How it Works
ZyXEL
Loading...
NWA-3500
BROCHURE
2 pgs66.18 Kb0
Specifications
2 pgs94.15 Kb0
User Manual
130 pgs1.05 Mb0
user manual
8 pgs1.11 Mb0
User Manual
324 pgs8.69 Mb0
Table of contents
Loading...

ZyXEL NWA-3500 User Manual

Download
Page 1
NWA-3500
802.11a/b/g Wireless Access Point

User’s Guide

Version 3.60 3/2007 Edition 1
www.zyxel.com
Page 2
Page 3
About This User's Guide
Intended Audience
This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.
Related Documentation
• Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains
information on setting up your network and configuring for Internet access.
• Supporting Disk Refer to the included CD for support documents.
• ZyXEL Web Site Please refer to www.zyxel.com
certifications.
for additional support documentation and product
User Guide Feedback
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you!
The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
E-mail: techwriters@zyxel.com.tw
ZyXEL NWA-3500 User’s Guide
3
Page 4

Document Conventions

Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
1 Warnings tell you about things that could harm you or your device.
" Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
• The NWA-3500 may be referred to as the “ZyXEL Device”, the “device” or the “system” in this User’s Guide.
• Product labels, screen names, field labels and field choices are all in bold font.
• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “enter” or “return” key on your keyboard.
• “Enter” means for you to type one or more characters and then press the [ENTER] key. “Select” or “choose” means for you to use one of the predefined choices.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen.
• Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
4
ZyXEL NWA-3500 User’s Guide
Page 5
Document Conventions
Icons Used in Figures
Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device.
ZyXEL Device Computer Notebook computer
Server DSLAM Firewall
Telephone Switch Router
ZyXEL NWA-3500 User’s Guide
5
Page 6

Safety Warnings

Safety Warnings
1 For your safety, be sure to read and follow all warning notices and instructions.
• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT store things on the device.
• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.
• Connect ONLY suitable accessories to the device.
• ONLY qualified service personnel should service or disassemble this device.
• Make sure to connect the cables to the correct ports.
• Place connecting cables carefully so that no one will step on them or stumble over them.
• Always disconnect all cables from this device before servicing or disassembling.
• Use ONLY an appropriate power adaptor or cord for your device.
• Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).
• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.
• Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.
• If the power adaptor or cord is damaged, remove it from the power outlet.
• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.
• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.
• Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the included antenna(s).
• If you wall mount your device, make sure that no electrical lines, gas or water pipes will be damaged.
• The PoE (Power over Ethernet) devices that supply or receive power and their connected Ethernet cables must all be completely indoors.
6
This product is recyclable. Dispose of it properly.
ZyXEL NWA-3500 User’s Guide
Page 7
Safety Warnings
ZyXEL NWA-3500 User’s Guide
7
Page 8
Safety Warnings
8
ZyXEL NWA-3500 User’s Guide
Page 9

Contents Overview

Contents Overview
Introduction ............................................................................................................................ 31
Introducing the ZyXEL Device ...................................................................................................33
Introducing the Web Configurator .............................................................................................. 43
Status Screens .......................................................................................................................... 47
Tutorial ....................................................................................................................................... 51
The Web Configurator ...........................................................................................................79
System Screens ........................................................................................................................ 81
Wireless Configuration .............................................................................................................. 87
Wireless Security Configuration .............................................................................................. 103
MBSSID and SSID ...................................................................................................................119
Other Wireless Configuration .................................................................................................. 127
IP Screen ................................................................................................................................. 137
Rogue AP ................................................................................................................................ 141
Remote Management Screens ................................................................................................ 147
Internal RADIUS Server .......................................................................................................... 157
Certificates ............................................................................................................................... 163
Log Screens ............................................................................................................................ 181
VLAN ....................................................................................................................................... 187
Maintenance ............................................................................................................................ 205
SMT and Troubleshooting ...................................................................................................215
Introducing the SMT ................................................................................................................ 217
General Setup ......................................................................................................................... 223
LAN Setup ............................................................................................................................... 225
SNMP Configuration ................................................................................................................ 227
System Password .................................................................................................................... 229
System Information and Diagnosis .......................................................................................... 231
Firmware and Configuration File Maintenance ........................................................................ 237
System Maintenance and Information ..................................................................................... 243
Troubleshooting ....................................................................................................................... 251
Appendices and Index ......................................................................................................... 255
ZyXEL NWA-3500 User’s Guide
9
Page 10
Contents Overview
10
ZyXEL NWA-3500 User’s Guide
Page 11

Table of Contents

Table of Contents
About This User's Guide ..........................................................................................................3
Document Conventions............................................................................................................4
Safety Warnings........................................................................................................................6
Contents Overview ...................................................................................................................9
Table of Contents.................................................................................................................... 11
List of Figures ......................................................................................................................... 21
List of Tables...........................................................................................................................27
Part I: Introduction................................................................................. 31
Chapter 1
Introducing the ZyXEL Device...............................................................................................33
1.1 Introducing the ZyXEL Device ............................................................................................ 33
1.2 Applications for the ZyXEL Device ...................................................................................... 33
1.2.1 Access Point .............................................................................................................. 34
1.2.2 Bridge / Repeater ....................................................................................................... 34
1.2.3 AP + Bridge ................................................................................................................ 35
1.2.4 MBSSID ..................................................................................................................... 36
1.2.5 Pre-Configured SSID Profiles .................................................................................... 37
1.2.6 Configuring Dual WLAN Adaptors .............................................................................. 38
1.3 Ways to Manage the ZyXEL Device .................................................................................... 38
1.4 Good Habits for Managing the ZyXEL Device ..................................................................... 39
1.5 Hardware Connections ........................................................................................................ 39
1.6 LEDs .................................................................................................................................... 40
Chapter 2
Introducing the Web Configurator ........................................................................................ 43
2.1 Accessing the Web Configurator ......................................................................................... 43
2.2 Resetting the ZyXEL Device ................................................................................................ 44
2.2.1 Methods of Restoring Factory-Defaults ...................................................................... 45
2.3 Navigating the Web Configurator ......................................................................................... 45
Chapter 3
Status Screens........................................................................................................................ 47
ZyXEL NWA-3500 User’s Guide
11
Page 12
Table of Contents
3.1 The Status Screen ............................................................................................................... 47
Chapter 4
Tutorial ..................................................................................................................................... 51
4.1 How to Configure the Wireless LAN .................................................................................... 51
4.1.1 Choosing the Wireless Mode ..................................................................................... 51
4.1.1.1 Configuring Dual WLAN Adaptors .................................................................... 51
4.1.2 Wireless LAN Configuration Overview ....................................................................... 52
4.1.3 Further Reading ......................................................................................................... 54
4.2 How to Configure Multiple Wireless Networks ..................................................................... 54
4.2.1 Change the Operating Mode ...................................................................................... 55
4.2.2 Configure the VoIP Network ....................................................................................... 57
4.2.2.1 Set Up Security for the VoIP Profile .................................................................. 58
4.2.2.2 Activate the VoIP Profile ................................................................................... 60
4.2.3 Configure the Guest Network ..................................................................................... 60
4.2.3.1 Set Up Security for the Guest Profile ................................................................ 61
4.2.3.2 Set up Layer 2 Isolation .................................................................................... 62
4.2.3.3 Activate the Guest Profile ................................................................................. 63
4.2.4 Testing the Wireless Networks ................................................................................... 63
4.3 How to Set Up and Use Rogue AP Detection ..................................................................... 64
4.3.1 Set Up and Save a Friendly AP list ............................................................................ 66
4.3.2 Activate Periodic Rogue AP Detection ....................................................................... 68
4.3.3 Set Up E-mail Logs .................................................................................................... 69
4.3.4 Configure Your Other Access Points .......................................................................... 70
4.3.5 Test the Setup ............................................................................................................ 70
4.4 Using Multiple MAC Filters and L-2 Isolation Profiles .......................................................... 71
4.4.1 Scenario ..................................................................................................................... 71
4.4.2 Your Requirements ..................................................................................................... 71
4.4.3 Setup .......................................................................................................................... 72
4.4.4 Configure the SERVER_1 Network ............................................................................ 73
4.4.5 Configure the SERVER_2 Network ............................................................................ 75
4.4.6 Checking your Settings and Testing the Configuration .............................................. 76
4.4.6.1 Checking Settings ............................................................................................. 76
4.4.6.2 Testing the Configuration .................................................................................. 76
Part II: The Web Configurator ............................................................... 79
Chapter 5
System Screens ...................................................................................................................... 81
5.1 System Overview ................................................................................................................. 81
5.2 Configuring General Setup ..................................................................................................81
12
ZyXEL NWA-3500 User’s Guide
Page 13
Table of Contents
5.3 Administrator Authentication on RADIUS ............................................................................ 82
5.3.1 Configuring Password ................................................................................................ 82
5.4 Configuring Time Setting .................................................................................................... 84
5.5 Pre-defined NTP Time Servers List ..................................................................................... 86
Chapter 6
Wireless Configuration........................................................................................................... 87
6.1 Wireless LAN Overview ....................................................................................................... 87
6.1.1 BSS ............................................................................................................................ 87
6.1.2 ESS ............................................................................................................................ 88
6.2 Wireless LAN Basics ........................................................................................................... 88
6.3 Quality of Service ................................................................................................................ 89
6.3.1 WMM QoS ..................................................................................................................89
6.3.1.1 WMM QoS Priorities ......................................................................................... 89
6.3.2 ATC ............................................................................................................................ 89
6.3.3 ATC+WMM ................................................................................................................. 90
6.3.3.1 ATC+WMM from LAN to WLAN ........................................................................ 90
6.3.3.2 ATC+WMM from WLAN to LAN ........................................................................ 91
6.3.4 Type Of Service (ToS) ................................................................................................ 91
6.3.4.1 DiffServ ............................................................................................................. 91
6.3.4.2 DSCP and Per-Hop Behavior ........................................................................... 91
6.3.5 ToS (Type of Service) and WMM QoS ....................................................................... 92
6.4 Spanning Tree Protocol (STP) ............................................................................................. 92
6.4.1 Rapid STP .................................................................................................................. 92
6.4.2 STP Terminology ........................................................................................................ 93
6.4.3 How STP Works ......................................................................................................... 93
6.4.4 STP Port States ..........................................................................................................94
6.5 DFS ..................................................................................................................................... 94
6.6 Wireless Screen Overview .................................................................................................. 94
6.7 Configuring Wireless Settings ............................................................................................. 95
6.7.1 Access Point Mode .................................................................................................... 95
6.7.2 Bridge/Repeater Mode ............................................................................................... 97
6.7.3 AP+Bridge Mode ...................................................................................................... 101
6.7.4 MBSSID Mode ......................................................................................................... 101
Chapter 7
Wireless Security Configuration ......................................................................................... 103
7.1 Wireless Security Overview ............................................................................................... 103
7.1.1 Encryption ................................................................................................................ 103
7.1.2 Restricted Access .................................................................................................... 103
7.1.3 Hide Identity ............................................................................................................. 103
7.1.4 WEP Encryption ....................................................................................................... 103
7.2 802.1x Overview ................................................................................................................ 104
ZyXEL NWA-3500 User’s Guide
13
Page 14
Table of Contents
7.3 EAP Authentication Overview ............................................................................................ 104
7.4 Introduction to WPA ........................................................................................................... 104
7.4.1 User Authentication ................................................................................................. 105
7.4.2 Encryption ............................................................................................................... 105
7.4.3 WPA(2)-PSK Application Example ........................................................................... 105
7.5 WPA(2) with External RADIUS Application Example ......................................................... 106
7.6 Security Modes .................................................................................................................. 107
7.7 Wireless Client WPA Supplicants ...................................................................................... 108
7.8 Wireless Security Effectiveness ......................................................................................... 108
7.9 Configuring Security .......................................................................................................... 108
7.9.1 Security: WEP .......................................................................................................... 109
7.9.2 Security: 802.1x Only ................................................................................................110
7.9.3 Security: 802.1x Static 64-bit, 802.1x Static 128-bit ..................................................111
7.9.4 Security: WPA ...........................................................................................................113
7.9.5 Security: WPA2 or WPA2-MIX ...................................................................................113
7.9.6 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX ...................................................115
7.10 Introduction to RADIUS ....................................................................................................116
7.11 Configuring RADIUS .........................................................................................................116
Chapter 8
MBSSID and SSID .................................................................................................................119
8.1 Wireless LAN Infrastructures ..............................................................................................119
8.1.1 MBSSID ....................................................................................................................119
8.1.2 Notes on Multiple BSS ..............................................................................................119
8.1.3 Multiple BSS Example ...............................................................................................119
8.1.4 Multiple BSS with VLAN Example .............................................................................119
8.1.5 Configuring Multiple BSSs ....................................................................................... 120
8.2 SSID .................................................................................................................................. 122
8.2.1 The SSID Screen ..................................................................................................... 122
8.2.2 Configuring SSID ..................................................................................................... 123
Chapter 9
Other Wireless Configuration..............................................................................................127
9.1 Layer-2 Isolation Introduction ............................................................................................ 127
9.2 The Layer-2 Isolation Screen ............................................................................................ 128
9.3 Configuring Layer-2 Isolation ............................................................................................. 129
9.3.1 Layer-2 Isolation Examples ...................................................................................... 130
9.3.1.1 Layer-2 Isolation Example 1 ........................................................................... 131
9.3.1.2 Layer-2 Isolation Example 2 ........................................................................... 131
9.4 The MAC Filter Screen ......................................................................................................132
9.4.1 Configuring MAC Filtering ........................................................................................ 133
9.5 Configuring Roaming ......................................................................................................... 134
9.5.1 Requirements for Roaming ...................................................................................... 135
14
ZyXEL NWA-3500 User’s Guide
Page 15
Table of Contents
Chapter 10
IP Screen................................................................................................................................ 137
10.1 Factory Ethernet Defaults ................................................................................................ 137
10.2 TCP/IP Parameters .........................................................................................................137
10.2.1 WAN IP Address Assignment ................................................................................. 137
10.3 Configuring IP .................................................................................................................. 138
Chapter 11
Rogue AP...............................................................................................................................141
11.1 Rogue AP Introduction .....................................................................................................141
11.2 Rogue AP Examples ........................................................................................................ 141
11.2.1 “Honeypot” Attack ................................................................................................... 142
11.3 Configuring Rogue AP Detection ..................................................................................... 143
11.3.1 Rogue AP: Configuration ........................................................................................ 143
11.3.2 Rogue AP: Friendly AP .......................................................................................... 144
11.3.3 Rogue AP List ........................................................................................................ 145
Chapter 12
Remote Management Screens............................................................................................. 147
12.1 Remote Management Overview ...................................................................................... 147
12.1.1 Remote Management Limitations .......................................................................... 147
12.1.2 System Timeout .................................................................................................... 147
12.2 Configuring Telnet ............................................................................................................ 148
12.3 Configuring FTP .............................................................................................................. 149
12.4 Configuring WWW ...........................................................................................................150
12.5 SNMP .............................................................................................................................. 151
12.5.1 Supported MIBs ..................................................................................................... 152
12.5.2 SNMP Traps ........................................................................................................... 153
12.6 SNMP Traps .................................................................................................................... 153
12.6.1 Configuring SNMP ................................................................................................. 154
Chapter 13
Internal RADIUS Server........................................................................................................157
13.1 Internal RADIUS Overview .............................................................................................. 157
13.2 Internal RADIUS Server Setting ...................................................................................... 157
13.3 Trusted AP Overview .......................................................................................................159
13.4 Configuring Trusted AP ................................................................................................... 160
13.5 Configuring Trusted Users ............................................................................................... 161
Chapter 14
Certificates ............................................................................................................................163
14.1 Certificates Overview ....................................................................................................... 163
14.1.1 Advantages of Certificates ..................................................................................... 164
ZyXEL NWA-3500 User’s Guide
15
Page 16
Table of Contents
14.2 Self-signed Certificates .................................................................................................... 164
14.3 Verifying a Certificate ....................................................................................................... 164
14.3.1 Checking the Fingerprint of a Certificate on Your Computer .................................. 164
14.4 Configuration Summary ................................................................................................... 165
14.5 My Certificates ................................................................................................................. 165
14.6 Certificate File Formats .................................................................................................... 167
14.7 Importing a Certificate ..................................................................................................... 168
14.8 Creating a Certificate ....................................................................................................... 169
14.9 My Certificate Details ....................................................................................................... 171
14.10 Trusted CAs ................................................................................................................... 174
14.11 Importing a Trusted CA’s Certificate .............................................................................. 175
14.12 Trusted CA Certificate Details ....................................................................................... 176
Chapter 15
Log Screens ..........................................................................................................................181
15.1 Configuring View Log ....................................................................................................... 181
15.2 Configuring Log Settings ................................................................................................. 182
15.3 Example Log Messages .................................................................................................. 184
15.4 Log Commands ............................................................................................................... 185
15.4.1 Configuring What You Want the ZyXEL Device to Log .......................................... 185
15.4.2 Displaying Logs ...................................................................................................... 186
15.5 Log Command Example .................................................................................................. 186
Chapter 16
VLAN ...................................................................................................................................... 187
16.1 VLAN ............................................................................................................................... 187
16.1.1 Management VLAN ID ........................................................................................... 187
16.1.2 VLAN Tagging ........................................................................................................ 187
16.2 Configuring VLAN ............................................................................................................ 188
16.2.1 Wireless VLAN ....................................................................................................... 188
16.2.2 RADIUS VLAN ....................................................................................................... 190
16.2.3 Configuring Management VLAN Example ............................................................. 191
16.2.4 Configuring Microsoft’s IAS Server Example ......................................................... 194
16.2.4.1 Configuring VLAN Groups ............................................................................ 194
16.2.4.2 Configuring Remote Access Policies ............................................................ 195
16.2.5 Second Rx VLAN ID Example ................................................................................ 202
16.2.5.1 Second Rx VLAN Setup Example ................................................................ 202
Chapter 17
Maintenance .......................................................................................................................... 205
17.1 Maintenance Overview .................................................................................................... 205
17.2 System Status Screen ..................................................................................................... 205
17.2.1 System Statistics .................................................................................................... 206
16
ZyXEL NWA-3500 User’s Guide
Page 17
Table of Contents
17.3 Association List ................................................................................................................ 207
17.4 Channel Usage ................................................................................................................ 208
17.5 F/W Upload Screen .........................................................................................................209
17.6 Configuration Screen ....................................................................................................... 210
17.6.1 Backup Configuration ..............................................................................................211
17.6.2 Restore Configuration ............................................................................................211
17.6.3 Back to Factory Defaults ........................................................................................ 212
17.7 Restart Screen ................................................................................................................. 213
Part III: SMT and Troubleshooting...................................................... 215
Chapter 18
Introducing the SMT .............................................................................................................217
18.1 Introduction to the SMT ...................................................................................................217
18.2 Accessing the SMT via the Console Port ........................................................................ 217
18.2.1 Initial Screen ..........................................................................................................217
18.2.2 Entering the Password ........................................................................................... 218
18.3 Connect to your ZyXEL Device Using Telnet ................................................................... 219
18.4 Changing the System Password ..................................................................................... 219
18.5 SMT Menu Overview Example ........................................................................................ 220
18.6 Navigating the SMT Interface .......................................................................................... 220
18.6.1 System Management Terminal Interface Summary ............................................... 222
Chapter 19
General Setup........................................................................................................................ 223
19.1 General Setup ................................................................................................................. 223
19.1.1 Procedure To Configure Menu 1 ............................................................................ 223
Chapter 20
LAN Setup.............................................................................................................................. 225
20.1 LAN Setup ....................................................................................................................... 225
20.2 TCP/IP Ethernet Setup .................................................................................................... 225
Chapter 21
SNMP Configuration.............................................................................................................227
21.1 SNMP Configuration ........................................................................................................227
Chapter 22
System Password .................................................................................................................229
22.1 System Password ............................................................................................................ 229
ZyXEL NWA-3500 User’s Guide
17
Page 18
Table of Contents
Chapter 23
System Information and Diagnosis..................................................................................... 231
23.1 System Status .................................................................................................................. 231
23.2 System Information .......................................................................................................... 233
23.2.1 System Information ................................................................................................ 233
23.2.2 Console Port Speed ............................................................................................... 234
23.3 Log and Trace .................................................................................................................. 234
23.3.1 Viewing Error Log ................................................................................................... 234
23.4 Diagnostic ........................................................................................................................ 235
Chapter 24
Firmware and Configuration File Maintenance..................................................................237
24.1 Filename Conventions ..................................................................................................... 237
24.2 Backup Configuration ......................................................................................................238
24.2.1 Using the FTP command from the DOS Prompt .................................................... 238
24.2.2 Backup Configuration Using TFTP ......................................................................... 239
24.2.3 Example: TFTP Command ..................................................................................... 240
24.3 Restore Configuration ..................................................................................................... 240
24.3.1 Using the FTP command from the DOS Prompt Example ..................................... 240
24.3.2 TFTP File Upload ................................................................................................... 241
24.3.3 Example: TFTP Command ..................................................................................... 242
Chapter 25
System Maintenance and Information ................................................................................243
25.1 Command Interpreter Mode ............................................................................................ 243
25.1.1 Command Syntax ................................................................................................... 244
25.1.2 Command Usage ................................................................................................... 244
25.1.3 Brute-Force Password Guessing Protection .......................................................... 244
25.1.3.1 Configuring Brute-Force Password Guessing Protection: Example ............. 244
25.2 Time and Date Setting .....................................................................................................245
25.2.1 Resetting the Time ................................................................................................. 246
25.3 Remote Management Setup ............................................................................................ 246
25.3.1 Telnet ...................................................................................................................... 246
25.3.2 FTP ........................................................................................................................ 247
25.3.3 Web ........................................................................................................................ 247
25.3.4 Remote Management Setup .................................................................................. 247
25.3.5 Remote Management Limitations .......................................................................... 249
25.4 System Timeout ............................................................................................................... 249
Chapter 26
Troubleshooting.................................................................................................................... 251
18
26.1 Power, Hardware Connections, and LEDs ...................................................................... 251
26.2 ZyXEL Device Access and Login .................................................................................... 251
ZyXEL NWA-3500 User’s Guide
Page 19
Table of Contents
26.3 Internet Access ................................................................................................................ 254
Part IV: Appendices and Index ........................................................... 255
Appendix A Product Specifications.......................................................................................257
Appendix B Power over Ethernet (PoE) Specifications ........................................................ 259
Appendix C Power Adaptor Specifications ........................................................................... 261
Appendix D Setting up Your Computer’s IP Address ...........................................................263
Appendix E Wireless LANs ..................................................................................................275
Appendix F Pop-up Windows, JavaScripts and Java Permissions ...................................... 289
Appendix G IP Addresses and Subnetting ...........................................................................295
Appendix H Text File Based Auto Configuration ..................................................................303
Appendix I Legal Information................................................................................................ 311
Appendix J Customer Support .............................................................................................315
Index....................................................................................................................................... 319
ZyXEL NWA-3500 User’s Guide
19
Page 20
Table of Contents
20
ZyXEL NWA-3500 User’s Guide
Page 21

List of Figures

List of Figures
Figure 1 Access Point Application .......................................................................................................... 34
Figure 2 Bridge Application .................................................................................................................... 35
Figure 3 Repeater Application ................................................................................................................ 35
Figure 4 AP+Bridge Application ............................................................................................................. 36
Figure 5 Multiple BSSs ........................................................................................................................... 37
Figure 6 Dual WLAN Adaptors Example ................................................................................................ 38
Figure 7 LEDs ......................................................................................................................................... 40
Figure 8 Change Password Screen ........................................................................................................ 44
Figure 9 Replace Certificate Screen ....................................................................................................... 44
Figure 10 The Status Screen of the Web Configurator ........................................................................... 45
Figure 11 The Status Screen .................................................................................................................. 47
Figure 12 Configuring Wireless LAN ...................................................................................................... 53
Figure 13 Tutorial: Example MBSSID Setup .......................................................................................... 55
Figure 14 Tutorial: Wireless LAN: Before ............................................................................................... 56
Figure 15 Tutorial: Wireless LAN: Change Mode ................................................................................... 56
Figure 16 Tutorial: WIRELESS > SSID .................................................................................................. 57
Figure 17 Tutorial: VoIP SSID Profile Edit .............................................................................................. 58
Figure 18 Tutorial: VoIP Security ............................................................................................................ 59
Figure 19 Tutorial: VoIP Security Profile Edit .......................................................................................... 59
Figure 20 Tutorial: VoIP Security: Updated ............................................................................................ 60
Figure 21 Tutorial: Activate VoIP Profile ................................................................................................. 60
Figure 22 Tutorial: Guest Edit ................................................................................................................. 61
Figure 23 Tutorial: Guest Security Profile Edit ........................................................................................ 61
Figure 24 Tutorial: Guest Security: Updated .......................................................................................... 62
Figure 25 Tutorial: Layer 2 Isolation ....................................................................................................... 62
Figure 26 Tutorial: Layer 2 Isolation Profile ............................................................................................ 63
Figure 27 Tutorial: Activate Guest Profile ............................................................................................... 63
Figure 28 Tutorial: Wireless Network Example ....................................................................................... 65
Figure 29 Tutorial: Friendly AP (Before Data Entry) ............................................................................... 66
Figure 30 Tutorial: Friendly AP (After Data Entry) ................................................................................. 67
Figure 31 Tutorial: Configuration ............................................................................................................ 67
Figure 32 Tutorial: Warning .................................................................................................................... 68
Figure 33 Tutorial: Save Friendly AP list ................................................................................................ 68
Figure 34 Tutorial: Periodic Rogue AP Detection .................................................................................. 68
Figure 35 Tutorial: Log Settings .............................................................................................................. 69
Figure 36 Tutorial: Example Network ..................................................................................................... 71
Figure 37 Tutorial: SSID Profile .............................................................................................................. 73
Figure 38 Tutorial: SSID Edit .................................................................................................................. 74
ZyXEL NWA-3500 User’s Guide
21
Page 22
List of Figures
Figure 39 Tutorial: Layer-2 Isolation Edit ................................................................................................ 74
Figure 40 Tutorial: MAC Filter Edit (SERVER_1) ................................................................................... 75
Figure 41 Tutorial: SSID Profiles Activated ............................................................................................ 76
Figure 42 Tutorial: SSID Tab Correct Settings ........................................................................................ 76
Figure 43 System > General .................................................................................................................. 81
Figure 44 SYSTEM > Password. ............................................................................................................ 83
Figure 45 SYSTEM > Time Setting ........................................................................................................ 84
Figure 46 Basic Service set .................................................................................................................... 87
Figure 47 Extended Service Set ............................................................................................................. 88
Figure 48 DiffServ: Differentiated Service Field ...................................................................................... 91
Figure 49 Wireless: Access Point ........................................................................................................... 95
Figure 50 Bridging Example ................................................................................................................... 97
Figure 51 Bridge Loop: Two Bridges Connected to Hub ........................................................................ 98
Figure 52 Bridge Loop: Bridge Connected to Wired LAN ....................................................................... 98
Figure 53 Wireless: Bridge/Repeater ..................................................................................................... 99
Figure 54 Wireless: AP+Bridge ............................................................................................................ 101
Figure 55 EAP Authentication .............................................................................................................. 104
Figure 56 WPA(2)-PSK Authentication ................................................................................................. 106
Figure 57 WPA(2) with RADIUS Application Example ......................................................................... 107
Figure 58 Wireless > Security ............................................................................................................... 109
Figure 59 WIRELESS > Security: WEP .................................................................................................110
Figure 60 Security: 802.1x Only ...........................................................................................................111
Figure 61 Security: 802.1x Static 64-bit, 802.1x Static 128-bit .............................................................112
Figure 62 Security: WPA ......................................................................................................................113
Figure 63 Security:WPA2 or WPA2-MIX ................................................................................................114
Figure 64 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX ............................................................115
Figure 65 RADIUS .................................................................................................................................116
Figure 66 Multiple BSS with VLAN Example ........................................................................................ 120
Figure 67 Wireless: Multiple BSS ......................................................................................................... 120
Figure 68 SSID ..................................................................................................................................... 123
Figure 69 Configuring SSID .................................................................................................................. 124
Figure 70 Layer-2 Isolation Application ................................................................................................ 128
Figure 71 WIRELESS > Layer 2 Isolation ............................................................................................ 129
Figure 72 WIRELESS > Layer-2 Isolation Configuration Screen ......................................................... 130
Figure 73 Layer-2 Isolation Example Configuration ............................................................................. 131
Figure 74 Layer-2 Isolation Example 1 ................................................................................................. 131
Figure 75 Layer-2 Isolation Example 2 ................................................................................................. 132
Figure 76 WIRELESS > MAC Filter ...................................................................................................... 132
Figure 77 MAC Address Filter .............................................................................................................. 133
Figure 78 Roaming Example ................................................................................................................ 135
Figure 79 Roaming ............................................................................................................................... 136
Figure 80 IP Setup ................................................................................................................................ 138
Figure 81 Rogue AP: Example ............................................................................................................ 142
22
ZyXEL NWA-3500 User’s Guide
Page 23
List of Figures
Figure 82 “Honeypot” Attack ................................................................................................................. 143
Figure 83 ROGUE AP > Configuration ................................................................................................. 144
Figure 84 ROGUE AP > Friendly AP .................................................................................................... 145
Figure 85 ROGUE AP > Rogue AP ...................................................................................................... 146
Figure 86 Telnet Configuration on a TCP/IP Network ........................................................................... 148
Figure 87 Remote Management: Telnet ............................................................................................... 148
Figure 88 Remote Management: FTP .................................................................................................. 149
Figure 89 Remote Management: WWW ...............................................................................................150
Figure 90 SNMP Management Model .................................................................................................. 152
Figure 91 Remote Management: SNMP ..............................................................................................154
Figure 92 Internal RADIUS Server Setting Screen ............................................................................... 158
Figure 93 Trusted AP Overview ............................................................................................................ 160
Figure 94 Trusted AP Screen ............................................................................................................... 161
Figure 95 Trusted Users Screen ........................................................................................................... 162
Figure 96 Certificates on Your Computer ............................................................................................. 164
Figure 97 Certificate Details ................................................................................................................ 165
Figure 98 My Certificates ...................................................................................................................... 166
Figure 99 My Certificate Import ............................................................................................................ 168
Figure 100 My Certificate Create .......................................................................................................... 169
Figure 101 My Certificate Details ......................................................................................................... 172
Figure 102 Trusted CAs ........................................................................................................................ 174
Figure 103 Trusted CA Import .............................................................................................................. 176
Figure 104 Trusted CA Details ............................................................................................................. 177
Figure 105 View Log ............................................................................................................................. 181
Figure 106 Log Settings ....................................................................................................................... 182
Figure 107 WIRELESS VLAN .............................................................................................................. 189
Figure 108 RADIUS VLAN ................................................................................................................... 190
Figure 109 Management VLAN Configuration Example ....................................................................... 192
Figure 110 VLAN-Aware Switch - Static VLAN .....................................................................................192
Figure 111 VLAN-Aware Switch ............................................................................................................ 192
Figure 112 VLAN-Aware Switch - VLAN Status .................................................................................... 193
Figure 113 VLAN Setup ........................................................................................................................ 193
Figure 114 New Global Security Group ............................................................................................... 195
Figure 115 Add Group Members ......................................................................................................... 195
Figure 116 New Remote Access Policy for VLAN Group .................................................................... 196
Figure 117 Specifying Windows-Group Condition ................................................................................ 196
Figure 118 Adding VLAN Group .......................................................................................................... 197
Figure 119 Granting Permissions and User Profile Screens ............................................................... 197
Figure 120 Authentication Tab Settings ................................................................................................ 198
Figure 121 Encryption Tab Settings ..................................................................................................... 198
Figure 122 Connection Attributes Screen ............................................................................................ 199
Figure 123 RADIUS Attribute Screen .................................................................................................. 199
Figure 124 802 Attribute Setting for Tunnel-Medium-Type .................................................................. 200
ZyXEL NWA-3500 User’s Guide
23
Page 24
List of Figures
Figure 125 VLAN ID Attribute Setting for Tunnel-Pvt-Group-ID .......................................................... 200
Figure 126 VLAN Attribute Setting for Tunnel-Type ............................................................................ 201
Figure 127 Completed Advanced Tab .................................................................................................. 201
Figure 128 Second Rx VLAN ID Example ............................................................................................ 202
Figure 129 Configuring SSID: Second Rx VLAN ID Example .............................................................. 203
Figure 130 System Status .................................................................................................................... 205
Figure 131 System Status: Show Statistics .......................................................................................... 206
Figure 132 Association List .................................................................................................................. 207
Figure 133 Channel Usage ................................................................................................................... 208
Figure 134 Firmware Upload ................................................................................................................ 209
Figure 135 Firmware Upload In Process .............................................................................................. 210
Figure 136 Network Temporarily Disconnected ....................................................................................210
Figure 137 Firmware Upload Error ....................................................................................................... 210
Figure 138 Configuration .......................................................................................................................211
Figure 139 Configuration Upload Successful ....................................................................................... 212
Figure 140 Network Temporarily Disconnected ....................................................................................212
Figure 141 Configuration Upload Error ................................................................................................. 212
Figure 142 Reset Warning Message .................................................................................................... 213
Figure 143 Restart Screen ................................................................................................................... 213
Figure 144 Initial Screen ....................................................................................................................... 218
Figure 145 Password Screen .............................................................................................................. 219
Figure 146 Login Screen ...................................................................................................................... 219
Figure 147 Menu 23.1 System Password ............................................................................................. 220
Figure 148 SMT Main Menu ................................................................................................................. 221
Figure 149 Menu 1 General Setup ....................................................................................................... 223
Figure 150 Menu 3 LAN Setup ............................................................................................................ 225
Figure 151 Menu 3.2 TCP/IP Setup ..................................................................................................... 225
Figure 152 Menu 22 SNMP Configuration ............................................................................................ 227
Figure 153 Menu 23 System Security .................................................................................................. 229
Figure 154 Menu 24 System Maintenance ........................................................................................... 231
Figure 155 Menu 24.1 System Maintenance: Status ............................................................................ 232
Figure 156 Menu 24.2 System Information and Console Port Speed .................................................. 233
Figure 157 Menu 24.2.1 System Information: Information ................................................................... 233
Figure 158 Menu 24.2.2 System Maintenance: Change Console Port Speed ..................................... 234
Figure 159 Menu 24.3 System Maintenance: Log and Trace ............................................................... 235
Figure 160 Sample Error and Information Messages ........................................................................... 235
Figure 161 Menu 24.4 System Maintenance: Diagnostic ..................................................................... 235
Figure 162 FTP Session Example ........................................................................................................ 239
Figure 163 FTP Session Example ........................................................................................................ 241
Figure 164 Menu 24 System Maintenance ........................................................................................... 243
Figure 165 Valid CI Commands ............................................................................................................ 244
Figure 166 Menu 24.10 System Maintenance: Time and Date Setting ................................................ 245
Figure 167 Telnet Configuration on a TCP/IP Network ......................................................................... 247
24
ZyXEL NWA-3500 User’s Guide
Page 25
List of Figures
Figure 168 Menu 24.11 Remote Management Control ........................................................................ 248
Figure 169 WIndows 95/98/Me: Network: Configuration ...................................................................... 264
Figure 170 Windows 95/98/Me: TCP/IP Properties: IP Address .......................................................... 265
Figure 171 Windows 95/98/Me: TCP/IP Properties: DNS Configuration .............................................. 266
Figure 172 Windows XP: Start Menu .................................................................................................... 267
Figure 173 Windows XP: Control Panel ............................................................................................... 267
Figure 174 Windows XP: Control Panel: Network Connections: Properties ......................................... 268
Figure 175 Windows XP: Local Area Connection Properties ............................................................... 268
Figure 176 Windows XP: Advanced TCP/IP Settings .......................................................................... 269
Figure 177 Windows XP: Internet Protocol (TCP/IP) Properties .......................................................... 270
Figure 178 Macintosh OS 8/9: Apple Menu .......................................................................................... 271
Figure 179 Macintosh OS 8/9: TCP/IP ................................................................................................. 271
Figure 180 Macintosh OS X: Apple Menu ............................................................................................ 272
Figure 181 Macintosh OS X: Network .................................................................................................. 273
Figure 182 Peer-to-Peer Communication in an Ad-hoc Network ......................................................... 275
Figure 183 Basic Service Set ............................................................................................................... 276
Figure 184 Infrastructure WLAN ........................................................................................................... 277
Figure 185 RTS/CTS ............................................................................................................................ 278
Figure 186 WPA(2) with RADIUS Application Example ....................................................................... 285
Figure 187 WPA(2)-PSK Authentication ............................................................................................... 286
Figure 188 Pop-up Blocker ................................................................................................................... 289
Figure 189 Internet Options: Privacy .................................................................................................... 290
Figure 190 Internet Options: Privacy .................................................................................................... 291
Figure 191 Pop-up Blocker Settings ..................................................................................................... 291
Figure 192 Internet Options: Security ................................................................................................... 292
Figure 193 Security Settings - Java Scripting ....................................................................................... 293
Figure 194 Security Settings - Java ...................................................................................................... 293
Figure 195 Java (Sun) .......................................................................................................................... 294
Figure 196 Network Number and Host ID ............................................................................................ 296
Figure 197 Subnetting Example: Before Subnetting ............................................................................ 298
Figure 198 Subnetting Example: After Subnetting ............................................................................... 299
Figure 199 Text File Based Auto Configuration .................................................................................... 303
Figure 200 Configuration File Format ................................................................................................... 305
Figure 201 WEP Configuration File Example ....................................................................................... 306
Figure 202 802.1X Configuration File Example .................................................................................... 307
Figure 203 WPA-PSK Configuration File Example ............................................................................... 307
Figure 204 WPA Configuration File Example ....................................................................................... 308
Figure 205 Wlan Configuration File Example ....................................................................................... 309
ZyXEL NWA-3500 User’s Guide
25
Page 26
List of Figures
26
ZyXEL NWA-3500 User’s Guide
Page 27

List of Tables

List of Tables
Table 1 LEDs ......................................................................................................................................... 40
Table 2 The Status Screen .................................................................................................................... 48
Table 3 Tutorial: Example Information ................................................................................................... 55
Table 4 Tutorial: Rogue AP Example Information .................................................................................. 65
Table 5 Tutorial: Friendly AP Information ............................................................................................... 66
Table 6 Tutorial: SSID Profile Security Settings ..................................................................................... 72
Table 7 Tutorial: Example Network MAC Addresses ............................................................................. 72
Table 8 Tutorial: Example User MAC Addresses ................................................................................... 72
Table 9 Tutorial: SERVER_2 Network Information ................................................................................75
Table 10 System > General ................................................................................................................... 81
Table 11 Password ................................................................................................................................ 83
Table 12 SYSTEM > Time Setting ......................................................................................................... 85
Table 13 Default Time Servers .............................................................................................................. 86
Table 14 WMM QoS Priorities ............................................................................................................... 89
Table 15 Typical Packet Sizes ............................................................................................................... 90
Table 16 Automatic Traffic Classifier Priorities ...................................................................................... 90
Table 17 ATC + WMM Priority Assignment (LAN to WLAN) .................................................................. 91
Table 18 ATC + WMM Priority Assignment (WLAN to LAN) .................................................................. 91
Table 19 ToS and IEEE 802.1d to WMM QoS Priority Level Mapping .................................................. 92
Table 20 STP Path Costs ...................................................................................................................... 93
Table 21 STP Port States ...................................................................................................................... 94
Table 22 Wireless: Access Point ........................................................................................................... 95
Table 23 Wireless: Bridge/Repeater ...................................................................................................... 99
Table 24 Security Modes ..................................................................................................................... 107
Table 25 Wireless Security Levels ....................................................................................................... 108
Table 26 WIRELESS > Security .......................................................................................................... 109
Table 27 Security: WEP ........................................................................................................................110
Table 28 Security: 802.1x Only .............................................................................................................111
Table 29 Security: 802.1x Static 64-bit, 802.1x Static 128-bit ...............................................................11 2
Table 30 Security: WPA ........................................................................................................................113
Table 31 Security: WPA2 or WPA2-MIX ...............................................................................................114
Table 32 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX ............................................................115
Table 33 RADIUS .................................................................................................................................116
Table 34 Wireless: Multiple BSS .......................................................................................................... 121
Table 35 SSID ...................................................................................................................................... 123
Table 36 Configuring SSID .................................................................................................................. 124
Table 37 WIRELESS > Layer-2 Isolation ............................................................................................. 129
Table 38 WIRELESS > Layer-2 Isolation Configuration ...................................................................... 130
ZyXEL NWA-3500 User’s Guide
27
Page 28
List of Tables
Table 39 WIRELESS > MAC Filter ...................................................................................................... 133
Table 40 MAC Address Filter ............................................................................................................... 134
Table 41 Private IP Address Ranges ................................................................................................... 137
Table 42 IP Setup ................................................................................................................................ 138
Table 43 ROGUE AP > Configuration .................................................................................................. 144
Table 44 ROGUE AP > Friendly AP .................................................................................................... 145
Table 45 ROGUE AP > Rogue AP ....................................................................................................... 146
Table 46 Remote Management Overview ...........................................................................................147
Table 47 Remote Management: Telnet ................................................................................................ 148
Table 48 Remote Management: FTP ................................................................................................... 149
Table 49 Remote Management: WWW ...............................................................................................150
Table 50 SNMP Traps .......................................................................................................................... 153
Table 51 SNMP Interface Index to Physical and Virtual Port Mapping ................................................ 153
Table 52 Remote Management: SNMP ............................................................................................... 154
Table 53 Internal RADIUS Server Setting Screen Setting ................................................................... 158
Table 54 Trusted AP ............................................................................................................................ 161
Table 55 Trusted Users ........................................................................................................................ 162
Table 56 My Certificates ...................................................................................................................... 166
Table 57 My Certificate Import ............................................................................................................. 168
Table 58 My Certificate Create ............................................................................................................ 169
Table 59 My Certificate Details ............................................................................................................ 172
Table 60 Trusted CAs .......................................................................................................................... 175
Table 61 Trusted CA Import ................................................................................................................. 176
Table 62 Trusted CA Details ................................................................................................................ 177
Table 63 View Log ............................................................................................................................... 181
Table 64 Log Settings .......................................................................................................................... 183
Table 65 System Maintenance Logs .................................................................................................... 184
Table 66 ICMP Notes ........................................................................................................................... 184
Table 67 Sys log .................................................................................................................................. 185
Table 68 Log Categories and Available Settings ................................................................................. 185
Table 69 WIRELESS VLAN ................................................................................................................. 189
Table 70 RADIUS VLAN ...................................................................................................................... 191
Table 71 Standard RADIUS Attributes ................................................................................................. 194
Table 72 System Status ....................................................................................................................... 205
Table 73 System Status: Show Statistics ............................................................................................. 206
Table 74 Association List ..................................................................................................................... 207
Table 75 Channel Usage ..................................................................................................................... 208
Table 76 Firmware Upload ................................................................................................................... 209
Table 77 Restore Configuration ............................................................................................................211
Table 78 SMT Menus Overview ........................................................................................................... 220
Table 79 Main Menu Commands ......................................................................................................... 221
Table 80 Main Menu Summary ............................................................................................................ 222
Table 81 Menu 1 General Setup .......................................................................................................... 223
28
ZyXEL NWA-3500 User’s Guide
Page 29
List of Tables
Table 82 Menu 3.2 TCP/IP Setup ........................................................................................................ 226
Table 83 Menu 22 SNMP Configuration .............................................................................................. 227
Table 84 Menu 24.1 System Maintenance: Status .............................................................................. 232
Table 85 Menu 24.2.1 System Maintenance: Information ................................................................... 233
Table 86 Menu 24.4 System Maintenance Menu: Diagnostic .............................................................. 236
Table 87 Filename Conventions .......................................................................................................... 238
Table 88 General Commands for Third Party FTP Clients .................................................................. 239
Table 89 General Commands for Third Party TFTP Clients ................................................................ 240
Table 90 Brute-Force Password Guessing Protection Commands ..................................................... 244
Table 91 System Maintenance: Time and Date Setting ....................................................................... 245
Table 92 Menu 24.11 Remote Management Control ........................................................................... 248
Table 93 Hardware Specifications ....................................................................................................... 257
Table 94 Firmware Specifications ........................................................................................................ 257
Table 95 Power over Ethernet Injector Specifications ........................................................................ 259
Table 96 Power over Ethernet Injector RJ-45 Port Pin Assignments .................................................. 259
Table 97 North American Plug Standards ............................................................................................ 261
Table 98 European Plug Standards ..................................................................................................... 261
Table 99 United Kingdom Plug Standards ........................................................................................... 261
Table 100 Australia and New Zealand Plug Standards ....................................................................... 261
Table 101 IEEE 802.11g ...................................................................................................................... 279
Table 102 Wireless Security Levels ..................................................................................................... 280
Table 103 Comparison of EAP Authentication Types .......................................................................... 283
Table 104 Wireless Security Relational Matrix .................................................................................... 286
Table 105 Subnet Masks ..................................................................................................................... 296
Table 106 Subnet Masks ..................................................................................................................... 297
Table 107 Maximum Host Numbers .................................................................................................... 297
Table 108 Alternative Subnet Mask Notation ....................................................................................... 297
Table 109 Subnet 1 .............................................................................................................................. 299
Table 110 Subnet 2 .............................................................................................................................. 300
Table 111 Subnet 3 .............................................................................................................................. 300
Table 112 Subnet 4 .............................................................................................................................. 300
Table 113 Eight Subnets ...................................................................................................................... 300
Table 114 24-bit Network Number Subnet Planning ............................................................................ 301
Table 115 16-bit Network Number Subnet Planning ............................................................................ 301
Table 116 Auto Configuration by DHCP .............................................................................................. 304
Table 117 Manual Configuration .......................................................................................................... 304
Table 118 Configuration via SNMP ...................................................................................................... 304
Table 119 Displaying the File Version .................................................................................................. 305
Table 120 Displaying the File Version .................................................................................................. 305
Table 121 Displaying the Auto Configuration Status ............................................................................306
ZyXEL NWA-3500 User’s Guide
29
Page 30
List of Tables
30
ZyXEL NWA-3500 User’s Guide
Page 31
PART I

Introduction

Introducing the ZyXEL Device (33)
Introducing the Web Configurator (43)
Status Screens (47)
Tutorial (51)
31
Page 32
32
Page 33
CHAPTER 1

Introducing the ZyXEL Device

This chapter introduces the main applications and features of the ZyXEL Device. It also introduces the ways you can manage the ZyXEL Device.

1.1 Introducing the ZyXEL Device

Your ZyXEL Device extends the range of your existing wired network without additional wiring, providing easy network access to mobile users.
It is highly versatile, featuring dual wireless modules and supporting up to sixteen BSSIDs simultaneously. The Quality of Service (QoS) features allow you to prioritize time-sensitive or highly important applications such as VoIP.
Multiple security profiles allow you to easily assign different types of security to groups of users. The ZyXEL Device controls network access with MAC address filtering, rogue AP detection, layer 2 isolation and an internal authentication server. It also provides a high level of network traffic security, supporting IEEE 802.1x, Wi-Fi Protected Access (WPA), WPA2 and WEP data encryption.
Your ZyXEL Device is easy to install, configure and use. The embedded Web-based configurator enables simple, straightforward management and maintenance.
See the Quick Start Guide for instructions on how to make hardware connections.

1.2 Applications for the ZyXEL Device

The ZyXEL Device can be configured to use the following WLAN operating modes
1 AP 2 AP+Bridge 3 Bridge/Repeater 4 MBSSID
Applications for each operating mode are shown below.
" A different channel should be configured for each WLAN interface to reduce the
effects of radio interference.
ZyXEL NWA-3500 User’s Guide
33
Page 34
Chapter 1 Introducing the ZyXEL Device
1.2.1 Access Point
The ZyXEL Device is an ideal access solution for wireless Internet connection. A typical Internet access application for your ZyXEL Device is shown as follows. Stations A, B and C can access the wired network through the ZyXEL Devices.
Figure 1 Access Point Application
1.2.2 Bridge / Repeater
The ZyXEL Device can act as a wireless network bridge and establish wireless links with other APs. In the figure below, the two ZyXEL Devices (A and B) are connected to independent wired networks and have a bridge connection (A can communicate with B) at the same time. A ZyXEL Device in repeater mode (C) has no Ethernet connection. When the ZyXEL Device is in bridge mode, you should enable STP to prevent bridge loops.
When the ZyXEL Device is in Bridge / Repeater mode, security between APs (the Wireless Distribution System or WDS) is independent of the security between the wireless stations and the AP. If you do not enable WDS security, traffic between APs is not encrypted. When WDS security is enabled, both APs must use the same pre-shared key. See Section 6.7.2 on page 97 for more details.
Once the security settings of peer sides match one another, the connection between devices is made.
At the time of writing, WDS security is compatible with other ZyXEL access points only. Refer to your other access point’s documentation for details.
34
ZyXEL NWA-3500 User’s Guide
Page 35
Figure 2 Bridge Application
Chapter 1 Introducing the ZyXEL Device
Figure 3 Repeater Application
1.2.3 AP + Bridge
In AP+Bridge mode, the ZyXEL Device supports both AP and bridge connection at the same time.
ZyXEL NWA-3500 User’s Guide
35
Page 36
Chapter 1 Introducing the ZyXEL Device
In the figure below, A and B use X as an AP to access the wired network, while X and Y communicate in bridge mode.
When the ZyXEL Device is in AP + Bridge mode, security between APs (the Wireless Distribution System or WDS) is independent of the security between the wireless stations and the AP. If you do not enable WDS security, traffic between APs is not encrypted. When WDS security is enabled, both APs must use the same pre-shared key. See Section 6.7.3 on page 101 for more details.
Unless specified, the term “security settings” refers to the traffic between the wireless stations and the ZyXEL Device.
Figure 4 AP+Bridge Application
1.2.4 MBSSID
A BSS (Basic Service Set) is the set of devices forming a single wireless network (usually an access point and one or more wireless clients). An SSID (Service Set IDentifier) is the name of a BSS. In MBSSID (Multiple BSS) mode, the ZyXEL Device provides multiple virtual APs, each forming its own BSS and using its own individual SSID profile.
You can configure up to sixteen SSID profiles, and have up to eight active at any one time.
You can assign different wireless and security settings to each SSID profile. This allows you to compartmentalize groups of users, set varying access privileges, and prioritize network traffic to and from certain BSSs.
To the wireless clients in the network, each SSID appears to be a different access point. As in any wireless network, clients can associate only with the SSIDs for which they have the correct security settings.
36
ZyXEL NWA-3500 User’s Guide
Page 37
Chapter 1 Introducing the ZyXEL Device
For example, you might want to set up a wireless network in your office where Internet telephony (Voice over IP, or VoIP) users have priority. You also want a regular wireless network for standard users, as well as a ‘guest’ wireless network for visitors. In the following figure, VoIP_SSID users have Quality of Service (QoS) priority, SSID03 is the wireless network for standard users, and Guest_SSID is the wireless network for guest users. In this example, the guest user is forbidden access to the wired LAN behind the AP and can access only the Internet.
Figure 5 Multiple BSSs
1.2.5 Pre-Configured SSID Profiles
The ZyXEL Device has two pre-configured SSID profiles.
1 VoIP_SSID. This profile is intended for use by wireless clients requiring the highest
QoS (Quality of Service) level for VoIP (Voice over IP) telephony and other applications requiring low latency. The QoS level of this profile is not user-configurable. See Section
6.3.1 on page 89 for more information on QoS.
2 Guest_SSID. This profile is intended for use by visitors and others who require access
to certain resources on the network (an Internet gateway or a network printer, for example) but must not have access to the rest of the network. Layer 2 isolation is enabled (see Section 9.1 on page 127), and QoS is set to NONE. Intra-BSS traffic blocking is also enabled (see Section 6.1.1 on page 87). These fields are all user-configurable.
ZyXEL NWA-3500 User’s Guide
37
Page 38
Chapter 1 Introducing the ZyXEL Device
1.2.6 Configuring Dual WLAN Adaptors
The ZyXEL Device is equipped with dual wireless adaptors. This means you can configure two different wireless networks to operate simultaneously.
In the following example, the ZyXEL Device (Z) uses WLAN1 in AP+Bridge mode to allow IEEE 802.11b/g APs and clients to communicate with the wired network, and WLAN2 in AP mode to allow IEEE 802.11a clients to access the wired network.
Figure 6 Dual WLAN Adaptors Example

1.3 Ways to Manage the ZyXEL Device

Use any of the following methods to manage the ZyXEL Device.
• Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser.
• Command Line Interface. Line commands are mostly used for troubleshooting by service engineers.
• SMT. System Management Terminal is a text-based configuration menu that you can use to configure your device. Use Telnet to access the SMT.
• FTP for firmware upgrades and configuration backup and restore.
• SNMP. The device can be monitored by an SNMP manager. See the SNMP chapter in this User’s Guide.
38
ZyXEL NWA-3500 User’s Guide
Page 39
Chapter 1 Introducing the ZyXEL Device

1.4 Good Habits for Managing the ZyXEL Device

Do the following things regularly to make the ZyXEL Device more secure and to manage it more effectively.
• Change the password often. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.
• Write down the password and put it in a safe place.
• Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the ZyXEL Device to its factory default settings. If you backed up an earlier configuration file, you won’t have to totally re-configure the ZyXEL Device; you can simply restore your last configuration.

1.5 Hardware Connections

See your Quick Start Guide for information on making hardware connections.
" Your ZyXEL Device has two wireless LAN adaptors, WLAN1 and WLAN2.
WLAN1 uses the antenna on the right (when facing the device) and WLAN2 uses the antenna on the left. If you connect only one antenna, you can use only the associated wireless LAN adaptor.
ZyXEL NWA-3500 User’s Guide
39
Page 40
Chapter 1 Introducing the ZyXEL Device

1.6 LEDs

Figure 7 LEDs
Table 1 LEDs
LABEL LED COLOR STATUS DESCRIPTION
1 WL1 Green On The wireless adaptor WLAN1 is active.
Blinking The wireless adaptor WLAN1 is active, and transmitting
or receiving data.
Off The wireless adaptor WLAN1 is not active.
40
ZyXEL NWA-3500 User’s Guide
Page 41
Chapter 1 Introducing the ZyXEL Device
Table 1 LEDs (continued)
LABEL LED COLOR STATUS DESCRIPTION
2 WDS/SYS Green On The ZyXEL Device is in AP+Bridge or Bridge/Repeater
mode, and has successfully established a Wireless Distribution System (WDS) connection.
Red Flashing The ZyXEL Device is starting up.
Off Either
The ZyXEL Device is in Access Point or MBSSID mode and is functioning normally.
The ZyXEL Device is in AP+Bridge or Bridge/ Repeater mode and has not established a Wireless Distribution System (WDS) connection.
or
The ZyXEL Device is not receiving power.
3 WL2 Green On The wireless adaptor WLAN2 is active.
Blinking The wireless adaptor WLAN2 is active, and transmitting
or receiving data.
Off The wireless adaptor WLAN2 is not active.
4 ZyAIR Blue On The ZyXEL Device is receiving power.
You can turn the ZyAIR LED off and on using the Web configurator. See Section 6.7.1 on page 95.
Blinking The ZyXEL Device is receiving power and transmitting
Off Either
5 ETHERNET Green On The ZyXEL Device has a 10 Mbps Ethernet connection.
Blinking The ZyXEL Device has a 10 Mbps Ethernet connection
Yellow On The ZyXEL Device has a 100 Mbps Ethernet
Blinking The ZyXEL Device has a 100 Mbps Ethernet connection
Off The ZyXEL Device does not have an Ethernet
data to or receiving data from its wireless stations.
The ZyXEL Device is not receiving power.
or
The ZyAIR LED has been disabled. See Section
6.7.1 on page 95 for how to enable the ZyAIR LED.
and is sending or receiving data.
connection.
and is sending/receiving data.
connection.
ZyXEL NWA-3500 User’s Guide
41
Page 42
Chapter 1 Introducing the ZyXEL Device
42
ZyXEL NWA-3500 User’s Guide
Page 43
CHAPTER 2
Introducing the Web
Configurator
This chapter describes how to access the ZyXEL Device’s web configurator and provides an overview of its screens.

2.1 Accessing the Web Configurator

1 Make sure your hardware is properly connected and prepare your computer or computer
network to connect to the ZyXEL Device (refer to the Quick Start Guide).
2
Launch your web browser.
3
Type "192.168.1.2" as the URL (default).
4
Type "1234" (default) as the password and click Login. In some versions, the default
password appears automatically - if this is the case, click Login.
5
You should see a screen asking you to change your password (highly recommended) as
shown next. Type a new password (and retype it to confirm) then click Apply. Alternatively, click Ignore.
" If you do not change the password, the following screen appears every time
you login.
ZyXEL NWA-3500 User’s Guide
43
Page 44
Chapter 2 Introducing the Web Configurator
Figure 8 Change Password Screen
6 Click Apply in the Replace Certificate screen to create a certificate using your ZyXEL
Device’s MAC address that will be specific to this device.
Figure 9 Replace Certificate Screen
You should now see the Status screen. See Chapter 2 on page 43 for details about the Status screen.
" The management session automatically times out when the time period set in
the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyXEL Device if this happens.

2.2 Resetting the ZyXEL Device

If you forget your password or cannot access the web configurator, you will need to use the RESET button. This replaces the current configuration file with the factory-default configuration file. This means that you will lose all the settings you previously configured. The password will be reset to 1234.
44
ZyXEL NWA-3500 User’s Guide
Page 45
Chapter 2 Introducing the Web Configurator
2.2.1 Methods of Restoring Factory-Defaults
You can erase the current configuration and restore factory defaults in three ways:
Use the RESET button to upload the default configuration file. Hold this button in for about 10 seconds (the lights will begin to blink). Use this method for cases when the password or IP address of the ZyXEL Device is not known.
Use the web configurator to restore defaults (refer to Chapter 17 on page 205).
Transfer the configuration file to your ZyXEL Device using FTP. See the section on SMT configuration for more information.

2.3 Navigating the Web Configurator

The following summarizes how to navigate the web configurator from the Status screen.
Click LOGOUT at any time to exit the web configurator.
Check the status bar at the bottom of the screen when you click Apply or OK to verify that the configuration has been updated.
Figure 10 The Status Screen of the Web Configurator
Click the links on the left of the screen to configure advanced features such as SYSTEM (General Setup, Password and Time Zone), WIRELESS (Wireless, SSID, Security, RADIUS, Layer-2 Isolation, MAC Filter), IP, ROGUE AP (Configuration, Friendly AP, Rogue AP), REMOTE MGNT (Telnet, FTP, WWW and SNMP), AUTH. SERVER (Setting, Trusted AP, Trusted Users), CERTIFICATES (My Certificates, Trusted CAs), LOGS (View Logs and Log Settings) and VLAN (Wireless VLAN and RADIUS VLAN).
ZyXEL NWA-3500 User’s Guide
45
Page 46
Chapter 2 Introducing the Web Configurator
Click MAINTENANCE to view information about your ZyXEL Device or upgrade configuration and firmware files. Maintenance features include Status (Statistics), Association List, Channel Usage, F/W (firmware) Upload, Configuration (Backup, Restore and Default) and Restart.
46
ZyXEL NWA-3500 User’s Guide
Page 47
CHAPTER 3

Status Screens

The Status screen displays when you log into the ZyXEL Device, or click Status in the navigation menu.
Use the Status screens to look at the current status of the device, system resources, interfaces and SSID status. The Status screen also provides detailed information about associated wireless clients, channel usage, logs and detected rogue APs.

3.1 The Status Screen

Cluck Status. The following screen displays.
Figure 11 The Status Screen
ZyXEL NWA-3500 User’s Guide
47
Page 48
Chapter 3 Status Screens
The following table describes the labels in this screen.
Table 2 The Status Screen
LABEL DESCRIPTION
Automatic Refresh Interval
Refresh Click this to update this screen immediately.
System Information
System Name This field displays the ZyXEL Device system name. It is used for
Model This field displays the ZyXEL Device’s exact model name.
Firmware Version This field displays the current version of the firmware inside the device. It
System Up Time This field displays the elapsed time since the ZyXEL Device was turned on.
Current Date Time This field displays the date and time configured on the ZyXEL Device. You
WLAN1 Operating Mode
WLAN2 Operating Mode
Management VLAN This field displays the management VLAN ID if VLAN is active, or
IP This field displays the current IP address of the ZyXEL Device on the
LAN MAC This displays the MAC (Media Access Control) address of the ZyXEL
WLAN1 MAC This displays the MAC address of the first wireless module.
WLAN2 MAC This displays the MAC address of the second wireless module.
System Resources
Flash This field displays the amount of the ZyXEL Device’s flash memory
Memory This field displays what percentage of the ZyXEL Device’s volatile memory
CPU This field displays what percentage of the ZyXEL Device’s processing
WLAN1 Associations This field displays the number of wireless clients currently associated to
Enter how often you want the ZyXEL Device to update this screen.
identification. You can change this in the System > General screen’s System Name field.
also shows the date the firmware version was created. You can change the firmware version by uploading new firmware in Maintenance > F/W Upload.
can change this in the System > Time Setting screen.
This field displays the current operating mode of the first wireless module (AP, Bridge / Repeater, AP + Bridge or MBSSID). You can change the operating mode in the Wireless > Wireless screen.
This field displays the current operating mode of the second wireless module (AP, Bridge / Repeater, AP + Bridge or MBSSID). You can change the operating mode in the Wireless > Wireless screen.
Disabled if it is not active. You can enable or disable VLAN, or change the management VLAN ID, in the VLAN > Wireless VLAN screen.
network.
Device on the LAN. Every network device has a unique MAC address which identifies it across the network. Your ZyXEL Device features dual wireless module, and has two MAC addresses. The MAC address of the first wireless module (WLAN1) is used on the LAN.
currently in use. The flash memory is used to store firmware and SSID profiles.
is currently in use. The higher the memory usage, the more likely the ZyXEL Device is to slow down. Some memory is required just to start the ZyXEL Device and to run the web configurator.
ability is currently being used. The higher the CPU usage, the more likely the ZyXEL Device is to slow down.
the first wireless module. Each wireless module supports up to 128 concurrent associations.
48
ZyXEL NWA-3500 User’s Guide
Page 49
Chapter 3 Status Screens
Table 2 The Status Screen
LABEL DESCRIPTION
WLAN2 Associations This field displays the number of wireless clients currently associated to
the second wireless module. Each wireless module supports up to 128 concurrent associations.
Interface Status
Interface This column displays each interface of the ZyXEL Device.
Status This field indicates whether or not the ZyXEL Device is using the interface.
For each interface, this field displays Up when the ZyXEL Device is using the interface and Down when the ZyXEL Device is not using the interface.
Rate For the LAN port this displays the port speed and duplex setting.
For the WLAN1 and WLAN2 interfaces, it displays the downstream and upstream transmission rate or N/A if the interface is not in use.
SSID Status
Interface This column displays each of the ZyXEL Device’s wireless interfaces,
WLAN1 and WLAN2.
SSID This field displays each of the SSIDs currently used by each wireless
BSSID This field displays the MAC address of the wireless adaptor.
Security This field displays the type of wireless security used by each SSID.
VLAN This field displays the VLAN ID of each SSID in use, or Disabled if the
System Status
Show Statistics Click this link to view port status and packet specific statistics. See Section
Association List Click this to see a list of wireless clients currently associated to each of the
Channel Usage Click this to see which wireless channels are currently in use in the local
Logs Click this to see a list of logs produced by the ZyXEL Device. See Chapter
Rogue AP Click this to see a list of unauthorized access points in the local area. See
module.
SSID does not use VLAN.
17.2 on page 205.
ZyXEL Device’s wireless modules. See Section 17.3 on page 207.
area. See Section 17.4 on page 208.
15 on page 181.
Section 11.3.3 on page 145.
ZyXEL NWA-3500 User’s Guide
49
Page 50
Chapter 3 Status Screens
50
ZyXEL NWA-3500 User’s Guide
Page 51
CHAPTER 4

Tutorial

This chapter first provides an overview of how to configure the wireless LAN on your ZyXEL Device, and then gives step-by-step guidelines showing how to configure your ZyXEL Device for some example scenarios.

4.1 How to Configure the Wireless LAN

This section shows how to choose which wireless operating mode you should use on the ZyXEL Device, and the steps you should take to set up the wireless LAN in each wireless mode. See Section 4.1.3 on page 54 for links to more information on each step.
4.1.1 Choosing the Wireless Mode
•Use Access Point operating mode if you want to allow wireless clients to access your wired network, all using the same security and Quality of Service (QoS) settings. See
Section 1.2.1 on page 34 for details.
•Use Bridge/Repeater operating mode if you want to use the ZyXEL Device to communicate with other access points. See Section 1.2.2 on page 34 for details.
The ZyXEL Device is a bridge when other APs access your wired Ethernet network through the ZyXEL Device.
The ZyXEL Device is a repeater when it has no Ethernet connection and allows other APs to communicate with one another through the ZyXEL Device.
•Use AP+Bridge operating mode if you want to use the ZyXEL Device as an access point (see above) while also communicating with other access points. See Section 1.2.3 on page
35 for details.
•Use MBSSID operating mode if you want to use the ZyXEL Device as an access point with some groups of users having different security or QoS settings from other groups of users. See Section 1.2.4 on page 36 for details.
4.1.1.1 Configuring Dual WLAN Adaptors
The ZyXEL Device is equipped with dual wireless adaptors. This means you can configure two different wireless networks to operate simultaneously. See Section 1.2.6 on page 38 for details.
You can configure each wireless adaptor separately in the WIRELESS > Wireless screen. To configure the first wireless network, select WLAN1 in the WLAN Adaptor field and follow the steps in Section 4.1.2 on page 52. Then, select WLAN2 in the WLAN Adaptor field and follow the same procedure to configure the second network.
ZyXEL NWA-3500 User’s Guide
51
Page 52
Chapter 4 Tutorial
4.1.2 Wireless LAN Configuration Overview
The following figure shows the steps you should take to configure the wireless settings according to the operating mode you select. Use the Web Configurator to set up your ZyXEL Device’s wireless network (see your Quick Start Guide for information on setting up your ZyXEL Device and accessing the Web Configurator).
52
ZyXEL NWA-3500 User’s Guide
Page 53
Figure 12 Configuring Wireless LAN
Select the WLAN Adaptor you want to configure.
Select Operating Mode.
Chapter 4 Tutorial
Access Point
Mode.
Select 802.11
Mode and Channel ID.
Select SSID Profile.
Configure SSID Profile.
Edit Security Profile.
Configure RADIUS authentication (optional).
Configure internal AUTH. SERVER (optional).
Configure Layer 2 Isolation (optional).
Configure MAC Filter (optional).
Bridge / Repeater Mode.
Select 802.11 Mode and Channel ID.
Configure
WDS Security.
AP + Bridge
Mode.
Select 802.11 Mode and Channel ID.
Configure WDS Security.
Select SSID Profile.
Configure SSID Profile.
Edit Security Profile.
Configure RADIUS authentication (optional).
Configure internal AUTH.
SERVER (optional).
Configure Layer 2 Isolation (optional).
Configure MAC Filter
(optional).
MBSSID
Mode.
Select 802.11
Mode and Channel ID.
Select SSID Profiles
Configure each SSID Profile.
Configure each Security Profile.
Configure RADIUS authentication (optional).
Configure internal
AUTH. SERVER
(optional).
Configure Layer 2 Isolation (optional).
Configure MAC Filter (optional).
.
ZyXEL NWA-3500 User’s Guide
Check your settings and test.
53
Page 54
Chapter 4 Tutorial
4.1.3 Further Reading
Use these links to find more information on the steps:
• Selecting a WLAN Adaptor: see Section 6.7.1 on page 95.
• Choosing 802.11 Mode: see Section 6.7.1 on page 95.
• Choosing a wireless Channel ID: see Section 6.7.1 on page 95.
• Selecting and configuring SSID profile(s): see Section 6.7.1 on page 95 and Section 8.2.1
on page 122.
• Configuring and activating WDS Security: see Section 6.7.2 on page 97.
• Editing Security Profile(s): see Section 7.9 on page 108.
• Configuring an external RADIUS server: see Section 7.11 on page 116.
• Configuring and activating the internal AUTH. SERVER: see Section 7.4.1 on page 105 and Chapter 13 on page 157.
• Configuring Layer 2 Isolation: see Section 9.3 on page 129.
• Configuring MAC Filtering: see Section 9.4 on page 132.

4.2 How to Configure Multiple Wireless Networks

In this example, you have been using your ZyXEL Device as an access point for your office network (See your Quick Start Guide for information on how to set up your ZyXEL Device in Access Point mode). Now your network is expanding and you want to make use of the MBSSID feature (see Section 8.1 on page 119) to provide multiple wireless networks. Each wireless network will cater for a different type of user.
You want to make three wireless networks: one standard office wireless network with all the same settings you already have, another wireless network with high Quality of Service (QoS) settings for Voice over IP users, and a guest network that allows visitors to your office to access only the Internet and the network printer.
To do this, you will take the following steps:
1 Change the operating mode from Access Point to MBSSID and reactivate the standard
network.
2 Configure a wireless network for Voice over IP users. 3 Configure a wireless network for guests to your office.
The following figure shows the multiple networks you want to set up. Your ZyXEL Device is marked Z, the main network router is marked A, and your network printer is marked B.
54
ZyXEL NWA-3500 User’s Guide
Page 55
Figure 13 Tutorial: Example MBSSID Setup
Chapter 4 Tutorial
The standard network (SSID04) has access to all resources. The VoIP network (VoIP_SSID) has access to all resources and a high Quality of Service (QoS) setting (see Section 6.3 on page
89 for information on QoS). The guest network (Guest_SSID) has access to the Internet and
the network printer only, and a low QoS setting.
To configure these settings, you need to know the MAC (Media Access Control) addresses of the devices you want to allow users of the guest network to access. The following table shows the addresses used in this example.
Table 3 Tutorial: Example Information
Network router (A) MAC address 00:AA:00:AA:00:AA
Network printer (B) MAC address AA:00:AA:00:AA:00
4.2.1 Change the Operating Mode
Log in to the ZyXEL Device (see Section 2.1 on page 43). Click WIRELESS > Wireless. The Wireless screen appears. In this example, the ZyXEL Device is using WLAN adaptor 1 in Access Point operating mode, and is currently set to use the SSID04 profile.
ZyXEL NWA-3500 User’s Guide
55
Page 56
Chapter 4 Tutorial
Figure 14 Tutorial: Wireless LAN: Before
Select MBSSID from the Operating Mode drop-down list box. The screen displays as follows.
Figure 15 Tutorial: Wireless LAN: Change Mode
56
This Select SSID Profile table allows you to activate or deactivate SSID profiles. Your wireless network was previously using the SSID04 profile, so select SSID04 in one of the Profile list boxes (number 3 in this example).
ZyXEL NWA-3500 User’s Guide
Page 57
Select the Index box for the entry and click Apply to activate the profile. Your standard wireless network (SSID04) is now accessible to your wireless clients as before. You do not need to configure anything else for your standard network.
4.2.2 Configure the VoIP Network
Next, click WIRELESS > SSID. The following screen displays. Note that the SSID04 SSID profile (the standard network) is using the security01 security profile. You cannot change this security profile without changing the standard network’s parameters, so when you set up security for the VoIP_SSID and Guest_SSID profiles you will need to set different security profiles.
Figure 16 Tutorial: WIRELESS > SSID
Chapter 4 Tutorial
The Voice over IP (VoIP) network will use the pre-configured SSID profile, so select VoIP_SSID’s radio button and click Edit. The following screen displays.
ZyXEL NWA-3500 User’s Guide
57
Page 58
Chapter 4 Tutorial
Figure 17 Tutorial: VoIP SSID Profile Edit
• Choose a new SSID for the VoIP network. In this example, enter VOIP_SSID_Example. Note that although the SSID changes, the SSID profile name (VoIP_SSID) remains the same as before.
• Select Enable from the Hide Name (SSID) list box. You want only authorized company employees to use this network, so there is no need to broadcast the SSID to wireless clients scanning the area.
• The standard network (SSID04) is currently using the security01 profile, so use a different profile for the VoIP network. If you used the security01 profile, anyone who could access the standard network could access the VoIP wireless network. Select security02 from the Security field.
• Leave all the other fields at their defaults and click Apply.
4.2.2.1 Set Up Security for the VoIP Profile
Now you need to configure the security settings to use on the VoIP wireless network. Click the Security tab.
58
ZyXEL NWA-3500 User’s Guide
Page 59
Figure 18 Tutorial: VoIP Security
Chapter 4 Tutorial
You already chose to use the security02 profile for this network, so select the radio button for security02 and click Edit. The following screen appears.
Figure 19 Tutorial: VoIP Security Profile Edit
•Change the Name field to “VoIP_Security” to make it easier to remember and identify.
• In this example, you do not have a RADIUS server for authentication, so select WPA2- PSK in the Security Mode field. WPA2-PSK provides strong security that anyone with a compatible wireless client can use, once they know the pre-shared key (PSK). Enter the PSK you want to use in your network in the Pre Shared Key field. In this example, the PSK is “ThisismyWPA2-PSKpre-sharedkey”.
ZyXEL NWA-3500 User’s Guide
59
Page 60
Chapter 4 Tutorial
• Click Apply. The WIRELESS > Security screen displays. Ensure that the Profile Name for entry 2 displays “VoIP_Security” and that the Security Mode is WPA2-PSK.
Figure 20 Tutorial: VoIP Security: Updated
4.2.2.2 Activate the VoIP Profile
You need to activate the VoIP_SSI D profile before it can be used. Click the Wireless tab. In the Select SSID Profile table, select the VoIP_SSID profile and click Apply.
Figure 21 Tutorial: Activate VoIP Profile
Your VoIP wireless network is now ready to use. Any traffic using the VoIP_SSID profile will be given the highest priority across the wireless network.
4.2.3 Configure the Guest Network
When you are setting up the wireless network for guests to your office, your primary concern is to keep your network secure while allowing access to certain resources (such as a network printer, or the Internet). For this reason, the pre-configured Guest_SSID profile has layer-2 isolation and intra-BSS traffic blocking enabled by default. “Layer-2 isolation” means that a client accessing the network via the Guest_SSID profile can access only certain pre-defined devices on the network (see Section 9.1 on page 127), and “intra-BSS traffic blocking” means that the client cannot access other clients on the same wireless network (see Section 6.1.1 on
page 87).
Click WIRELESS > SSID. Select Guest_SSID’s entry in the list and click Edit. The following screen appears.
60
ZyXEL NWA-3500 User’s Guide
Page 61
Chapter 4 Tutorial
Figure 22 Tutorial: Guest Edit
• Choose a new SSID for the guest network. In this example, enter Guest_SSID_Example. Note that although the SSID changes, the SSID profile name (Guest_SSID) remains the same as before.
• Select Disable from the Hide Name (SSID) list box. This makes it easier for guests to configure their own computers’ wireless clients to your network’s settings.
• The standard network (SSID04) is already using the security01 profile, and the VoIP network is using the security02 profile (renamed VoIP_Security) so select the security03 profile from the Security field.
• Leave all the other fields at their defaults and click Apply.
4.2.3.1 Set Up Security for the Guest Profile
Now you need to configure the security settings to use on the guest wireless network. Click the Security tab.
You already chose to use the security03 profile for this network, so select security03’s entry in the list and click Edit. The following screen appears.
Figure 23 Tutorial: Guest Security Profile Edit
•Change the Name field to “Guest_Security” to make it easier to remember and identify.
ZyXEL NWA-3500 User’s Guide
61
Page 62
Chapter 4 Tutorial
• Select WPA-PSK in the Security Mode field. WPA-PSK provides strong security that is supported by most wireless clients. Even though your Guest_SSID clients do not have access to sensitive information on the network, you should not leave the network without security. An attacker could still cause damage to the network or intercept unsecured communications.
• Enter the PSK you want to use in your network in the Pre Shared Key field. In this example, the PSK is “ThisismyGuestWPApre-sharedkey”.
• Click Apply. The WIRELESS > Security screen displays. Ensure that the Profile Name for entry 3 displays “Guest_Security” and that the Security Mode is WPA-PSK.
Figure 24 Tutorial: Guest Security: Updated
4.2.3.2 Set up Layer 2 Isolation
Configure layer 2 isolation to control the specific devices you want the users on your guest network to access. Click WIRELESS > Layer-2 Isolation. The following screen appears.
Figure 25 Tutorial: Layer 2 Isolation
The Guest_SSID network uses the l2isolation01 profile by default, so select its entry and click Edit. The following screen displays.
62
ZyXEL NWA-3500 User’s Guide
Page 63
Chapter 4 Tutorial
Figure 26 Tutorial: Layer 2 Isolation Profile
Enter the MAC addresses of the two network devices you want users on the guest network to be able to access: the main network router (00:AA:00:AA:00:AA) and the network printer (AA:00:AA:00:AA:00). Click Apply.
4.2.3.3 Activate the Guest Profile
You need to activate the Guest_SSID profile before it can be used. Click the Wireless tab. In the Select SSID Profile table, select the check box for the Guest_SSID profile and click Apply.
Figure 27 Tutorial: Activate Guest Profile
Your Guest wireless network is now ready to use.
4.2.4 Testing the Wireless Networks
To make sure that the three networks are correctly configured, do the following.
• On a computer with a wireless client, scan for access points. You should see the Guest_SSID network, but not the VoIP_SSID network. If you can see the VoIP_SSID network, go to its SSID Edit screen and make sure Hide Name (SSID) is set to Enable.
Whether or not you see the standard network’s SSID (SSID04) depends on whether “hide SSID” is enabled.
ZyXEL NWA-3500 User’s Guide
63
Page 64
Chapter 4 Tutorial
• Try to access each network using the correct security settings, and then using incorrect security settings, such as the WPA-PSK for another active network. If the behavior is different from expected (for example, if you can access the VoIP wireless network using the security settings for the Guest_SSID wireless network) check that the SSID profile is set to use the correct security profile, and that the settings of the security profile are correct.
• Access the Guest_SSID network and try to access other resources than those specified in the Layer 2 Isolation (l2isolation01) profile screen.
You can use the ping utility to do this. Click Start > Run... and enter “cmd” in the Open: field. Click OK. At the c:\> prompt, enter “ping 192.168.1.10” (substitute the IP address of a real device on your network that is not on the layer 2 isolation list). If you receive a reply, check the settings in the WIRELESS > Layer-2 Isolation > Edit screen, and ensure that the correct layer 2 isolation profile is enabled in the Guest_SSID profile screen.

4.3 How to Set Up and Use Rogue AP Detection

This example shows you how to configure the rogue AP detection feature on the ZyXEL Device. A rogue AP is a wireless access point operating in a network’s coverage area that is not a sanctioned part of that network. The example also shows how to set the ZyXEL Device to send out e-mail alerts whenever it detects a rogue wireless access point. See Chapter 11 on
page 141 for background information on the rogue AP function and security considerations.
In this example, you want to ensure that your company’s data is not accessible to an attacker gaining entry to your wireless network through a rogue AP.
Your wireless network operates in an office building. It consists of four access points (all ZyXEL Devices) and a variable number of wireless clients. You also know that the coffee shop on the ground floor has a wireless network consisting of a single access point, which can be detected and accessed from your floor of the building. There are no other static wireless networks in your coverage area.
The following diagram shows the wireless networks in your area. Your access points are marked A, B, C and D. You also have a network mail/file server, marked E, and a computer, marked F, connected to the wired network. The coffee shop’s access point is marked 1.
64
ZyXEL NWA-3500 User’s Guide
Page 65
Figure 28 Tutorial: Wireless Network Example
Chapter 4 Tutorial
In the figure, the solid circle represents the range of your wireless network, and the dashed circle represents the extent of the coffee shop’s wireless network. Note that the two networks overlap. This means that one or more of your APs can detect the AP (1) in the other wireless network.
When configuring the rogue AP feature on your ZyXEL Devices in this example, you will need to use the information in the following table. You need the IP addresses of your APs to access their Web configurators, and you need the MAC address of each AP to configure the friendly AP list. You need the IP address of the mail server to set up e-mail alerts.
Table 4 Tutorial: Rogue AP Example Information
DEVICE IP ADDRESS MAC ADDRESS
Access Point A 192.168.1.1 00:AA:00:AA:00:AA
Access Point B 192.168.1.2 AA:00:AA:00:AA:00
Access Point C 192.168.1.3 A0:0A:A0:0A:A0:0A
Access Point D 192.168.1.4 0A:A0:0A:A0:0A:A0
File / Mail Server E 192.168.1.25 N/A
Access Point 1 UNKNOWN AF:AF:AF:FA:FA:FA
ZyXEL NWA-3500 User’s Guide
65
Page 66
Chapter 4 Tutorial
" The ZyXEL Device can detect the MAC addresses of APs automatically.
However, it is more secure to obtain the correct MAC addresses from another source and add them to the friendly AP list manually. For example, an attacker’s AP mimicking the correct SSID could be placed on the friendly AP list by accident, if selected from the list of auto-detected APs. In this example you have spoken to the coffee shop’s owner, who has told you the correct MAC address of his AP.
In this example, you will do the following things.
1 Set up and save a friendly AP list. 2 Activate periodic Rogue AP Detection. 3 Set up e-mail alerts. 4 Configure your other access points. 5 Test the setup.
4.3.1 Set Up and Save a Friendly AP list
Take the following steps to set up and save a list of access points you want to allow in your network’s coverage area.
1 On a computer connected to the wired network (F in the previous figure), open your
Internet browser and enter the URL of access point A (192.168.1.1). Login to the Web configurator and click ROGUE AP > Friendly AP. The following screen displays.
Figure 29 Tutorial: Friendly AP (Before Data Entry)
2 Fill in the MAC Address and Description fields as in the following table. Click Add
after you enter the details of each AP to include it in the list.
Table 5 Tutorial: Friendly AP Information
MAC ADDRESS DESCRIPTION
00:AA:00:AA:00:AA My Access Point _A_
AA:00:AA:00:AA:00 My Access Point _B_
A0:0A:A0:0A:A0:0A My Access Point _C_
0A:A0:0A:A0:0A:A0 My Access Point _D_
AF:AF:AF:FA:FA:FA Coffee Shop Access Point _1_
66
ZyXEL NWA-3500 User’s Guide
Page 67
Chapter 4 Tutorial
" You can add APs that are not part of your network to the friendly AP list, as long
as you know that they do not pose a threat to your network’s security.
The Friendly AP screen now appears as follows.
Figure 30 Tutorial: Friendly AP (After Data Entry)
3 Next, you will save the list of friendly APs in order to provide a backup and upload it to
your other access points. Click the Configuration tab.The following screen appears.
Figure 31 Tutorial: Configuration
4 Click Export. If a window similar to the following appears, click Save.
ZyXEL NWA-3500 User’s Guide
67
Page 68
Chapter 4 Tutorial
Figure 32 Tutorial: Warning
5 Save the friendly AP list somewhere it can be accessed by all the other access points on
Figure 33 Tutorial: Save Friendly AP list
the network. In this example, save it on the network file server (E in Figure 28 on page
65). The default filename is “Flist”.
4.3.2 Activate Periodic Rogue AP Detection
Take the following steps to activate rogue AP detection on the first of your ZyXEL Devices.
1 In the ROGUE AP > Configuration screen, select Ye s from the Activate Rogue AP
Period Detection field.
Figure 34 Tutorial: Periodic Rogue AP Detection
68
ZyXEL NWA-3500 User’s Guide
Page 69
2 In the Period (min.) field, enter how often you want the ZyXEL Device to scan for
rogue APs. You can have the ZyXEL Device scan anywhere from once every ten minutes to once every hour. In this example, enter “10”.
3 Click Apply.
4.3.3 Set Up E-mail Logs
In this section, you will configure the first of your four APs to send a log message to your e­mail inbox whenever a rogue AP is discovered in your wireless network’s coverage area.
1 Click LOGS > Log Settings. The following screen appears.
Figure 35 Tutorial: Log Settings
Chapter 4 Tutorial
• In this example, your mail server’s IP address is 192.168.1.25. Enter this IP address in the Mail Server field.
• Enter a subject line for the alert e-mails in the Mail Subject field. Choose a subject that is eye-catching and identifies the access point - in this example, “ALERT_Access_Point_A”.
• Enter the email address to which you want alerts to be sent (myname@myfirm.com, in this example).
ZyXEL NWA-3500 User’s Guide
69
Page 70
Chapter 4 Tutorial
•In the Send Immediate Alert section, select the events you want to trigger immediate e­mails. Ensure that Rogue AP is selected.
• Click Apply.
4.3.4 Configure Your Other Access Points
Access point A is now configured to do the following.
• Scan for access points in its coverage area every ten minutes.
• Recognize friendly access points from a list.
• Send immediate alerts to your email account if it detects an access point not on the list.
Now you need to configure the other wireless access points on your network to do the same things.
For each access point, take the following steps.
1 From a computer on the wired network, enter the access point’s IP address and login to
its Web configurator. See Table 4 on page 65 for the example IP addresses.
2 Import the friendly AP list. Click ROGUE AP > Configuration > Browse.... Find the
“Flist” file where you previously saved it on the network and click Open.
3 Click Import. Check the ROGUE AP > Friendly AP screen to ensure that the friendly
AP list has been correctly uploaded.
4 Activate periodic rogue AP detection. See Section 4.3.2 on page 68. 5 Set up e-mail logs as in Section 4.3.3 on page 69, but change the Mail Subject field so
you can tell which AP the alerts come from (“ALERT_Access_Point_B”, etc.)
4.3.5 Test the Setup
Next, test your setup to ensure it is correctly configured.
• Log into each AP’s Web configurator and click ROGUE AP > Rogue AP. Click Refresh. If any of the MAC addresses from Table 5 on page 66 appear in the list, the friendly AP function may be incorrectly configured - check the ROGUE AP > Friendly AP screen.
If any entries appear in the rogue AP list that are not in Table 5 on page 66, write down the AP’s MAC address for future reference and check your e-mail inbox. If you have received a rogue AP alert, email alerts are correctly configured on that ZyXEL Device.
• If you have another access point that is not used in your network, make a note of its MAC address and set it up next to each of your ZyXEL Devices in turn while the network is running.
Either wait for at least ten minutes (to ensure the ZyXEL Device performs a scan in that time) or login to the ZyXEL Device’s Web configurator and click ROGUE AP > Rogue AP > Refresh to have the ZyXEL Device perform a scan immediately.
• Check the ROGUE AP > Rogue AP screen. You should see an entry in the list with the same MAC address as your “rogue” AP.
• Check the LOGS > View Logs screen. You should see a Rogue AP Detection entry in red text, including the MAC address of your “rogue” AP.
• Check your e-mail. You should have received at least one e-mail alert (your other ZyXEL Devices may also have sent alerts, depending on their proximity and the output power of your “rogue” AP).
70
ZyXEL NWA-3500 User’s Guide
Page 71
Chapter 4 Tutorial

4.4 Using Multiple MAC Filters and L-2 Isolation Profiles

This example shows you how to allow certain users to access only specific parts of your network. You can do this by using multiple MAC filters and layer-2 isolation profiles.
4.4.1 Scenario
In this example, you run a company network in which certain employees must wirelessly access secure file servers containing valuable proprietary data.
You have two secure servers (1 and 2 in the following figure). Wireless user “Alice” (A) needs to access server 1 (but should not access server 2) and wireless user “Bob” (B) needs to access server 2 (but should not access server 1). Your ZyXEL Device is marked Z. C is a workstation on your wired network, D is your main network switch, and E is the security gateway you use to connect to the Internet.
Figure 36 Tutorial: Example Network
4.4.2 Your Requirements
1 You want to set up a wireless network to allow only Alice to access Server 1 and the
Internet.
2 You want to set up a second wireless network to allow only Bob to access Server 2 and
the Internet.
ZyXEL NWA-3500 User’s Guide
71
Page 72
Chapter 4 Tutorial
4.4.3 Setup
In this example, you have already set up the ZyXEL Device in MBSSID mode (see Chapter 8
on page 119). It uses two SSID profiles simultaneously. You have configured each SSID
profile as shown in the following table.
Table 6 Tutorial: SSID Profile Security Settings
SSID Profile Name SERVER_1 SERVER_2
SSID SSID_S1 SSID_S2
Security Security Profile
Intra-BSS traffic blocking
Each SSID profile already uses a different pre-shared key.
In this example, you will configure access limitations for each SSID profile. To do this, you will take the following steps.
1 Configure the SERVER_1 network’s SSID profile to use specific MAC filter and layer-2
2 Configure the SERVER_1 network’s MAC filter profile. 3 Configure the SERVER_1 network’s layer-2 isolation profile. 4 Repeat steps 1 ~ 3 for the SERVER_2 network. 5 Check your settings and test the configuration.
isolation profiles.
security03: WPA2-PSK
Hide SSID
Enabled Enabled
Security Profile
security04: WPA2-PSK
Hide SSID
To configure layer-2 isolation, you need to know the MAC addresses of the devices on your network, which are as follows.
Table 7 Tutorial: Example Network MAC Addresses
DEVICE LABEL MAC ADDRESS
ZyXEL Device Z BB:AA:99:88:77:66
Secure Server 1 1 AA:99:88:77:66:55
Secure Server 2 2 99:88:77:66:55:44
Workstation C 88:77:66:55:44:33
Switch D 77:66:55:44:33:22
Security gateway E 66:55:44:33:22:11
To configure MAC filtering, you need to know the MAC addresses of the devices Alice and Bob use to connect to the network, which are as follows.
Table 8 Tutorial: Example User MAC Addresses
USER MAC ADDRESS
Alice 11:22:33:44:55:66
Bob 22:33:44:55:66:77
72
ZyXEL NWA-3500 User’s Guide
Page 73
4.4.4 Configure the SERVER_1 Network
First, you will set up the SERVER_1 network which allows Alice to access secure server 1 via the network switch.
You will configure the MAC filter to restrict access to Alice alone, and then configure layer-2 isolation to allow her to access only the network router, the file server and the Internet security gateway.
Take the following steps to configure the SERVER_1 network.
1 Log into the ZyXEL Device’s Web Configurator and click WIRELESS > SSID. The
following screen displays, showing the SSID profiles you already configured.
Figure 37 Tutorial: SSID Profile
Chapter 4 Tutorial
2 Select SERVER_1’s entry and click Edit. The following screen displays.
ZyXEL NWA-3500 User’s Guide
73
Page 74
Chapter 4 Tutorial
Figure 38 Tutorial: SSID Edit
3 Click the Layer-2 Isolation tab. When the Layer-2 Isolation screen appears, select
Select l2Isolation03 in the L2 Isolation field, and select macfilter03 in the MAC Filtering field. Click Apply.
L2Isolation03’s entry and click Edit. The following screen displays.
Figure 39 Tutorial: Layer-2 Isolation Edit
Enter the network router’s MAC Address and add a Description (“NET_ROUTER” in this case) in Set 1’s entry.
Enter server 1’s MAC Address and add a Description (“SERVER_1” in this case) in Set 2’s entry.
Change the Profile Name to “L-2-ISO_SERVER_1” and click Apply. You have restricted users on the SERVER_1 network to access only the devices with the MAC addresses you entered.
4 Click the MAC Filter tab. When the MAC Filter screen appears, select macfilter03’s
entry and click Edit. Enter the MAC address of the device Alice uses to connect to the network in Set 1’s
MAC Address field and enter her name in the Description field, as shown in the following figure. Change the Profile Name to “MacFilter_SERVER_1”. Select Allow Association from the Filter Action field and click Apply.
74
ZyXEL NWA-3500 User’s Guide
Page 75
Figure 40 Tutorial: MAC Filter Edit (SERVER_1)
You have restricted access to the SERVER_1 network to only the networking device whose MAC address you entered. The SERVER_1 network is now configured.
4.4.5 Configure the SERVER_2 Network
Chapter 4 Tutorial
Next, you will configure the SERVER_2 network that allows Bob to access secure server 2 and the Internet.
To do this, repeat the procedure in Section 4.4.4 on page 73, substituting the following information.
Table 9 Tutorial: SERVER_2 Network Information
SSID Screen
Index 4
Profile Name SERVER_2
SSID Edit (SERVER_2) Screen
L2 Isolation L2Isolation04
MAC Filtering macfilter04
Layer-2 Isolation (L2Isolation04) Screen
Profile Name L-2-ISO_SERVER-2
Set 1 MAC Address: 77:66:55:44:33:22
Description: NET_ROUTER
Set 2 MAC Address: 99:88:77:66:55:44
Description: SERVER_2
Set 3 MAC Address: 66:55:44:33:22:11
Description: GATEWAY
MAC Filter (macfilter04) Edit Screen
Profile Name MacFilter_SERVER_2
Set 1 MAC Address: 22:33:44:55:66:77
Description: Bob
ZyXEL NWA-3500 User’s Guide
75
Page 76
Chapter 4 Tutorial
4.4.6 Checking your Settings and Testing the Configuration
Use the following sections to ensure that your wireless networks are set up correctly.
4.4.6.1 Checking Settings
Take the following steps to check that the ZyXEL Device is using the correct SSIDs, MAC filters and layer-2 isolation profiles.
1 Click WIRELESS > Wireless. Check that the Operating Mode is MBSSID and that
the correct SSID profiles are selected and activated, as shown in the following figure.
Figure 41 Tutorial: SSID Profiles Activated
2 Next, click the SSID tab. Check that each configured SSID profile uses the correct
Security, Layer-2 Isolation and MAC Filter profiles, as shown in the following figure.
Figure 42 Tutorial: SSID Tab Correct Settings
V If the settings are not as shown, follow the steps in the relevant section of this
tutorial again.
4.4.6.2 Testing the Configuration
Before you allow employees to use the network, you need to thoroughly test whether the setup behaves as it should. Take the following steps to do this.
1 Test the SERVER_1 network.
76
ZyXEL NWA-3500 User’s Guide
Page 77
Chapter 4 Tutorial
• Using Alice’s computer and wireless client, and the correct security settings, do the following.
Attempt to access Server 1. You should be able to do so. Attempt to access the Internet. You should be able to do so. Attempt to access Server 2. You should be unable to do so. If you can do so, layer-2
isolation is misconfigured.
• Using Alice’s computer and wireless client, and incorrect security settings, attempt to associate with the SERVER_1 network. You should be unable to do so. If you can do so, security is misconfigured.
• Using another computer and wireless client, but with the correct security settings, attempt to associate with the SERVER_1 network. You should be unable to do so. If you can do so, MAC filtering is misconfigured.
2 Test the SERVER_2 network.
• Using Bob’s computer and wireless client, and the correct security settings, do the following.
Attempt to access Server 2. You should be able to do so. Attempt to access the Internet. You should be able to do so. Attempt to access Server 1. You should be unable to do so. If you can do so, layer-2
isolation is misconfigured.
• Using Bob’s computer and wireless client, and incorrect security settings, attempt to associate with the SERVER_2 network. You should be unable to do so. If you can do so, security is misconfigured.
• Using another computer and wireless client, but with the correct security settings, attempt to associate with the SERVER_2 network. You should be unable to do so. If you can do so, MAC filtering is misconfigured.
If you cannot do something that you should be able to do, check the settings as described in
Section 4.4.6.1 on page 76, and in the individual Security, layer-2 isolation and MAC filter
profiles for the relevant network. If this does not help, see the Troubleshooting chapter in this User’s Guide.
ZyXEL NWA-3500 User’s Guide
77
Page 78
Chapter 4 Tutorial
78
ZyXEL NWA-3500 User’s Guide
Page 79
PART II
The Web
Configurator
System Screens (81)
Wireless Configuration (87)
Wireless Security Configuration (103)
MBSSID and SSID (119)
Other Wireless Configuration (127)
IP Screen (137)
Rogue AP (141)
Remote Management Screens (147)
Internal RADIUS Server (157)
Certificates (163)
Log Screens (181)
VLAN (187)
Maintenance (205)
79
Page 80
80
Page 81
CHAPTER 5

System Screens

5.1 System Overview

This section provides information on general system setup.

5.2 Configuring General Setup

Click SYSTEM > General.
Figure 43 System > General
The following table describes the labels in this screen.
Table 10 System > General
LABEL DESCRIPTION
General Setup
System Name Type a descriptive name to identify the ZyXEL Device in the Ethernet network.
Domain Name This is not a required field. Leave this field blank or enter the domain name
Administrator Inactivity Timer
System DNS Servers
ZyXEL NWA-3500 User’s Guide
This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted.
here if you know it.
Type how many minutes a management session (either via the web configurator or SMT) can be left idle before the session times out.
The default is 5 minutes. After it times out you have to log in with your password again. Very long idle timeouts may have security risks.
A value of "0" means a management session never times out, no matter how long it has been left idle (not recommended).
81
Page 82
Chapter 5 System Screens
Table 10 System > General
LABEL DESCRIPTION
First DNS Server Second DNS Server Third DNS Server
Apply Click Apply to save your changes.
Reset Click Reset to reload the previous configuration for this screen.
Select From DHCP if your DHCP server dynamically assigns DNS server information (and the right displays the (read-only) DNS server IP address that the DHCP assigns.
Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply. If you set a second choice to User-Defined, and enter the same IP address, the second User-Defined changes to None after you click Apply.
Select None if you do not want to configure DNS servers. If you do not configure a DNS server, you must know the IP address of a machine in order to access it.
The default setting is None.
ZyXEL Device's Ethernet IP address). The field to the

5.3 Administrator Authentication on RADIUS

The administrator authentication on RADIUS feature lets a (external or internal) RADIUS server authenticate management logins to the ZyXEL Device. This is useful if you need to regularly change a password that you use to manage several ZyXEL Devices.
Activate administrator authentication on RADIUS in the SYSTEM > Password screen and configure the same user name, password and RADIUS server information on each ZyXEL Device. Then, whenever you want to change the password, just change it on the RADIUS server.
5.3.1 Configuring Password
It is strongly recommended that you change your ZyXEL Device’s password. Click SYSTEM > Password. The screen appears as shown.
If you forget your ZyXEL Device’s password (or IP address), you will need to reset the device. See the section on resetting the ZyXEL Device for details
" Regardless of how you configure this screen, you still use the local system
password to log in via the console port (not available on all models).
82
ZyXEL NWA-3500 User’s Guide
Page 83
Chapter 5 System Screens
Figure 44 SYSTEM > Password.
The following table describes the labels in this screen.
Tabl e 11 Password
LABEL DESCRIPTIONS
Enable Admin at Local Select this check box to have the device authenticate management logins to
the device.
Use old setting Select this to have the ZyXEL Device use the local management password
Use new setting Select this if you want to change the local management password.
Old Password Type in your existing system password (“1234” is the default password).
New Password Type your new system password (up to 31 characters). Note that as you type
Retype to Confirm Retype your new system password for confirmation.
Enable Admin on RADIUS
Use old setting Select this to have a RADIUS server authenticate management logins to the
Use new setting Select this if you want to change the RADIUS username and password the
User Name Enter the username for this user account. This name can be up to 31 ASCII
Password Type a password (up to 31 ASCII characters) for this user profile. Note that as
already configured on the device (“1234” is the default).
a password, the screen displays an asterisk (*) for each character you type.
Select this (and configure the other fields in this section) to have a RADIUS server authenticate management logins to the ZyXEL Device.
ZyXEL Device using the RADIUS username and password already configured on the device.
ZyXEL Device uses to authenticate management logon.
characters long, including spaces.
you type a password, the screen displays a (*) for each character you type. Spaces are allowed.
ZyXEL NWA-3500 User’s Guide
Note: If you are using PEAP authentication, this password field
is limited to 14 ASCII characters in length.
83
Page 84
Chapter 5 System Screens
Tabl e 11 Password
LABEL DESCRIPTIONS
RADIUS Select the RADIUS server profile of the RADIUS server that is to authenticate
management logins to the ZyXEL Device. The ZyXEL Device tests the user name and password against the RADIUS
server when you apply your settings.
The user name and password must already be configured in the RADIUS server.
You must already have a RADIUS profile configured for the RADIUS server (see Section 7.11 on page 116).
The server must be set to Active in the profile.
Apply Click Apply to save your changes.
Reset Click Reset to reload the previous configuration for this screen.

5.4 Configuring Time Setting

To change your ZyXEL Device’s time and date, click SYSTEM > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone.
Figure 45 SYSTEM > Time Setting
84
ZyXEL NWA-3500 User’s Guide
Page 85
Chapter 5 System Screens
The following table describes the labels in this screen.
Table 12 SYSTEM > Time Setting
LABEL DESCRIPTION
Current Time This field displays the time of your ZyXEL Device.
Each time you reload this page, the ZyXEL Device synchronizes the time with the time server (if configured).
Current Date This field displays the last updated date from the time server.
Manual Select this radio button to enter the time and date manually. If you configure a
new time and date, time zone and daylight saving at the same time, the time zone and daylight saving will affect the new time and date you entered.
New Time (hh:mm:ss) This field displays the last updated time from the time server or the last time
configured manually. When you set Time and Date Setup to Manual, enter the new time in this field and then click Apply.
New Date (yyyy:mm:dd) This field displays the last updated date from the time server or the last date
Get from Time Server Select this radio button to have the ZyXEL Device get the time and date from
Auto Select this to have the ZyXEL Device use the predefined list of time servers.
User Defined Time Server Address
Time Zone Choose the time zone of your location. This will set the time difference
Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period
Start Date Configure the day and time when Daylight Saving Time starts if you selected
End Date Configure the day and time when Daylight Saving Time ends if you selected
configured manually. When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply.
the time server you specify below.
Enter the IP address or URL of your time server. Check with your ISP/network administrator if you are unsure of this information.
between your time zone and Greenwich Mean Time (GMT).
from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.
Enable Daylight Saving. The at field uses the 24 hour format. Here are a couple of examples:
Daylight Saving Time starts in most parts of the United States on the first Sunday of April. Each time zone in the United States starts using Daylight Saving Time at 2 A.M. local time. So in the United States you would select First, Sunday, April and type 2 in the at field.
Daylight Saving Time starts in the European Union on the last Sunday of March. All of the time zones in the European Union start using Daylight Saving Time at the same moment (1 A.M. GMT or UTC). So in the European Union you would select Last, Sunday, March. The time you type in the at field depends on your time zone. In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1).
Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples:
Daylight Saving Time ends in the United States on the last Sunday of October. Each time zone in the United States stops using Daylight Saving Time at 2 A.M. local time. So in the United States you would select Last, Sunday, October and type 2 in the at field.
Daylight Saving Time ends in the European Union on the last Sunday of October. All of the time zones in the European Union stop using Daylight Saving Time at the same moment (1 A.M. GMT or UTC). So in the European Union you would select Last, Sunday, October. The time you type in the at field depends on your time zone. In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1).
ZyXEL NWA-3500 User’s Guide
85
Page 86
Chapter 5 System Screens
Table 12 SYSTEM > Time Setting
LABEL DESCRIPTION
Apply Click Apply to save your changes.
Reset Click Reset to reload the previous configuration for this screen.

5.5 Pre-defined NTP Time Servers List

When you turn on the ZyXEL Device for the first time, the date and time start at 2000-01-01 00:00:00. When you select Auto in the SYSTEM > Time Setting screen, the ZyXEL Device then attempts to synchronize with one of the following pre-defined list of NTP time servers.
The ZyXEL Device continues to use the following pre-defined list of NTP time servers if you do not specify a time server or it cannot synchronize with the time server you specified.
Table 13 Default Time Servers
ntp1.cs.wisc.edu
ntp1.gbg.netnod.se
ntp2.cs.wisc.edu
tock.usno.navy.mil
ntp3.cs.wisc.edu
ntp.cs.strath.ac.uk
ntp1.sp.se
time1.stupi.se
tick.stdtime.gov.tw
tock.stdtime.gov.tw
time.stdtime.gov.tw
86
When the ZyXEL Device uses the pre-defined list of NTP time servers, it randomly selects one server and tries to synchronize with it. If the synchronization fails, then the ZyXEL Device goes through the rest of the list in order from the first one tried until either it is successful or all the pre-defined NTP time servers have been tried.
ZyXEL NWA-3500 User’s Guide
Page 87
CHAPTER 6

Wireless Configuration

This chapter discusses how to configure the Wireless screens on the ZyXEL Device.

6.1 Wireless LAN Overview

This section introduces the wireless LAN (WLAN) and some basic scenarios.
6.1.1 BSS
A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP).
Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS traffic blocking is disabled, wireless station A and B can access the wired network and communicate with each other. When Intra-BSS traffic blocking is enabled, wireless station A and B can still access the wired network but cannot communicate with each other.
Figure 46 Basic Service set
ZyXEL NWA-3500 User’s Guide
87
Page 88
Chapter 6 Wireless Configuration
6.1.2 ESS
An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate.
Figure 47 Extended Service Set

6.2 Wireless LAN Basics

See the Wireless LANs Appendix for information on the following:
• Wireless LAN Topologies
•Channel
• RTS/CTS
• Fragmentation Threshold
• IEEE 802.1x
• RADIUS
• Types of Authentication
•WPA
• Security Parameters Summary
88
ZyXEL NWA-3500 User’s Guide
Page 89

6.3 Quality of Service

This section discusses the Quality of Service (QoS) features available on the ZyXEL Device.
6.3.1 WMM QoS
WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless networks. It controls WLAN transmission priority on packets to be transmitted over the wireless network.
WMM QoS prioritizes wireless traffic according to the delivery requirements of the individual and applications. WMM QoS is a part of the IEEE 802.11e QoS enhancement to certified Wi­Fi wireless networks.
On APs without WMM QoS, all traffic streams are given the same access priority to the wireless network. If the introduction of another traffic stream creates a data transmission demand that exceeds the current network capacity, then the new traffic stream reduces the throughput of the other traffic streams.
The ZyXEL Device uses WMM QoS to prioritize traffic streams according to the IEEE 802.1q or DSCP information in each packet’s header. The ZyXEL Device automatically determines the priority to use for an individual traffic stream. This prevents reductions in data transmission for applications that are sensitive to latency and jitter (variations in delay).
Chapter 6 Wireless Configuration
6.3.1.1 WMM QoS Priorities
The following table describes the WMM QoS priority levels that the ZyXEL Device uses.
Table 14 WMM QoS Priorities
PRIORITY LEVEL DESCRIPTION
voice (WMM_VOICE)
video (WMM_VIDEO)
best effort (WMM_BEST_EFFORT)
background (WMM_BACKGROUND)
6.3.2 ATC
Automatic Traffic Classifier (ATC) is a bandwidth management tool that prioritizes data packets sent across the network. ATC assigns each packet a priority and then queues the packet accordingly. Packets assigned a high priority are processed more quickly than those with low priority if there is congestion, allowing time-sensitive applications to flow more smoothly. Time-sensitive applications include both those that require a low level of latency and a low level of jitter such as Voice over IP or Internet gaming, and those for which jitter alone is a problem such as Internet radio or streaming video.
Typically used for traffic that is especially sensitive to jitter. Use this priority to reduce latency for improved voice quality.
Typically used for traffic which has some tolerance for jitter but needs to be prioritized over other data traffic.
Typically used for traffic from applications or devices that lack QoS capabilities. Use best effort priority for traffic that is less sensitive to latency, but is affected by long delays, such as Internet surfing.
This is typically used for non-critical traffic such as bulk transfers and print jobs that are allowed but that should not affect other applications and users. Use background priority for applications that do not have strict latency and throughput requirements.
ZyXEL NWA-3500 User’s Guide
89
Page 90
Chapter 6 Wireless Configuration
ATC assigns priority based on packet size, since time-sensitive applications such as Internet telephony (Voice over IP or VoIP) tend to have smaller packet sizes than non-time sensitive applications such as FTP (File Transfer Protocol). The following table shows some common applications, their time sensitivity, and their typical data packet sizes. Note that the figures given are merely examples - sizes may differ according to application and circumstances.
Table 15 Typical Packet Sizes
APPLICATION
Voice over IP (SIP) High < 250
Online Gaming High 60 ~ 90
Web browsing (http) Medium 300 ~ 600
FTP Low 1500
When ATC is activated, the device sends traffic with smaller packets before traffic with larger packets if the network is congested.
ATC assigns priority to packets as shown in the following table.
Table 16 Automatic Traffic Classifier Priorities
PACKET SIZE (BYTES) ATC PRIORITY
1 ~ 250 ATC_High
250 ~ 1100 ATC_Medium
1100 + ATC_Low
TIME SENSITIVITY
TYPICAL PACKET SIZE (BYTES)
You should activate ATC on the ZyXEL Device if your wireless network includes networking devices that do not support WMM QoS, or if you want to prioritize traffic but do not want to configure WMM QoS settings.
6.3.3 ATC+WMM
The ZyXEL Device can use a mapping mechanism to use both ATC and WMM QoS. The ATC+WMM function prioritizes all packets transmitted onto the wireless network using WMM QoS, and prioritizes all packets transmitted onto the wired network using ATC. See
Section 8.2.2 on page 123 for details of how to configure ATC+WMM.
Use the ATC+WMM function if you want to do the following:
• enable WMM QoS on your wireless network and automatically assign a WMM priority to packets that do not already have one (see Section 6.3.3.1 on page 90).
• automatically prioritize all packets going from your wireless network to the wired network (see Section 6.3.3.2 on page 91).
6.3.3.1 ATC+WMM from LAN to WLAN
ATC+WMM from LAN (the wired Local Area Network) to WLAN (the Wireless Local Area Network) allows WMM prioritization of packets that do not already have WMM QoS priorities assigned. The ZyXEL Device automatically classifies data packets using ATC and then assigns WMM priorities based on that ATC classification.
90
ZyXEL NWA-3500 User’s Guide
Page 91
The following table shows how priorities are assigned for packets coming from the LAN to the WLAN.
Table 17 ATC + WMM Priority Assignment (LAN to WLAN)
PACKET SIZE (BYTES) ATC VALU E WMM VALUE
1 ~ 250 ATC_High WMM_VIDEO
250 ~ 1100 ATC_Medium WMM_BEST_EFFORT
1100 + ATC_Low WMM_BACKGROUND
6.3.3.2 ATC+WMM from WLAN to LAN
ATC+WMM from WLAN to LAN automatically prioritizes (assigns an ATC value to) all packets coming from the WLAN. Packets are assigned an ATC value based on their WMM value, not their size.
The following table shows how priorities are assigned for packets coming from the WLAN to the LAN when using ATC+WMM.
Table 18 ATC + WMM Priority Assignment (WLAN to LAN)
WMM VALUE ATC VALU E
WMM_VOICE ATC_High
WMM_VIDEO ATC_High
WMM_BEST_EFFORT ATC_Medium
WMM_BACKGROUND ATC_Low
NONE ATC_Medium
Chapter 6 Wireless Configuration
6.3.4 Type Of Service (ToS)
Network traffic can be classified by setting the ToS (Type Of Service) values at the data source (for example, at the ZyXEL Device) so a server can decide the best method of delivery, that is the least cost, fastest route and so on.
6.3.4.1 DiffServ
DiffServ is a class of service (CoS) model that marks packets so that they receive specific per­hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of service desired. This allows the intermediary DiffServ-compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow. In addition, applications do not have to request a particular service or give advanced notice of where the traffic is going.
6.3.4.2 DSCP and Per-Hop Behavior
DiffServ defines a new DS (Differentiated Services) field to replace the Type of Service (TOS) field in the IP header. The DS field contains a 2-bit unused field and a 6-bit DSCP field which can define up to 64 service levels. The following figure illustrates the DS field.
Figure 48 DiffServ: Differentiated Service Field
DSCP (6-bit)
Unused (2-bit)
ZyXEL NWA-3500 User’s Guide
91
Page 92
Chapter 6 Wireless Configuration
DSCP is backward compatible with the three precedence bits in the ToS octet so that non­DiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping.
The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different priorities of forwarding. Resources can then be allocated according to the DSCP values and the configured policies.
6.3.5 ToS (Type of Service) and WMM QoS
The DSCP value of outgoing packets is between 0 and 255. 0 is the default priority. WMM QoS checks the DSCP value in the header of data packets. It gives the traffic a priority according to this number.
In order to control which priority level is given to traffic, the device sending the traffic must set the DSCP value in the header. If the DSCP value is not specified, then the traffic is treated as best-effort. This means the wireless clients and the devices with which they are communicating must both set the DSCP value in order to make the best use of WMM QoS. A Voice over IP (VoIP) device for example may allow you to define the DSCP value.
The following table lists which WMM QoS priority level the ZyXEL Device uses for specific DSCP values.
Table 19 ToS and IEEE 802.1d to WMM QoS Priority Level Mapping
DSCP VALUE WMM QOS PRIORITY LEVEL
224, 192 voice
160, 128 video
A
96, 0
64, 32 background
besteffort
A. The ZyXEL Device also uses best effort for any DSCP value for which
another WMM QoS priority is not specified (255, 158 or 37 for example).

6.4 Spanning Tree Protocol (STP)

STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a bridge to interact with other STP-compliant bridges in your network to ensure that only one route exists between any two stations on the network.
6.4.1 Rapid STP
The ZyXEL Device uses IEEE 802.1w RSTP (Rapid Spanning Tree Protocol) that allow faster convergence of the spanning tree (while also being backwards compatible with STP-only aware bridges). Using RSTP topology change information does not have to propagate to the root bridge and unwanted learned addresses are flushed from the filtering database. In RSTP, the port states are Discarding, Learning, and Forwarding.
92
ZyXEL NWA-3500 User’s Guide
Page 93
6.4.2 STP Terminology
The root bridge is the base of the spanning tree; it is the bridge with the lowest identifier value (MAC address).
Path cost is the cost of transmitting a frame onto a LAN through that port. It is assigned according to the speed of the link to which a port is attached. The slower the media, the higher the cost - see the following table.
Table 20 STP Path Costs
LINK SPEED
Path Cost 4Mbps 250 100 to 1000 1 to 65535
Path Cost 10Mbps 100 50 to 600 1 to 65535
Path Cost 16Mbps 62 40 to 400 1 to 65535
Path Cost 100Mbps 19 10 to 60 1 to 65535
Path Cost 1Gbps 4 3 to 10 1 to 65535
Path Cost 10Gbps 2 1 to 5 1 to 65535
On each bridge, the root port is the port through which this bridge communicates with the root. It is the port on this switch with the lowest path cost to the root (the root path cost). If there is no root port, then this bridge has been accepted as the root bridge of the spanning tree network.
RECOMMENDED VALUE
Chapter 6 Wireless Configuration
RECOMMENDED RANGE
ALLOWED RANGE
For each LAN segment, a designated bridge is selected. This bridge has the lowest cost to the root among the bridges connected to the LAN.
6.4.3 How STP Works
After a bridge determines the lowest cost-spanning tree with STP, it enables the root port and the ports that are the designated ports for connected LANs, and disables all other ports that participate in STP. Network packets are therefore only forwarded between enabled ports, eliminating any possible network loops.
STP-aware bridges exchange Bridge Protocol Data Units (BPDUs) periodically. When the bridged LAN topology changes, a new spanning tree is constructed.
Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the root bridge. If a bridge does not get a Hello BPDU after a predefined interval (Max Age), the bridge assumes that the link to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology.
ZyXEL NWA-3500 User’s Guide
93
Page 94
Chapter 6 Wireless Configuration
6.4.4 STP Port States
STP assigns five port states (see next table) to eliminate packet looping. A bridge port is not allowed to go directly from blocking state to forwarding state so as to eliminate transient loops.
Table 21 STP Port States
PORT STATES DESCRIPTIONS
Disabled STP is disabled (default).
Blocking Only configuration and management BPDUs are received and processed.
Listening All BPDUs are received and processed.
Learning All BPDUs are received and processed. Information frames are submitted to the
learning process but not forwarded.
Forwarding All BPDUs are received and processed. All information frames are received and
forwarded.

6.5 DFS

When you choose 802.11a in Access Point mode, the ZyXEL Device uses DFS (Dynamic Frequency Selection) to give you a wider choice of wireless channels.
DFS allows you to use channels in the frequency range normally reserved for radar systems. Radar uses radio signals to detect the location of objects for military, meteorological or air traffic control purposes. As long as your ZyXEL Device detects no radar activity on the channel you select, you can use the channel to communicate. However, a wireless LAN operating on the same frequency as an active radar system could disrupt the radar system. Therefore, if the ZyXEL Device detects radar activity on the channel you select, it automatically instructs the wireless clients to move to another channel, then resumes communications on the new channel.

6.6 Wireless Screen Overview

The following is a list of the wireless screens you can configure on the ZyXEL Device.
1 Configure the ZyXEL Device to operate in AP, AP+Bridge, Bridge/Repeater or
MBSSID mode in the Wireless screen. You can also select an SSID Profile in the Wireless screen.
2 Use the SSID screens to view and edit SSID profiles. 3 Use the Security screen to configure wireless profiles. 4 Use the RADIUS screen to configure RADIUS authentication and accounting settings. 5 Use the Layer-2 Isolation screen to prevent wireless clients associated with your
ZyXEL Device from communicating with other wireless clients, APs, computers or routers in a network.
6 Use the MAC Filter screen to allow or restrict access to your wireless network based on
a client’s MAC address.
94
ZyXEL NWA-3500 User’s Guide
Page 95

6.7 Configuring Wireless Settings

Click WIRELESS > Wireless. The screen varies depending upon the operating mode you select.
6.7.1 Access Point Mode
Select Access Point as the Operating Mode to display the screen as shown next.
Figure 49 Wireless: Access Point
Chapter 6 Wireless Configuration
The following table describes the general wireless LAN labels in this screen.
Table 22 Wireless: Access Point
LABEL DESCRIPTION
WLAN Adaptor Select which WLAN adapter you want to configure.
It is recommended that you configure the first WLAN adapter for AP functions and use the second WLAN adapter for bridge functions.
Operating Mode Select Access Point from the drop-down list.
802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyXEL Device.
Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the ZyXEL Device.
Select 802.11b+g to allow both IEEE802.11b and IEEE802.11g compliant WLAN devices to associate with the ZyXEL Device. The transmission rate of your ZyXEL Device might be reduced.
Select 802.11a to allow only IEEE 802.11a compliant WLAN devices to associate with the ZyXEL Device.
Super Mode Select this to improve data throughput on the WLAN by enabling fast frame and
Choose Channel ID
packet bursting.
Set the operating frequency/channel depending on your particular region. To manually set the ZyXEL Device to use a channel, select a channel from the drop-
down list box. Click MAINTENANCE and then the Channel Usage tab to open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer-to-peer wireless network.
To have the ZyXEL Device automatically select a channel, click Scan instead.
ZyXEL NWA-3500 User’s Guide
95
Page 96
Chapter 6 Wireless Configuration
Table 22 Wireless: Access Point
LABEL DESCRIPTION
Scan Click this button to have the ZyXEL Device automatically scan for and select the
channel with the least interference.
RTS/CTS Threshold
Fragmentation Threshold
Output Power Set the output power of the ZyXEL Device in this field. If there is a high density of
SSID Profile The SSID (Service Set IDentifier) identifies the Service Set with which a wireless
(Request To Send) The threshold (number of bytes) for enabling RTS/CTS handshake. Data with its frame size larger than this value will perform the RTS/CTS handshake. Setting this attribute to be larger than the maximum MSDU (MAC service data unit) size turns off the RTS/CTS handshake. Setting this attribute to its smallest value (256) turns on the RTS/CTS handshake. Enter a value between 256 and 2346.
The threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent. Enter an even number between 256 and 2346.
APs in an area, decrease the output power of the ZyXEL Device to reduce interference with other APs. Select one of the following 100%(Full Power), 50%, 25%, 12.5% or Minimum. See the product specifications for more information on your ZyXEL Device’s output power.
station is associated. Wireless stations associating to the access point (AP) must have the same SSID. Select an SSID Profile from the drop-down list box.
Configure SSID profiles in the SSID screen (see Section 8.2 on page 122 for information on configuring SSID).
Note: If you are configuring the ZyXEL Device from a computer
connected to the wireless LAN and you change the ZyXEL Device’s SSID or security settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the ZyXEL Device’s new settings.
Enable Breathing LED
Enable Spanning Tree Control (STP)
Roaming Active Roaming allows wireless stations to switch from one access point to another as
Select this check box to enable the blue “breathing” LED, also known as the ZyAIR LED.
Clear the check box to turn this LED off even when the ZyXEL Device is on and data is being transmitted and received.
(R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a bridge to interact with other (R)STP ­compliant bridges in your network to ensure that only one path exists between any two stations on the network. Select the check box to activate STP on the ZyXEL Device.
they move from one coverage area to another. Select this checkbox to enable roaming on the ZyXEL Device if you have two or more ZyXEL Devices on the same subnet.
Note: All APs on the same subnet and the wireless stations
must have the same SSID to allow roaming.
Apply Click Apply to save your changes.
Reset Click Reset to begin configuring this screen afresh.
96
ZyXEL NWA-3500 User’s Guide
Page 97
6.7.2 Bridge/Repeater Mode
The ZyXEL Device can act as a wireless network bridge and establish wireless links with other APs. You need to know the MAC address of the peer device, which also must be in bridge mode.
The ZyXEL Device can establish up to five wireless links with other APs.
In the example below, when both ZyXEL Devices are in Bridge/Repeater mode, they form a WDS (Wireless Distribution System) allowing the computers in LAN 1 to connect to the computers in LAN 2.
Figure 50 Bridging Example
Chapter 6 Wireless Configuration
Be careful to avoid bridge loops when you enable bridging in the ZyXEL Device. Bridge loops cause broadcast traffic to circle the network endlessly, resulting in possible throughput degradation and disruption of communications. The following examples show two network topologies that can lead to this problem:
• If two or more ZyXEL Devices (in bridge mode) are connected to the same hub.
ZyXEL NWA-3500 User’s Guide
97
Page 98
Chapter 6 Wireless Configuration
Figure 51 Bridge Loop: Two Bridges Connected to Hub
• If your ZyXEL Device (in bridge mode) is connected to a wired LAN while communicating with another wireless bridge that is also connected to the same wired LAN.
Figure 52 Bridge Loop: Bridge Connected to Wired LAN
To prevent bridge loops, ensure that you enable STP in the Wireless screen or your ZyXEL Device is not set to bridge mode while connected to both wired and wireless segments of the same LAN.
98
To have the ZyXEL Device act as a wireless bridge only, click WIRELESS > Wireless and select Bridge/Repeater as the Operating Mode.
ZyXEL NWA-3500 User’s Guide
Page 99
Figure 53 Wireless: Bridge/Repeater
Chapter 6 Wireless Configuration
The following table describes the bridge labels in this screen.
Table 23 Wireless: Bridge/Repeater
LABEL DESCRIPTIONS
WLAN Adaptor Select which WLAN adapter you want to configure.
It is recommended that you configure the first WLAN adapter for AP functions and use the second WLAN adapter for bridge functions.
Operating Mode Select Bridge/Repeater in this field.
802.11 mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyXEL Device.
Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the ZyXEL Device.
Select 802.11b+g to allow both IEEE802.11b and IEEE802.11g compliant WLAN devices to associate with the ZyXEL Device. The transmission rate of your ZyXEL Device might be reduced.
Select 802.11a to allow only IEEE 802.11a compliant WLAN devices to associate with the ZyXEL Device.
Choose Channel ID Set the operating frequency/channel depending on your particular region.
To manually set the ZyXEL Device to use a channel, select a channel from the drop-down list box. Click MAINTENANCE and then the Channel Usage tab to open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer-to-peer wireless network.
To have the ZyXEL Device automatically select a channel, click Scan instead.
RTS/CTS Threshold (Request To Send) The threshold (number of bytes) for enabling RTS/CTS
handshake. Data with its frame size larger than this value will perform the RTS/ CTS handshake. Setting this attribute to be larger than the maximum MSDU (MAC service data unit) size turns off the RTS/CTS handshake. Setting this attribute to zero turns on the RTS/CTS handshake. Enter a value between 256 and 2346.
ZyXEL NWA-3500 User’s Guide
99
Page 100
Chapter 6 Wireless Configuration
Table 23 Wireless: Bridge/Repeater
LABEL DESCRIPTIONS
Fragmentation Threshold
Output Power Set the output power of the ZyXEL Device in this field. If there is a high density
Enable WDS Security Select this to turn on security for the ZyXEL Device’s Wireless Distribution
The threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent. Enter an even number between 256 and 2346.
of APs in an area, decrease the output power of the ZyXEL Device to reduce interference with other APs. Select from 100% (Full Power), 50%, 25%, 12.5% and Minimum. See the product specifications for more information on your ZyXEL Device’s output power.
System (WDS). A Wireless Distribution System is a wireless connection between two or more APs. If you do not select the check box, traffic between APs is not encrypted.
Note: WDS security is independent of the security settings
between the ZyXEL Device and any wireless clients.
When you enable WDS security, also do the following:
Select the type of security you want to use (TKIP or AES) to secure traffic
on your WDS.
Enter a pre-shared key in the PSK field for each access point in your WDS.
Each access point can use a different pre-shared key.
Configure WDS security and the relevant PSK in each of your other access
point(s).
Note: Other APs must use the same encryption method to
enable WDS security.
TKIP (ZyAIR Series Compatible)
Select this to enable Temporal Key Integrity Protocol (TKIP) security on your WDS. This option is compatible with other ZyXEL access points that support WDS security. Use this if the other access points on your network support WDS security but do not have an AES option.
Note: Check your other AP’s documentation to make sure it
supports WDS security.
AES Select this to enable Advanced Encryption System (AES) security on your
WDS. AES provides superior security to TKIP. Use AES if the other access points on your network support it for the WDS.
Note: At the time of writing, this option is compatible with
other ZyXEL NWA-3500 access points only.
# This is the index number of the bridge connection.
Active Select the check box to enable the bridge connection. Otherwise, clear the
Remote Bridge MAC Address
PSK Type a pre-shared key (PSK) from 8 to 63 case-sensitive ASCII characters
check box to disable it.
Type the MAC address of the peer device in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.
(including spaces and symbols). You must also set the peer device to use the same pre-shared key. Each peer device can use a different pre-shared key.
100
See Table 22 on page 95 for information on the other labels in this screen.
ZyXEL NWA-3500 User’s Guide
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use