ZyXEL MAX208M2W User Manual

14.1 Wall-Mounting

This section shows you how to mount your MAX208M2W Series on a wall using the
ZyXEL Wall-Mounting kit (not included).

14.1.1 The Wall-Mounting Kit

The wall-mounting kit contains the following parts:

123

Chapter 14Product Specifications

1 Two Mortar Plugs (M4*L30 mm)

2 Two Screws (M4*L30 mm)

3 Wall-Mounting Chassis

If any parts are missing, contact your vendor.

14.1.2 Instructions

To mount the MAX208M2W Series on a wall:

1 Select a position free of obstructions on a sturdy wall.

2 Drill two holes in the wall exactly 70 mm apart. The holes should be 6 mm wide

and at least 30 mm deep.

Be careful to avoid damaging pipes or cables located inside the
wall when drilling holes for the screws.

MAX208M2W Series User s Guide

201

Chapter 14Product Specifications

3 Attach the wall mounting chassis with the plugs and screws as shown below:

4 Connect the MAX208M2W Series to the wall mounting chassis by snapping the

chassis two upper chassis hooks into the matching holes on the MAX208M2W
Series:

202

Do not pinch or server the cable connections between the wall­mounting chassis the MAX208M2W Series.

MAX208M2W Series User s Guide

Chapter 14Product Specifications

5 Snap the lower chassis hooks into the matching holes on the MAX208M2W Series.

The cable connections should come out either the left or right gaps between the
wall-mounting chassis and the MAX208M2W Series

6 Once you have snapped the wall-mounting chassis in place, the MAX208M2W

Series is securely fastened to the wall.

MAX208M2W Series User s Guide

203

Chapter 14Product Specifications

204

MAX208M2W Series User s Guide

APPENDIX A

WiMAX Security

Wireless security is vital to protect your wireless communications. Without it,
information transmitted over the wireless network would be accessible to any
networking device within range.

User Authentication and Data Encryption

The WiMAX (IEEE 802.16) standard employs user authentication and encryption to
ensure secured communication at all times.

User authentication is the process of confirming a user s identity and level of
authorization. Data encryption is the process of encoding information so that it
cannot be read by anyone who does not know the code.

PKMv2

WiMAX uses PKMv2 (Privacy Key Management version 2) for authentication, and
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Protocol)
for data encryption.

WiMAX supports EAP (Extensible Authentication Protocol, RFC 2486) which allows
additional authentication methods to be deployed with no changes to the base
station or the mobile or subscriber stations.

PKMv2 is a procedure that allows authentication of a mobile or subscriber station
and negotiation of a public key to encrypt traffic between the MS/SS and the base
station. PKMv2 uses standard EAP methods such as Transport Layer Security
(EAP-TLS) or Tunneled TLS (EAP-TTLS) for secure communication.

In cryptography, a $key is a piece of information, typically a string of random
numbers and letters, that can be used to $lock (encrypt) or $unlock (decrypt) a
message. Public key encryption uses key pairs, which consist of a public (freely
available) key and a private (secret) key. The public key is used for encryption and
the private key is used for decryption. You can decrypt a message only if you have
the private key. Public key certificates (or $digital IDs ) allow users to verify each
other s identity.

MAX208M2W Series User s Guide

205

Appendix AWiMAX Security

RADIUS

RADIUS is based on a client-server model that supports authentication,
authorization and accounting. The base station is the client and the server is the
RADIUS server. The RADIUS server handles the following tasks:

! Authentication

Determines the identity of the users.

! Authorization

Determines the network services available to authenticated users once they are
connected to the network.

! Accounting

Keeps track of the client s network activity.

RADIUS is a simple package exchange in which your base station acts as a
message relay between the MS/SS and the network RADIUS server.

Types of RADIUS Messages

The following types of RADIUS messages are exchanged between the base station
and the RADIUS server for user authentication:

! Access-Request

Sent by an base station requesting authentication.

! Access-Reject

Sent by a RADIUS server rejecting access.

! Access-Accept

Sent by a RADIUS server allowing access.

! Access-Challenge

Sent by a RADIUS server requesting more information in order to allow access.
The base station sends a proper response from the user and then sends another
Access-Request message.

The following types of RADIUS messages are exchanged between the base station
and the RADIUS server for user accounting:

! Accounting-Request

Sent by the base station requesting accounting.

! Accounting-Response

Sent by the RADIUS server to indicate that it has started or stopped accounting.

206

In order to ensure network security, the access point and the RADIUS server use a
shared secret key, which is a password they both know. The key is not sent over

MAX208M2W Series User s Guide

the network. In addition to the shared key, password information exchanged is
also encrypted to protect the network from unauthorized access.

Diameter

Diameter (RFC 3588) is a type of AAA server that provides several improvements
over RADIUS in efficiency, security, and support for roaming.

Security Association

The set of information about user authentication and data encryption between two
computers is known as a security association (SA). In a WiMAX network, the
process of security association has three stages.

! Authorization request and reply

The MS/SS presents its public certificate to the base station. The base station
verifies the certificate and sends an authentication key (AK) to the MS/SS.

! Key request and reply

The MS/SS requests a transport encryption key (TEK) which the base station
generates and encrypts using the authentication key.

Appendix AWiMAX Security

CCMP

! Encrypted traffic

The MS/SS decrypts the TEK (using the authentication key). Both stations can
now securely encrypt and decrypt the data flow.

All traffic in a WiMAX network is encrypted using CCMP (Counter Mode with Cipher
Block Chaining Message Authentication Protocol). CCMP is based on the 128-bit
Advanced Encryption Standard (AES) algorithm.

$Counter mode refers to the encryption of each block of plain text with an
arbitrary number, known as the counter. This number changes each time a block
of plain text is encrypted. Counter mode avoids the security weakness of repeated
identical blocks of encrypted text that makes encrypted data vulnerable to
pattern-spotting.

$Cipher Block Chaining Message Authentication (also known as CBC-MAC) ensures
message integrity by encrypting each block of plain text in such a way that its
encryption is dependent on the block before it. This series of $chained blocks
creates a message authentication code (MAC or CMAC) that ensures the encrypted
data has not been tampered with.

MAX208M2W Series User s Guide

207

Appendix AWiMAX Security

Authentication

The MAX208M2W Series supports EAP-TTLS authentication.

EAP-TTLS (Tunneled Transport Layer Service)

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for
only the server-side authentications to establish a secure connection (with EAP­TLS digital certifications are needed by both the server and the wireless clients for
mutual authentication). Client authentication is then done by sending username
and password through the secure connection, thus client identity is protected. For
client authentication, EAP-TTLS supports EAP methods and legacy authentication
methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.

208

MAX208M2W Series User s Guide

APPENDIX B

Setting Up Your Computer!s IP

Address

Note: Your specific ZyXEL device may not support all of the operating systems

described in this appendix. See the product specifications for more information
about which operating systems are supported.

This appendix shows you how to configure the IP settings on your computer in
order for it to be able to communicate with the other devices on your network.
Windows Vista/XP/2000, Mac OS 9/OS X, and all versions of UNIX/LINUX include
the software components you need to use TCP/IP on your computer.

If you manually assign IP information instead of using a dynamic IP, make sure
that your network s computers have IP addresses that place them in the same
subnet.

In this appendix, you can set up an IP address for:

! Windows XP/NT/2000 on page210

! Windows Vista on page213

! Mac OS X: 10.3 and 10.4 on page217

! Mac OS X: 10.5 on page221

! Linux: Ubuntu 8 (GNOME) on page 224

! Linux: openSUSE 10.3 (KDE) on page230

MAX208M2W Series User s Guide

209

Appendix BSetting Up Your Computer s IP Address

Windows XP/NT/2000

The following example uses the default Windows XP display theme but can also
apply to Windows 2000 and Windows NT.

1 Click Start > Control Panel.

Figure 101 Windows XP: Start Menu

2 In the Control Panel, click the Network Connections icon.

Figure 102 Windows XP: Control Panel

210

MAX208M2W Series User s Guide

Appendix BSetting Up Your Computer s IP Address

3 Right-click Local Area Connection and then select Properties.

Figure 103 Windows XP: Control Panel > Network Connections > Properties

4 On the General tab, select Internet Protocol (TCP/IP) and then click

Properties.

Figure 104 Windows XP: Local Area Connection Properties

MAX208M2W Series User s Guide

211

Appendix BSetting Up Your Computer s IP Address

5 The Internet Protocol TCP/IP Properties window opens.

Figure 105 Windows XP: Internet Protocol (TCP/IP) Properties

6 Select Obtain an IP address automatically if your network administrator or ISP

assigns your IP address dynamically.

Select Use the following IP Address and fill in the IP address, Subnet mask,
and Default gateway fields if you have a static IP address that was assigned to
you by your network administrator or ISP. You may also have to enter a Preferred
DNS server and an Alternate DNS server, if that information was provided.

7 Click OK to close the Internet Protocol (TCP/IP) Properties window.

Click OK to close the Local Area Connection Properties window.Verifying Settings

1 Click Start > All Programs > Accessories > Command Prompt.

2 In the Command Prompt window, type "ipconfig" and then press [ENTER].

You can also go to Start > Control Panel > Network Connections, right-click a
network connection, click Status and then click the Support tab to view your IP
address and connection information.

212

MAX208M2W Series User s Guide

Windows Vista

This section shows screens from Windows Vista Professional.

1 Click Start > Control Panel.

Figure 106 Windows Vista: Start Menu

2 In the Control Panel, click the Network and Internet icon.

Figure 107 Windows Vista: Control Panel

Appendix BSetting Up Your Computer s IP Address

3 Click the Network and Sharing Center icon.

Figure 108 Windows Vista: Network And Internet

MAX208M2W Series User s Guide

213

Appendix BSetting Up Your Computer s IP Address

4 Click Manage network connections.

Figure 109 Windows Vista: Network and Sharing Center

5 Right-click Local Area Connection and then select Properties.

Figure 110 Windows Vista: Network and Sharing Center

214

Note: During this procedure, click Continue whenever Windows displays a screen

saying that it needs your permission to continue.

MAX208M2W Series User s Guide

Appendix BSetting Up Your Computer s IP Address

6 Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.

Figure 111 Windows Vista: Local Area Connection Properties

MAX208M2W Series User s Guide

215

Appendix BSetting Up Your Computer s IP Address

7 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens.

Figure 112 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties

8 Select Obtain an IP address automatically if your network administrator or ISP

assigns your IP address dynamically.

Select Use the following IP Address and fill in the IP address, Subnet mask,
and Default gateway fields if you have a static IP address that was assigned to
you by your network administrator or ISP. You may also have to enter a Preferred
DNS server and an Alternate DNS server, if that information was
provided.Click Advanced.

9 Click OK to close the Internet Protocol (TCP/IP) Properties window.

Click OK to close the Local Area Connection Properties window.Verifying Settings

1 Click Start > All Programs > Accessories > Command Prompt.

2 In the Command Prompt window, type "ipconfig" and then press [ENTER].

You can also go to Start > Control Panel > Network Connections, right-click a
network connection, click Status and then click the Support tab to view your IP
address and connection information.

216

MAX208M2W Series User s Guide

Mac OS X: 10.3 and 10.4

The screens in this section are from Mac OS X 10.4 but can also apply to 10.3.

1 Click Apple > System Preferences.

Figure 113 Mac OS X 10.4: Apple Menu

Appendix BSetting Up Your Computer s IP Address

2 In the System Preferences window, click the Network icon.

Figure 114 Mac OS X 10.4: System Preferences

MAX208M2W Series User s Guide

217

Appendix BSetting Up Your Computer s IP Address

3 When the Network preferences pane opens, select Built-in Ethernet from the

network connection type list, and then click Configure.

Figure 115 Mac OS X 10.4: Network Preferences

4 For dynamically assigned settings, select Using DHCP from the Configure IPv4

list in the TCP/IP tab.

Figure 116 Mac OS X 10.4: Network Preferences > TCP/IP Tab.

218

MAX208M2W Series User s Guide

Appendix BSetting Up Your Computer s IP Address

5 For statically assigned settings, do the following:

! From the Configure IPv4 list, select Manually.

! In the IP Address field, type your IP address.

! In the Subnet Mask field, type your subnet mask.

! In the Router field, type the IP address of your device.

Figure 117 Mac OS X 10.4: Network Preferences > Ethernet

MAX208M2W Series User s Guide

219

Appendix BSetting Up Your Computer s IP Address

Click Apply Now and close the window.Verifying Settings

Check your TCP/IP properties by clicking Applications > Utilities > Network
Utilities, and then selecting the appropriate Network Interface from the Info

tab.

Figure 118 Mac OS X 10.4: Network Utility

220

MAX208M2W Series User s Guide

Mac OS X: 10.5

The screens in this section are from Mac OS X 10.5.

1 Click Apple > System Preferences.

Figure 119 Mac OS X 10.5: Apple Menu

Appendix BSetting Up Your Computer s IP Address

2 In System Preferences, click the Network icon.

Figure 120 Mac OS X 10.5: Systems Preferences

MAX208M2W Series User s Guide

221

Appendix BSetting Up Your Computer s IP Address

3 When the Network preferences pane opens, select Ethernet from the list of

available connection types.

Figure 121 Mac OS X 10.5: Network Preferences > Ethernet

222

4 From the Configure list, select Using DHCP for dynamically assigned settings.

5 For statically assigned settings, do the following:

! From the Configure list, select Manually.

! In the IP Address field, enter your IP address.

! In the Subnet Mask field, enter your subnet mask.

MAX208M2W Series User s Guide

Appendix BSetting Up Your Computer s IP Address

! In the Router field, enter the IP address of your MAX208M2W Series.

Figure 122 Mac OS X 10.5: Network Preferences > Ethernet

6 Click Apply and close the window.

MAX208M2W Series User s Guide

223

Appendix BSetting Up Your Computer s IP Address

Verifying Settings

Check your TCP/IP properties by clicking Applications > Utilities > Network
Utilities, and then selecting the appropriate Network interface from the Info

tab.

Figure 123 Mac OS X 10.5: Network Utility

Linux: Ubuntu 8 (GNOME)

This section shows you how to configure your computer s TCP/IP settings in the
GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution.
The procedure, screens and file locations may vary depending on your specific
distribution, release version, and individual configuration. The following screens
use the default Ubuntu 8 installation.

Note: Make sure you are logged in as the root administrator.

Follow the steps below to configure your computer IP address in GNOME:

224

MAX208M2W Series User s Guide

Appendix BSetting Up Your Computer s IP Address

1 Click System > Administration > Network.

Figure 124 Ubuntu 8: System > Administration Menu

2 When the Network Settings window opens, click Unlock to open the

Authenticate window. (By default, the Unlock button is greyed out until clicked.)
You cannot make changes to your configuration unless you first enter your admin
password.

Figure 125 Ubuntu 8: Network Settings > Connections

MAX208M2W Series User s Guide

225

Appendix BSetting Up Your Computer s IP Address

3 In the Authenticate window, enter your admin account name and password then

click the Authenticate button.

Figure 126 Ubuntu 8: Administrator Account Authentication

4 In the Network Settings window, select the connection that you want to

configure, then click Properties.

Figure 127 Ubuntu 8: Network Settings > Connections

226

MAX208M2W Series User s Guide

Appendix BSetting Up Your Computer s IP Address

5 The Properties dialog box opens.

Figure 128 Ubuntu 8: Network Settings > Properties

! In the Configuration list, select Automatic Configuration (DHCP) if you

have a dynamic IP address.

! In the Configuration list, select Static IP address if you have a static IP

address. Fill in the IP address, Subnet mask, and Gateway address fields.

6 Click OK to save the changes and close the Properties dialog box and return to

the Network Settings screen.

MAX208M2W Series User s Guide

227

Appendix BSetting Up Your Computer s IP Address

7 If you know your DNS server IP address(es), click the DNS tab in the Network

Settings window and then enter the DNS server information in the fields

provided.

Figure 129 Ubuntu 8: Network Settings > DNS

8 Click the Close button to apply the changes.

Verifying Settings

Check your TCP/IP properties by clicking System > Administration > Network
Tools, and then selecting the appropriate Network device from the Devices

228

MAX208M2W Series User s Guide

Appendix BSetting Up Your Computer s IP Address

tab. The Interface Statistics column shows data if your connection is working
properly.

Figure 130 Ubuntu 8: Network Tools

MAX208M2W Series User s Guide

229

Appendix BSetting Up Your Computer s IP Address

Linux: openSUSE 10.3 (KDE)

This section shows you how to configure your computer s TCP/IP settings in the K
Desktop Environment (KDE) using the openSUSE 10.3 Linux distribution. The
procedure, screens and file locations may vary depending on your specific
distribution, release version, and individual configuration. The following screens
use the default openSUSE 10.3 installation.

Note: Make sure you are logged in as the root administrator.

Follow the steps below to configure your computer IP address in the KDE:

1 Click K Menu > Computer > Administrator Settings (YaST).

Figure 131 openSUSE 10.3: K Menu > Computer Menu

230

MAX208M2W Series User s Guide