz ZyXEL Kazakhstan

sales@zyxel.kz +7-3272-590-689

support@zyxel.com 1-800-255-4101

+1-714-632-0882

sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com

support@zyxel.no +47-22-80-61-80 www.zyxel.no ZyXEL Communications A/S

sales@zyxel.no +47-22-80-61-81

WEB SITE

www.europe.zyxel.com

ftp.europe.zyxel.com

www.us.zyxel.com ZyXEL Communications Inc.

REGULAR MAIL

ZyXEL Communications Corp. 6 Innovation Road II

Science Park Hsinchu 300 Ta iw a n

Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika

Columbusvej 2860 Soeborg Denmark

Malminkaari 10 00700 Helsinki Finland

1 rue des Vergers Bat. 1 / C 69760 Limonest France

Adenauerstr. 20/A2 D-52146 Wuerselen Germany

48, Zoldlomb Str. H-1025, Budapest Hungary

43, Dostyk ave.,Office 414 Dostyk Business Centre 050010, Almaty Republic of Kazakhstan

1130 N. Miller St. Anaheim CA 92806-2001 U.S.A.

Nils Hansens vei 13 0667 Oslo Norway

Customer Support 7

G-1000 User’s Guide

METHOD

LOCATION

POLAND

RUSSIA

SPAIN

SWEDEN

UKRAINE

UNITED KINGDOM

a. “+” is the (prefix) number you enter to make an international telephone call.

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

info@pl.zyxel.com +48-22-5286603 www.pl.zyxel.com ZyXEL Communications

+48-22-5206701

http://zyxel.ru/support +7-095-542-89-29 www.zyxel.ru ZyXEL Russia

sales@zyxel.ru +7-095-542-89-25

support@zyxel.es +34-902-195-420 www.zyxel.es ZyXEL Communications

sales@zyxel.es +34-913-005-345

support@zyxel.se +46-31-744-7700 www.zyxel.se ZyXEL Communications A/S

sales@zyxel.se +46-31-744-7701

support@ua.zyxel.com +380-44-247-69-78 www.ua.zyxel.com ZyXEL Ukraine

sales@ua.zyxel.com +380-44-494-49-32

support@zyxel.co.uk +44-1344 303044

08707 555779 (UK only)

sales@zyxel.co.uk +44-1344 303034 ftp.zyxel.co.uk

WEB SITE

REGULAR MAIL

ul.Emilli Plater 53 00-113 Warszawa Poland

Ostrovityanova 37a Str. Moscow, 117279 Russia

Alejandro Villegas 33 1º, 28043 Madrid Spain

Sjöporten 4, 41764 Göteborg Sweden

13, Pimonenko Str. Kiev, 04050 Ukraine

www.zyxel.co.uk ZyXEL Communications UK

Ltd.,11 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)

8 Customer Support

G-1000 User’s Guide

Customer Support 9

G-1000 User’s Guide

Copyright ..................................................................................................................2

Federal Communications Commission (FCC) Interference Statement ............... 3

Safety Warnings ....................................................................................................... 5

ZyXEL Limited Warranty.......................................................................................... 6

Customer Support.................................................................................................... 7

Preface ....................................................................................................................24

Chapter 1

Getting to Know Your G-1000................................................................................ 26

1.1 Introducing the G-1000 .....................................................................................26

1.2 G-1000 Features ................................................................................................26

1.2.1 Physical Features .....................................................................................26

1.2.1.1 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface ...........26

1.2.1.2 10/100M Auto-crossover Ethernet/Fast Ethernet Interface .............26

1.2.1.3 Reset Button ...................................................................................26

1.2.1.4 G-1000 LED ....................................................................................27

1.2.2 Firmware Features ....................................................................................27

1.2.2.1 Internal RADIUS Server ..................................................................27

1.2.2.2 Wi-Fi Protected Access ...................................................................27

1.2.2.3 802.11b Wireless LAN Standard .....................................................27

1.2.2.4 802.11g Wireless LAN Standard .....................................................28

1.2.2.5 STP (Spanning Tree Protocol) / RSTP (Rapid STP) .......................28

1.2.2.6 Limit the number of Client Connections ..........................................28

1.2.2.7 Brute-Force Password Guessing Protection ..................................28

1.2.2.8 Wireless LAN MAC Address Filtering .............................................28

1.2.2.9 WEP Encryption ..............................................................................28

1.2.2.10 IEEE 802.1x Network Security ......................................................29

1.2.2.11 SNMP ............................................................................................29

1.2.2.12 Full Network Management ............................................................29

1.2.2.13 Logging and Tracing ......................................................................29

1.2.2.14 Embedded FTP and TFTP Servers ...............................................29

1.2.2.15 Wireless Association List ..............................................................29

1.3 Applications for the G-1000 ................................................................................29

G-1000 User’s Guide

1.3.1 Internet Access Application ......................................................................30

1.3.2 Corporation Network Application ..............................................................30

Chapter 2

Hardware Installation and Initial Setup ................................................................ 32

2.1 Front Panel of the G-1000 ..................................................................................32

2.2 Top Panel and Connections of the G-1000 ........................................................33

2.2.1 One 10/100M Ethernet Port ......................................................................34

2.2.2 Power Port ................................................................................................34

2.2.3 The RESET Button ...................................................................................34

2.2.4 Antennas ...................................................................................................35

2.3 Hardware Mounting Options ..............................................................................35

2.4 Additional Installation Requirements ..................................................................35

2.5 Configuring Your G-1000 ....................................................................................35

Chapter 3

Introducing the Web Configurator........................................................................ 36

3.1 Accessing the G-1000 Web Configurator ...........................................................36

3.2 Resetting the G-1000 .........................................................................................37

3.2.1 Procedure To Use The Reset Button ........................................................37

3.2.2 Method of Restoring Factory-Defaults ......................................................38

3.3 Navigating the G-1000 Web Configurator ..........................................................38

Chapter 4

Wizard Setup .......................................................................................................... 40

4.1 Wizard Setup Overview ......................................................................................40

4.1.1 Channel ....................................................................................................40

4.1.2 ESS ID ......................................................................................................40

4.1.3 WEP Encryption ........................................................................................40

4.2 Wizard Setup: General Setup ............................................................................41

4.3 Wizard Setup: Wireless LAN ..............................................................................41

4.4 Wizard Setup: IP Address ..................................................................................43

4.4.1 IP Address Assignment ............................................................................43

4.4.2 IP Address and Subnet Mask ...................................................................43

4.5 Basic Setup Complete ........................................................................................45

Chapter 5

System Screens ..................................................................................................... 46

5.1 System Overview ...............................................................................................46

5.2 Configuring General Setup .................................................................................46

5.3 Configuring Password ........................................................................................47

5.4 Configuring Time Setting ....................................................................................48

G-1000 User’s Guide

Chapter 6

Wireless LAN ......................................................................................................... 50

6.1 Introduction ........................................................................................................50

6.2 Wireless Security Overview ...............................................................................50

6.2.1 Encryption .................................................................................................50

6.2.2 Authentication ...........................................................................................50

6.2.3 Restricted Access .....................................................................................51

6.2.4 Hide G-1000 Identity .................................................................................51

6.2.5 Configuring Wireless LAN on the G-1000 .................................................51

6.3 Configuring the Wireless Screen ........................................................................52

6.3.1 WEP Encryption ........................................................................................52

6.4 Configuring Roaming .........................................................................................55

6.4.1 Requirements for Roaming .......................................................................56

6.5 MAC Filter ..........................................................................................................57

6.6 Introduction to WPA ...........................................................................................59

6.6.1 WPA(2)-PSK Application Example ...........................................................59

6.6.2 WPA(2) with RADIUS Application Example ..............................................60

6.6.3 Wireless Client WPA Supplicants ............................................................61

6.7 Configuring IEEE 802.1x and WPA ....................................................................61

6.7.1 Authentication Required: 802.1x ...............................................................62

6.7.2 Authentication Required: WPA .................................................................64

6.7.3 Authentication Required: WPA-PSK .........................................................65

6.7.4 Authentication Required: WPA2 ...............................................................66

6.7.5 Authentication Required: WPA2-PSK .......................................................67

6.8 Configuring RADIUS ..........................................................................................68

Chapter 7

IP Screen................................................................................................................. 70

7.1 TCP/IP Parameters ............................................................................................70

7.1.1 IP Address and Subnet Mask ...................................................................70

7.1.2 WAN IP Address Assignment ...................................................................70

7.2 Configuring IP ....................................................................................................71

Chapter 8

Remote Management Screens .............................................................................. 72

8.1 Remote Management Overview .........................................................................72

8.1.1 Remote Management Limitations .............................................................72

8.1.2 Remote Management and NAT ................................................................73

8.1.3 System Timeout ........................................................................................73

8.2 Configuring WWW ..............................................................................................73

8.3 Configuring Telnet ..............................................................................................74

8.4 Configuring TELNET ..........................................................................................74

8.5 Configuring FTP .................................................................................................75

G-1000 User’s Guide

8.6 SNMP .................................................................................................................76

8.6.1 Supported MIBs ........................................................................................78

8.6.2 SNMP Traps .............................................................................................78

8.6.3 SNMP Interface Index ...............................................................................79

8.6.4 Configuring SNMP ....................................................................................79

Chapter 9

Log Screens............................................................................................................ 82

9.1 Configuring View Log .........................................................................................82

9.2 Configuring Log Settings ....................................................................................83

Chapter 10

Maintenance ........................................................................................................... 86

10.1 Maintenance Overview .....................................................................................86

10.2 System Status Screen ......................................................................................86

10.2.1 System Statistics .....................................................................................87

10.3 Association List ................................................................................................87

10.4 F/W Upload Screen ..........................................................................................88

10.5 Configuration Screen .......................................................................................90

10.5.1 Backup Configuration .............................................................................91

10.5.2 Restore Configuration ............................................................................91

10.5.3 Back to Factory Defaults .........................................................................93

10.6 Restart Screen .................................................................................................93

Chapter 11

Introducing the SMT ..............................................................................................94

11.1 Connect to your G-1000 Using Telnet ..............................................................94

11.2 Changing the System Password ......................................................................94

11.3 G-1000 SMT Menus Overview ........................................................................95

11.4 Navigating the SMT Interface ...........................................................................96

Chapter 12

General Setup......................................................................................................... 98

Chapter 13

LAN Setup............................................................................................................. 100

13.1 LAN Setup ......................................................................................................100

13.2 TCP/IP Ethernet Setup ...................................................................................100

13.3 Wireless LAN Setup .......................................................................................101

13.3.1 Configuring MAC Address Filter ...........................................................103

13.3.2 Configuring Roaming ............................................................................105

G-1000 User’s Guide

Chapter 14

Dial-in User Setup ................................................................................................ 108

Chapter 15

SNMP Configuration ............................................................................................ 110

Chapter 16

System Security ................................................................................................... 112

Chapter 17

System Information and Diagnosis .................................................................... 118

16.1 System Password .......................................................................................... 112

16.2 Configuring External RADIUS Server ............................................................112

16.3 802.1x ............................................................................................................114

17.1 System Status ................................................................................................118

17.2 System Information ........................................................................................ 119

17.2.1 System Information ...............................................................................120

17.2.2 Console Port Speed ..............................................................................121

17.3 Diagnostic ......................................................................................................121

Chapter 18

Firmware and Configuration File Maintenance ................................................. 124

18.1 Filename Conventions ...................................................................................124

18.2 Backup Configuration .....................................................................................125

18.2.1 Backup Configuration Using FTP .........................................................125

18.2.2 Using the FTP command from the DOS Prompt ..................................126

18.2.3 Backup Configuration Using TFTP .......................................................127

18.2.4 Example: TFTP Command ...................................................................128

18.2.5 Backup Via Console Port ......................................................................128

Chapter 19

System Maintenance and Information ...............................................................130

19.1 Command Interpreter Mode ...........................................................................130

19.2 Time and Date Setting ....................................................................................131

19.3 Remote Management Setup ..........................................................................133

19.3.1 Telnet ....................................................................................................133

19.3.2 FTP .......................................................................................................133

19.3.3 Web ......................................................................................................133

19.3.4 Remote Management Setup .................................................................133

19.3.5 Remote Management Limitations .........................................................134

19.4 Remote Management and NAT ......................................................................135

19.5 System Timeout .............................................................................................135

Appendix A

G-1000 User’s Guide

Troubleshooting................................................................................................... 136

Appendix B

Specifications....................................................................................................... 138

Appendix C

Brute-Force Password Guessing Protection..................................................... 140

Appendix D

Setting up Your Computer’s IP Address............................................................ 142

Appendix E

IP Address Assignment Conflicts ......................................................................154

Appendix F

Wireless LANs ...................................................................................................... 158

Appendix G

IP Subnetting ........................................................................................................ 170

Appendix H

Command Interpreter........................................................................................... 178

Appendix I

Log Descriptions.................................................................................................. 180

Appendix J

Antenna Selection and Positioning Recommendation..................................... 184

Appendix K

Power Adaptor Specifications ............................................................................ 186

G-1000 User’s Guide

Figure 1 Internet Access Application ................................................................................... 30

Figure 2 Corporation Network Application .......................................................................... 30

Figure 3 G-1000 Front Panel .............................................................................................. 32

Figure 4 G-1000 Top Panel ................................................................................................. 34

Figure 5 Change Password Screen .................................................................................... 37

Figure 6 The MAIN MENU Screen of the Web Configurator ............................................... 38

Figure 7 Wizard 1: General Setup ....................................................................................... 41

Figure 8 Wizard 2: Wireless LAN Setup .............................................................................. 42

Figure 9 Wizard 3: IP Address Assignment ........................................................................ 44

Figure 10 Wizard 4: Setup Complete .................................................................................. 45

Figure 11 System General Setup ........................................................................................ 46

Figure 12 Password. ........................................................................................................... 47

Figure 13 Time Setting ........................................................................................................ 48

Figure 14 Wireless .............................................................................................................. 53

Figure 15 Roaming Example ............................................................................................... 56

Figure 16 Roaming ..............................................................................................................57

Figure 17 MAC Address Filter ............................................................................................. 58

Figure 18 WPA(2) - PSK Authentication ............................................................................. 60

Figure 19 WPA with RADIUS Application Example2 .......................................................... 61

Figure 20 Wireless LAN: 802.1x/WPA ................................................................................ 62

Figure 21 Wireless LAN: 802.1x/WPA for 802.1x Protocol ................................................. 63

Figure 22 Wireless LAN: 802.1x/WPA for WPA Protocol .................................................... 65

Figure 23 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol ............................................ 66

Figure 24 Wireless LAN: 802.1x/WPA for WPA2 Protocol .................................................. 67

Figure 25 Wireless LAN: 802.1x/WPA for WPA2-PSK Protocol .......................................... 68

Figure 26 RADIUS Screen .................................................................................................. 69

Figure 27 IP Setup .............................................................................................................. 71

Figure 28 Remote Management: WWW ............................................................................. 73

Figure 29 Telnet Configuration on a TCP/IP Network ......................................................... 74

Figure 30 Remote Management: Telnet .............................................................................. 75

Figure 31 Remote Management: FTP ................................................................................. 76

Figure 32 SNMP Management Model ................................................................................. 77

Figure 33 Remote Management: SNMP ............................................................................. 79

Figure 34 View Log .............................................................................................................83

Figure 35 Log Settings ........................................................................................................ 84

Figure 36 System Status ..................................................................................................... 86

List of Figures

G-1000 User’s Guide

Figure 37 System Status: Show Statistics ........................................................................... 87

Figure 38 Association List ................................................................................................... 88

Figure 39 Firmware Upload ................................................................................................. 89

Figure 40 Firmware Upload In Process ............................................................................... 89

Figure 41 Network Temporarily Disconnected .................................................................... 90

Figure 42 Firmware Upload Error ........................................................................................ 90

Figure 43 Configuration ....................................................................................................... 91

Figure 44 Configuration Upload Successful ........................................................................ 92

Figure 45 Network Temporarily Disconnected .................................................................... 92

Figure 46 Configuration Upload Error ................................................................................. 93

Figure 47 Reset Warning Message ..................................................................................... 93

Figure 48 Restart Screen .................................................................................................... 93

Figure 49 Login Screen ....................................................................................................... 94

Figure 50 Menu 23.1 System Security: Change Password ................................................. 95

Figure 51 G-1000 SMT Main Menu ..................................................................................... 97

Figure 52 Menu 1 General Setup ........................................................................................ 98

Figure 53 Menu 3 LAN Setup ............................................................................................. 100

Figure 54 Menu 3.2 TCP/IP Setup ...................................................................................... 101

Figure 55 Menu 3.5 Wireless LAN Setup ............................................................................ 102

Figure 56 Menu 3.5 Wireless LAN Setup ............................................................................ 104

Figure 57 Menu 3.5.1 WLAN MAC Address Filter .............................................................. 104

Figure 58 Menu 3.5 Wireless LAN Setup ............................................................................ 105

Figure 59 WLAN Roaming Configuration ............................................................................ 106

Figure 60 Menu 14- Dial-in User Setup ............................................................................... 108

Figure 61 Menu 14.1- Edit Dial-in User ............................................................................... 109

Figure 62 Menu 22 SNMP Configuration ............................................................................ 110

Figure 63 Menu 23 System Security ................................................................................... 112

Figure 64 Menu 23 System Security ................................................................................... 112

Figure 65 Menu 23.2 System Security: RADIUS Server ..................................................... 113

Figure 66 Menu 23 System Security ................................................................................... 114

Figure 67 Menu 23.4 System Security: IEEE802.1x ........................................................... 115

Figure 68 Menu 24 System Maintenance ........................................................................... 118

Figure 69 Menu 24.1 System Maintenance: Status ............................................................ 119

Figure 70 Menu 24.2 System Information and Console Port Speed ................................... 120

Figure 71 Menu 24.2.1 System Information: Information .................................................... 120

Figure 72 Menu 24.2.2 System Maintenance: Change Console Port Speed ...................... 121

Figure 73 Menu 24.4 System Maintenance: Diagnostic ...................................................... 122

Figure 74 Menu 24.5 Backup Configuration ........................................................................ 126

Figure 75 FTP Session Example ........................................................................................ 127

Figure 76 System Maintenance: Backup Configuration ...................................................... 129

Figure 77 System Maintenance: Starting Xmodem Download Screen ............................... 129

Figure 78 Backup Configuration Example ........................................................................... 129

Figure 79 Successful Backup Confirmation Screen ............................................................ 129

G-1000 User’s Guide

Figure 80 Menu 24 System Maintenance ........................................................................... 131

Figure 81 Valid CI Commands ............................................................................................ 131

Figure 82 Menu 24.10 System Maintenance: Time and Date Setting ................................. 132

Figure 83 Telnet Configuration on a TCP/IP Network ......................................................... 133

Figure 84 Menu 24.11 Remote Management Control ......................................................... 134

Figure 85 WIndows 95/98/Me: Network: Configuration ....................................................... 143

Figure 86 Windows 95/98/Me: TCP/IP Properties: IP Address ........................................... 144

Figure 87 Windows 95/98/Me: TCP/IP Properties: DNS Configuration .............................. 145

Figure 88 Windows XP: Start Menu .................................................................................... 146

Figure 89 Windows XP: Control Panel ................................................................................ 146

Figure 90 Windows XP: Control Panel: Network Connections: Properties ......................... 147

Figure 91 Windows XP: Local Area Connection Properties ................................................ 147

Figure 92 Windows XP: Advanced TCP/IP Settings ........................................................... 148

Figure 93 Windows XP: Internet Protocol (TCP/IP) Properties ........................................... 149

Figure 94 Macintosh OS 8/9: Apple Menu .......................................................................... 150

Figure 95 Macintosh OS 8/9: TCP/IP .................................................................................. 150

Figure 96 Macintosh OS X: Apple Menu ............................................................................. 151

Figure 97 Macintosh OS X: Network ................................................................................... 152

Figure 98 IP Address Conflicts: Case A .............................................................................. 154

Figure 99 IP Address Conflicts: Case B .............................................................................. 155

Figure 100 IP Address Conflicts: Case C ............................................................................ 155

Figure 101 IP Address Conflicts: Case D ............................................................................ 156

Figure 102 Peer-to-Peer Communication in an Ad-hoc Network ........................................ 158

Figure 103 Basic Service Set .............................................................................................. 159

Figure 104 Infrastructure WLAN ......................................................................................... 160

Figure 105 RTS/CTS ........................................................................................................... 161

G-1000 User’s Guide

Table 1 IEEE 802.11b ......................................................................................................... 27

Table 2 IEEE 802.11g ......................................................................................................... 28

Table 3 Front Panel LED Description ................................................................................. 33

Table 4 G-1000 Wireless LAN Coverage ........................................................................... 35

Table 5 Wizard 1: General Setup ....................................................................................... 41

Table 6 Wizard 2: Wireless LAN Setup .............................................................................. 42

Table 7 Private IP Address Ranges ................................................................................... 43

Table 8 Wizard 3: IP Address Assignment ......................................................................... 44

Table 9 System General Setup .......................................................................................... 46

Table 10 Password .............................................................................................................47

Table 11 Time Setting .........................................................................................................48

Table 12 G-1000 Wireless Security Levels ........................................................................ 52

Table 13 Wireless ............................................................................................................... 53

Table 14 Roaming ..............................................................................................................57

Table 15 MAC Address Filter ............................................................................................. 58

Table 16 Wireless LAN: 802.1x/WPA ................................................................................. 62

Table 17 Wireless LAN: 802.1x/WPA for 802.1x Protocol .................................................. 63

Table 18 Wireless LAN: 802.1x/WPA for WPA Protocol ..................................................... 65

Table 19 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol ............................................ 66

Table 20 Wireless LAN: 802.1x/WPA2 for WPA Protocol ................................................... 67

Table 21 Wireless LAN: 802.1x/WPA for WPA2-PSK Protocol .......................................... 68

Table 22 RADIUS Screen ................................................................................................... 69

Table 23 Private IP Address Ranges ................................................................................. 70

Table 24 IP Setup ............................................................................................................... 71

Table 25 Remote Management: WWW .............................................................................. 73

Table 26 Remote Management: Telnet .............................................................................. 75

Table 27 Remote Management: FTP ................................................................................. 76

Table 28 SNMP Traps ........................................................................................................ 78

Table 29 SNMP Interface Index to Physical Port Mapping ................................................. 79

Table 30 Remote Management: SNMP .............................................................................. 79

Table 31 View Log .............................................................................................................. 83

Table 32 Log Settings .........................................................................................................84

Table 33 System Status ...................................................................................................... 86

Table 34 System Status: Show Statistics ........................................................................... 87

Table 35 Association List .................................................................................................... 88

Table 36 Firmware Upload ................................................................................................. 89

List of Tables

G-1000 User’s Guide

Table 37 Restore Configuration .......................................................................................... 91

Table 38 SMT Menus Overview ......................................................................................... 95

Table 39 Main Menu Commands ....................................................................................... 96

Table 40 Main Menu Summary .......................................................................................... 97

Table 41 Menu 1 General Setup ........................................................................................ 98

Table 42 Menu 3.2 TCP/IP Setup ....................................................................................... 101

Table 43 Menu 3.5 Wireless LAN Setup ............................................................................ 102

Table 44 Menu 3.5.1 WLAN MAC Address Filter ............................................................... 105

Table 45 Menu 3.5.4 Bridge Link Configuration ................................................................. 106

Table 46 Menu 14.1- Edit Dial-in User ............................................................................... 109

Table 47 Menu 22 SNMP Configuration ............................................................................. 110

Table 48 Menu 23.2 System Security: RADIUS Server ..................................................... 113

Table 49 Menu 23.4 System Security: IEEE802.1x ............................................................ 115

Table 50 Menu 24.1 System Maintenance: Status ............................................................. 119

Table 51 Menu 24.2.1 System Maintenance: Information .................................................. 120

Table 52 Menu 24.4 System Maintenance Menu: Diagnostic ............................................ 122

Table 53 Filename Conventions ......................................................................................... 125

Table 54 General Commands for Third Party FTP Clients ................................................. 127

Table 55 General Commands for Third Party TFTP Clients ............................................... 128

Table 56 System Maintenance: Time and Date Setting ..................................................... 132

Table 57 Remote Management Port Control ...................................................................... 133

Table 58 Menu 24.11 Remote Management Control .......................................................... 134

Table 59 Troubleshooting the Start-Up of Your G-1000 ..................................................... 136

Table 60 Troubleshooting the Ethernet Interface ............................................................... 136

Table 61 Troubleshooting the Password ............................................................................ 137

Table 62 Troubleshooting Telnet ........................................................................................ 137

Table 63 Troubleshooting the WLAN Interface ................................................................... 137

Table 64 Hardware .............................................................................................................138

Table 65 Firmware .............................................................................................................. 138

Table 66 Brute-Force Password Guessing Protection Commands .................................... 140

Table 67 IEEE 802.11g ....................................................................................................... 162

Table 68 Comparison of EAP Authentication Types ........................................................... 166

Table 69 Wireless Security Relational Matrix ..................................................................... 167

Table 70 Classes of IP Addresses ..................................................................................... 170

Table 71 Allowed IP Address Range By Class ................................................................... 171

Table 72 “Natural” Masks ................................................................................................... 171

Table 73 Alternative Subnet Mask Notation ....................................................................... 172

Table 74 Two Subnets Example ......................................................................................... 172

Table 75 Subnet 1 .............................................................................................................. 173

Table 76 Subnet 2 .............................................................................................................. 173

Table 77 Subnet 1 .............................................................................................................. 174

Table 78 Subnet 2 .............................................................................................................. 174

Table 79 Subnet 3 .............................................................................................................. 174

G-1000 User’s Guide

Table 80 Subnet 4 .............................................................................................................. 175

Table 81 Eight Subnets ...................................................................................................... 175

Table 82 Class C Subnet Planning ..................................................................................... 175

Table 83 Class B Subnet Planning ..................................................................................... 176

Table 84 System Maintenance Logs .................................................................................. 180

Table 85 ICMP Notes ......................................................................................................... 180

Table 86 Sys log ................................................................................................................. 181

Table 87 Log Categories and Available Settings ................................................................ 182

Table 88 NORTH AMERICAN PLUG STANDARDS .......................................................... 186

Table 89 NORTH AMERICAN PLUG STANDARDS .......................................................... 186

Table 90 EUROPEAN PLUG STANDARDS ....................................................................... 186

Table 91 UNITED KINGDOM PLUG STANDARDS ........................................................... 186

Table 92 JAPAN PLUG STANDARDS ................................................................................ 186

Table 93 AUSTRALIA AND NEW ZEALAND PLUG STANDARDS ................................... 187

G-1000 User’s Guide

Congratulations on your purchase of the ZyXEL G-1000 - 802.11g Wireless Access Point.

An AP acts as a bridge between the wireless and wired networks, extending your existing wired network without any additional wiring.

Your G-1000 is easy to install and configure.

About This User's Guide

This User’s Guide is designed to guide you through the configuration of your G-1000 using the web configurator or the SMT. The web configurator parts of this guide contain background information on features configurable by web configurator. The SMT parts of this guide contain background information solely on features not configurable by web configurator

Preface

Note: Register your product online to receive e-mail notices of

firmware upgrades and information at www.zyxel.com products, or at www.us.zyxel.com

for North American products.

for global

Note: Use the web configurator, System Management Terminal (SMT) or command interpreter interface to configure your G-1000. Not all features can be configured through all interfaces.

Getting to Know Your G-1000

This chapter introduces the main features and applications of the G-1000.

1.1 Introducing the G-1000

The G-1000 Access Point extends the range of your existing wired network without any additional wiring efforts, providing easy network access to mobile users.

The G-1000 incorporates the IEEE802.11g standard for high-speed wireless transmission. In line with the standard, your G-1000 is backward-compatible with IEEE802.1b-enabled devices.

CHAPTER 1

Additionally, the G-1000 offers highly-secure wireless connectivity to your wired network with IEEE 802.1x, WEP data encryption and MAC address filtering.

The G-1000 is easy to install and configure. The embedded web-based configurator enables easy operation and configuration.

1.2 G-1000 Features

The following sections describe the features of the G-1000

1.2.1 Physical Features

1.2.1.1 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface

This auto-negotiating feature allows the G-1000 to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network.

1.2.1.2 10/100M Auto-crossover Ethernet/Fast Ethernet Interface

An auto-crossover (auto-MDI/MDI-X) port automatically works with a straight-through or crossover Ethernet cable.

1.2.1.3 Reset Button

The G-1000 reset button is built into the side panel. Use this button to restore the factory default password to 1234; IP address to 192.168.1.2, subnet mask to 255.255.255.0.

26 Chapter 1 Getting to Know Your G-1000

1.2.1.4 G-1000 LED

The blue G-1000 LED (also known as the Breathing LED) is on when the G-1000 is on and blinks (or breaths) when data is being transmitted to/from its wireless stations. You may use the web configurator to turn this LED off even when the G-1000 is on and data is being transmitted/received.

1.2.2 Firmware Features

1.2.2.1 Internal RADIUS Server

The G-1000 has a built-in RADIUS server that can authenticate wireless clients or other AP’s in other wireless networks.The G-1000 can also function as an AP and as a RADIUS server at the same time.

1.2.2.2 Wi-Fi Protected Access

The G-1000 supports WPA and WPA2. Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. WPA supports user authentication, and it provides better data encryption than WEP. WPA2 is similar to WPA but provides even stronger data encryption than WPA.

G-1000 User’s Guide

1.2.2.3 802.11b Wireless LAN Standard

The G-1000 complies with the 802.11b wireless standard.

The 802.11b data rate and corresponding modulation techniques are shown in the table below. The modulation technique defines how bits are encoded onto radio waves.

Table 1 IEEE 802.11b

DATA RATE (MBPS) MODULATION

1 DBPSK (Differential Binary Phase Shifted Keying)

2 DQPSK (Differential Quadrature Phase Shifted Keying)

5.5 / 11 CCK (Complementary Code Keying)

Chapter 1 Getting to Know Your G-1000 27

G-1000 User’s Guide

1.2.2.4 802.11g Wireless LAN Standard

The G-1000 complies with the 802.11g wireless standard and is also fully compatible with the

802.11b standard. This means an 802.11b radio card can interface directly with an 802.11g device (and vice versa) at 11 Mbps or lower depending on range. 802.11g has several intermediate rate steps between the maximum and minimum data rates. The 802.11g data rate and modulation are as follows:.

Table 2 IEEE 802.11g

DATA RATE (MBPS)

6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing)

MODULATION

Note: The G-1000 may be prone to RF (Radio Frequency)

interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs.

1.2.2.5 STP (Spanning Tree Protocol) / RSTP (Rapid STP)

(R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a bridge to interact with other (R)STP -compliant bridges in your network to ensure that only one path exists between any two stations on the network.

1.2.2.6 Limit the number of Client Connections

You may set a maximum number of wireless stations that may connect to the G-1000. This may be necessary if for example, there is interference or difficulty with channel assignment due to a high density of APs within a coverage area.

1.2.2.7 Brute-Force Password Guessing Protection

The G-1000 has a special protection mechanism to discourage brute-force password guessing attacks on the G-1000's management interfaces. You can specify a wait-time that must expire before entering a fourth password after three incorrect passwords have been entered. Please see the appendix for details about this feature.

1.2.2.8 Wireless LAN MAC Address Filtering

Your G-1000 checks the MAC address of the wireless station against a list of allowed or denied MAC addresses.

1.2.2.9 WEP Encryption

WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network to help keep network communications private.

28 Chapter 1 Getting to Know Your G-1000

1.2.2.10 IEEE 802.1x Network Security

The G-1000 supports the IEEE 802.1x standard to enhance user authentication. Use the builtin user profile database to authenticate up to 32 users using MD5 encryption. Use an EAPcompatible RADIUS (RFC2138, 2139 - Remote Authentication Dial In User Service) server to authenticate a limitless number of users using EAP (Extensible Authentication Protocol). EAP is an authentication protocol that supports multiple types of authentication.

1.2.2.11 SNMP

SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your G-1000 supports SNMP agent functionality, which allows a manger station to manage and monitor the G-1000 through the network. The G-1000 supports SNMP version one (SNMPv1) and version two c (SNMPv2c).

1.2.2.12 Full Network Management

The embedded web configurator is an all-platform web-based utility that allows you to easily access the G-1000’s management settings. Most functions of the G-1000 are also software configurable via the SMT (System Management Terminal) interface. The SMT is a menudriven interface that you can access from a terminal emulator over a telnet connection.

G-1000 User’s Guide

1.2.2.13 Logging and Tracing

• Built-in message logging and packet tracing.

• Unix syslog facility support.

1.2.2.14 Embedded FTP and TFTP Servers

The G-1000’s embedded FTP and TFTP servers enable fast firmware upgrades as well as configuration file backups and restoration.

1.2.2.15 Wireless Association List

With the wireless association list, you can see the list of the wireless stations that are currently using the G-1000 to access your wired network.

1.3 Applications for the G-1000

Here are some G-1000 application examples.

Note: A different channel should be configured for each WLAN interface to reduce the effects of radio interference.

Chapter 1 Getting to Know Your G-1000 29

G-1000 User’s Guide

1.3.1 Internet Access Application

The G-1000 is an ideal access solution for wireless Internet connection. A typical Internet access application for your G-1000 is shown as follows. Stations A, B and C can access the wired network through the G-1000s.

Figure 1 Internet Access Application

1.3.2 Corporation Network Application

In situations where users are always on the move in the coverage area but still need access to corporate network access, the G-1000 is an ideal solution for wireless stations to connect to the corporate network without expensive network cabling.

The following figure depicts a typical application of the G-1000 in an enterprise environment. Stations A and B with wireless adapters are allowed to access the network resource through the G-1000 after account validation by the network authentication server.

Figure 2 Corporation Network Application

30 Chapter 1 Getting to Know Your G-1000

G-1000 User’s Guide

Chapter 1 Getting to Know Your G-1000 31

G-1000 User’s Guide

CHAPTER 2

Hardware Installation and Initial

Setup

This chapter describes the physical features of the G-1000 and how to make cable connections.

2.1 Front Panel of the G-1000

The LEDs on the front panel indicate the operational status of your G-1000.

Figure 3 G-1000 Front Panel

32 Chapter 2 Hardware Installation and Initial Setup

G-1000 User’s Guide

Table 3 Front Panel LED Description

LED COLOR STATUS DESCRIPTION

BRI/RPT Green On The wireless card on the G-1000 is working properly.

Off The wireless card on the G-1000 is not ready or has a

malfunction.

Red On The G-1000 is not ready or rebooting.

G-1000(WLAN ACK)

ETHN Green On The G-1000 has a successful 10Mb Ethernet connection.

PWR Green On The G-1000 is receiving power.

Blue Breathing The G-1000 is sending or receiving data.

On (dim) The G-1000 is ready, but is not sending or receiving data.

Blinking The G-1000 is sending/receiving data.

Off The G-1000 does not have 10Mb Ethernet connection.

Orange On The G-1000 has a successful 100Mb Ethernet connection.

Blinking The G-1000 is sending or receiving data.

Off The G-1000 does not have 100Mb Ethernet connection.

Off The G-1000 is not receiving power.

2.2 Top Panel and Connections of the G-1000

The following figure shows the top panel of your G-1000.

Chapter 2 Hardware Installation and Initial Setup 33

G-1000 User’s Guide

Figure 4 G-1000 Top Panel

2.2.1 One 10/100M Ethernet Port

Ethernet 10Base-T/100Base-T networks use Shielded Twisted Pair (STP) cable with RJ-45 connectors that look like a bigger telephone plug with 8 pins. The ETHERNET port is autosensing, so you may use the crossover cable provided or a straight-through Ethernet cable to connect your G-1000 to a computer/external hub.

Note: When the G-1000 is turned on and properly connected to a computer or a hub, the ETHN LED on the front panel turns on.

2.2.2 Power Port

Connect the power adapter to the port labeled POWER 12VDC on the top panel of your G1000 which then automatically turns on.

Note: The G-1000 will reboot if the supplied power is too low. This is a normal operation. Note: To avoid damage to the G-1000, make sure you use the supplied power adapter. Refer to the Power Adapter Specification appendix for more information.

2.2.3 The RESET Button

Hold this button in for about ten seconds (or until the Link LED turns red) to reboot and restore your G-1000 to factory default values.

Note: All custom settings will be lost once you reset to the default settings.

34 Chapter 2 Hardware Installation and Initial Setup

2.2.4 Antennas

The G-1000 is equipped with two reverse SMA connectors and two detachable omnidirectional 2dBi antennas to provide clear radio signal between the wireless stations and the access points. Refer to the Antenna Selection and Positioning Recommendations appendix for more information.

The following table shows the G-1000’s coverage (in meters) using the included antennas. The distance may differ depending on the network environment.

Table 4 G-1000 Wireless LAN Coverage

≤ 11 MBPS ≤ 5.5 MBPS OR LOWER

Indoor 50 m 80 m

Outdoor 200 m 300 m

Refer to the Quick Installation Guide for instructions on how to attach the antennas to the G-

1000.

G-1000 User’s Guide

2.3 Hardware Mounting Options

The G-1000 may be placed on a flat surface or wall mounted.

In general, the best place for the access point is at the center of your intended wireless coverage area. For better performance, mount the G-1000 in a high position free of obstructions.

Refer to the Quick Start Guide for hardware mounting procedure.

2.4 Additional Installation Requirements

• A computer(s) with an installed network card or an IEEE 802.11b-compliant PCMCIA wireless LAN card.

• To enable remote RADIUS authentication for wireless clients, you need

• A wireless client computer running IEEE 802.1x-compliant client software. Currently, this is bundled with Windows XP.

• A network RADIUS server for remote user authentication and accounting.

2.5 Configuring Your G-1000

Configure your G-1000 using the Web configurator or SMT (System Management Terminal). You can access the SMT using Telnet.

Chapter 2 Hardware Installation and Initial Setup 35

G-1000 User’s Guide

CHAPTER 3

Introducing the Web

Configurator

This chapter describes how to access the G-1000 web configurator and provides an overview of its screens. The default IP address of the G-1000 is 192.168.1.2.

3.1 Accessing the G-1000 Web Configurator

1 Make sure your G-1000 hardware is properly connected and prepare your computer/

computer network to connect to the G-1000 (refer to the Quick Start Guide).

Launch your web browser.

Type "192.168.1.2" as the URL.

Type "1234" (default) as the password and click Login. In some versions, the default

password appears automatically - if this is the case, click Login.

You should see a screen asking you to change your password (highly recommended) as

shown next. Type a new password (and retype it to confirm) and click Apply or click Ignore.

Note: If you do not change the password, the following screen appears every time you login.

36 Chapter 3 Introducing the Web Configurator

Figure 5 Change Password Screen

You should now see the MAIN MENU screen.

G-1000 User’s Guide

Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the G-1000 if this happens to you.

3.2 Resetting the G-1000

If you forget your password or cannot access the web configurator, you will need to reload the factory-default configuration file or use the RESET button on the side panel of the G-1000. Uploading this configuration file replaces the current configuration file with the factorydefault configuration file. This means that you will lose all configurations that you had previously. The password will be reset to 1234.

3.2.1 Procedure To Use The Reset Button

Make sure the SYS LED is on (not blinking) before you begin this procedure.

Press the RESET button for ten seconds or until the SYS LED, LINK LED or BDG/

RPT LED turns red, and then release it. If the SYS LED begins to blink, the defaults have

been restored and the G-1000 restarts. Otherwise, go to step 2.

2 Turn the G-1000 off.

While pressing the RESET button, turn the G-1000 on.

Continue to hold the RESET button. The SYS LED will begin to blink and flicker very

quickly after about 20 seconds. This indicates that the defaults have been restored and the G-1000 is now restarting.

Chapter 3 Introducing the Web Configurator 37

G-1000 User’s Guide

5 Release the RESET button and wait for the G-1000 to finish restarting.

3.2.2 Method of Restoring Factory-Defaults

You can erase the current configuration and restore factory defaults in three ways:

Use the RESET button on the side panel of the G-1000 to upload the default configuration file (hold this button in for about 10 seconds or until the SYS LED, LINK LED or BDG/RPT LED turns red). Use this method for cases when the password or IP address of the G-1000 is not known.

Use the web configurator to restore defaults (refer to Chapter 10).

Transfer the configuration file to your G-1000 using FTP. See later in the part on SMT configuration for more information.

3.3 Navigating the G-1000 Web Configurator

The following summarizes how to navigate the web configurator from the MAIN MENU screen.

Note: Follow the instructions you see in the MAIN MENU screen or click the icon (located in the top right corner of most screens) to view online help.

Note: The icon does not appear in the MAIN MENU screen.

Figure 6 The MAIN MENU Screen of the Web Configurator

Click WIZARD SETUP for initial configuration including general setup, Wireless LAN setup and IP address assignment.

38 Chapter 3 Introducing the Web Configurator

G-1000 User’s Guide

Click the links under ADVANCED to configure advanced features such as SYSTEM (General Setup, Password and Time Zone), WIRELESS (Wireless, MAC Filter, Roaming and

802.1x/WPA), IP, REMOTE MGNT (Telnet, FTP, WWW and SNMP), Internal RADIUS Server

(Settings, Trusted AP and Trusted User databases), and LOGS (View reports and Log

Settings).

Click MAINTENANCE to view information about your G-1000 or upgrade configuration/ firmware files. Maintenance includes Status (Statistics), Association List, Channel Usage, F/W (firmware) Upload, Configuration (Backup, Restore and Default) and Restart

Click LOGOUT at any time to exit the web configurator

Chapter 3 Introducing the Web Configurator 39

G-1000 User’s Guide

This chapter provides information on the Wizard Setup screens in the web configurator.

4.1 Wizard Setup Overview

The web configurator’s setup wizard helps you configure your G-1000 for wireless stations to access your wired LAN.

4.1.1 Channel

A channel is the radio frequency(ies) used by IEEE 802.11b and IEEE 802.11g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.

CHAPTER 4

Wizard Setup

Adjacent channels partially overlap however. To avoid interference due to overlap, your AP should be on a channel at least five channels away from a channel that an adjacent AP is using. For example, if your region has 11 channels and an adjacent AP is using channel 1, then you need to select a channel between 6 or 11.

The G-1000’s “Scan” function is especially designed to automatically scan for a channel with the least interference.

4.1.2 ESS ID

An Extended Service Set (ESS) is a group of access points connected to a wired LAN on the same subnet. An ESS ID uniquely identifies each set. All access points and their associated wireless stations in the same set must have the same ESSID.

4.1.3 WEP Encryption

WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network. WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key for data encryption and decryption.

40 Chapter 4 Wizard Setup

4.2 Wizard Setup: General Setup

General Setup contains administrative and system-related information.

The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the G-1000 via DHCP.

Figure 7 Wizard 1: General Setup

G-1000 User’s Guide

The following table describes the labels in this screen.

Table 5 Wizard 1: General Setup

LABEL DESCRIPTION

System Name It is recommended you type your computer's "Computer name".

In Windows 95/98 click Start, Settings, Control Panel, Network. Click the Identification tab, note the entry for the Computer Name field and enter it as the System Name.

In Windows 2000, click Start, Settings, Control Panel and then double-click System. Click the Network Identification tab and then the Properties button. Note the entry for the Computer name field and enter it as the System Name.

In Windows XP, click Start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the G-1000 System Name.

This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted.

Domain Name This is not a required field. Leave this field blank or enter the domain name here

Next Click Next to proceed to the next screen.

if you know it.

4.3 Wizard Setup: Wireless LAN

Use the second wizard screen to set up the wireless LAN.

Chapter 4 Wizard Setup 41

G-1000 User’s Guide

Figure 8 Wizard 2: Wireless LAN Setup

The following table describes the labels in this screen.

Table 6 Wizard 2: Wireless LAN Setup

LABEL DESCRIPTION

Wireless LAN Setup

WLAN Adaptor Select Built-in from the drop down list box to configure your G-1000 using the

internal WLAN card. Select Removable from the drop down list box to configure your G-1000 using a WLAN card adaptor using the extension card slot.

Note: This field is only available when you have an external wireless card inserted in the G-1000.

ESSID Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the

wireless LAN. If you change this field on the G-1000, make sure all wireless stations use the

same Name (ESSID) in order to access the network.

Choose Channel ID To manually set the G-1000 to use a channel, select a channel from the drop-

Scan Click this button to have the G-1000 automatically scan for and select a

WEP Encryption Select Disable allows all wireless computers to communicate with the access

ASCII Select this option in order to enter ASCII characters as the WEP keys.

Hex Select this option to enter hexadecimal characters as the WEP keys.

Key 1 to Key 4 The WEP keys are used to encrypt data. Both the G-1000 and the wireless

down list box. Open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer-to-peer wireless network.

To have the G-1000 automatically select a channel, click Scan instead.

channel with the least interference.

points without any data encryption. Select 64-bit WEP or 128-bit WEP to allow data encryption.

The preceding 0x is entered automatically.

stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal

characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal

characters ("0-9", "A-F"). You must configure all four keys, but only one key can be activated at any one

time. The default key is key 1.

42 Chapter 4 Wizard Setup

Table 6 Wizard 2: Wireless LAN Setup

LABEL DESCRIPTION

Back Click Back to return to the previous screen.

Next Click Next to continue.

4.4 Wizard Setup: IP Address

The third wizard screen allows you to configure IP address assignment.

4.4.1 IP Address Assignment

Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet, for instance, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks.

G-1000 User’s Guide

Table 7 Private IP Address Ranges

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.

Note: Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.

4.4.2 IP Address and Subnet Mask

Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.

Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.

Chapter 4 Wizard Setup 43

G-1000 User’s Guide

If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network.

Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.2, for your G-1000, but make sure that no other device on your network is using that IP address.

The subnet mask specifies the network number portion of an IP address. Your G-1000 will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the G-1000 unless you are instructed to do otherwise.

Figure 9 Wizard 3: IP Address Assignment

The following table describes the labels in this screen.

Table 8 Wizard 3: IP Address Assignment

LABEL DESCRIPTION

IP Address Assignment

Get automatically from DHCP

Select this option if your G-1000 is using a dynamically assigned IP address from a DHCP server each time.

Note: You must know the IP address assigned to the G-1000 (by the DHCP server) to access the G-1000 again.

Use fixed IP address Select this option if your G-1000 is using a static IP address. When you select

IP Address Enter the IP address of your G-1000 in dotted decimal notation.

this option, fill in the fields below.

Note: If you changed the G-1000's IP address, you must use the new IP address if you want to access the web configurator again.

IP Subnet Mask Type the subnet mask.

Gateway IP Address Type the IP address of the gateway. The gateway is an immediate neighbor

of your G-1000 that will forward the packet to the destination. The gateway must be a router on the same segment as your G-1000's LAN or WLAN port.

44 Chapter 4 Wizard Setup

Table 8 Wizard 3: IP Address Assignment

LABEL DESCRIPTION

Back Click Back to return to the previous screen.

Finish Click Finish to proceed to complete the Wizard setup.

4.5 Basic Setup Complete

When you click Finish in the Wizard 3 IP Address Assignment screen, a warning window display as shown. Click OK to close the window and log in to the web configurator again using the new IP address if you change the default IP address (192.168.1.2).

You have successfully set up the G-1000. A screen displays prompting you to close the web browser.

G-1000 User’s Guide

Click Ye s. Otherwise, click No and the congratulations screen shows next.

Figure 10 Wizard 4: Setup Complete

Well done! You have successfully set up your G-1000 to operate on your network and access the Internet.

Chapter 4 Wizard Setup 45

G-1000 User’s Guide

5.1 System Overview

This section provides information on general system setup.

5.2 Configuring General Setup

Click the SYSTEM link under ADVANCED to open the General screen.

Figure 11 System General Setup

CHAPTER 5

System Screens

The following table describes the labels in this screen.

Table 9 System General Setup

LABEL DESCRIPTION

General Setup

System Name Type a descriptive name to identify the G-1000 in the Ethernet network.

This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted.

Domain Name This is not a required field. Leave this field blank or enter the domain name

here if you know it.

Administrator Inactivity Timer

System DNS Servers

46 Chapter 5 System Screens

Type how many minutes a management session (either via the web configurator or SMT) can be left idle before the session times out.

The default is 5 minutes. After it times out you have to log in with your password again. Very long idle timeouts may have security risks.

A value of "0" means a management session never times out, no matter how long it has been left idle (not recommended).

Table 9 System General Setup

LABEL DESCRIPTION

G-1000 User’s Guide

First DNS Server Second DNS Server Third DNS Server

Apply Click Apply to save your changes back to the G-1000.

Reset Click Reset to reload the previous configuration for this screen.

Select From DHCP if your DHCP server dynamically assigns DNS server information (and the G-1000's Ethernet IP address). The field to the right displays the (read-only) DNS server IP address that the DHCP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply. If you set a second choice to User-Defined, and enter the same IP address, the second User-Defined changes to None after you click Apply.

Select None if you do not want to configure DNS servers. If you do not configure a DNS server, you must know the IP address of a machine in order to access it.

The default setting is None.

5.3 Configuring Password

To change your G-1000’s password (recommended), click the SYSTEM link under ADVANCED and then the Password tab. The screen appears as shown. This screen allows

you to change the G-1000’s password.

If you forget your password (or the G-1000 IP address), you will need to reset the G-1000. See the Resetting the G-1000 section for details

Figure 12 Password.

The following table describes the labels in this screen.

Table 10 Password

LABEL DESCRIPTIONS

Old Password Type in your existing system password (1234 is the default password).

New Password Type your new system password (up to 31 characters). Note that as you type a

Retype to Confirm Retype your new system password for confirmation.

Apply Click Apply to save your changes back to the G-1000.

Reset Click Reset to reload the previous configuration for this screen.

password, the screen displays an asterisk (*) for each character you type.

Chapter 5 System Screens 47

G-1000 User’s Guide

5.4 Configuring Time Setting

To change your G-1000’s time and date, click the SYSTEM link under ADVANCED and then the Time Setting tab. The screen appears as shown. Use this screen to configure the G1000’s time based on your local time zone.

Figure 13 Time Setting

The following table describes the labels in this screen.

Table 11 Time Setting

LABEL DESCRIPTION

Time Protocol Select the time service protocol that your time server sends when you turn on

the G-1000. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.

The main difference between them is the format.

Daytime (RFC 867) format is day/month/year/time zone of the server. Time (RFC 868) format displays a 4-byte integer giving the total number of

seconds since 1970/1/1 at 0:0:0. The default, NTP (RFC 1305), is similar to Time (RFC 868). Select None to enter the time and date manually.

Time Server Address Enter the IP address or the URL of your time server. Check with your ISP/

network administrator if you are unsure of this information.

Current Time (hh:mm:ss)

New Time (hh:mm:ss) This field displays the last updated time from the time server.

This field displays the time of your G-1000. Each time you reload this page, the G-1000 synchronizes the time with the

time server.

When you select None in the Time Protocol field, enter the new time in this field and then click Apply.

48 Chapter 5 System Screens

Table 11 Time Setting

LABEL DESCRIPTION

G-1000 User’s Guide

Current Date (yyyy/ mm/dd)

New Date (yyyy/mm/ dd)

Time Zone Choose the time zone of your location. This will set the time difference

Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period

Start Date (mm-dd) Enter the month and day that your daylight-savings time starts on if you

End Date (mm-dd) Enter the month and day that your daylight-savings time ends on if you

Apply Click Apply to save your changes back to the G-1000.

Reset Click Reset to reload the previous configuration for this screen.

This field displays the date of your G-1000. Each time you reload this page, the G-1000 synchronizes the date with the

time server.

This field displays the last updated date from the time server. When you select None in the Time Protocol field, enter the new date in this

field and then click Apply.

between your time zone and Greenwich Mean Time (GMT).

from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.

selected Daylight Savings.

Chapter 5 System Screens 49

G-1000 User’s Guide

This chapter discusses how to configure Wireless LAN.

6.1 Introduction

A wireless LAN (WLAN) can be as simple as two computers with WLAN adapters communicating in a peer-to-peer network or as complex as a number of computers with WLAN adapters communicating through access points which bridge network traffic to the wired LAN.

Note: See the WLAN appendix for more detailed information on WLANs.

CHAPTER 6

Wireless LAN

6.2 Wireless Security Overview

Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.

Wireless security methods available on the G-1000 are data encryption, wireless client authentication, restricting access by device MAC address and hiding the G-1000 identity.

6.2.1 Encryption

• Use WPA(2) security if you have WPA(2)-aware wireless clients and a RADIUS server. WPA(2) has user authentication and improved data encryption over WEP.

• Use WPA(2)-PSK if you have WPA(2)-aware wireless clients but no RADIUS server.

• If you don’t have WPA(2)-aware wireless clients, then use WEP key encrypting. A higher bit key offers better security at a throughput trade-off. You can enter 64-bit or 128bit WEP keys.

6.2.2 Authentication

WPA has user authentication and you can also configure IEEE 802.1x to use the built-in database (Local User Database) or a RADIUS server to authenticate wireless clients before joining your network.

• Use RADIUS authentication if you have a RADIUS server. See the appendices for information on protocols used when a client authenticates with a RADIUS server via the G-1000.

50 Chapter 6 Wireless LAN

• Use the Local User Database if you have less than 32 wireless clients in your network. The G-1000 uses MD5 encryption when a client authenticates with the Local User Database

6.2.3 Restricted Access

The MAC Filter screen allows you to configure the AP to give exclusive access to devices (Allow Association) or exclude them from accessing the AP (Deny Association).

6.2.4 Hide G-1000 Identity

If you hide the ESSID, then the G-1000 cannot be seen when a wireless client scans for local APs. The trade-off for the extra security of “hiding” the G-1000 may be inconvenience for some valid WLAN clients.

6.2.5 Configuring Wireless LAN on the G-1000

1 Configure the

ESSID and WEP in the Wireless screen. If you configure WEP, you can’t configure WPA(2) or WPA(2)- PSK.

G-1000 User’s Guide

2 Use the MAC Filter screen to restrict access to your wireless network by MAC address.

3 Use the Roaming screen to configure the G-1000 so that in a network environment with

multiple access points, wireless stations are able to switch from one access point to another as they move between the coverage areas.

4 Configure WPA(2) or WPA(2)-PSK in the 802.1x/WPA screen. Configure 802.1x

wireless client authentication in the 802.1x/WPA screen.

5 Configure the built-in authentication database in the Local User Database screen.

6 Configure the authentication and accounting servers for RADIUS in the RADIUS screen.

The following figure shows the relative effectiveness of these wireless security methods available on your G-1000.

Chapter 6 Wireless LAN 51

G-1000 User’s Guide

The figure below shows the possible wireless security levels on your G-1000. EAP (Extensible Authentication Protocol) is used for authentication and utilizes dynamic WEP key exchange. It requires interaction with a RADIUS (Remote Authentication Dial-In User Service) server either on the WAN or your LAN to provide authentication service for wireless stations

Table 12 G-1000 Wireless Security Levels

Security Level Security Type

Least Secure

Most Secure

If you do not enable any wireless security on your G-1000, your network is accessible to any wireless networking device that is within range.

Unique SSID (Default)

Unique SSID with Hide SSID Enabled

MAC Address Filtering

WEP Encryption

IEEE802.1x EAP with RADIUS Server Authentication

Wi-Fi Protected Access (WPA)

WPA2

6.3 Configuring the Wireless Screen

6.3.1 WEP Encryption

WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key.

Your G-1000 allows you to configure up to four 64-bit or 128-bit WEP keys, but only one key can be enabled at any one time.

In order to configure and enable WEP encryption; click WIRELESS and the Wireless tab to the display the Wireless screen.

52 Chapter 6 Wireless LAN

Figure 14 Wireless

G-1000 User’s Guide

The following table describes the general wireless LAN labels in this screen.

Table 13 Wireless

LABEL DESCRIPTION

ESSID The ESSID (Extended Service Set IDentity) identifies the Service Set with which a

wireless station is associated. Wireless stations associating to the access point (AP) must have the same ESSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.

Note: If you are configuring the G-1000 from a computer connected to the wireless LAN and you change the G-1000’s ESSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the G-1000’s new settings.

Hide ESSID Select this check box to hide the ESSID in the outgoing beacon frame so a station

cannot obtain the ESSID through scanning using a site survey tool.

Choose Channel IDSet the operating frequency/channel depending on your particular region.

To manually set the G-1000 to use a channel, select a channel from the drop-down list box. Click MAINTENANCE and then the Channel Usage tab to open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer-to-peer wireless network.

Refer to the Wizard Setup chapter for more information on channels.

RTS/CTS Threshold

(Request To Send) The threshold (number of bytes) for enabling RTS/CTS handshake. Data with its frame size larger than this value will perform the RTS/CTS handshake. Setting this attribute to be larger than the maximum MSDU (MAC service data unit) size turns off the RTS/CTS handshake. Setting this attribute to zero turns on the RTS/CTS handshake. Enter a value between 0 and 2432.

Chapter 6 Wireless LAN 53

G-1000 User’s Guide

Table 13 Wireless

LABEL DESCRIPTION

Fragmentation Threshold

WEP Encryption WEP (Wired Equivalent Privacy) provides data encryption to prevent unauthorized

Authentication Method

Key 1 to Key 4 If you chose 64-bit WEP in the WEP Encryption field, then enter any 5 characters

Enable IntraBSS Traffic

Enable Breathing LED

Preamble Select a preamble type from the drop-down list menu. Choices are Long, Short and

802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to

Max. Frame Burst

Apply Click Apply to save your changes back to the G-1000.

Reset Click Reset to begin configuring this screen afresh.

The threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent. Enter a value between 800 and 2432.

wireless stations from accessing data transmitted over the wireless network. Select Disable to allow wireless stations to communicate with the access points

without any data encryption. Select 64-bit WEP or 128-bit WEP to enable data encryption.

Select Auto, Open System or Shared Key from the drop-down list box.

(ASCII string) or 13 hexadecimal characters ("0-9", "A-F"). The hexadecimal characters should be preceded by 0x for each key.

If you chose 128-bit WEP in the WEP Encryption field, then enter 13 characters (ASCII string) or 26 hexadecimal characters ("0-9", "A-F") preceded by 0x for each key.

There are four data encryption keys to secure your data from eavesdropping by unauthorized wireless users. The values for the keys must be set up exactly the same on the access points as they are on the wireless stations.

The preceding “0x” is entered automatically. You must configure all four keys, but only one key can be activated at any one time. The default key is key 1.

Intra-BSS traffic is traffic between wireless stations in the same BSS. Select this check box to enable Intra-BSS traffic.

Select this check box to enable the Breathing LED, also known as the G-1000 LED. The blue G-1000 LED is on when the G-1000 is on and blinks (or breaths) when

data is being transmitted to/from its wireless stations. Clear the check box to turn this LED off even when the G-1000 is on and data is

being transmitted/received.

Dynamic. See the section on preamble for more information.

associate with the G-1000. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to

associate with the G-1000. Select Mixed to allow either IEEE802.11b or IEEE802.11g compliant WLAN devices

to associate with the G-1000. The transmission rate of your G-1000 might be reduced.

Enable Maximum Frame Burst to help eliminate collisions in mixed-mode networks (networks with both IEEE 802.11g and IEEE 802.11b traffic) and enhance the performance of both pure IEEE 802.11g and mixed IEEE 802.11b/g networks. Maximum Frame Burst sets the maximum time, in microseconds, that the G-1000 transmits IEEE 802.11g wireless traffic only.

Type the maximum frame burst between 0 and 1800 (650, 1000 or 1800 recommended). Enter 0 to disable this feature.

54 Chapter 6 Wireless LAN

6.4 Configuring Roaming

A wireless station is a device with an IEEE 802.11b or an IEEE 802.11g compliant wireless interface. An access point (AP) acts as a bridge between the wireless and wired networks. An AP creates its own wireless coverage area. A wireless station can associate with a particular access point only if it is within the access point’s coverage area.

In a network environment with multiple access points, wireless stations are able to switch from one access point to another as they move between the coverage areas. This is roaming. As the wireless station moves from place to place, it is responsible for choosing the most appropriate access point depending on the signal strength, network utilization or other factors.

The roaming feature on the access points allows the access points to relay information about the wireless stations to each other. When a wireless station moves from a coverage area to another, it scans and uses the channel of a new access point, which then informs the access points on the LAN about the change. The new information is then propagated to the other access points on the LAN. An example is shown in Figure 15.

With roaming, a wireless LAN mobile user enjoys a continuous connection to the wired network through an access point while moving around the wireless LAN.

G-1000 User’s Guide

Enable roaming to exchange the latest bridge information of all wireless stations between APs when a wireless station moves between coverage areas. Wireless stations can still associate with other APs even if you disable roaming. Enabling roaming ensures correct traffic forwarding (bridge tables are updated) and maximum AP efficiency. The AP deletes records of wireless stations that associate with other APs (Non-ZyXEL APs may not be able to perform this). 802.1x authentication information is not exchanged (at the time of writing).

Chapter 6 Wireless LAN 55

G-1000 User’s Guide

Figure 15 Roaming Example

The steps below describe the roaming process.

1 As wireless station Y moves from the coverage area of access point AP 1 to that of access

point

2 AP 2, it scans and uses the signal of access point AP 2.

3 Access point AP 2 acknowledges the presence of wireless station Y and relays this

information to access point AP 1 through the wired LAN.

4 Access point AP 1 updates the new position of wireless station.

5 Wireless station Y sends a request to access point AP 2 for reauthentication.

6.4.1 Requirements for Roaming

The following requirements must be met in order for wireless stations to roam between the coverage areas.

1 All the access points must be on the same subnet and configured with the same ESSID.

2 If IEEE 802.1x user authentication is enabled and to be done locally on the access point,

the new access point must have the user profile for the wireless station.

3 The adjacent access points should use different radio channels when their coverage areas

overlap.

4 All access points must use the same port number to relay roaming information.

5 The access points must be connected to the Ethernet and be able to get IP addresses from

a DHCP server if using dynamic IP address assignment.

56 Chapter 6 Wireless LAN

G-1000 User’s Guide

To enable roaming on your G-1000, click the WIRELESS link under ADVANCED and then the Roaming tab. The screen appears as shown.

Figure 16 Roaming

The following table describes the labels in this screen.

Table 14 Roaming

LABEL DESCRIPTION

Active Select Yes from the drop-down list box to enable roaming on the G-1000 if you

Port # Enter the port number to communicate roaming information between access

Apply Click Apply to save your changes back to the G-1000.

Reset Click Reset to begin configuring this screen afresh.

6.5 MAC Filter

The MAC filter screen allows you to configure the G-1000 to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the G-1000 (Deny Association). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC address of the devices to configure this screen.

The WLAN Adapter drop down list box is only available when you have an external wireless card inserted in the G-1000. No matter whether you select Built-in or Removable, the configuration screens are the same for each interface.

have two or more G-1000s on the same subnet.

Note: All APs on the same subnet and the wireless stations must have the same ESSID to allow roaming.

points. The port number must be the same on all access points. The default is

3517. Make sure this port is not used by other services.

To change your G-1000’s MAC filter settings, click the WIRELESS link under ADVANCED and then the MAC Filter tab. The screen appears as shown.

Chapter 6 Wireless LAN 57

G-1000 User’s Guide

Figure 17 MAC Address Filter

The following table describes the labels in this screen.

Table 15 MAC Address Filter

LABEL DESCRIPTION

Active Select Yes from the drop down list box to enable MAC address filtering.

Filter Action Define the filter action for the list of MAC addresses in the MAC address filter

MAC Address Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the wireless

Apply Click Apply to save your changes back to the G-1000.

Reset Click Reset to begin configuring this screen afresh.

table. Select Deny Association to block access to the router, MAC addresses not

listed will be allowed to access the router. Select Allow Association to permit access to the router, MAC addresses not

listed will be denied access to the router.

station that are allowed or denied access to the G-1000 in these address fields.

58 Chapter 6 Wireless LAN

6.6 Introduction to WPA

Wi-Fi Protected Access (WPA and WPA2) applies IEEE 801.2x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using and external RADIUS database. WPA has better user authentication and improved data encryption than WEP, and WPA2 provides even better data encryption and user authentication than WPA. See the appendix for more information on WPA(2) user authentication and WPA encryption.

If the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you don’t have an external RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key). WPA2-PSK only requires a single (identical) password entered into each WLAN member. As long as the passwords match, a client will be granted access to a WLAN.

If the wireless clients do not support WPA2, use WPA or WPA-PSK, depending on whether or not you have an additional RADIUS server. Use WEP only if the wireless clients do not support WPA(2).

Note: You can’t use the Local User Database for authentication when you select

WPA(2).

G-1000 User’s Guide

6.6.1 WPA(2)-PSK Application Example

A WPA-PSK (or WPA2-PSK) application looks as follows.

1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key

(PSK) must be between 8 and 63 printable characters (including spaces; alphabetic characters are case-sensitive).

2 The AP checks each client’s password and (only) allows it to join the network if the

password matches.

3 The AP derives and distributes keys to the wireless clients.

4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data

exchanged between them.

Chapter 6 Wireless LAN 59

G-1000 User’s Guide

Figure 18 WPA(2) - PSK Authentication

6.6.2 WPA(2) with RADIUS Application Example

You need the IP address, port number (default is 1812) and shared secret of a RADIUS server. A WPA(2) application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system (wired link to the LAN).

1 The AP passes the wireless client’s authentication request to the RADIUS server.

2 The RADIUS server then checks the user's identification against its database and grants

or denies network access accordingly.

3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then

sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly transmitted between the AP and the wireless clients

60 Chapter 6 Wireless LAN

Figure 19 WPA with RADIUS Application Example2

G-1000 User’s Guide

6.6.3 Wireless Client WPA Supplicants

A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicants are the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data Communications' AEGIS client.

The Windows XP patch is a free download that adds WPA capability to Windows XP's builtin "Zero Configuration" wireless client. However, you must run Windows XP to use it.

6.7 Configuring IEEE 802.1x and WPA

To change your G-1000’s authentication settings, click the WIRELESS link under ADVANCED and then the 802.1x/WPA tab. The screen varies by the key management

protocol you select.

You see the next screen when you select No Access Allowed or No Authentication Required in the Wireless Port Control field.

Chapter 6 Wireless LAN 61

G-1000 User’s Guide

Figure 20 Wireless LAN: 802.1x/WPA

The following table describes the labels in this screen.

Table 16 Wireless LAN: 802.1x/WPA

LABEL DESCRIPTION

Wireless Port Control

Apply Click Apply to save your changes back to the G-1000.

Reset Click Reset to begin configuring this screen afresh.

To control wireless stations access to the wired network, select a control method from the drop-down list box. Choose from No Access Allowed, No

Authentication Required and Authentication Required. No Access Allowed blocks all wireless stations access to the wired network. No Authentication Required allows all wireless stations access to the wired

network without entering usernames and passwords. This is the default setting. Authentication Required means that all wireless stations have to enter

usernames and passwords before access to the wired network is allowed. Select Authentication Required to configure Key Management Protocol and

other related fields.

6.7.1 Authentication Required: 802.1x

You need the following for IEEE 802.1x authentication.

• A computer with an IEEE 802.11 b/g wireless LAN adapter and equipped with a web browser (with JavaScript enabled) and/or Telnet.

• A wireless station computer must be running IEEE 802.1x-compliant software. Not all Windows operating systems support IEEE 802.1x (see the Microsoft web site for details). For other operating systems, see their documentation. If your operating system does not support IEEE 802.1x, then you may need to install IEEE 802.1x client software.

• An optional network RADIUS server for remote user authentication and accounting.

Select Authentication Required in the Wireless Port Control field and 802.1x in the Key Management Protocol field to display the next screen.

62 Chapter 6 Wireless LAN

Figure 21 Wireless LAN: 802.1x/WPA for 802.1x Protocol

The following table describes the labels in this screen.

Table 17 Wireless LAN: 802.1x/WPA for 802.1x Protocol

LABEL DESCRIPTION

G-1000 User’s Guide

Wireless Port Control

ReAuthentication Timer (In Seconds)

Idle Timeout (In Seconds)

Key Management Protocol

To control wireless stations access to the wired network, select a control method from the drop-down list box. Choose from No Authentication Required,

Authentication Required and No Access Allowed. No Authentication Required allows all wireless stations access to the wired

network without entering usernames and passwords. This is the default setting. Authentication Required means that all wireless stations have to enter

usernames and passwords before access to the wired network is allowed. No Access Allowed blocks all wireless stations access to the wired network. The following fields are only available when you select Authentication Required.

Specify how often wireless stations have to reenter usernames and passwords in order to stay connected. This field is activated only when you select Authentication Required in the Wireless Port Control field.

Enter a time interval between 10 and 9999 seconds. The default time interval is

1800 seconds (30 minutes).

Note: If wireless station authentication is done using a RADIUS

server, the reauthentication timer on the RADIUS server has priority.

The G-1000 automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed.

This field is activated only when you select Authentication Required in the Wireless Port Control field. The default time interval is 3600 seconds (or 1 hour).

Choose 802.1x from the drop-down list.

Chapter 6 Wireless LAN 63

G-1000 User’s Guide

Table 17 Wireless LAN: 802.1x/WPA for 802.1x Protocol

LABEL DESCRIPTION

Dynamic WEP Key Exchange

Authentication Databases

This field is activated only when you select Authentication Required in the

Wireless Port Control field. Also set the Key Management Protocol field to

802.1x.

Select Disable to allow wireless stations to communicate with the access points without using dynamic WEP key exchange.

Select 64-bit WEP or 128-bit WEP to enable data encryption. Up to 32 stations can access the G-1000 when you configure dynamic WEP key

exchange. This field is not available when you set Key Management Protocol to WPA or

WPA-PSK.

The authentication database contains wireless station login information. The local user database is the built-in database on the G-1000G-1000. The RADIUS is an external server. Use this drop-down list box to select which database the G-1000 should use (first) to authenticate a wireless station.

Before you specify the priority, make sure you have set up the corresponding database correctly first.

Select Local User Database Only to have the G-1000 just check the built-in user database on the G-1000 for a wireless station's username and password.

Select RADIUS Only to have the G-1000 just check the user database on the specified RADIUS server for a wireless station's username and password.

Select Local first, then RADIUS to have the G-1000 first check the user database on the G-1000 for a wireless station's username and password. If the user name is not found, the G-1000 then checks the user database on the specified RADIUS server.

Select RADIUS first, then Local to have the G-1000 first check the user database on the specified RADIUS server for a wireless station's username and password. If the G-1000 cannot reach the RADIUS server, the G-1000 then checks the local user database on the G-1000. When the user name is not found or password does not match in the RADIUS server, the G-1000 will not check the local user database and the authentication fails.

Note: Once you enable user authentication, you need to specify an external RADIUS server or create local user accounts on the G-1000 for authentication.

6.7.2 Authentication Required: WPA

Select Authentication Required in the Wireless Port Control field and WPA in the Key Management Protocol field to display the next screen.

64 Chapter 6 Wireless LAN

Figure 22 Wireless LAN: 802.1x/WPA for WPA Protocol

The following table describes the labels not previously discussed

Table 18 Wireless LAN: 802.1x/WPA for WPA Protocol

LABEL DESCRIPTIONS

G-1000 User’s Guide

Key Management Protocol

WPA Group Key Update Timer

Authentication Databases

Apply Click Apply to save your changes back to the G-1000.

Reset Click Reset to begin configuring this screen afresh.

Choose WPA in this field.

The WPA Group Key Update Timer is the rate at which the AP (if using WPA- PSK key management) or RADIUS server (if using WPA key management) sends a new group key out to all clients. The re-keying process is the WPA equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis. Setting of the WPA Group Key Update Timer is also supported in WPA-PSK mode. The G-1000 default is 1800 seconds (30 minutes).

This field is disabled.

Please see Table 17 for information on the additional fields shown in this screen.

6.7.3 Authentication Required: WPA-PSK

Select Authentication Required in the Wireless Port Control field and WPA-PSK in the Key Management Protocol field to display the next screen.

Chapter 6 Wireless LAN 65

G-1000 User’s Guide

Figure 23 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol

The following table describes the labels not previously discussed

Table 19 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol

LABEL DESCRIPTION

Key Management Protocol

Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same. The only

WPA Group Key Update Timer

Apply Click Apply to save your changes back to the G-1000.

Reset Click Reset to begin configuring this screen afresh.

Choose WPA-PSK in this field.

difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials.

Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols).

6.7.4 Authentication Required: WPA2

Select Authentication Required in the Wireless Port Control field and WPA2 in the Key Management Protocol field to display the next screen.

66 Chapter 6 Wireless LAN

Figure 24 Wireless LAN: 802.1x/WPA for WPA2 Protocol

The following table describes the labels not previously discussed

G-1000 User’s Guide

Table 20 Wireless LAN: 802.1x/WPA2 for WPA Protocol

LABEL DESCRIPTIONS

Key Management Protocol

WPA Compatible Check this box if you want your G-1000 to support WPA2 and WPA at the same

WPA Group Key Update Timer

Authentication Databases

Apply Click Apply to save your changes back to the G-1000.

Reset Click Reset to begin configuring this screen afresh.

Choose WPA2 in this field.

time. This might reduce the performance of the device, however.

The WPA Group Key Update Timer is the rate at which the AP (if using WPA2- PSK key management) or RADIUS server (if using WPA2 key management) sends a new group key out to all clients. The re-keying process is the WPA2 equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis. Setting of the WPA Group Key Update Timer is also supported in WPA2-PSK mode. The G-1000 default is 1800 seconds (30 minutes).

This field is disabled.

Please see Table 17 for information on the additional fields shown in this screen.

6.7.5 Authentication Required: WPA2-PSK

Select Authentication Required in the Wireless Port Control field and WPA2-PSK in the Key Management Protocol field to display the next screen.

Chapter 6 Wireless LAN 67

G-1000 User’s Guide

Figure 25 Wireless LAN: 802.1x/WPA for WPA2-PSK Protocol

The following table describes the labels not previously discussed

Table 21 Wireless LAN: 802.1x/WPA for WPA2-PSK Protocol

LABEL DESCRIPTION

Key Management Protocol

WPA Compatible Check this box if you want your G-1000 to support WPA2-PSK and WPA-PSK at

Pre-Shared Key The encryption mechanisms used for WPA2 and WPA2-PSK are the same. The

WPA Group Key Update Timer

Apply Click Apply to save your changes back to the G-1000.

Reset Click Reset to begin configuring this screen afresh.

Choose WPA2-PSK in this field.

the same time. This might reduce the performance of the device, however.

only difference between the two is that WPA2-PSK uses a simple common password, instead of user-specific credentials.

Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols).

6.8 Configuring RADIUS

A RADIUS (Remote Authentication Dial In user Service) server enables user authentication, authorization and accounting. Use RADIUS if you want to authenticate users using an external server.

The RADIUS screen allows you to specify the authentication and accounting servers and to enable and disable them.

68 Chapter 6 Wireless LAN

G-1000 User’s Guide

To access this screen, click the WIRELESS link under ADVANCED and then the RADIUS tab. The screen appears as shown.

Figure 26 RADIUS Screen

The following table describes the labels in this screen.

Table 22 RADIUS Screen

LABEL DESCRIPTION

Authentication Server

Active Select whether or not the external RADIUS authentication server is active.

Server IP Address Enter the IP address of the external RADIUS authentication server.

Port Number Enter the port number used by the external RADIUS authentication server.

Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to be shared

between the external RADIUS server and the G-1000. This key is not sent over the network. This key must be the same on the external RADIUS server and the G-1000.

Accounting Server

Active Select whether or not the external RADIUS accounting server is active.

Server IP Address Enter the IP address of the external RADIUS accounting server.

Port Number Enter the port number used by the external RADIUS accounting server.

Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to be shared

Apply Click Apply to save your changes back to the G-1000.

Reset Click Reset to set the RADIUS server settings again.

between the external RADIUS server and the G-1000. This key is not sent over the network. This key must be the same on the external RADIUS server and the G-1000.

Chapter 6 Wireless LAN 69

G-1000 User’s Guide

This chapter discusses how to configure IP on the G-1000

7.1 TCP/IP Parameters

7.1.1 IP Address and Subnet Mask

See the IP Address and Subnet Mask section in the Wizard Setup chapter for this information. The Ethernet parameters of the G-1000 are preset in the factory with the following values:

• IP address of 192.168.1.2

• Subnet mask of 255.255.255.0 (24 bits)

CHAPTER 7

IP Screen

These parameters should work for the majority of installations.

7.1.2 WAN IP Address Assignment

Table 23 Private IP Address Ranges

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

70 Chapter 7 IP Screen

7.2 Configuring IP

Click ADVANCED and then IP to display the screen shown next.

Figure 27 IP Setup

The following table describes the labels in this screen.

Table 24 IP Setup

G-1000 User’s Guide

LABEL DESCRIPTION

IP Address Assignment

Get automatically from DHCP

Select this option if your G-1000 is using a dynamically assigned IP address from a DHCP server each time.

Note: You must know the IP address assigned to the G-1000 (by the DHCP server) to access the G-1000 again.

Use fixed IP address Select this option if your G-1000 is using a static IP address. When you select

this option, fill in the fields below.

IP Address Enter the IP address of your G-1000 in dotted decimal notation.

Note: If you change the G-1000's IP address, you must use the new IP address if you want to access the web configurator again.

IP Subnet Mask Type the subnet mask.

Gateway IP Address Type the IP address of the gateway. The gateway is an immediate neighbor

Apply Click Apply to save your changes back to the G-1000.

Reset Click Reset to begin configuring this screen afresh.

of your G-1000 that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your G-1000; over the WAN, the gateway must be the IP address of one of the remote node.

Chapter 7 IP Screen 71

G-1000 User’s Guide

Remote Management Screens

This chapter provides information on the Remote Management screens.

8.1 Remote Management Overview

Remote management allows you to determine which services/protocols can access which G1000 interface (if any) from which computers.

You may manage your G-1000 from a remote location via:

• WLAN only • ALL (LAN and WLAN)

• LAN only • Neither (Disable).

CHAPTER 8

To disable remote management of a service, select Disable in the corresponding Server Access field.

You may only have one remote management session running at a time. The G-1000 automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts. The priorities for the different types of remote management sessions are as follows.

1 Teln et

2 HTTP

8.1.1 Remote Management Limitations

Remote management over LAN or WAN will not work when:

1 A filter in SMT menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet,

FTP or Web service.

2 You have disabled that service in one of the remote management screens.

3 The IP address in the Secured Client IP field does not match the client IP address. If it

does not match, the G-1000 will disconnect the session immediately.

4 There is already another remote management session with an equal or higher priority

running. You may only have one remote management session running at one time.

72 Chapter 8 Remote Management Screens

8.1.2 Remote Management and NAT

When NAT is enabled:

• Use the G-1000’s WLAN IP address when configuring from the WLAN.

• Use the G-1000’s LAN IP address when configuring from the LAN.

8.1.3 System Timeout

There is a default system management idle timeout of five minutes (three hundred seconds). The G-1000 automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling. You can change the timeout period in the System screen

8.2 Configuring WWW

To change your G-1000’s World Wide Web settings, click REMOTE MGMT to display the WWW screen.

G-1000 User’s Guide

Figure 28 Remote Management: WWW

The following table describes the labels in this screen.

Table 25 Remote Management: WWW

LABEL DESCRIPTION

WWW

Server Port You may change the server port number for a service, if needed; however, you

must use the same port number in order to use this service for remote management.

Server Access Select the interface(s) through which a computer may access the G-1000 using this

service.

Secured Client IP Address

A secured client is a “trusted” computer that is allowed to communicate with the G1000 using this service.

Select All to allow any computer to access the G-1000 using this service. Choose Selected to just allow the computer with the IP address that you specify to

access the G-1000 using this service.

Chapter 8 Remote Management Screens 73

G-1000 User’s Guide

Table 25 Remote Management: WWW

LABEL DESCRIPTION

Apply Click Apply to save your customized settings and exit this screen.

Reset Click Reset to begin configuring this screen afresh.

8.3 Configuring Telnet

You can configure your G-1000 for remote Telnet access as shown next. The administrator uses Telnet from a computer on a remote network to access the G-1000.

Figure 29 Telnet Configuration on a TCP/IP Network

8.4 Configuring TELNET

Click REMOTE MGMT and the TELNET tab to display the screen as shown.

74 Chapter 8 Remote Management Screens

Figure 30 Remote Management: Telnet

The following table describes the labels in this screen.

Table 26 Remote Management: Telnet

G-1000 User’s Guide

LABEL

Server Port You may change the server port number for a service, if needed; however, you must

use the same port number in order to use this service for remote management.

Server Access Select the interface(s) through which a computer may access the G-1000 using this

Secured Client IP Address

Apply Click Apply to save your customized settings and exit this screen.

Reset Click Reset to begin configuring this screen afresh.

service.

A secured client is a “trusted” computer that is allowed to communicate with the G1000 using this service.

Select All to allow any computer to access the G-1000 using this service. Choose Selected to just allow the computer with the IP address that you specify to

access the G-1000 using this service.

8.5 Configuring FTP

You can upload and download the G-1000’s firmware and configuration files using FTP, please see the chapter on firmware and configuration file maintenance for details. To use this feature, your computer must have an FTP client.

To change your G-1000’s FTP settings, click REMOTE MGMT, then the FTP tab. The screen appears as shown.

DESCRIPTION

Chapter 8 Remote Management Screens 75

G-1000 User’s Guide

Figure 31 Remote Management: FTP

The following table describes the labels in this screen.

Table 27 Remote Management: FTP

LABEL DESCRIPTION

Server Port You may change the server port number for a service, if needed; however, you

Server Access Select the interface(s) through which a computer may access the G-1000 using this

Secured Client IP Address

Apply Click Apply to save your customized settings and exit this screen.

Reset Click Reset to begin configuring this screen afresh.

must use the same port number in order to use that service for remote management.

service.

A secured client is a “trusted” computer that is allowed to communicate with the G1000 using this service.

Select All to allow any computer to access the G-1000 using this service. Choose Selected to just allow the computer with the IP address that you specify to

access the G-1000 using this service.

8.6 SNMP

Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your G-1000 supports SNMP agent functionality, which allows a manager station to manage and monitor the G-1000 through the network. The G-1000 supports SNMP version one (SNMPv1) and version two (SNMPv2c). The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured.

Note: SNMP is only available if TCP/IP is configured.

76 Chapter 8 Remote Management Screens

Figure 32 SNMP Management Model

G-1000 User’s Guide

An SNMP managed network consists of two main types of component: agents and a manager.

An agent is a management software module that resides in a managed device (the G-1000). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.

The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects.

SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations:

• Get - Allows the manager to retrieve an object variable from the agent.

• GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations.

• Set - Allows the manager to set values for object variables within an agent.

• Trap - Used by the agent to inform the manager of some events.

Chapter 8 Remote Management Screens 77

G-1000 User’s Guide

8.6.1 Supported MIBs

The G-1000 supports MIB II that is defined in RFC-1213 and RFC-1215 as well as the proprietary ZyXEL private MIB. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance.

8.6.2 SNMP Traps

The G-1000 can send the following traps to the SNMP manager.

Table 28 SNMP Traps

TRAP NAME

Generic Traps

coldStart 1.3.6.1.6.3.1.1.5.1 This trap is sent after booting (power on). This

warmStart 1.3.6.1.6.3.1.1.5.2 This trap is sent after booting (software

linkDown 1.3.6.1.6.3.1.1.5.3 This trap is sent when the Ethernet link is

linkUp 1.3.6.1.6.3.1.1.5.4 This trap is sent when the Ethernet link is up.

authenticationFailure (defined in RFC-1215)

Traps defined in the ZyXEL Private MIB.

whyReboot 1.3.6.1.4.1.890.1.5.13.0.1 This trap is sent with the reason for restarting

OBJECT IDENTIFIER #

(OID)

1.3.6.1.6.3.1.1.5.5 The device sends this trap when it receives

DESCRIPTION

trap is defined in RFC-1215.

reboot). This trap is defined in RFC-1215.

down.

any SNMP get or set requirements with the wrong community (password).

Note: snmpEnableAuthenTraps, OID

1.3.6.1.2.1.11.30 (defined in RFC 1214 and RFC 1907) must be enabled on in order for the device to send authenticationFailure traps. Use a MIB browser to enable or disable snmpEnableAuthenTraps.

before the system reboots (warm start). "System reboot by user!" is added for an

intentional reboot (for example, download new files, CI command "sys reboot").

If the system reboots because of fatal errors, a code for the error is listed.

78 Chapter 8 Remote Management Screens

8.6.3 SNMP Interface Index

Some traps include an SNMP interface index. The following table maps the SNMP interface indexes to the G-1000’s physical ports.

Table 29 SNMP Interface Index to Physical Port Mapping

INTERFACE TYPE PHYSICAL PORT

enet0 WLAN

enet1 Ethernet port

8.6.4 Configuring SNMP

To change your G-1000’s SNMP settings, click REMOTE MGMT, then the SNMP tab. The screen appears as shown.

Figure 33 Remote Management: SNMP

G-1000 User’s Guide

The following table describes the labels in this screen.

Table 30 Remote Management: SNMP

LABEL DESCRIPTION

SNMP Configuration

Get Community Enter the Get Community, which is the password for the incoming Get and

GetNext requests from the management station. The default is public and allows all requests.

Chapter 8 Remote Management Screens 79

G-1000 User’s Guide

Table 30 Remote Management: SNMP

LABEL DESCRIPTION

Set Community Enter the Set community, which is the password for incoming Set requests

Trap

Community Type the trap community, which is the password sent with each trap to the

Destination Type the IP address of the station to send your SNMP traps to.

SNMP

Service Port You may change the server port number for a service, if needed; however, you

Service Access Select the interface(s) through which a computer may access the G-1000 using

Secured Client IP Address

Apply Click Apply to save your customized settings and exit this screen.

Reset Click Reset to begin configuring this screen afresh.

from the management station. The default is public and allows all requests.

SNMP manager. The default is public and allows all requests.

must use the same port number in order to use that service for remote management.

this service.

A secured client is a “trusted” computer that is allowed to communicate with the G-1000 using this service.

Select All to allow any computer to access the G-1000 using this service. Choose Selected to just allow the computer with the IP address that you specify

to access the G-1000 using this service.

80 Chapter 8 Remote Management Screens

G-1000 User’s Guide

Chapter 8 Remote Management Screens 81

G-1000 User’s Guide

This chapter contains information about configuring general log settings and viewing the G1000’s logs. Refer to the appendix for example log message explanations.

9.1 Configuring View Log

The web configurator allows you to look at all of the G-1000’s logs in one location.

Click the LOGS links under ADVANCED to open the View Log screen. Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen (see

Figure 35). Options include logs about system maintenance, system errors and access control.

CHAPTER 9

Log Screens

You can view logs and alert messages in this page. Once the log entries are all used, the log will wrap around and the old logs will be deleted.

Click a column heading to sort the entries. A triangle indicates the direction of the sort order.

82 Chapter 9 Log Screens

Figure 34 View Log

The following table describes the labels in this screen.

Table 31 View Log

G-1000 User’s Guide

LABEL DESCRIPTION

Display Select a log category from the drop down list box to display logs within the

selected category. To view all logs, select All Logs. The number of categories shown in the drop down list box depends on the

selection in the Log Settings page.

Email Log Now Click Email Log Now to send the log screen to the e-mail address specified in

the Log Settings page.

Refresh Click Refresh to renew the log screen.

Clear Log Click Clear Log to clear all the logs.

Time This field displays the time the log was recorded.

Message This field states the reason for the log.

Source This field lists the source IP address and the port number of the incoming

packet.

Destination This field lists the destination IP address and the port number of the incoming

Notes This field displays additional information about the log entry.

packet.

9.2 Configuring Log Settings

To change your G-1000’s log settings, click the LOGS links under ADVANCED and then the Log Settings tab. The screen appears as shown.

Use the Log Settings screen to configure to where the G-1000 is to send the logs; the schedule for when the G-1000 is to send the logs and which logs and/or immediate alerts the G-1000 is to send.

Chapter 9 Log Screens 83

G-1000 User’s Guide

An alert is a type of log that warrants more serious attention. Some categories such as System Errors consist of both logs and alerts. You may differentiate them by their color in the View Log screen. Alerts are displayed in red and logs are displayed in black.

Figure 35 Log Settings

The following table describes the labels in this screen.

Table 32 Log Settings

LABEL DESCRIPTION

Address Info

Mail Server Enter the server name or the IP address of the mail server for the e-mail

addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail.

Mail Subject Type a title that you want to be in the subject line of the log e-mail message

that the G-1000 sends.

Send log to Logs are sent to the e-mail address specified in this field. If this field is left

Send alerts to Enter the e-mail address where the alert messages will be sent. If this field is

SMTP Authentication Check this box if e-mail requires a user name and password to be delivered

84 Chapter 9 Log Screens

blank, logs will not be sent via e-mail.

left blank, alert messages will not be sent via e-mail.

through the specified mail server.

G-1000 User’s Guide

Table 32 Log Settings

LABEL DESCRIPTION

User NAME This field is effective if SMTP Authentication is checked. Enter the user name

of the account on the SMTP server.

Password This field is effective if SMTP Authentication is checked. Enter the password

of the account on the SMTP server.

Syslog Logging Syslog logging sends a log to an external syslog server used to store logs.

Active Click Active to enable syslog logging.

Syslog Server IP Address

Log Facility Select a location from the drop down list box. The log facility allows you to log

Send Log

Log Schedule This drop-down menu is used to configure the frequency of log messages

Day for Sending Log This field is only available when you select Weekly in the Log Schedule field.

Time for Sending Log Enter the time of the day in 24-hour format (for example 23:00 equals 11:00

Clear log after sending mail

Log Select the categories of logs that you want to record.

Send Immediate Alert Select the categories of alerts for which you want the G-1000 to immediately

Apply Click Apply to save your customized settings and exit this screen.

Reset Click Reset to reconfigure all the fields in this screen.

Enter the server name or IP address of the syslog server that will log the selected categories of logs.

the messages to different files in the syslog server. Refer to the documentation of your syslog program for more details.

being sent as E-mail:

•Daily

• Weekly

• Hourly

• When Log is Full

• None. If the Weekly or the Daily option is selected, specify a time of day when the E-

mail should be sent. If the Weekly option is selected, then also specify which day of the week the E-mail should be sent. If the When Log is Full option is selected, an alert is sent when the log fills up. If you select None, no log messages are sent.

Use the drop down list box to select which day of the week to send the logs.

pm) to send the logs.

Select the check box to clear all logs after logs and alert messages are sent via e-mail.

send e-mail alerts.

Chapter 9 Log Screens 85

G-1000 User’s Guide

This chapter displays system information such as firmware, port IP addresses and port traffic statistics.

10.1 Maintenance Overview

The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your G-1000.

10.2 System Status Screen

CHAPTER 10

Maintenance

Click MAINTENANCE to open the System Status screen, where you can use to monitor your G-1000. Note that these labels are READ-ONLY and are meant to be used for diagnostic purposes.

Figure 36 System Status

The following table describes the labels in this screen.

Table 33 System Status

LABEL DESCRIPTION

System Name This is the System Name you enter in the first Internet Access Wizard screen.

It is for identification purposes

ZyNOS Firmware Version

IP Address This is the Ethernet port IP address.

IP Subnet Mask This is the Ethernet port subnet mask.

DHCP This is the Ethernet port DHCP role - Client or None.

Show Statistics Click Show Statistics to see router performance statistics such as number of

This is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's proprietary Network Operating System design.

packets sent and number of packets received for each port.

86 Chapter 10 Maintenance

10.2.1 System Statistics

Read-only information here includes port status, packet specific statistics and bridge link status. Also provided are "system up time" and "poll interval(s)". The Poll Interval field is configurable.

Figure 37 System Status: Show Statistics

The following table describes the labels in this screen.

Table 34 System Status: Show Statistics

G-1000 User’s Guide

LABEL DESCRIPTION

Port This is the Ethernet or wireless port. The wireless port may be the WLAN –

Status This shows the port speed and duplex setting if you are using Ethernet

TxPkts This is the number of transmitted packets on this port.

RxPkts This is the number of received packets on this port.

Collisions This is the number of collisions on this port.

Tx B/s This shows the transmission speed in bytes per second on this port.

Rx B/s This shows the reception speed in bytes per second on this port.

Up Time This is total amount of time the line has been up.

System Up Time This is the total time the G-1000 has been on.

Poll Interval(s) Enter the time interval for refreshing statistics.

Set Interval Click this button to apply the new poll interval you entered above.

Stop Click this button to stop refreshing statistics.

Built-in card or the WLAN – Removable wireless card.

encapsulation for the Ethernet port. This shows the transmission speed only for wireless port.

10.3 Association List

View the wireless stations that are currently associated to the G-1000 in the Association List screen.

Click MAINTENANCE and then the Association List tab to display the screen as shown next.

Chapter 10 Maintenance 87

G-1000 User’s Guide

Figure 38 Association List

The following table describes the labels in this screen.

Table 35 Association List

LABEL DESCRIPTION

# This is the index number of an associated wireless station.

MAC Address This field displays the MAC address of an associated wireless station.

Association Time This field displays the time a wireless station first associated with the G-1000.

Refresh Click Refresh to reload the screen.

10.4 F/W Upload Screen

Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, e.g., "G-1000.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. See the Firmware and Configuration File Maintenance chapter for upgrading firmware using FTP/TFTP commands.

Click MAINTENANCE and then F/W Upload. Follow the instructions in this screen to upload firmware to your G-1000.

88 Chapter 10 Maintenance

G-1000 User’s Guide

Figure 39 Firmware Upload

The following table describes the labels in this screen.

Table 36 Firmware Upload

LABEL DESCRIPTION

File Path Type in the location of the file you want to upload in this field or click Browse ...

to find it.

Browse... Click Browse... to find the .bin file you want to upload. Remember that you must

decompress compressed (.zip) files before you can upload them.

Upload Click Upload to begin the upload process. This process may take up to two

minutes.

Note: Do not turn off the G-1000 while firmware upload is in progress!

After you see the Firmware Upload in Process screen, wait two minutes before logging into the G-1000 again.

Figure 40 Firmware Upload In Process

The G-1000 automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.

Chapter 10 Maintenance 89

G-1000 User’s Guide

Figure 41 Network Temporarily Disconnected

After two minutes, log in again and check your new firmware version in the System Status screen.

If the upload was not successful, the following screen will appear. Click Return to go back to the F/W Upload screen.

Figure 42 Firmware Upload Error

10.5 Configuration Screen

See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP/TFTP commands.

Click MAINTENANCE, and then the Configuration tab. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next.

90 Chapter 10 Maintenance

Figure 43 Configuration

G-1000 User’s Guide

10.5.1 Backup Configuration

Backup configuration allows you to back up (save) the G-1000’s current configuration to a file on your computer. Once your G-1000 is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.

Click Backup to save the G-1000’s current configuration to your computer.

10.5.2 Restore Configuration

Restore configuration allows you to upload a new or previously saved configuration file from your computer to your G-1000.

Table 37 Restore Configuration

LABEL DESCRIPTION

File Path Type in the location of the file you want to upload in this field or click Browse ...

to find it.

Browse... Click Browse... to find the file you want to upload. Remember that you must

Upload Click Upload to begin the upload process.

decompress compressed (.ZIP) files before you can upload them.

Chapter 10 Maintenance 91

G-1000 User’s Guide

After you see a “restore configuration successful” screen, you must then wait one minute before logging into the G-1000 again.

Figure 44 Configuration Upload Successful

The G-1000 automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.

Note: Do not turn off the G-1000 while configuration file upload is in progress.

Figure 45 Network Temporarily Disconnected

If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default G-1000 IP address (192.168.1.2). See your Quick Installation Guide for details on how to set up your computer’s IP address.

If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen.

92 Chapter 10 Maintenance

Figure 46 Configuration Upload Error

10.5.3 Back to Factory Defaults

Pressing the Reset button in this section clears all user-entered configuration information and returns the G-1000 to its factory defaults as shown on the screen. The following warning screen will appear.

Figure 47 Reset Warning Message

G-1000 User’s Guide

You can also press the RESET button on the side panel to reset the factory defaults of your G-

1000. Refer to the section on resetting the G-1000 for more information on the RESET button.

10.6 Restart Screen

System restart allows you to reboot the G-1000 without turning the power off. Click MAINTENANCE, and then click Restart to have the G-1000 reboot. This does not affect the G-1000's configuration.

Figure 48 Restart Screen

Chapter 10 Maintenance 93

G-1000 User’s Guide

CHAPTER 11

Introducing the SMT

This chapter describes how to access the SMT and provides an overview of its menus.

11.1 Connect to your G-1000 Using Telnet

The following procedure details how to telnet into your G-1000.

1 In Windows, click Start (usually in the bottom left corner), Run and then type “telnet

192.168.1.2” (the default IP address) and click OK.

2 For your first login, enter the default password “1234”. As you type the password, the

screen displays an asterisk “*” for each character you type.

Figure 49 Login Screen

Password : xxxx

3 After entering the password you will see the main menu.

Please note that if there is no activity for longer than five minutes (default timeout period) after you log in, your G-1000 will automatically log you out. You will then have to telnet into the G-1000 again. You can use the web configurator or the CI commands to change the inactivity time out period.

11.2 Changing the System Password

Change the G-1000 default password by following the steps shown next.

1 From the main menu, enter 23 to display Menu 23 – System Security.

2 Enter 1 to display Menu 23.1 – System Security – Change Password as shown next.

3 Type your existing system password in the Old Password field, and press [ENTER].

94 Chapter 11 Introducing the SMT

Figure 50 Menu 23.1 System Security: Change Password

Menu 23.1 – System Security – Change Password Old Password= **** New Password= ? Retype to confirm= ? Enter here to CONFIRM or ESC to CANCEL:

4 Type your new system password in the New Password field (up to 30 characters), and

press [ENTER].

5 Re-type your new system password in the Retype to confirm field for confirmation and

press [ENTER].

Note that as you type a password, the screen displays an asterisk “*” for each character you type.

11.3 G-1000 SMT Menus Overview

G-1000 User’s Guide

The following table gives you an overview of your G-1000’s various SMT menus.

Table 38 SMT Menus Overview

MENUS SUB MENUS

1 General Setup 1.1 Configure Dynamic DNS

3 LAN Setup 3.2 TCP/IP Setup

3.5 Wireless LAN Setup 3.5.1 WLAN MAC Address

14 Dial-in User Setup 14.1 Edit Dial-in User

22 SNMP Configuration

23 System Security 23.1 Change Password

23.2 RADIUS Server

23.4 IEEE 802.1X

Filter

3.5.2 Roaming Configuration

Chapter 11 Introducing the SMT 95

G-1000 User’s Guide

Table 38 SMT Menus Overview (continued)

MENUS SUB MENUS

24 System Maintenance 24.1 Status

24.2 System Information and Console Port Speed

24.3 Log and Trace 24.3.1 View Error Log

24.4 Diagnostic

24.5 Backup Configuration

24.6 Restore Configuration

24.7 Upload Firmware 24.7.1 Upload System

24.8 Command Interpreter Mode

24.10 Time and Date Setting

24.11 Remote Management Control

24.2.1 Information

24.2.2 Change Console Port Speed

Firmware

24.7.2 Upload System Configuration File

11.4 Navigating the SMT Interface

The SMT (System Management Terminal) is the interface that you use to configure your G-

1000. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.

Table 39 Main Menu Commands

OPERATION KEYSTROKE DESCRIPTION

Move down to another menu

Move up to a previous menu

Move to a “hidden” menu

Move the cursor [ENTER] or [UP]/

Entering information Type in or press

Required fields <?> or ChangeMe All fields with the symbol <?> must be filled in order to be

[ENTER] To move forward to a submenu, type in the number of the

desired submenu and press [ENTER].

[ESC] Press [ESC] to move back to the previous menu.

Press [SPACE BAR] to change No to Yes then press [ENTER].

[DOWN] arrow keys.

[SPACE BAR], then press [ENTER].

Fields beginning with “Edit” lead to hidden menus and have a default setting of No. Press [SPACE BAR] once to change No to Yes, then press [ENTER] to go to the “hidden” menu.

Within a menu, press [ENTER] to move to the next field. You can also use the [UP]/[DOWN] arrow keys to move to the previous and the next field, respectively.

You need to fill in two types of fields. The first requires you to type in the appropriate information. The second allows you to cycle through the available choices by pressing [SPACE BAR].

able to save the new configuration. All fields with ChangeMe must not be left blank in order to

be able to save the new configuration.

96 Chapter 11 Introducing the SMT

G-1000 User’s Guide

Table 39 Main Menu Commands

OPERATION KEYSTROKE DESCRIPTION

N/A fields <N/A> Some of the fields in the SMT will show a <N/A>. This

symbol refers to an option that is Not Applicable.

Save your configuration

Exit the SMT Type 99, then press

[ENTER] Save your configuration by pressing [ENTER] at the

message “Press ENTER to confirm or ESC to cancel”. Saving the data on the screen will take you, in most cases to the previous menu.

Type 99 at the main menu prompt and press [ENTER] to

[ENTER].

exit the SMT interface.

After you enter the password, the SMT displays the main menu, as shown next.

Figure 51 G-1000 SMT Main Menu

G-1000 Main Menu

Getting Started Advanced Management

1. General Setup 22. SNMP Configuration

3. LAN Setup 23. System Security

24. System Maintenance

Advanced Applications

14. Dial-in User Setup

99. Exit

Enter Menu Selection Number:

This menu is summarized below.

Table 40 Main Menu Summary

# MENU TITLE DESCRIPTION

1 General Setup Use this menu to set up your general information.

3 LAN Setup Use this menu to set up your LAN and WLAN connection.

14 Dial-in User Setup Use this menu to set up local user profiles on the G-1000.

22 SNMP Configuration Use this menu to set up SNMP related parameters.

23 System Security Use this menu to change your password and enable network user

authentication.

24 System Maintenance This menu provides system status, diagnostics, software upload, etc.

99 Exit Use this to exit from SMT and return to a blank screen.

Chapter 11 Introducing the SMT 97

G-1000 User’s Guide

The chapter shows you the information on general setup.

Menu 1 – General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. It is recommended you type your computer's "Computer name".

The Domain Name entry is what is propagated to the DHCP clients on the LAN. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the G-1000 via DHCP.

Enter 1 in the Main Menu to open Menu 1 – General Setup as shown next.

Figure 52 Menu 1 General Setup

CHAPTER 12

General Setup

Menu 1 - General Setup

System Name= G-1000 Domain Name=

First System DNS Server= None IP Address= N/A Second System DNS Server= None IP Address= N/A Third System DNS Server= None IP Address= N/A

Fill in the required fields. Refer to the following table for more information about these fields.

Table 41 Menu 1 General Setup

FIELD DESCRIPTION

System Name Choose a descriptive name for identification purposes. This name can be up to

30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted.

Domain Name This is not a required field. Leave this field blank or enter the domain name

here if you know it.

First/Second/Third System DNS Server

Press [SPACE BAR] to select From DHCP, User Defined or None and press [ENTER].

These fields are not available on all models.

98 Chapter 12 General Setup

G-1000 User’s Guide

Table 41 Menu 1 General Setup

FIELD DESCRIPTION

IP Address Enter the IP addresses of the DNS servers. This field is available when you

select User-Defined in the field above.

When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [

ESC] at any time to cancel.

Chapter 12 General Setup 99

G-1000 User’s Guide

This chapter shows you how to configure the LAN on your G-1000.

13.1 LAN Setup

This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter 3 to display menu 3.

Figure 53 Menu 3 LAN Setup

CHAPTER 13

LAN Setup

Menu 3 - LAN Setup

2. TCP/IP Setup

5. Wireless LAN Setup

Enter Menu Selection Number:

Detailed explanation about the LAN Setup menu is given in the next chapter.

13.2 TCP/IP Ethernet Setup

Use menu 3.2 to configure your G-1000 for TCP/IP.

To edit menu 3.2, enter 3 from the main menu to display Menu 3-LAN Setup. When menu 3 appears, press 2 and press [ENTER] to display Menu 3.2-TCP/IP Setup, as shown next

100 Chapter 13 LAN Setup

ZyXEL G-1000 User Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

User’s Guide

Copyright

Federal Communications Commission (FCC) Interference Statement 3

Safety Warnings

ZyXEL Limited Warranty

Customer Support

Table of Contents

List of Figures

List of Tables

Preface

Getting to Know Your G-1000

1.1 Introducing the G-1000

1.2 G-1000 Features

1.2.1 Physical Features

1.2.2 Firmware Features

1.3 Applications for the G-1000

1.3.1 Internet Access Application

1.3.2 Corporation Network Application

2.1 Front Panel of the G-1000

2.2 Top Panel and Connections of the G-1000

2.2.1 One 10/100M Ethernet Port

2.2.2 Power Port

2.2.3 The RESET Button

2.2.4 Antennas

2.3 Hardware Mounting Options

2.4 Additional Installation Requirements

2.5 Configuring Your G-1000

3.1 Accessing the G-1000 Web Configurator

3.2 Resetting the G-1000

3.2.1 Procedure To Use The Reset Button

3.2.2 Method of Restoring Factory-Defaults

3.3 Navigating the G-1000 Web Configurator

4.1 Wizard Setup Overview

4.1.1 Channel

Wizard Setup

4.1.2 ESS ID

4.1.3 WEP Encryption

4.2 Wizard Setup: General Setup

4.3 Wizard Setup: Wireless LAN

4.4 Wizard Setup: IP Address

4.4.1 IP Address Assignment

4.4.2 IP Address and Subnet Mask

4.5 Basic Setup Complete

5.1 System Overview

5.2 Configuring General Setup

System Screens

5.3 Configuring Password

5.4 Configuring Time Setting

6.1 Introduction

Wireless LAN

6.2 Wireless Security Overview

6.2.1 Encryption

6.2.2 Authentication

6.2.3 Restricted Access

6.2.4 Hide G-1000 Identity

6.2.5 Configuring Wireless LAN on the G-1000

6.3 Configuring the Wireless Screen

6.3.1 WEP Encryption

6.4 Configuring Roaming

6.4.1 Requirements for Roaming

6.5 MAC Filter

6.6 Introduction to WPA

6.6.1 WPA(2)-PSK Application Example

6.6.2 WPA(2) with RADIUS Application Example

6.6.3 Wireless Client WPA Supplicants

6.7 Configuring IEEE 802.1x and WPA

6.7.1 Authentication Required: 802.1x

6.7.2 Authentication Required: WPA

6.7.3 Authentication Required: WPA-PSK

6.7.4 Authentication Required: WPA2

6.7.5 Authentication Required: WPA2-PSK

6.8 Configuring RADIUS

7.1 TCP/IP Parameters

7.1.1 IP Address and Subnet Mask

IP Screen

7.1.2 WAN IP Address Assignment