ZyXEL ZyAIR G-3000 User Guide

ZyAIR G-3000

802.11g Business Access Point/Bridge/Repeater

User’s Guide

Version 3.50

2/2005

ZyAIR G-3000 User’s Guide

Copyright

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

ZyAIR G-3000 User’s Guide

Federal Communications

Commission (FCC) Interference

Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause undesired operations.

This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and the receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

Certifications

Go to www.zyxel.com

1 Select your product from the drop-down list box on the ZyXEL home page to go to that

product's page.

2 Select the certification you wish to view from this page

3 Federal Communications Commission (FCC) Interference Statement

ZyAIR G-3000 User’s Guide

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

Safety Warnings

1 To reduce the risk of fire, use only No. 26 AWG or larger telephone wire.

2 Do not use this product near water, for example, in a wet basement or near a swimming

pool.

3 Avoid using this product during an electrical storm. There may be a remote risk of

electric shock from lightening.

This product has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France.

ZyXEL Limited Warranty 4

ZyAIR G-3000 User’s Guide

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

Customer Support

METHOD

LOCATION

WORLDWIDE

NORTH AMERICA

GERMANY

FRANCE

SPAIN

DENMARK

NORWAY

SWEDEN

FINLAND

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com

support@zyxel.com +1-800-255-4101

+1-714-632-0882

sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com

support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.

sales@zyxel.de +49-2405-6909-99

info@zyxel.fr +33 (0)4 72 52 97 97 www.zyxel.fr Z yX E L F r an c e

+33 (0)4 72 52 19 20

support@zyxel.es +34 902 195 420 www.zyxel.es Z yX E L C o m m un i c a t i o n s

sales@zyxel.es +34 913 005 345

support@zyxel.dk +45 39 55 07 00 www.zyxel.dk Z y X E L C o m m u n i c a t i o n s A / S

sales@zyxel.dk +45 39 55 07 07

support@zyxel.no +47 22 80 61 80 www.zyxel.no Z y X E L C o m m u n i c a t i o n s A / S

sales@zyxel.no +47 22 80 61 81

support@zyxel.se +46 31 744 7700 www.zyxel.se ZyXEL Communications A/S

sales@zyxel.se +46 31 744 7701

support@zyxel.fi +358 9 4780 8411 www.zyxel.fi Z yXEL Comm un i cations Oy

sales@zyxel.fi +358 9 4780 8448

WEB SITE

REGULAR MAIL

ZyXEL Communications Corp.

www.europe.zyxel.com

ftp.europe.zyxel.com

www.us.zyxel.com ZyXEL Communications Inc.

6 Innov ati on Road II Sc ience Park Hs inchu 3 00 Ta iw a n

1130 N. Miller St. Ana hei m

CA 92806- 2001 U.S.A.

Adenauerstr. 20/A2 D-52146 Wuerselen Germany

1 rue des Ve rg er s Ba t. 1 / C 69760 Limonest France

A l e j a n d r o V i l l e g a s 3 3 1 º , 2 8 0 4 3 M a d r i d Spain

Col um bu sv ej 5 2860 Soeborg Denmark

Ni ls Hansens vei 13 0667 Oslo Norway

Sjöporten 4, 41764 Göteborg Sweden

Mal mi nk aa ri 10 00700 Helsinki Finland

5 Customer Support

a. “+” is the (prefix) number you enter to make an international telephone call.

ZyAIR G-3000 User’s Guide

Customer Support 6

ZyAIR G-3000 User’s Guide

7 Customer Support

ZyAIR G-3000 User’s Guide

Copyright .................................................................................................................. 2

Federal Communications Commission (FCC) Interference Statement ............... 3

ZyXEL Limited Warranty.......................................................................................... 4

Customer Support.................................................................................................... 5

Preface .................................................................................................................... 24

Chapter 1

Getting to Know Your ZyAIR ................................................................................. 28

1.1 Introducing the ZyAIR .......................................................................................28

1.2 ZyAIR Features ..................................................................................................28

1.2.1 Physical Features .....................................................................................28

1.2.1.1 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface ...........28

1.2.1.2 10/100M Auto-crossover Ethernet/Fast Ethernet Interface .............28

1.2.1.3 Reset Button ...................................................................................28

1.2.1.4 ZyAIR LED ......................................................................................29

1.2.1.5 Bridge/Repeater LED ......................................................................29

1.2.1.6 Power over Ethernet (PoE) ............................................................29

1.2.2 Firmware Features ....................................................................................29

1.2.2.1 Dual WLAN Interface ......................................................................29

1.2.2.2 Internal RADIUS Server ..................................................................30

1.2.2.3 Wi-Fi Protected Access ...................................................................30

1.2.2.4 Layer-2 Isolation ..............................................................................30

1.2.2.5 VLAN ...............................................................................................30

1.2.2.6 WDS Functionality ...........................................................................30

1.2.2.7 802.11b Wireless LAN Standard .....................................................31

1.2.2.8 802.11g Wireless LAN Standard .....................................................31

1.2.2.9 STP (Spanning Tree Protocol) / RSTP (Rapid STP) .......................32

1.2.2.10 Certificates ....................................................................................32

1.2.2.11 Limit the number of Client Connections .........................................32

1.2.2.12 SSL Passthrough ..........................................................................32

1.2.2.13 Brute-Force Password Guessing Protection ................................32

1.2.2.14 Wireless LAN MAC Address Filtering ...........................................32

1.2.2.15 WEP Encryption ............................................................................32

Table of Contents 8

ZyAIR G-3000 User’s Guide

1.3 Applications for the ZyAIR ..................................................................................33

1.3.1 Dual WLAN Interface ................................................................................34

1.3.2 Access Point .............................................................................................34

1.3.3 AP + Bridge ..............................................................................................35

1.3.4 Bridge / Repeater ......................................................................................36

Chapter 2

Introducing the Web Configurator........................................................................ 38

2.1 Accessing the ZyAIR Web Configurator .............................................................38

2.2 Resetting the ZyAIR ...........................................................................................40

2.2.1 .Procedure To Use The Reset Button .......................................................40

2.2.2 Method of Restoring Factory-Defaults ......................................................40

2.3 Navigating the ZyAIR Web Configurator ............................................................40

1.2.2.16 IEEE 802.1x Network Security ......................................................33

1.2.2.17 SNMP ............................................................................................33

1.2.2.18 Full Network Management ............................................................33

1.2.2.19 Logging and Tracing ......................................................................33

1.2.2.20 Embedded FTP and TFTP Servers ...............................................33

1.2.2.21 Wireless Association List ..............................................................33

1.2.2.22 Wireless LAN Channel Usage .......................................................33

Chapter 3

Wizard Setup .......................................................................................................... 42

3.1 Wizard Setup Overview ......................................................................................42

3.1.1 Channel ....................................................................................................42

3.1.2 ESS ID ......................................................................................................42

3.1.3 WEP Encryption ........................................................................................42

3.2 Wizard Setup: General Setup ............................................................................43

3.3 Wizard Setup: Wireless LAN ..............................................................................44

3.4 Wizard Setup: IP Address ..................................................................................45

3.4.1 IP Address Assignment ............................................................................45

3.4.2 IP Address and Subnet Mask ...................................................................46

3.5 Basic Setup Complete ........................................................................................48

Chapter 4

System Screens ..................................................................................................... 50

4.1 System Overview ...............................................................................................50

4.2 Configuring General Setup .................................................................................50

4.3 Configuring Password ........................................................................................51

4.4 Configuring Time Setting ...................................................................................52

9 Table of Contents

ZyAIR G-3000 User’s Guide

Chapter 5

Wireless Configuration and Roaming ................................................................. 56

5.1 Wireless LAN Overview .....................................................................................56

5.1.1 IBSS ..........................................................................................................56

5.1.2 BSS ...........................................................................................................56

5.1.3 ESS ...........................................................................................................57

5.2 Wireless LAN Basics ..........................................................................................58

5.2.1 RTS/CTS .................................................................................................58

5.2.2 Fragmentation Threshold ..........................................................................59

5.3 Spanning Tree Protocol (STP) ...........................................................................60

5.3.1 Rapid STP ................................................................................................60

5.3.2 STP Terminology ......................................................................................60

5.3.3 How STP Works .......................................................................................61

5.3.4 STP Port States ........................................................................................61

5.4 Preamble ...........................................................................................................61

5.5 Configuring Wireless ..........................................................................................62

5.5.1 Access Point Mode ...................................................................................62

5.5.2 Bridge/Repeater Mode ..............................................................................65

5.5.3 AP+Bridge Mode ......................................................................................69

5.6 Configuring Roaming .........................................................................................71

5.6.1 Requirements for Roaming .......................................................................72

Chapter 6

Wireless Security ................................................................................................... 74

6.1 Wireless Security Overview ...............................................................................74

6.2 WEP Overview ...................................................................................................74

6.2.1 Data Encryption .......................................................................................74

6.2.2 Authentication ...........................................................................................75

6.3 Configuring WEP Encryption ..............................................................................76

6.4 Layer-2 Isolation Introduction .............................................................................78

6.5 Layer-2 Isolation Configuration ..........................................................................79

6.5.1 Layer-2 Isolation Examples ......................................................................81

6.5.2 Layer-2 Isolation Example 1 .....................................................................81

6.5.3 Layer-2 Isolation Example 2 .....................................................................82

6.5.4 Layer-2 Isolation Example 3 .....................................................................82

6.6 MAC Filter ..........................................................................................................83

6.7 802.1x Overview ................................................................................................85

6.8 Introduction to RADIUS ......................................................................................85

6.8.1 Types of RADIUS Messages ....................................................................85

6.9 EAP Authentication Overview ............................................................................86

6.10 Dynamic WEP Key Exchange ..........................................................................87

6.11 Introduction to WPA ..........................................................................................87

6.11.1 User Authentication ................................................................................87

Table of Contents 10

ZyAIR G-3000 User’s Guide

6.11.2 Encryption ..............................................................................................88

6.12 WPA-PSK Application Example .......................................................................88

6.13 WPA with RADIUS Application Example ..........................................................89

6.14 Security Parameters Summary ........................................................................90

6.15 Wireless Client WPA Supplicants .....................................................................91

6.16 Configuring 802.1x and WPA ...........................................................................91

6.17 Authentication Required : 802.1x .....................................................................92

6.18 Authentication Required : WPA ........................................................................96

6.19 Authentication Required: WPA-PSK ................................................................98

Chapter 7

Internal RADIUS Server ....................................................................................... 100

7.1 Internal RADIUS Overview ...............................................................................100

7.2 Internal RADIUS Server Setting .......................................................................102

7.3 Trusted AP Overview .......................................................................................104

7.4 Configuring Trusted AP ....................................................................................105

7.5 Trusted Users Overview ...................................................................................106

7.6 Configuring Trusted Users ...............................................................................106

Chapter 8

VLAN ..................................................................................................................... 108

8.1 VLAN ................................................................................................................108

8.1.1 Management VLAN ID ............................................................................108

8.2 Configuring VLAN ............................................................................................108

Chapter 9

IP Screen............................................................................................................... 110

9.1 Factory Ethernet Defaults ................................................................................ 110

9.2 TCP/IP Parameters ..........................................................................................110

9.2.1 IP Address and Subnet Mask ................................................................. 110

9.2.2 WAN IP Address Assignment .................................................................110

9.3 Configuring IP .................................................................................................. 111

Chapter 10

Certificates............................................................................................................ 114

10.1 Certificates Overview .....................................................................................114

10.1.1 Advantages of Certificates ....................................................................115

10.2 Self-signed Certificates .................................................................................. 115

10.3 Configuration Summary ................................................................................. 115

10.4 My Certificates ............................................................................................... 115

10.5 Certificate File Formats .................................................................................. 117

10.6 Importing a Certificate ....................................................................................118

10.7 Creating a Certificate ..................................................................................... 119

11 Table of Contents

ZyAIR G-3000 User’s Guide

10.8 My Certificate Details .....................................................................................121

10.9 Trusted CAs ...................................................................................................124

10.10 Importing a Trusted CA’s Certificate .............................................................126

10.11 Trusted CA Certificate Details ......................................................................127

Chapter 11

Remote Management Screens ............................................................................ 132

11.1 Remote Management Overview .....................................................................132

11.1.1 Remote Management Limitations .........................................................132

11.1.2 Remote Management and NAT ............................................................133

11.1.3 System Timeout ...................................................................................133

11.2 Configuring WWW ..........................................................................................133

11.3 Configuring Telnet ..........................................................................................135

11.4 Configuring TELNET ......................................................................................135

11.5 Configuring FTP .............................................................................................136

11.6 SNMP .............................................................................................................137

11.6.1 Supported MIBs ....................................................................................139

11.6.2 SNMP Traps ..........................................................................................139

11.6.3 Configuring SNMP ................................................................................139

Chapter 12

Log Screens.......................................................................................................... 142

12.1 Configuring View Log .....................................................................................142

12.2 Configuring Log Settings ................................................................................143

Chapter 13

Maintenance ......................................................................................................... 146

13.1 Maintenance Overview ...................................................................................146

13.2 System Status Screen ....................................................................................146

13.2.1 System Statistics ...................................................................................147

13.3 Association List ..............................................................................................148

13.4 Channel Usage ..............................................................................................149

13.5 F/W Upload Screen ........................................................................................151

13.6 Configuration Screen .....................................................................................153

13.6.1 Backup Configuration ...........................................................................154

13.6.2 Restore Configuration ..........................................................................154

13.6.3 Back to Factory Defaults .......................................................................156

13.7 Restart Screen ...............................................................................................156

Chapter 14

Introducing the SMT ............................................................................................158

14.1 Connect to your ZyAIR Using Telnet ..............................................................158

14.2 Changing the System Password ....................................................................158

Table of Contents 12

ZyAIR G-3000 User’s Guide

14.3 ZyAIR SMT Menu Overview Example ............................................................159

14.4 Navigating the SMT Interface .........................................................................160

14.4.1 System Management Terminal Interface Summary ..............................162

Chapter 15

General Setup.......................................................................................................164

15.1 General Setup ................................................................................................164

15.1.1 Procedure To Configure Menu 1 ...........................................................164

Chapter 16

LAN Setup.............................................................................................................166

16.1 LAN Setup ......................................................................................................166

16.2 TCP/IP Ethernet Setup ...................................................................................166

16.3 Wireless LAN Setup .......................................................................................167

16.3.1 Configuring MAC Address Filter ...........................................................170

16.3.2 Configuring Bridge Link ........................................................................171

Chapter 17

Dial-in User Setup ................................................................................................ 174

17.1 Dial-in User Setup ..........................................................................................174

Chapter 18

VLAN Setup .......................................................................................................... 176

18.1 VLAN Setup ...................................................................................................176

Chapter 19

SNMP Configuration ............................................................................................ 178

19.1 About SNMP ..................................................................................................178

19.2 Supported MIBs ............................................................................................179

19.3 SNMP Configuration ......................................................................................179

19.4 SNMP Traps ...................................................................................................180

Chapter 20

System Security ................................................................................................... 182

20.1 System Security .............................................................................................182

20.1.1 System Password .................................................................................182

20.1.2 Configuring External RADIUS Server ...................................................182

20.1.3 802.1x ...................................................................................................184

Chapter 21

System Information and Diagnosis .................................................................... 188

21.1 System Status ................................................................................................188

21.2 System Information ........................................................................................190

13 Table of Contents

ZyAIR G-3000 User’s Guide

21.2.1 System Information ...............................................................................190

21.2.2 Console Port Speed ..............................................................................191

21.3 Log and Trace ................................................................................................192

21.3.1 Viewing Error Log .................................................................................192

21.4 Diagnostic ......................................................................................................193

Chapter 22

Firmware and Configuration File Maintenance ................................................. 196

22.1 Filename Conventions ...................................................................................196

22.2 Backup Configuration .....................................................................................197

22.2.1 Backup Configuration Using FTP .........................................................197

22.2.2 Using the FTP command from the DOS Prompt ..................................198

22.2.3 Backup Configuration Using TFTP .......................................................199

22.2.4 Example: TFTP Command ...................................................................200

22.2.5 Backup Via Console Port ......................................................................200

22.3 Restore Configuration ...................................................................................201

22.3.1 Restore Using FTP ...............................................................................202

22.4 Uploading Firmware and Configuration Files .................................................202

22.4.1 Firmware Upload ..................................................................................203

22.4.2 Configuration File Upload .....................................................................203

22.4.3 Using the FTP command from the DOS Prompt Example ...................204

22.4.4 TFTP File Upload ..................................................................................204

22.4.5 Example: TFTP Command ...................................................................205

22.4.6 Uploading Via Console Port ..................................................................205

22.4.7 Uploading Firmware File Via Console Port ...........................................205

22.4.8 Example Xmodem Firmware Upload Using HyperTerminal ..................206

22.4.9 Uploading Configuration File Via Console Port ....................................206

22.4.10 Example Xmodem Configuration Upload Using HyperTerminal .........207

Chapter 23

System Maintenance and Information ...............................................................208

23.1 Command Interpreter Mode ...........................................................................208

23.1.1 CNM ......................................................................................................209

23.1.2 Configuring Vantage CNM ....................................................................209

23.1.3 Configuration Example .........................................................................212

23.2 Time and Date Setting ....................................................................................213

23.2.1 Resetting the Time ................................................................................215

23.3 Remote Management Setup ..........................................................................215

23.3.1 Telnet ....................................................................................................215

23.3.2 FTP .......................................................................................................215

23.3.3 Web ......................................................................................................215

23.3.4 Remote Management Setup .................................................................216

23.3.5 Remote Management Limitations .........................................................218

Table of Contents 14

ZyAIR G-3000 User’s Guide

23.4 Remote Management and NAT ......................................................................218

23.5 System Timeout .............................................................................................218

Appendix A

Troubleshooting................................................................................................... 220

Appendix B

Specifications...................................................................................................... 222

Appendix C

Power over Ethernet Specifications................................................................... 224

Appendix D

Brute-Force Password Guessing Protection..................................................... 226

Appendix E

Setting up Your Computer’s IP Address............................................................ 228

Appendix F

IP Address Assignment Conflicts ......................................................................240

Appendix G

IP Subnetting ........................................................................................................ 244

Appendix H

Command Interpreter........................................................................................... 252

Appendix I

Log Descriptions.................................................................................................. 254

Appendix J

Wireless LAN and IEEE 802.11 ...........................................................................258

Appendix K

Wireless LAN With IEEE 802.1x .......................................................................... 262

Appendix L

Types of EAP Authentication.............................................................................. 264

Appendix M

Antenna Selection and Positioning Recommendation..................................... 268

Appendix N

Power Adaptor Specifications ............................................................................ 270

15 Table of Contents

ZyAIR G-3000 User’s Guide

List of Figures

Figure 1 PoE Installation Example ...................................................................................... 29

Figure 2 WDS Functionality Example ................................................................................. 31

Figure 3 Dual WLAN Application ......................................................................................... 34

Figure 4 Access Point Application ....................................................................................... 35

Figure 5 AP+Bridge Application ........................................................................................ 36

Figure 6 Bridge Application ................................................................................................. 37

Figure 7 Repeater Application ............................................................................................. 37

Figure 8 Change Password Screen .................................................................................... 39

Figure 9 Replace Certificate Screen ................................................................................... 39

Figure 10 The MAIN MENU Screen of the Web Configurator ............................................. 41

Figure 11 Wizard 1 : General Setup .................................................................................... 43

Figure 12 Wizard 2 : Wireless LAN Setup ........................................................................... 44

Figure 13 Wizard 3 : IP Address Assignment ..................................................................... 47

Figure 14 Wizard 4 : Setup Complete ................................................................................. 48

Figure 15 System General Setup ........................................................................................ 50

Figure 16 Password. ........................................................................................................... 52

Figure 17 Time Setting ........................................................................................................ 53

Figure 18 IBSS (Ad-hoc) Wireless LAN .............................................................................. 56

Figure 19 Basic Service set ................................................................................................ 57

Figure 20 Extended Service Set ......................................................................................... 58

Figure 21 RTS/CTS ............................................................................................................. 59

Figure 22 Wireless : Access Point ...................................................................................... 63

Figure 23 Bridging Example ................................................................................................ 66

Figure 24 Bridge Loop: Two Bridges Connected to Hub ..................................................... 66

Figure 25 Bridge Loop: Bridge Connected to Wired LAN ................................................... 67

Figure 26 Wireless : Bridge/Repeater ................................................................................. 68

Figure 27 Wireless: AP+Bridge ........................................................................................... 70

Figure 28 Roaming Example ............................................................................................... 72

Figure 29 Roaming ..............................................................................................................73

Figure 30 WEP Authentication Steps .................................................................................. 75

Figure 31 Wireless ............................................................................................................. 76

Figure 32 Layer-2 Isolation Application ............................................................................... 79

Figure 33 Layer-2 Isolation Configuration Screen ............................................................... 80

Figure 34 Layer-2 Isolation Example .................................................................................. 81

Figure 35 Layer-2 Isolation Example 1 ............................................................................... 82

Figure 36 Layer-2 Isolation Example 2 ............................................................................... 82

List of Figures 16

ZyAIR G-3000 User’s Guide

Figure 37 Layer-2 Isolation Example 3 ............................................................................... 83

Figure 38 MAC Address Filter ............................................................................................. 84

Figure 39 EAP Authentication ............................................................................................. 86

Figure 40 WPA - PSK Authentication .................................................................................. 89

Figure 41 WPA with RADIUS Application Example ............................................................ 90

Figure 42 Wireless LAN : 802.1x/WPA ............................................................................... 92

Figure 43 Wireless LAN : 802.1x/WPA for 802.1x Protocol ................................................ 93

Figure 44 Wireless LAN: 802.1x/WPA for WPA Protocol .................................................... 97

Figure 45 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol ............................................ 99

Figure 46 ZyAIR Authenticates Wireless Stations ............................................................... 101

Figure 47 ZyAIR Authenicates other AP’s ........................................................................... 101

Figure 48 Internal RADIUS Server Setting Screen ............................................................ 103

Figure 49 Trusted AP Overview .......................................................................................... 104

Figure 50 Trusted AP Screen .............................................................................................. 105

Figure 51 Trusted Users Screen ......................................................................................... 107

Figure 52 VLAN ................................................................................................................... 109

Figure 53 IP Setup ............................................................................................................. 111

Figure 54 My Certificates .................................................................................................... 116

Figure 55 My Certificate Import ........................................................................................... 118

Figure 56 My Certificate Create .......................................................................................... 119

Figure 57 My Certificate Details .......................................................................................... 122

Figure 58 Trusted CAs ........................................................................................................ 125

Figure 59 Trusted CA Import ............................................................................................... 126

Figure 60 Trusted CA Details .............................................................................................. 128

Figure 61 Remote Management: WWW ............................................................................. 134

Figure 62 Telnet Configuration on a TCP/IP Network ......................................................... 135

Figure 63 Remote Management: Telnet .............................................................................. 136

Figure 64 Remote Management: FTP ................................................................................. 137

Figure 65 SNMP Management Model ................................................................................. 138

Figure 66 Remote Management: SNMP ............................................................................. 140

Figure 67 View Log .............................................................................................................143

Figure 68 Log Settings ........................................................................................................ 144

Figure 69 System Status ..................................................................................................... 146

Figure 70 System Status: Show Statistics ........................................................................... 147

Figure 71 Association List ................................................................................................... 149

Figure 72 Channel Usage ................................................................................................... 150

Figure 73 Firmware Upload ................................................................................................. 151

Figure 74 Firmware Upload In Process ............................................................................... 152

Figure 75 Network Temporarily Disconnecte ...................................................................... 152

Figure 76 Firmware Upload Error ........................................................................................ 153

Figure 77 Configuration ....................................................................................................... 154

Figure 78 Configuration Upload Successful ........................................................................ 155

Figure 79 Network Temporarily Disconnected .................................................................... 155

17 List of Figures

ZyAIR G-3000 User’s Guide

Figure 80 Configuration Upload Error ................................................................................. 156

Figure 81 Reset Warning Message ..................................................................................... 156

Figure 82 Restart Screen .................................................................................................... 157

Figure 83 Login Screen ....................................................................................................... 158

Figure 84 Menu 23.1 System Security : Change Password ................................................ 159

Figure 85 ZyAIR G-3000 SMT Menu Overview Example ................................................... 160

Figure 86 ZyAIR G-3000 SMT Main Menu .......................................................................... 161

Figure 87 Menu 1 General Setup ........................................................................................ 164

Figure 88 Menu 3 LAN Setup ............................................................................................. 166

Figure 89 Menu 3.2 TCP/IP Setup ...................................................................................... 167

Figure 90 Menu 3.5 Wireless LAN Setup ............................................................................ 168

Figure 91 Menu 3.5 Wireless LAN Setup ............................................................................ 170

Figure 92 Menu 3.5.1 WLAN MAC Address Filter .............................................................. 171

Figure 93 Menu 3.5 Wireless LAN Setup ............................................................................ 172

Figure 94 Menu 3.5.4 Bridge Link Configuration ................................................................. 173

Figure 95 Menu 14- Dial-in User Setup ............................................................................... 174

Figure 96 Menu 14.1- Edit Dial-in User ............................................................................... 175

Figure 97 Menu 16 VLAN Setup ......................................................................................... 176

Figure 98 SNMP Management Model ................................................................................. 178

Figure 99 Menu 22 SNMP Configuration ........................................................................... 180

Figure 100 Menu 23 System Security ................................................................................. 182

Figure 101 Menu 23 System Security ................................................................................. 183

Figure 102 Menu 23.2 System Security : RADIUS Server .................................................. 183

Figure 103 Menu 23 System Security ................................................................................. 184

Figure 104 Menu 23.4 System Security : IEEE802.1x ........................................................ 185

Figure 105 Menu 24 System Maintenance ......................................................................... 188

Figure 106 Menu 24.1 System Maintenance : Status ......................................................... 189

Figure 107 Menu 24.2 System Information and Console Port Speed ................................. 190

Figure 108 Menu 24.2.1 System Information : Information ................................................. 191

Figure 109 Menu 24.2.2 System Maintenance : Change Console Port Speed ................... 192

Figure 110 Menu 24.3 System Maintenance : Log and Trace ............................................. 192

Figure 111 Sample Error and Information Messages .......................................................... 193

Figure 112 Menu 24.4 System Maintenance : Diagnostic ................................................... 193

Figure 113 Menu 24.5 Backup Configuration ...................................................................... 198

Figure 114 FTP Session Example ....................................................................................... 199

Figure 115 System Maintenance: Backup Configuration .................................................... 201

Figure 116 System Maintenance: Starting Xmodem Download Screen .............................. 201

Figure 117 Backup Configuration Example ......................................................................... 201

Figure 118 Successful Backup Confirmation Screen .......................................................... 201

Figure 119 Menu 24.6 Restore Configuration ..................................................................... 202

Figure 120 Menu 24.7 System Maintenance: Upload Firmware ......................................... 202

Figure 121 Menu 24.7.1 System Maintenance : Upload System Firmware ........................ 203

Figure 122 Menu 24.7.2 System Maintenance: Upload System Configuration File ............ 203

List of Figures 18

ZyAIR G-3000 User’s Guide

Figure 123 FTP Session Example ...................................................................................... 204

Figure 124 Menu 24.7.1 as seen using the Console Port ................................................... 206

Figure 125 Example Xmodem Upload ................................................................................ 206

Figure 126 Menu 24.7.2 as seen using the Console Port .................................................. 207

Figure 127 Example Xmodem Upload ................................................................................ 207

Figure 128 Menu 24 System Maintenance ......................................................................... 209

Figure 129 Valid CI Commands .......................................................................................... 209

Figure 130 CNM CL ............................................................................................................ 210

Figure 131 CNM Configuration Example ............................................................................ 213

Figure 132 Menu 24.10 System Maintenance : Time and Date Setting .............................. 214

Figure 133 Telnet Configuration on a TCP/IP Network ....................................................... 215

Figure 134 Menu 24.11 Remote Management Control ....................................................... 217

Figure 135 WIndows 95/98/Me: Network: Configuration ..................................................... 229

Figure 136 Windows 95/98/Me: TCP/IP Properties: IP Address ......................................... 230

Figure 137 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ............................ 231

Figure 138 Windows XP: Start Menu .................................................................................. 232

Figure 139 Windows XP: Control Panel .............................................................................. 232

Figure 140 Windows XP: Control Panel: Network Connections: Properties ....................... 233

Figure 141 Windows XP: Local Area Connection Properties .............................................. 233

Figure 142 Windows XP: Advanced TCP/IP Settings ......................................................... 234

Figure 143 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 235

Figure 144 Macintosh OS 8/9: Apple Menu ........................................................................ 236

Figure 145 Macintosh OS 8/9: TCP/IP ................................................................................ 236

Figure 146 Macintosh OS X: Apple Menu ........................................................................... 237

Figure 147 Macintosh OS X: Network ................................................................................. 238

Figure 148 IP Address Conflicts: CaseA ............................................................................. 240

Figure 149 IP Address Conflicts: Case B ........................................................................... 241

Figure 150 IP Address Conflicts: Case C ............................................................................ 241

Figure 151 IP Address Conflicts: Case D ............................................................................ 242

Figure 152 Peer-to-Peer Communication in an Ad-hoc Network ........................................ 259

Figure 153 ESS Provides Campus-Wide Coverage ........................................................... 260

Figure 154 Sequences for EAP MD5–Challenge Authentication ........................................ 263

Figure 155 EAP-SIM ......................................................................................................... 265

19 List of Figures

ZyAIR G-3000 User’s Guide

List of Tables

Table 1 IEEE 802.11b ......................................................................................................... 31

Table 2 IEEE 802.11g ......................................................................................................... 31

Table 3 Wizard 1 : General Setup ...................................................................................... 43

Table 4 Wizard 2 : Wireless LAN Setup ............................................................................. 44

Table 5 Private IP Address Ranges ................................................................................... 45

Table 6 Wizard 3 : IP Address Assignment ........................................................................ 47

Table 7 System General Setup .......................................................................................... 50

Table 8 Password ............................................................................................................... 52

Table 9 Time Setting ..........................................................................................................53

Table 10 STP Path Costs ................................................................................................... 60

Table 11 STP Port States ................................................................................................... 61

Table 12 Wireless : Access Point ....................................................................................... 63

Table 13 Wireless : Bridge/Repeater .................................................................................. 68

Table 14 Roaming ..............................................................................................................73

Table 15 ZyAIR Wireless Security Levels .......................................................................... 74

Table 16 Wireless ............................................................................................................... 77

Table 17 Layer-2 Isolation Configuration ............................................................................ 80

Table 18 MAC Address Filter ............................................................................................. 84

Table 19 Wireless Security Relational Matrix ..................................................................... 90

Table 20 Wireless LAN : 802.1x/WPA ................................................................................ 92

Table 21 Wireless LAN : 802.1x/WPA for 802.1x Protocol ................................................. 94

Table 22 Wireless LAN: 802.1x/WPA for WPA Protocol ..................................................... 97

Table 23 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol ............................................ 99

Table 24 Internal RADIUS Server ...................................................................................... 101

Table 25 My Certificates ..................................................................................................... 103

Table 26 Trusted AP ...........................................................................................................105

Table 27 Trusted Users ...................................................................................................... 107

Table 28 VLAN ................................................................................................................... 109

Table 29 Private IP Address Ranges ................................................................................. 110

Table 30 IP Setup ............................................................................................................... 111

Table 31 My Certificates ..................................................................................................... 116

Table 32 My Certificate Import ........................................................................................... 119

Table 33 My Certificate Create ........................................................................................... 120

Table 34 My Certificate Details ........................................................................................... 123

Table 35 Trusted CAs ......................................................................................................... 125

Table 36 Trusted CA Import ............................................................................................... 126

List of Tables 20

ZyAIR G-3000 User’s Guide

Table 37 Trusted CA Details ............................................................................................... 129

Table 38 Remote Management: WWW .............................................................................. 134

Table 39 Remote Management: Telnet .............................................................................. 136

Table 40 Remote Management: FTP ................................................................................. 137

Table 41 SNMP Traps ........................................................................................................ 139

Table 42 Remote Management: SNMP .............................................................................. 140

Table 43 View Log .............................................................................................................. 143

Table 44 Log Settings .........................................................................................................144

Table 45 System Status ...................................................................................................... 146

Table 46 System Status: Show Statistics ........................................................................... 147

Table 47 Association List .................................................................................................... 149

Table 48 Channel Usage .................................................................................................... 150

Table 49 Firmware Upload ................................................................................................. 151

Table 50 Restore Configuration .......................................................................................... 154

Table 51 Main Menu Commands ....................................................................................... 161

Table 52 Main Menu Summary .......................................................................................... 162

Table 53 Menu 1 General Setup ........................................................................................ 164

Table 54 Menu 3.2 TCP/IP Setup ....................................................................................... 167

Table 55 Menu 3.5 Wireless LAN Setup ............................................................................ 168

Table 56 Menu 3.5.1 WLAN MAC Address Filter ............................................................... 171

Table 57 Menu 3.5.4 Bridge Link Configuration ................................................................. 173

Table 58 Menu 14.1- Edit Dial-in User ............................................................................... 175

Table 59 Menu 16 VLAN Setup .......................................................................................... 176

Table 60 Menu 22 SNMP Configuration ............................................................................. 180

Table 61 SNMP Traps ........................................................................................................ 180

Table 62 Ports and Interface Types .................................................................................... 181

Table 63 Menu 23.2 System Security : RADIUS Server .................................................... 183

Table 64 Menu 23.4 System Security : IEEE802.1x ........................................................... 185

Table 65 Menu 24.1 System Maintenance : Status ............................................................ 189

Table 66 Menu 24.2.1 System Maintenance : Information ................................................. 191

Table 67 Menu 24.4 System Maintenance Menu: Diagnostic ............................................ 194

Table 68 Filename Conventions ......................................................................................... 197

Table 69 General Commands for Third Party FTP Clients ................................................. 199

Table 70 General Commands for Third Party TFTP Clients .............................................. 200

Table 71 CNM Commands ................................................................................................. 210

Table 72 System Maintenance : Time and Date Setting .................................................... 214

Table 73 Remote Management Port Control ...................................................................... 216

Table 74 Menu 24.11 Remote Management Control .......................................................... 217

Table 75 Troubleshooting the Start-Up of Your ZyAIR ....................................................... 220

Table 76 Troubleshooting the Ethernet Interface ............................................................... 220

Table 77 Troubleshooting the Password ............................................................................ 221

Table 78 Troubleshooting Telnet ........................................................................................ 221

Table 79 Troubleshooting the WLAN Interface ................................................................... 221

21 List of Tables

ZyAIR G-3000 User’s Guide

Table 80 Hardware .............................................................................................................222

Table 81 Firmware .............................................................................................................. 222

Table 82 Power over Ethernet Injector Specifications ....................................................... 224

Table 83 Power over Ethernet Injector RJ-45 Port Pin Assignments ................................. 224

Table 84 Brute-Force Password Guessing Protection Commands .................................... 226

Table 85 Classes of IP Addresses ..................................................................................... 244

Table 86 Allowed IP Address Range By Class ................................................................... 245

Table 87 “Natural” Masks .................................................................................................. 245

Table 88 Alternative Subnet Mask Notation ....................................................................... 246

Table 89 Two Subnets Example ......................................................................................... 246

Table 90 Subnet 1 .............................................................................................................. 247

Table 91 Subnet 2 .............................................................................................................. 247

Table 92 Subnet 1 .............................................................................................................. 248

Table 93 Subnet 2 .............................................................................................................. 248

Table 94 Subnet 3 .............................................................................................................. 248

Table 95 Subnet 4 .............................................................................................................. 249

Table 96 Eight Subnets ...................................................................................................... 249

Table 97 Class C Subnet Planning ..................................................................................... 249

Table 98 Class B Subnet Planning ..................................................................................... 250

Table 99 System Maintenance Logs .................................................................................. 254

Table 100 ICMP Notes ....................................................................................................... 254

Table 101 Sys log ............................................................................................................... 255

Table 102 Log Categories and Available Settings .............................................................. 256

Table 103 Comparison of EAP Authentication Types ......................................................... 266

Table 104 NORTH AMERICAN PLUG STANDARDS ........................................................ 270

Table 105 NORTH AMERICAN PLUG STANDARDS ........................................................ 270

Table 106 EUROPEAN PLUG STANDARDS ..................................................................... 270

Table 107 United Kingdom PLUG STANDARDS ............................................................... 270

Table 108 Japan PLUG STANDARDS ............................................................................... 270

Table 109 Australia and New Zealand plug standards ....................................................... 271

List of Tables 22

ZyAIR G-3000 User’s Guide

23 List of Tables

ZyAIR G-3000 User’s Guide

Preface

Congratulations on your purchase of the ZyAIR G-3000 - 802.11g Business Access Point/ Bridge/Repeater.

An AP acts as a bridge between the wireless and wired networks, extending your existing wired network without any additional wiring.

The ZyAIR can function as a wireless network bridge/repeater and establish up to five wireless links with other APs.

The ZyAIR also supports both AP and bridge connections at the same time.

Your ZyAIR is easy to install and configure.

Note: Register your product online to receive e-mail notices of firmware upgrades and information at products, or at

www.us.zyxel.com for North American products.

www.zyxel.com for global

About This User's Guide

This User’s Guide is designed to guide you through the configuration of your ZyAIR using the web configurator or the SMT. The web configurator parts of this guide contain background information on features configurable by web configurator. The SMT parts of this guide contain background information solely on features not configurable by web configurator

Note: Use the web configurator, System Management Terminal (SMT) or command interpreter interface to configure your ZyAIR. Not all features can be configured through all interfaces.

User Guide Feedback

Help us help you! E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you!

Syntax Conventions

• “Enter” means for you to type one or more characters. “Select” or “Choose” means for you to use one predefined choices.

• The SMT menu titles and labels are in Bold Times New Roman font. Predefined field choices are in Bold Arial font. Command and arrow keys are enclosed in square brackets. [ENTER] means the Enter, or carriage return key; [ESC] means the Escape key and [SPACE BAR] means the Space Bar.

• Mouse action sequences are denoted using a comma. For example, “click the Apple icon, Control Panels and then Modem” means first click the Apple icon, then point your mouse pointer to Control Panels and then click Modem.

• For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual.

• The ZyAIR G-3000 may be referred to simply as the ZyAIR in the user’s guide.

25 Preface

Graphics Icons Key

ZyAIR Computer Notebook computer

Server DSLAM Firewall

Modem Switch Router

ZyAIR G-3000 User’s Guide

Wireless Signal

Preface 26

ZyAIR G-3000 User’s Guide

27 Preface

Getting to Know Your ZyAIR

This chapter introduces the main features and applications of the ZyAIR.

1.1 Introducing the ZyAIR

The ZyAIR G-3000 is an enterprise level IEEE802.11g compliant business access point, bridge and repeater. The ZyAIR provides a Wireless Distribution System (WDS) to support the bridge and repeater application giving flexibility to build an extended wireless network. The ZyAIR offers highly secured wireless connectivity to your wired network with IEEE

802.1x, Wi-Fi Protected Access, WEP data encryption, two WLAN interfaces, an internal RADIUS server and MAC address filtering.

ZyAIR G-3000 User’s Guide

CHAPTER 1

The ZyAIR is easy to install and configure. The embedded web-based configurator enables easy operation and configuration.

1.2 ZyAIR Features

The following sections describe the features of the ZyAIR

1.2.1 Physical Features

1.2.1.1 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface

This auto-negotiating feature allows the ZyAIR to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network.

1.2.1.2 10/100M Auto-crossover Ethernet/Fast Ethernet Interface

An auto-crossover (auto-MDI/MDI-X) port automatically works with a straight-through or crossover Ethernet cable.

1.2.1.3 Reset Button

The ZyAIR reset button is built into the side panel. Use this button to restore the factory default password to 1234; IP address to 192.168.1.2, subnet mask to 255.255.255.0.

Chapter 1 Getting to Know Your ZyAIR 28

ZyAIR G-3000 User’s Guide

1.2.1.4 ZyAIR LED

The blue ZyAIR LED (also known as the Breathing LED) is on when the ZyAIR is on and blinks (or breaths) when data is being transmitted to/from its wireless stations. You may use the web configurator to turn this LED off even when the ZyAIR is on and data is being transmitted/received.

1.2.1.5 Bridge/Repeater LED

A Bridge/Repeater link LED turns steady on green when your ZyAIR acts as a bridge, establishing up to six wireless links with other APs.

1.2.1.6 Power over Ethernet (PoE)

Power over Ethernet (PoE) is the ability to provide power to your ZyAIR via an 8-pin CAT 5 Ethernet cable, eliminating the need for a nearby power source. An injector or PoE device (not included) is also needed to supply the Ethernet cable with power. This feature allows increased flexibility in the locating of your ZyAIR. You only need to connect the external power adaptor if you are not using PoE. If you simultaneously use both PoE and the external power adaptor, the ZyAIR will draw power from the PoE connection only. Refer to the appendix for more information about PoE.

Figure 1 PoE Installation Example

1.2.2 Firmware Features

1.2.2.1 Dual WLAN Interface

The ZyAIR can operate with two WLAN cards. One of the cards is built-in. Another card can be added using the extension slot on the side panel of the ZyAIR.

With two WLAN cards, the ZyAIR can be set up with two different wireless configurations, for example, an Access Point with one card and an AP+Bridge with the other card.

29 Chapter 1 Getting to Know Your ZyAIR

+ 246 hidden pages

ZyXEL ZyAIR G-3000 User Guide

User’s Guide

Copyright

Disclaimer

Trademarks

Notice 1

Certifications

3 Federal Communications Commission (FCC) Interference Statement

ZyXEL Limited Warranty

Note

Safety Warnings

Customer Support

Table of Contents

List of Figures

List of Tables

Preface

About This User's Guide

Related Documentation

User Guide Feedback

Syntax Conventions

Graphics Icons Key

Getting to Know Your ZyAIR

1.1 Introducing the ZyAIR

1.2 ZyAIR Features

1.2.1 Physical Features

1.2.1.1 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface

1.2.1.2 10/100M Auto-crossover Ethernet/Fast Ethernet Interface

1.2.1.3 Reset Button

1.2.1.4 ZyAIR LED

1.2.1.5 Bridge/Repeater LED

1.2.1.6 Power over Ethernet (PoE)

1.2.2 Firmware Features

1.2.2.1 Dual WLAN Interface