ZyXEL ZyAIR G-500 User Guide

Download

ZyAIR G-500

802.11g Wireless Access Point

User's Guide

Version 3.50

April 2004

ZyAIR G-500 Wireless Access Point User’s Guide

Copyright

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

ii Copyright

ZyAIR G-500 Wireless Access Point User’s Guide

Federal Communications Commission

(FCC) Interference Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause undesired

operations.

This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

1. Reorient or relocate the receiving antenna.

2. Increase the separation between the equipment and the receiver.

3. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

4. Consult the dealer or an experienced radio/TV technician for help.

Caution

1. To comply with FCC RF exposure compliance requirements, a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons.

2. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

Certifications

1. Go to www.zyxel.com

2. Select your product from the drop-down list box on the

ZyXEL home page to go to that product's page.

3. Select the certification you wish to view from this page.

FCC Statement iii

ZyAIR G-500 Wireless Access Point User’s Guide

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

Safety Warnings

1. To reduce the risk of fire, use only No. 26 AWG or larger telephone wire.

2. Do not use this product near water, for example, in a wet basement or near a swimming pool.

3. Avoid using this product during an electrical storm. There may be a remote risk of electric shock from lightening.

iv ZyXEL Warranty

ZyAIR G-500 Wireless Access Point User’s Guide

Customer Support

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

SUPPORT E-MAIL TELEPHONE1 WEB SITE METHOD

LOCATION

WORLDWIDE

AMERICA

SALES E-MAIL FAX1 FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

www.europe.zyxel.com

sales@zyxel.com.tw

support@zyxel.com +1-800-255-4101

sales@zyxel.com

support@zyxel.de +49-2405-6909-0 www.zyxel.de GERMANY

sales@zyxel.de

support@zyxel.es +34 902 195 420 SPAIN

sales@zyxel.es

support@zyxel.dk +45 39 55 07 00 www.zyxel.dk DENMARK

sales@zyxel.dk

support@zyxel.no +47 22 80 61 80 www.zyxel.no NORWAY

sales@zyxel.no

support@zyxel.se +46 31 744 7700 www.zyxel.se SWEDEN

sales@zyxel.se

+886-3-578-2439 ftp.zyxel.com

ftp.europe.zyxel.com

www.us.zyxel.com NORTH

+1-714-632-0882

+1-714-632-0858 ftp.us.zyxel.com

+49-2405-6909-99

+33 (0)4 72 52 97 97 FRANCE info@zyxel.fr

+33 (0)4 72 52 19 20

+34 913 005 345

+45 39 55 07 07

+47 22 80 61 81

+46 31 744 7701

www.zyxel.fr ZyXEL France

www.zyxel.es

ZyXEL Communications

“+” is the (prefix) number you enter to make an international telephone call.

REGULAR MAIL

ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan

ZyXEL Communications Inc. 1130 N. Miller St. Anaheim CA 92806-2001 U.S.A.

ZyXEL Deutschland GmbH. Adenauerstr. 20/A2 D-52146 Wuerselen Germany

1 rue des Vergers Bat. 1 / C 69760 Limonest France

Alejandro Villegas 33 1º, 28043 Madrid Spain

ZyXEL Communications A/S Columbusvej 5 2860 Soeborg Denmark

ZyXEL Communications A/S Nils Hansens vei 13 0667 Oslo Norway

ZyXEL Communications A/S Sjöporten 4, 41764 Göteborg Sweden

Customer Support v

ZyAIR G-500 Wireless Access Point User’s Guide

LOCATION

SUPPORT E-MAIL TELEPHONE1 WEB SITE METHOD

SALES E-MAIL FAX1 FTP SITE

support@zyxel.fi +358-9-4780-8411 www.zyxel.fi FINLAND

sales@zyxel.fi

+358-9-4780 8448

REGULAR MAIL

ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland

vi Customer Support

ZyAIR G-500 Wireless Access Point User’s Guide

Copyright.........................................................................................................................................................ii

Federal Communications Commission (FCC) Interference Statement.....................................................iii

ZyXEL Limited Warranty.............................................................................................................................iv

Customer Support........................................................................................................................................... v

List of Figures................................................................................................................................................xii

List of Tables..................................................................................................................................................xv

Preface..........................................................................................................................................................xvii

OVERVIEW.................................................................................................................................................... I

Chapter 1 Getting to Know Your ZyAIR ...................................................................................................1-1

1.1 Introducing the ZyAIR Wireless Access Point ..........................................................................1-1

1.2 ZyAIR Features..........................................................................................................................1-1

1.3 Applications for the ZyAIR........................................................................................................1-3

1.3.1 Internet Access Application ...............................................................................................1-4

1.3.2 Corporation Network Application......................................................................................1-4

Chapter 2 Introducing the Web Configurator...........................................................................................2-1

2.1 Accessing the ZyAIR Web Configurator ...................................................................................2-1

2.2 Resetting the ZyAIR ..................................................................................................................2-2

2.2.1 Method of Restoring Factory-Defaults...............................................................................2-2

2.3 Navigating the ZyAIR Web Configurator..................................................................................2-3

Chapter 3 Wizard Setup ..............................................................................................................................3-1

3.1 Wizard Setup Overview .............................................................................................................3-1

3.1.1 Channel ..............................................................................................................................3-1

3.1.2 ESS ID................................................................................................................................3-1

3.1.3 WEP Encryption.................................................................................................................3-1

3.2 Wizard Setup: General Setup.....................................................................................................3-2

3.3 Wizard Setup: Wireless LAN.....................................................................................................3-3

3.4 Wizard Setup: IP Address ..........................................................................................................3-4

3.4.1 IP Address Assignment ......................................................................................................3-4

3.4.2 IP Address and Subnet Mask..............................................................................................3-5

3.5 Basic Setup Complete ................................................................................................................3-7

SYSTEM, WIRELESS AND IP .................................................................................................................. III

Chapter 4 System Screens ...........................................................................................................................4-1

4.1 System Overview .......................................................................................................................4-1

4.2 Configuring General Setup.........................................................................................................4-1

4.3 Configuring Password................................................................................................................4-2

4.4 Configuring Time Setting...........................................................................................................4-3

Chapter 5 Wireless Configuration and Roaming ......................................................................................5-1

5.1 Wireless LAN Overview............................................................................................................5-1

5.1.1 IBSS ...................................................................................................................................5-1

Table of Contents vii

ZyAIR G-500 Wireless Access Point User’s Guide

5.1.2 BSS ....................................................................................................................................5-1

5.1.3 ESS ....................................................................................................................................5-2

5.2 Wireless LAN Basics.................................................................................................................5-3

5.2.1 RTS/CTS............................................................................................................................5-3

5.2.2 Fragmentation Threshold................................................................................................... 5-4

5.3 Configuring Wireless................................................................................................................. 5-5

5.4 Configuring Roaming ................................................................................................................5-6

5.4.1 Requirements for Roaming................................................................................................ 5-8

Chapter 6 Wireless Security........................................................................................................................6-1

6.1 Wireless Security Overview.......................................................................................................6-1

6.2 WEP Overview ..........................................................................................................................6-1

6.2.1 Data Encryption .................................................................................................................6-2

6.2.2 Authentication.................................................................................................................... 6-2

6.3 Preamble Type ........................................................................................................................... 6-3

6.4 Configuring WEP Encryption....................................................................................................6-3

6.5 MAC Filter.................................................................................................................................6-6

6.6 802.1x Overview........................................................................................................................6-8

6.7 Introduction to RADIUS............................................................................................................ 6-8

6.7.1 EAP Authentication Overview...........................................................................................6-9

6.8 Dynamic WEP Key Exchange................................................................................................. 6-10

6.9 Introduction to WPA................................................................................................................ 6-11

6.9.1 User Authentication .........................................................................................................6-11

6.9.2 Encryption........................................................................................................................ 6-11

6.10 WPA-PSK Application Example.............................................................................................6-12

6.11 WPA with RADIUS Application Example..............................................................................6-12

6.12 Security Parameters Summary.................................................................................................6-13

6.13 Wireless Client WPA Supplicants ...........................................................................................6-14

6.14 Configuring 802.1x and WPA .................................................................................................6-14

6.14.1 Authentication Required: 802.1x ..................................................................................... 6-15

6.14.2 Authentication Required: WPA ....................................................................................... 6-18

6.14.3 Authentication Required: WPA-PSK...............................................................................6-20

6.15 Introduction to Local User Database........................................................................................6-21

6.16 Configuring Local User Database............................................................................................ 6-21

6.17 Configuring RADIUS ..............................................................................................................6-23

Chapter 7 IP Screen .....................................................................................................................................7-1

7.1 Factory Ethernet Defaults ..........................................................................................................7-1

7.2 TCP/IP Parameters..................................................................................................................... 7-1

7.2.1 IP Address and Subnet Mask .............................................................................................7-1

7.3 Configuring IP ...........................................................................................................................7-1

REMOTE MANAGEMENT AND LOGS ..................................................................................................IV

Chapter 8 Remote Management.................................................................................................................8-1

viii Table of Contents

ZyAIR G-500 Wireless Access Point User’s Guide

8.1 Remote Management Overview.................................................................................................8-1

8.1.1 Remote Management Limitations ......................................................................................8-1

8.1.2 System Timeout .................................................................................................................8-1

8.2 Telnet .........................................................................................................................................8-2

8.3 Configuring TELNET ................................................................................................................8-2

8.4 Configuring FTP ........................................................................................................................8-3

8.5 Configuring WWW....................................................................................................................8-4

8.6 Configuring SNMP ....................................................................................................................8-5

8.6.1 Supported MIBs .................................................................................................................8-7

8.6.2 SNMP Traps.......................................................................................................................8-7

8.6.3 REMOTE MANAGEMENT: SNMP.................................................................................8-7

Chapter 9 Logs Screens ...............................................................................................................................9-1

9.1 Configuring View Log ...............................................................................................................9-1

9.2 Configuring Log Settings ...........................................................................................................9-2

MAINTENANCE........................................................................................................................................... V

Chapter 10 Maintenance ...........................................................................................................................10-1

10.1 Maintenance Overview ............................................................................................................10-1

10.2 System Status Screen ...............................................................................................................10-1

10.2.1 System Statistics...............................................................................................................10-2

10.3 Association List........................................................................................................................10-3

10.4 F/W Upload Screen..................................................................................................................10-4

10.5 Configuration Screen ...............................................................................................................10-7

10.5.1 Backup Configuration ......................................................................................................10-8

10.5.2 Restore Configuration ......................................................................................................10-9

10.5.3 Back to Factory Defaults................................................................................................10-10

10.6 Restart Screen.........................................................................................................................10-11

SMT CONFIGURATION.............................................................................................................................. V

Chapter 11 Introducing the SMT..............................................................................................................11-1

11.1 Connect to your ZyAIR Using Telnet ......................................................................................11-1

11.2 Changing the System Password ...............................................................................................11-1

11.3 ZyAIR SMT Menu Overview Example ...................................................................................11-2

11.4 Navigating the SMT Interface..................................................................................................11-4

11.4.1 System Management Terminal Interface Summary .........................................................11-5

Chapter 12 General Setup.........................................................................................................................12-1

12.1 General Setup...........................................................................................................................12-1

12.1.1 Procedure To Configure Menu 1......................................................................................12-1

Chapter 13 LAN Setup ..............................................................................................................................13-1

13.1 LAN Setup ...............................................................................................................................13-1

13.2 TCP/IP Ethernet Setup .............................................................................................................13-1

13.3 Wireless LAN Setup ................................................................................................................13-2

13.3.1 Configuring MAC Address Filter.....................................................................................13-5

Table of Contents ix

ZyAIR G-500 Wireless Access Point User’s Guide

13.3.2 Configuring Roaming ......................................................................................................13-7

Chapter 14 Dial-in User Setup..................................................................................................................14-1

14.1 Dial-in User Setup ...................................................................................................................14-1

Chapter 15 SNMP Configuration .............................................................................................................15-1

15.1 About SNMP............................................................................................................................15-1

15.2 Supported MIBs.......................................................................................................................15-2

15.3 SNMP Configuration ...............................................................................................................15-2

15.4 SNMP Traps ............................................................................................................................15-3

Chapter 16 System Security...................................................................................................................... 16-1

16.1 System Security .......................................................................................................................16-1

16.1.1 System Password .............................................................................................................16-1

16.1.2 Configuring External RADIUS Server ............................................................................16-1

16.1.3 802.1x ..............................................................................................................................16-3

Chapter 17 System Information and Diagnosis.......................................................................................17-1

17.1 Overview..................................................................................................................................17-1

17.2 System Status...........................................................................................................................17-1

17.3 System Information..................................................................................................................17-3

17.3.1 System Information.......................................................................................................... 17-3

17.3.2 Console Port Speed .......................................................................................................... 17-4

17.4 Log and Trace ..........................................................................................................................17-5

17.4.1 Viewing Error Log........................................................................................................... 17-5

17.5 Diagnostic ................................................................................................................................ 17-6

Chapter 18 Firmware and Configuration File Maintenance .................................................................18-1

18.1 Filename Conventions .............................................................................................................18-1

18.2 Backup Configuration..............................................................................................................18-2

18.2.1 Backup Configuration Using FTP....................................................................................18-2

18.2.2 Using the FTP command from the DOS Prompt .............................................................18-3

18.2.3 Backup Configuration Using TFTP ................................................................................. 18-4

18.2.4 Example: TFTP Command ..............................................................................................18-4

18.3 Restore Configuration..............................................................................................................18-5

18.4 Uploading Firmware and Configuration Files .........................................................................18-6

18.4.1 Firmware Upload............................................................................................................. 18-7

18.4.2 Configuration File Upload............................................................................................... 18-7

18.4.3 Using the FTP command from the DOS Prompt Example .............................................. 18-8

18.4.4 TFTP File Upload ............................................................................................................ 18-9

18.4.5 Example: TFTP Command ............................................................................................18-10

Chapter 19 System Maintenance and Information.................................................................................19-1

19.1 Command Interpreter Mode.....................................................................................................19-1

19.2 Time and Date Setting .............................................................................................................19-2

19.2.1 Resetting the Time...........................................................................................................19-3

Chapter 20 Remote Management.............................................................................................................20-1

x Table of Contents

ZyAIR G-500 Wireless Access Point User’s Guide

20.1 Telnet .......................................................................................................................................20-1

20.2 FTP...........................................................................................................................................20-1

20.3 Web ..........................................................................................................................................20-1

20.4 Remote Management ...............................................................................................................20-1

20.4.1 Remote Management Setup..............................................................................................20-2

20.4.2 Remote Management Limitations ....................................................................................20-3

20.5 System Timeout .......................................................................................................................20-3

APPENDICES............................................................................................................................................. VII

Appendix A Troubleshooting......................................................................................................................A-1

Appendix B Brute-Force Password Guessing Protection ........................................................................B-1

Appendix C Setting up Your Computer’s IP Address ..............................................................................C-1

Appendix D Wireless LAN and IEEE 802.11............................................................................................D-1

Appendix E Wireless LAN With IEEE 802.1x.......................................................................................... E-1

Appendix F Types of EAP Authentication................................................................................................. F-1

Appendix G IP Subnetting......................................................................................................................... G-1

Appendix H Command Interpreter.......................................................................................................... H-1

Appendix I Log Descriptions.......................................................................................................................I-1

Appendix J Index .........................................................................................................................................J-1

Table of Contents xi

ZyAIR G-500 Wireless Access Point User’s Guide

List of Figures

Figure 1-1 Internet Access Application...........................................................................................................1-4

Figure 1-2 Corporation Network Application.................................................................................................1-5

Figure 2-1 Change Password Screen ..............................................................................................................2-1

Figure 2-2 Navigating the ZyAIR Web Configurator .....................................................................................2-3

Figure 3-1 Wizard 1 : General Setup ..............................................................................................................3-2

Figure 3-2 Wizard 2 : Wireless LAN Setup ....................................................................................................3-3

Figure 3-3 Wizard 3 : IP Address Assignment................................................................................................3-6

Figure 4-1 System General Setup ...................................................................................................................4-1

Figure 4-2 Password .......................................................................................................................................4-3

Figure 4-3 Time Setting..................................................................................................................................4-4

Figure 5-1 IBSS (Ad-hoc) Wireless LAN.......................................................................................................5-1

Figure 5-2 Basic Service set ...........................................................................................................................5-2

Figure 5-3 Extended Service Set.....................................................................................................................5-3

Figure 5-4 RTS/CTS .......................................................................................................................................5-4

Figure 5-5 Wireless.........................................................................................................................................5-5

Figure 5-6 Roaming Example.........................................................................................................................5-7

Figure 5-7 Roaming........................................................................................................................................5-8

Figure 6-1 ZyAIR Wireless Security Levels................................................................................................... 6-1

Figure 6-2 WEP Authentication Steps ............................................................................................................6-2

Figure 6-3 Wireless.........................................................................................................................................6-4

Figure 6-4 MAC Address Filter......................................................................................................................6-7

Figure 6-5 EAP Authentication.....................................................................................................................6-10

Figure 6-6 WPA - PSK Authentication .........................................................................................................6-12

Figure 6-7 WPA with RADIUS Application Example..................................................................................6-13

Figure 6-8 Wireless LAN: 802.1x/WPA .......................................................................................................6-15

Figure 6-9 Wireless LAN: 802.1x/WPA for 802.1x Protocol .......................................................................6-16

Figure 6-10 Wireless LAN: 802.1x/WPA for WPA Protocol........................................................................6-19

Figure 6-11 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol ...............................................................6-20

Figure 6-12 Local User Database .................................................................................................................6-22

Figure 6-13 RADIUS....................................................................................................................................6-23

Figure 7-1 IP Setup.........................................................................................................................................7-1

Figure 8-1 Telnet Configuration on a TCP/IP Network ..................................................................................8-2

Figure 8-2 Telnet.............................................................................................................................................8-2

Figure 8-3 FTP................................................................................................................................................8-3

Figure 8-4 WWW ...........................................................................................................................................8-4

Figure 8-5 SNMP Management Model...........................................................................................................8-6

Figure 8-6 SNMP............................................................................................................................................8-8

Figure 9-1 View Log.......................................................................................................................................9-1

Figure 9-2 Log Settings ..................................................................................................................................9-3

xii List of Figures

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 10-1 System Status ........................................................................................................................... 10-1

Figure 10-2 System Status: Show Statistics ................................................................................................. 10-2

Figure 10-3 Association List........................................................................................................................ 10-4

Figure 10-4 Firmware Upload...................................................................................................................... 10-5

Figure 10-5 Firmware Upload In Process .................................................................................................... 10-6

Figure 10-6 Network Temporarily Disconnected......................................................................................... 10-6

Figure 10-7 Firmware Upload Error ............................................................................................................ 10-7

Figure 10-8 Configuration ........................................................................................................................... 10-8

Figure 10-9 Configuration Upload Successful............................................................................................. 10-9

Figure 10-10 Network Temporarily Disconnected..................................................................................... 10-10

Figure 10-11 Configuration Upload Error.................................................................................................. 10-10

Figure 10-12 Reset Warning Message.........................................................................................................10-11

Figure 10-13 Restart Screen........................................................................................................................10-11

Figure 11-1 Login Screen..............................................................................................................................11-1

Figure 11-2 Menu 23.1 System Security : Change Password .......................................................................11-2

Figure 11-3 ZyAIR G-500 SMT Menu Overview Example .........................................................................11-3

Figure 11-4 ZyAIR G-500 SMT Main Menu................................................................................................11-5

Figure 12-1 Menu 1 General Setup.............................................................................................................. 12-1

Figure 13-1 Menu 3 LAN Setup .................................................................................................................. 13-1

Figure 13-2 Menu 3.2 TCP/IP Setup............................................................................................................ 13-1

Figure 13-3 Menu 3.5 Wireless LAN Setup................................................................................................. 13-3

Figure 13-4 Menu 3.5 Wireless LAN Setup................................................................................................. 13-6

Figure 13-5 Menu 3.5.1 WLAN MAC Address Filter ................................................................................. 13-6

Figure 13-6 Menu 3.5 Wireless LAN Setup................................................................................................. 13-8

Figure 13-7 Menu 3.5.2 Roaming Configuration......................................................................................... 13-8

Figure 14-1 Menu 14- Dial-in User Setup ................................................................................................... 14-1

Figure 14-2 Menu 14.1- Edit Dial-in User................................................................................................... 14-1

Figure 15-1 SNMP Management Model ...................................................................................................... 15-1

Figure 15-2 Menu 22 SNMP Configuration................................................................................................. 15-3

Figure 16-1 Menu 23 System Security......................................................................................................... 16-1

Figure 16-2 Menu 23 System Security......................................................................................................... 16-1

Figure 16-3 Menu 23.2 System Security : RADIUS Server ........................................................................ 16-2

Figure 16-4 Menu 23 System Security......................................................................................................... 16-3

Figure 16-5 Menu 23.4 System Security : IEEE802.1x............................................................................... 16-4

Figure 17-1 Menu 24 System Maintenance ................................................................................................. 17-1

Figure 17-2 Menu 24.1 System Maintenance : Status.................................................................................. 17-2

Figure 17-3 Menu 24.2 System Information and Console Port Speed......................................................... 17-3

Figure 17-4 Menu 24.2.1 System Information : Information....................................................................... 17-3

Figure 17-5 Menu 24.2.2 System Maintenance : Change Console Port Speed............................................ 17-4

Figure 17-6 Menu 24.3 System Maintenance : Log and Trace .................................................................... 17-5

Figure 17-7 Sample Error and Information Messages ................................................................................. 17-5

List of Figures xiii

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 17-8 Menu 24.4 System Maintenance : Diagnostic...........................................................................17-6

Figure 18-1 Menu 24.5 Backup Configuration.............................................................................................18-2

Figure 18-2 FTP Session Example................................................................................................................18-3

Figure 18-3 Menu 24.6 Restore Configuration.............................................................................................18-6

Figure 18-4 Menu 24.7 System Maintenance : Upload Firmware................................................................18-6

Figure 18-5 Menu 24.7.1 System Maintenance : Upload System Firmware ................................................18-7

Figure 18-6 Menu 24.7.2 System Maintenance : Upload System Configuration File ..................................18-8

Figure 18-7 FTP Session Example................................................................................................................18-9

Figure 19-1 Menu 24 System Maintenance..................................................................................................19-1

Figure 19-2 Valid CI Commands .................................................................................................................. 19-1

Figure 19-3 Menu 24.10 System Maintenance : Time and Date Setting ......................................................19-2

Figure 20-1 Telnet Configuration on a TCP/IP Network ..............................................................................20-1

Figure 20-2 Menu 24.11 Remote Management Control ...............................................................................20-2

xiv List of Figures

ZyAIR G-500 Wireless Access Point User’s Guide

List of Tables

Table 3-1 Wizard 1 : General Setup ............................................................................................................... 3-2

Table 3-2 Wizard 2 : Wireless LAN Setup..................................................................................................... 3-3

Table 3-3 Private IP Address Ranges ............................................................................................................. 3-5

Table 3-4 Wizard 3 : IP Address Assignment ................................................................................................. 3-6

Table 4-1 System General Setup.................................................................................................................... 4-2

Table 4-2 Password ........................................................................................................................................ 4-3

Table 4-3 Time Setting................................................................................................................................... 4-4

Table 5-1 Wireless.......................................................................................................................................... 5-6

Table 5-2 Roaming......................................................................................................................................... 5-9

Table 6-1 Wireless.......................................................................................................................................... 6-4

Table 6-2 MAC Address Filter....................................................................................................................... 6-8

Table 6-3 Wireless Security Relational Matrix ............................................................................................ 6-13

Table 6-4 Wireless LAN: 802.1x/WPA ........................................................................................................ 6-15

Table 6-5 Wireless LAN: 802.1x/WPA for 802.1x Protocol ........................................................................ 6-16

Table 6-6 Wireless LAN: 802.1x/WPA for WPA Protocol ........................................................................... 6-19

Table 6-7 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol .................................................................. 6-21

Table 6-8 Local User Database .................................................................................................................... 6-23

Table 6-9 RADIUS....................................................................................................................................... 6-24

Table 7-1 IP Setup.......................................................................................................................................... 7-2

Table 8-1 Telnet.............................................................................................................................................. 8-2

Table 8-2 FTP................................................................................................................................................. 8-4

Table 8-3 WWW ............................................................................................................................................ 8-5

Table 8-4 SNMP Traps................................................................................................................................... 8-7

Table 8-5 Ports and Interface Types ............................................................................................................... 8-7

Table 8-6 SNMP............................................................................................................................................. 8-8

Table 9-1 View Log........................................................................................................................................ 9-2

Table 9-2 Log Settings ................................................................................................................................... 9-4

Table 10-1 System Status............................................................................................................................. 10-1

Table 10-2 System Status: Show Statistics................................................................................................... 10-2

Table 10-3 Association List.......................................................................................................................... 10-4

Table 10-4 Firmware Upload ....................................................................................................................... 10-5

Table 10-5 Restore Configuration................................................................................................................ 10-9

Table 11-1 Main Menu Commands...............................................................................................................11-4

Table 11-2 Main Menu Summary .................................................................................................................11-5

Table 12-1 Menu 1 General Setup................................................................................................................ 12-2

Table 13-1 Menu 3.2 TCP/IP Setup ............................................................................................................. 13-2

Table 13-2 Menu 3.5 Wireless LAN Setup .................................................................................................. 13-3

Table 13-3 Menu 3.5.1 WLAN MAC Address Filter ...................................................................................13-7

Table 13-4 Menu 3.5.2 Roaming Configuration .......................................................................................... 13-8

List of Tables xv

ZyAIR G-500 Wireless Access Point User’s Guide

Table 14-1 Menu 14.1- Edit Dial-in User .....................................................................................................14-2

Table 15-1 Menu 22 SNMP Configuration...................................................................................................15-3

Table 15-2 SNMP Traps................................................................................................................................15-4

Table 16-1 Menu 23.2 System Security : RADIUS Server...........................................................................16-2

Table 16-2 Menu 23.4 System Security : IEEE802.1x .................................................................................16-4

Table 17-1 Menu 24.1 System Maintenance : Status.................................................................................... 17-2

Table 17-2 Menu 24.2.1 System Maintenance : Information........................................................................17-4

Table 17-3 Menu 24.4 System Maintenance Menu : Diagnostic .................................................................. 17-6

Table 18-1 Filename Conventions ................................................................................................................18-2

Table 18-2 General Commands for Third Party FTP Clients........................................................................18-3

Table 18-3 General Commands for Third Party TFTP Clients .....................................................................18-5

Table 19-1 Menu 24.10 System Maintenance : Time and Date Setting........................................................19-3

Table 20-1 Menu 24.11 Remote Management Control.................................................................................20-2

xvi List of Tables

ZyAIR G-500 Wireless Access Point User’s Guide

Preface

Congratulations on your purchase from the ZyAIR G-500 802.11g Wireless Access Point.

An access point (AP) acts as a bridge between the wireless and wired networks, extending your existing wired network without any additional wiring.

This User’s Guide is designed to guide you through the configuration of your ZyAIR using the web configurator or the SMT.

Use the web configurator, System Management Terminal (SMT) or command

interpreter interface to configure your ZyAIR. Not all features can be configured

through all interfaces.

The web configurator parts of this guide contain background information on features configurable by the web configurator and the SMT. The SMT parts of this guide contain background information solely on features not configurable by the web configurator.

Don’t forget to register your product online for free future product updates and

information at www.zyxel.com for global products, or at www.us.zyxel.com for

North American products.

Getting to Know Your ZyAIR

This chapter introduces the main features and applications of the ZyAIR.

1.1 Introducing the ZyAIR Wireless Access Point

The ZyAIR extends the range of your existing wired network without any additional wiring efforts. The ZyAIR provides easy network access to mobile users. The ZyAIR offers highly secured wireless connectivity to your wired network with IEEE 802.1x, WEP data encryption, WPA (Wi-Fi Protected Access) and MAC address filtering. Both IEEE802.11b and IEEE802.11g compliant WLAN devices can associate with the ZyAIR.

The ZyAIR is easy to install and configure. The embedded web-based configurator and SNMP network management enables remote configuration and management of your ZyAIR.

1.2 ZyAIR Features

The following sections describe the features of the ZyAIR.

10/100M Auto-negotiating Ethernet/Fast Ethernet Interface

This auto-negotiating feature allows the ZyAIR to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network.

10/100M Auto-crossover Ethernet/Fast Ethernet Interface

The LAN interface automatically adjusts to either a crossover or straight-through Ethernet cable.

Reset Button

The ZyAIR reset button is built into the top panel. Use this button to restore the factory default password to 1234; IP address to 192.168.1.2, subnet mask to 255.255.255.0.

Brute-Force Password Guessing Protection

The ZyAIR has a special protection mechanism to discourage brute-force password guessing attacks on the ZyAIR's management interfaces. You can specify a wait-time that must expire before entering a fourth password after three incorrect passwords have been entered. Please see the appendix for details about this feature.

Getting to Know Your ZyAIR 1-1

ZyAIR G-500 Wireless Access Point User’s Guide

802.11g Wireless LAN Standard

ZyAIR products containing the letter “G” in the model name, such as ZyAIR G-500 and ZyAIR G-2000, comply with the 802.11g wireless standard.

802.11g will be fully compatible with the 802.11b standard. This means an 802.11b radio card can interface directly with an 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. 802.11g has several intermediate rate steps between the maximum and minimum data rates. The 802.11g data rate and modulation are as follows:

IEEE 802.11g

DATA RATE (MBPS) MODULATION

1 DBPSK (Differential Binary Phase Shift Keyed)

5.5 / 11 CCK (Complementary Code Keying)

6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing)

DQPSK (Differential Quadrature Phase Shift Keying

)

The ZyAIR may be prone to RF (Radio Frequency) interference from other 2.4 GHz

devices such as microwave ovens, wireless phones, Bluetooth enabled devices,

and other wireless LANs.

Wi-Fi Protected Access

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption.

SSL Passthrough

SSL (Secure Sockets Layer) uses a public key to encrypt data that's transmitted over an SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with “https” instead of “http”. The ZyAIR allows SSL connections to take place through the ZyAIR.

Wireless LAN MAC Address Filtering

Your ZyAIR checks the MAC address of the wireless station against a list of allowed or denied MAC addresses.

WEP Encryption

WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network to help keep network communications private.

1-2 Getting to Know Your ZyAIR

ZyAIR G-500 Wireless Access Point User’s Guide

IEEE 802.1x Network Security

The ZyAIR supports the IEEE 802.1x standard to enhance user authentication. Use the built-in user profile database to authenticate up to 32 users using MD5 encryption. Use an EAP-compatible RADIUS (RFC2138, 2139 - Remote Authentication Dial In User Service) server to authenticate a limitless number of users using EAP (Extensible Authentication Protocol). EAP is an authentication protocol that supports multiple types of authentication.

SNMP

SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyAIR supports SNMP agent functionality, which allows a manger station to manage and monitor the ZyAIR through the network. The ZyAIR supports SNMP version one (SNMPv1) and version two c (SNMPv2c).

Full Network Management

The embedded web configurator is an all-platform web-based utility that allows you to easily access the ZyAIR’s management settings. Most functions of the ZyAIR are also software configurable via the SMT (System Management Terminal) interface. The SMT is a menu-driven interface that you can access from a terminal emulator over a telnet connection.

Logging and Tracing

♦ Built-in message logging and packet tracing.

♦ Unix syslog facility support.

Embedded FTP and TFTP Servers

The ZyAIR’s embedded FTP and TFTP servers enable fast firmware upgrades as well as configuration file backups and restoration.

Wireless Association List

With the wireless association list, you can see the list of the wireless stations that are currently using the ZyAIR to access your wired network.

Wireless LAN Channel Usage

The Wireless Channel Usage screen displays whether the radio channels are used by other wireless devices within the transmission range of the ZyAIR. This allows you to select the channel with minimum interference for your ZyAIR.

1.3 Applications for the ZyAIR

Here are some application examples of what you can do with your ZyAIR.

Getting to Know Your ZyAIR 1-3

ZyAIR G-500 Wireless Access Point User’s Guide

1.3.1 Internet Access Application

The ZyAIR is an ideal access solution for wireless Internet connection. A typical Internet access application for your ZyAIR is shown as follows.

Figure 1-1 Internet Access Application

1.3.2 Corporation Network Application

In situations where users are always on the move in the coverage area but still need access to corporate network access, the ZyAIR is an ideal solution for wireless stations to connect to the corporate network without expensive network cabling.

The following figure depicts a typical application of the ZyAIR in an enterprise environment. The three computers with wireless adapters are allowed to access the network resource through the ZyAIR after account validation by the network authentication server.

1-4 Getting to Know Your ZyAIR

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 1-2 Corporation Network Application

Getting to Know Your ZyAIR 1-5

ZyAIR G-500 Wireless Access Point User’s Guide

Chapter 2

Introducing the Web Configurator

This chapter describes how to access the ZyAIR web configurator and provides an overview of its

screens. The default IP address of the ZyAIR is 192.168.1.2.

2.1 Accessing the ZyAIR Web Configurator

Step 1. Make sure your ZyAIR hardware is properly connected (refer to the Quick Installation Guide).

Step 2. Prepare your computer/computer network to connect to the ZyAIR (refer to the appendix).

Step 3. Launch your web browser.

Step 4. Type "192.168.1.2" (default) as the URL.

Step 5. Type "1234" (default) as the password and click Login. In some versions, the default password

appears automatically - if this is the case, click Login.

Step 6. You should see a screen asking you to change your password (highly recommended) as shown

next. Type a new password (and retype it to confirm) and click Apply or click Ignore to allow access without password change.

Figure 2-1 Change Password Screen

Step 7. You should now see the SYSTEM screen.

Introducing the Web Configurator 2-1

ZyAIR G-500 Wireless Access Point User’s Guide

The management session automatically times out when the time period set in the

Administrator Inactivity Timer field expires (default five minutes). Simply log back into

the ZyAIR if this happens to you.

2.2 Resetting the ZyAIR

If you forget your password or cannot access the ZyAIR, you will need to reload the factory-default configuration file or use the RESET button on the top panel of the ZyAIR. Uploading this configuration file replaces the current configuration file with the factory-default configuration file. This means that you will lose all configurations that you had previously. The password will be reset to “1234”, also.

2.2.1 Method of Restoring Factory-Defaults

You can erase the current configuration and restore factory defaults in three ways:

1. Use the RESET button on the top panel of the ZyAIR to upload the default configuration file (hold this

button in for about 10 seconds or until the PWR/SYS LED turns red). Use this method for cases when the password or IP address of the ZyAIR is not known.

2. Use the web configurator to restore defaults (refer to the chapter on maintenance).

3. Transfer the configuration file to your ZyAIR using FTP. See later in the part on SMT configuration for more information.

2-2 Introducing the Web Configurator

ZyAIR G-500 Wireless Access Point User’s Guide

(

2.3 Navigating the ZyAIR Web Configurator

The following summarizes how to navigate the web configurator.

Follow the instructions below or click the icon (located in the top right corner

of most screens) to view online help.

Click LOGOUT at any time to exit the web configurator.

Click WIZARD SETUP for initial configuration including general setup, Wireless LAN setup and IP address assignment.

Click the links under ADVANCED to configure advanced features such as SYSTEM (General Setup, Password and Time Zone), WIRELESS (Wireless, MAC Filter, Roaming,

802.1x/WPA, Local User Database and RADIUS), IP, REMOTE MGNT (Telnet, FTP, WWW and SNMP) and Logs

View reports and Log Settings).

Click the MAINTENANCE to view information about your ZyAIR or upgrade configuration/firmware files. Maintenance includes Status (Statistics), Association

List, F/W (firmware) Upload, Configuration (Backup, Restore Default) and

Figure 2-2 Navigating the ZyAIR Web Configurator

Introducing the Web Configurator 2-3

ZyAIR G-500 Wireless Access Point User’s Guide

Chapter 3

Wizard Setup

This chapter provides information on the Wizard Setup screens in the web configurator.

3.1 Wizard Setup Overview

The web configurator’s setup wizard helps you configure your ZyAIR for wireless stations to access your wired LAN.

3.1.1 Channel

A channel is the radio frequency(ies) used by IEEE 802.11b wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.

Adjacent channels partially overlap however. To avoid interference due to overlap, your AP should be on a channel at least five channels away from a channel that an adjacent AP is using. For example, if your region has 11 channels and an adjacent AP is using channel 1, then you need to select a channel between 6 or 11.

The ZyAIR’s “Scan” function is especially designed to automatically scan for a channel with the least interference.

3.1.2 ESS ID

An Extended Service Set (ESS) is a group of access points connected to a wired LAN on the same subnet. An ESS ID uniquely identifies each set. All access points and their associated wireless stations in the same set must have the same ESSID.

3.1.3 WEP Encryption

WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network. WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key for data encryption and decryption.

Wizard Setup 3-1

ZyAIR G-500 Wireless Access Point User’s Guide

3.2 Wizard Setup: General Setup

General Setup contains administrative and system-related information.

Figure 3-1 Wizard 1 : General Setup

The following table describes the labels in this screen.

Table 3-1 Wizard 1 : General Setup

LABEL DESCRIPTION

System Name It is recommended you type your computer's "Computer name".

 In Windows 95/98 click Start, Settings, Control Panel, Network. Click the Identification

tab, note the entry for the Computer Name field and enter it as the System Name.

 In Windows 2000, click Start, Settings, Control Panel and then double-click System.

Click the Network Identification tab and then the Properties button. Note the entry for the Computer name field and enter it as the System Name.

 In Windows XP, click Start, My Computer, View system information and then click the

Computer Name tab. Note the entry in the Full computer name field and enter it as the

ZyAIR System Name.

This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted.

3-2 Wizard Setup

ZyAIR G-500 Wireless Access Point User’s Guide

Table 3-1 Wizard 1 : General Setup

LABEL DESCRIPTION

Domain Name This is not a required field. Leave this field blank or enter the domain name here if you know

it.

Click Next to proceed to the next screen.

3.3 Wizard Setup: Wireless LAN

Use the second wizard screen to set up the wireless LAN.

Figure 3-2 Wizard 2 : Wireless LAN Setup

The following table describes the labels in this screen.

Table 3-2 Wizard 2 : Wireless LAN Setup

LABEL DESCRIPTION

Wireless LAN Setup

Wizard Setup 3-3

ZyAIR G-500 Wireless Access Point User’s Guide

Table 3-2 Wizard 2 : Wireless LAN Setup

LABEL DESCRIPTION

ESSID Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless

LAN.

If you change this field on the ZyAIR, make sure all wireless stations use the same ESSID in order to access the network.

Choose Channel ID

WEP Encryption

ASCII Select this option in order to enter ASCII characters as the WEP keys.

Hex Select this option to enter hexadecimal characters as the WEP keys.

Key 1 to Key 4 The WEP keys are used to encrypt data. Both the ZyAIR and the wireless stations

Back

Select a channel from the drop-down list box.

Select Disable allows all wireless computers to communicate with the access points without any data encryption.

Select 64-bit WEP or 128-bit WEP to allow data encryption.

The preceding 0x is entered automatically.

must use the same WEP key for data transmission.

If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F").

You must configure all four keys, but only one key can be activated at any one time. The default key is key 1.

Click Back to return to the previous screen.

Click Next to continue.

3.4 Wizard Setup: IP Address

The third wizard screen allows you to configure IP address assignment.

3.4.1 IP Address Assignment

Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet, for instance, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks.

3-4 Wizard Setup

ZyAIR G-500 Wireless Access Point User’s Guide

Table 3-3 Private IP Address Ranges

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.

Regardless of your particular situation, do not create an arbitrary IP address;

always follow the guidelines above. For more information on address assignment,

please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466,

Guidelines for Management of IP Address Space.

3.4.2 IP Address and Subnet Mask

Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.

Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.

If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network.

Once you have decided on the network number, pick an IP address that is easy to remember, for instance,

192.168.1.2, for your ZyAIR, but make sure that no other device on your network is using that IP address.

The subnet mask specifies the network number portion of an IP address. Your ZyAIR will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the ZyAIR unless you are instructed to do otherwise.

Wizard Setup 3-5

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 3-3 Wizard 3 : IP Address Assignment

The following table describes the labels in this screen.

Table 3-4 Wizard 3 : IP Address Assignment

LABEL DESCRIPTION

IP Address Assignment

Get automatically from

DHCP

Select this option if your ZyAIR is using a dynamically assigned IP address from a DHCP server each time.

You must know the IP address assigned to the ZyAIR (by

the DHCP server) to access the ZyAIR again.

Use fixed IP address Select this option if your ZyAIR is using a static IP address. When you select

this option, fill in the fields below.

IP Address Enter the IP address of your ZyAIR in dotted decimal notation.

If you change the ZyAIR's IP address, you must use the

new IP address if you want to access the web

configurator again.

IP Subnet Mask Enter the subnet mask.

3-6 Wizard Setup

ZyAIR G-500 Wireless Access Point User’s Guide

Table 3-4 Wizard 3 : IP Address Assignment

LABEL DESCRIPTION

Gateway IP Address Enter the IP address of a gateway. The gateway is an immediate neighbor of

your ZyAIR that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your ZyAIR; over the WAN, the gateway must be the IP address of one of the remote node.

Back

Finish

Click Back to return to the previous screen.

Click Finish to proceed to complete the Wizard setup.

3.5 Basic Setup Complete

When you click Finish in the Wizard 3 IP Address Assignment screen, a warning window display as shown. Click OK to close the window and log in to the web configurator again using the new IP address if you change the default IP address (192.168.1.2).

You have successfully set up the ZyAIR. A screen displays prompting you to close the web browser.

Click Yes. Otherwise, click No and the congratulations screen shows next.

Wizard Setup 3-7

ZyAIR G-500 Wireless Access Point User’s Guide

Well done! You have successfully set up your ZyAIR to operate on your network and access the Internet.

3-8 Wizard Setup

System, Wireless and IP

Part II:

SYSTEM, WIRELESS AND IP

This part covers the information and web configurator screens of System, Wireless and IP.

ZyAIR G-500 Wireless Access Point User’s Guide

This chapter provides information on the System screens.

4.1 System Overview

This section provides information on general system setup.

4.2 Configuring General Setup

Click SYSTEM to open the General screen.

Chapter 4

System Screens

Figure 4-1 System General Setup

The following table describes the labels in this screen.

System Screens 4-1

ZyAIR G-500 Wireless Access Point User’s Guide

Table 4-1 System General Setup

LABEL DESCRIPTION

System Name Type a descriptive name to identify the ZyAIR in the Ethernet network.

This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted.

Domain Name This is not a required field. Leave this field blank or enter the domain name here if you

know it.

Administrator Inactivity Timer

System DNS Servers

First DNS Server

Second DNS

Server

Third DNS

Server

Apply

Reset

Type how many minutes a management session (either via the web configurator or SMT) can be left idle before the session times out.

The default is 5 minutes. After it times out you have to log in with your password again. Very long idle timeouts may have security risks.

A value of "0" means a management session never times out, no matter how long it has been left idle (not recommended).

Select From DHCP if your DHCP server dynamically assigns DNS server information (and the ZyAIR's Ethernet IP address). The field to the right displays the (read-only) DNS server IP address that the DHCP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply. If you set a second choice to User-Defined, and enter the same IP address, the second User- Defined changes to None after you click Apply.

Select None if you do not want to configure DNS servers. If you do not configure a DNS server, you must know the IP address of a machine in order to access it.

The default setting is None.

Click Apply to save your changes back to the ZyAIR.

Click Reset to reload the previous configuration for this screen.

4.3 Configuring Password

To change your ZyAIR’s password (recommended), click SYSTEM and then the Password tab. The screen appears as shown. This screen allows you to change the ZyAIR’s password.

If you forget your password (or the ZyAIR IP address), you will need to reset the ZyAIR. See the section on resetting the ZyAIR for details.

4-2 System Screens

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 4-2 Password

The following table describes the labels in this screen.

Table 4-2 Password

LABEL DESCRIPTION

Old Password Type in your existing system password (1234 is the default password).

New Password Type your new system password (up to 31 characters). Note that as you type a

password, the screen displays an asterisk (*) for each character you type.

Retype to Confirm Retype your new system password for confirmation.

Apply

Reset

Click Apply to save your changes back to the ZyAIR.

Click Reset to reload the previous configuration for this screen.

4.4 Configuring Time Setting

To change your ZyAIR’s time and date, click SYSTEM and then the Time Setting tab. The screen appears as shown. Use this screen to configure the ZyAIR’s time based on your local time zone.

System Screens 4-3

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 4-3 Time Setting

The following table describes the labels in this screen.

Table 4-3 Time Setting

LABEL DESCRIPTION

Time Protocol Select the time service protocol that your time server sends when you turn on the

ZyAIR. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.

The main difference between them is the format.

Daytime (RFC 867) format is day/month/year/time zone of the server. Time (RFC 868) format displays a 4-byte integer giving the total number of seconds

since 1970/1/1 at 0:0:0. The default, NTP (RFC 1305), is similar to Time (RFC 868). Select None to enter the time and date manually.

4-4 System Screens

ZyAIR G-500 Wireless Access Point User’s Guide

Table 4-3 Time Setting

LABEL DESCRIPTION

Time Server Address

Current Time (hh:mm:ss)

New Time (hh:mm:ss)

Current Date (yyyy/mm/dd)

New Date (yyyy/mm/dd)

Time Zone Choose the time zone of your location. This will set the time difference between

Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period from

Start Date (mm-dd) Enter the month and day that your daylight-savings time starts on if you selected

End Date (mm-dd) Enter the month and day that your daylight-savings time ends on if you selected

Apply

Reset

Enter the IP address or the URL of your time server. Check with your ISP/network administrator if you are unsure of this information.

This field displays the time of your ZyAIR. Each time you reload this page, the ZyAIR synchronizes the time with the time server.

This field displays the last updated time from the time server. When you select None in the Time Protocol field, enter the new time in this field and then click Apply.

This field displays the date of your ZyAIR. Each time you reload this page, the ZyAIR synchronizes the time with the time server.

This field displays the last updated date from the time server. When you select None in the Time Protocol field, enter the new date in this field and then click Apply.

your time zone and Greenwich Mean Time (GMT).

late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.

Daylight Savings.

Click Apply to save your changes back to the ZyAIR.

Click Reset to reload the previous configuration for this screen.

System Screens 4-5

ZyAIR G-500 Wireless Access Point User’s Guide

Chapter 5

Wireless Configuration and Roaming

This chapter discusses how to configure Wireless and Roaming screens on the ZyAIR.

5.1 Wireless LAN Overview

This section introduces the wireless LAN (WLAN) and some basic scenarios.

5.1.1 IBSS

An Independent Basic Service Set (IBSS), also called an Ad-hoc network, is the simplest WLAN configuration. An IBSS is defined as two or more computers with wireless adapters within range of each other that from an independent (wireless) network without the need of an access point (AP).

Figure 5-1 IBSS (Ad-hoc) Wireless LAN

5.1.2 BSS

A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP).

Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS is enabled, wireless station A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless station A and B can still access the wired network but cannot communicate with each other.

Wireless Configuration and Roaming 5-1

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 5-2 Basic Service set

5.1.3 ESS

An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate.

5-2 Wireless Configuration and Roaming

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 5-3 Extended Service Set

5.2 Wireless LAN Basics

Refer also to the chapter on wizard setup for more background information on Wireless LAN features, such as channels.

5.2.1 RTS/CTS

A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot “hear” each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other.

Wireless Configuration and Roaming 5-3

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 5-4 RTS/CTS

When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.

RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the biggest size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send) handshake is invoked.

When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station that wants to transmit this frame must first send an RTS (Request To Send) message to the AP for permission to send it. The AP then responds with a CTS (Clear to Send) message to all other stations within its range to notify them to defer their transmission. It also reserves and confirms with the requesting station the time frame for the requested transmission.

Stations can send frames smaller than the specified RTS/CTS directly to the AP without the RTS (Request To Send)/CTS (Clear to Send) handshake.

You should only configure RTS/CTS if the possibility of hidden nodes exists on your network and the “cost” of resending large frames is more than the extra network overhead involved in the RTS (Request To Send)/CTS (Clear to Send) handshake.

If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.

Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy.

5.2.2 Fragmentation Threshold

A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the ZyAIR will fragment the packet into smaller data frames.

A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.

5-4 Wireless Configuration and Roaming

ZyAIR G-500 Wireless Access Point User’s Guide

If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.

5.3 Configuring Wireless

Click the WIRELESS link under ADVANCED to display the Wireless screen.

Figure 5-5 Wireless

Wireless Configuration and Roaming 5-5

ZyAIR G-500 Wireless Access Point User’s Guide

The following table describes the general wireless LAN labels in this screen.

Table 5-1 Wireless

LABEL DESCRIPTION

ESSID (Extended Service Set IDentity) The ESSID identifies the Service Set with which a

wireless station is associated. Wireless stations associating to the access point (AP) must have the same ESSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.

If you are configuring the ZyAIR from a computer connected to

the wireless LAN and you change the ZyAIR’s ESSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of

your computer to match the ZyAIR’s new settings.

Hide ESSID Select this check box to hide the ESSID in the outgoing beacon frame so a station

cannot obtain the ESSID through passive scanning using a site survey tool.

Choose Channel ID

RTS/CTS Threshold

Fragmentation Threshold

Apply

Reset

Set the operating frequency/channel depending on your particular region.

Select a channel from the drop-down list box.

Refer to the chapter on wizard setup for more information about channels.

Enter a value between 0 and 2432. The default is 2432.

Enter a value between 256 and 2432. The default is 2432. It is the maximum data fragment size that can be sent.

Click Apply to save your changes back to the ZyAIR.

Click Reset to begin configuring this screen afresh.

See the chapter on wireless security for information on the other labels in this screen.

5.4 Configuring Roaming

A wireless station is a device with an IEEE 802.11b compliant wireless adapters. An access point (AP) acts as a bridge between the wireless and wired networks. An AP creates its own wireless coverage area. A wireless station can associate with a particular access point only if it is within the access point’s coverage area.

In a network environment with multiple access points, wireless stations are able to switch from one access point to another as they move between the coverage areas. This is roaming. As the wireless station moves from place to place, it is responsible for choosing the most appropriate access point depending on the signal strength, network utilization or other factors.

5-6 Wireless Configuration and Roaming

ZyAIR G-500 Wireless Access Point User’s Guide

The roaming feature on the access points allows the access points to relay information about the wireless stations to each other. When a wireless station moves from a coverage area to another, it scans and uses the

channel of a new access point, which then informs the access points on the LAN about the change. The new information is then propagated to the other access points on the LAN. An example is shown in Figure 5-6.

With roaming, a wireless LAN mobile user enjoys a continuous connection to the wired network through an access point while moving around the wireless LAN.

Enable roaming to exchange the latest bridge information of all wireless stations between APs when a wireless station moves between coverage areas. Wireless stations can still associate with other APs even if you disable roaming. Enabling roaming ensures correct traffic forwarding (bridge tables are updated) and maximum AP efficiency. The AP deletes records of wireless stations that associate with other APs (NonZyXEL APs may not be able to perform this). 802.1x authentication information is not exchanged (at the time of writing).

Figure 5-6 Roaming Example

The steps below describe the roaming process.

Step 1. As wireless station Y moves from the coverage area of access point AP 1 to that of access point

AP 2, it scans and uses the signal of access point AP 2.

Step 2. Access point AP 2 acknowledges the presence of wireless station Y and relays this information

to access point AP 1 through the wired LAN.

Wireless Configuration and Roaming 5-7

ZyAIR G-500 Wireless Access Point User’s Guide

Step 3. Access point AP 1 updates the new position of wireless station. Step 4. Wireless station Y sends a request to access point AP 2 for reauthentication.

5.4.1 Requirements for Roaming

The following requirements must be met in order for wireless stations to roam between the coverage areas.

1. All the access points must be on the same subnet and configured with the same ESSID.

2. If IEEE 802.1x user authentication is enabled and to be done locally on the access point, the new access point must have the user profile for the wireless station.

3. The adjacent access points should use different radio channels when their coverage areas overlap.

4. All access points must use the same port number to relay roaming information.

5. The access points must be connected to the Ethernet and be able to get IP addresses from a DHCP server if using dynamic IP address assignment.

To enable roaming on your ZyAIR, click the WIRELESS link under ADVANCED and then the Roaming tab. The screen appears as shown.

Figure 5-7 Roaming

The following table describes the labels in this screen.

5-8 Wireless Configuration and Roaming

ZyAIR G-500 Wireless Access Point User’s Guide

Table 5-2 Roaming

LABEL DESCRIPTION

Active

Select Yes from the drop-down list box to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet.

All APs on the same subnet and the wireless stations must have the

same ESSID to allow roaming.

Port Enter the port number to communicate roaming information between access points. The port

number must be the same on all access points. The default is 16290. Make sure this port is not used by other services.

Apply

Reset

Click Apply to save your changes back to the ZyAIR.

Click Reset to begin configuring this screen afresh.

Wireless Configuration and Roaming 5-9

ZyAIR G-500 Wireless Access Point User’s Guide

Chapter 6

Wireless Security

This chapter describes how to use the MAC Filter, 802.1x, Local User Database and RADIUS to

configure wireless security on your ZyAIR.

6.1 Wireless Security Overview

Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.

The figure below shows the possible wireless security levels on your ZyAIR. EAP (Extensible Authentication Protocol) is used for authentication and utilizes dynamic WEP key exchange. It requires interaction with a RADIUS (Remote Authentication Dial-In User Service) server either on the WAN or your LAN to provide authentication service for wireless stations.

Figure 6-1 ZyAIR Wireless Security Levels

If you do not enable any wireless security on your ZyAIR, your network is accessible to any wireless networking device that is within range.

6.2 WEP Overview

WEP (Wired Equivalent Privacy) as specified in the IEEE 802.11 standard provides methods for both data encryption and wireless station authentication.

Wireless Security 6-1

ZyAIR G-500 Wireless Access Point User’s Guide

6.2.1 Data Encryption

WEP provides a mechanism for encrypting data using encryption keys. Both the AP and the wireless stations must use the same WEP key to encrypt and decrypt data. Your ZyAIR allows you to configure up to four 64bit or 128-bit WEP keys, but only one key can be enabled at any one time.

6.2.2 Authentication

Three different methods can be used to authenticate wireless stations to the network: Open System, Shared Key, and Auto. The following figure illustrates the steps involved.

Figure 6-2 WEP Authentication Steps

Open system authentication involves an unencrypted two-message procedure. A wireless station sends an open system authentication request to the AP, which will then automatically accept and connect the wireless station to the network. In effect, open system is not authentication at all as any station can gain access to the network.

6-2 Wireless Security

ZyAIR G-500 Wireless Access Point User’s Guide

Shared key authentication involves a four-message procedure. A wireless station sends a shared key authentication request to the AP, which will then reply with a challenge text message. The wireless station must then use the AP’s default WEP key to encrypt the challenge text and return it to the AP, which attempts to decrypt the message using the AP’s default WEP key. If the decrypted message matches the challenge text, the wireless station is authenticated.

When your ZyAIR's authentication method is set to open system, it will only accept open system authentication requests. The same is true for shared key authentication. However, when it is set to auto authentication, the ZyAIR will accept either type of authentication request and the ZyAIR will fall back to use open authentication if the shared key does not match.

6.3 Preamble Type

A preamble is used to synchronize the transmission timing in your wireless network. There are two preamble modes: Long and Short.

Short preamble takes less time to process and minimizes overhead, so it should be used in a good wireless network environment when all wireless clients support it.

Select Long if you have a ‘noisy’ network or are unsure of what preamble mode your wireless clients support as all IEEE 802.11b compliant wireless adapters must support long preamble. However, not all wireless adapters support short preamble. Use long preamble if you are unsure what preamble mode the wireless adapters support, to ensure interpretability between the ZyAIR and the wireless stations and to provide more reliable communication in ‘noisy’ networks.

Select Auto to have the ZyAIR automatically use short preamble when all wireless clients support it, otherwise the ZyAIR uses long preamble.

The ZyAIR and the wireless stations MUST use the same preamble mode in order

to communicate.

6.4 Configuring WEP Encryption

In order to configure and enable WEP encryption; click the WIRELESS link under ADVANCED to display the Wireless screen.

The WEP Encryption, Authentication Method and the WEP key fields are not visible

when you enable Dynamic WEP Key, WPA or WPA-PSK in the 802.1x/WPA screen.

Wireless Security 6-3

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 6-3 Wireless

The following table describes the wireless LAN security labels in this screen.

Table 6-1 Wireless

LABEL DESCRIPTION

WEP Encryption

Select Disable to allow wireless stations to communicate with the access points without any data encryption. Select 64-bit WEP or 128-bit WEP to enable data encryption.

6-4 Wireless Security

ZyAIR G-500 Wireless Access Point User’s Guide

Table 6-1 Wireless

LABEL DESCRIPTION

Authentication Method

ASCII Select this option to enter ASCII characters as the WEP keys.

Hex Select this option to enter hexadecimal characters as the WEP keys.

Key 1 to

Key 4

Preamble

802.11 Mode

Max. Frame Burst

Apply

Reset

Select Auto, Open System or Shared Key from the drop-down list box.

This field is not available if WEP is not activated.

If WEP encryption is activated, the default setting is Auto.

The preceding “0x” is entered automatically.

The WEP keys are used to encrypt data. Both the ZyAIR and the wireless stations must use the same WEP key for data transmission.

You must configure all four keys, but only one key can be activated at any one time. The default key is key 1.

Select a preamble type from the drop-down list menu. Choices are Long, Short and Auto. The default setting is Auto.

See the section on preamble for more information.

Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyAIR.

Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the ZyAIR.

Select Mixed to allow either IEEE802.11b or IEEE802.11g compliant WLAN devices to associate with the ZyAIR. The transmission rate of your ZyAIR might be reduced.

Enable Maximum Frame Burst to help eliminate collisions in mixed-mode networks (networks with both IEEE 802.11g and IEEE 802.11b traffic) and enhance the performance of both pure IEEE 802.11g and mixed IEEE 802.11b/g networks. Maximum Frame Burst sets the maximum time, in micro-seconds, that the ZyAIR transmits IEEE

802.11g wireless traffic only.

Type the maximum frame burst between 0 and 1800 (650, 1000 or 1800 recommended). Enter 0 to disable this feature.

Click Apply to save your changes back to the ZyAIR.

Click Reset to begin configuring this screen afresh.

Wireless Security 6-5

ZyAIR G-500 Wireless Access Point User’s Guide

6.5 MAC Filter

The MAC filter screen allows you to configure the ZyAIR to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the ZyAIR (Deny Association). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC address of the devices to configure this screen.

To change your ZyAIR’s MAC Filter settings, click the WIRELESS link under ADVANCED and then the MAC Filter tab. The screen appears as shown.

6-6 Wireless Security

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 6-4 MAC Address Filter

The following table describes the labels in this screen.

Wireless Security 6-7

ZyAIR G-500 Wireless Access Point User’s Guide

Table 6-2 MAC Address Filter

LABEL DESCRIPTION

Active

Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table.

Set This is the index number of the MAC address.

MAC Address

Apply

Reset

Select Yes from the drop down list box to enable MAC address filtering.

Select Deny Association to block access to the ZyAIR, MAC addresses not listed will be allowed to access the ZyAIR.

Select Allow Association to permit access to the ZyAIR, MAC addresses not listed will be denied access to the ZyAIR.

Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the wireless station that are allowed or denied access to the ZyAIR in these address fields.

Click Apply to save your changes back to the ZyAIR.

Click Reset to begin configuring this screen afresh.

6.6 802.1x Overview

The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management. Authentication can be done using the local user database internal to the ZyAIR (authenticate up to 32 users) or an external RADIUS server for an unlimited number of users.

6.7 Introduction to RADIUS

RADIUS is based on a client-sever model that supports authentication and accounting, where access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks among others:

• Authentication

Determines the identity of the users.

• Accounting

Keeps track of the client’s network activity.

RADIUS user is a simple package exchange in which your ZyAIR acts as a message relay between the wireless station and the network RADIUS server.

Types of RADIUS Messages

The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication:

6-8 Wireless Security

ZyAIR G-500 Wireless Access Point User’s Guide

• Access-Request

Sent by an access point requesting authentication.

• Access-Reject

Sent by a RADIUS server rejecting access.

• Access-Accept

Sent by a RADIUS server allowing access.

• Access-Challenge

Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message.

The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting:

• Accounting-Request

Sent by the access point requesting accounting.

• Accounting-Response

Sent by the RADIUS server to indicate that it has started or stopped accounting.

In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the wired network from unauthorized access.

6.7.1 EAP Authentication Overview

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, the access point helps a wireless station and a RADIUS server perform authentication.

The type of authentication you use depends on the RADIUS server or the AP. The ZyAIR supports EAPTLS, EAP-TTLS and PEAP with RADIUS. Refer to the Types of EAP Authentication appendix for descriptions on the four common types.

Your ZyAIR supports EAP-MD5 (Message-Digest Algorithm 5) with the local user database and RADIUS.

The following figure shows an overview of authentication when you specify a RADIUS server on your access point.

Wireless Security 6-9

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 6-5 EAP Authentication

The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix.

• The wireless station sends a “start” message to the ZyAIR.

• The ZyAIR sends a “request identity” message to the wireless station for identity information.

• The wireless station replies with identity information, including username and password.

• The RADIUS server checks the user information against its user profile database and determines

whether or not to authenticate the wireless station.

6.8 Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed.

If this feature is enabled, it is not necessary to configure a default WEP encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled.

To use Dynamic WEP, enable and configure the RADIUS server (see section 6.17) and enable Dynamic WEP Key Exchange in the 802.1x screen. Ensure that the wireless station’s EAP type is configured to one of the following:

• EAP-TLS

• EAP-TTLS

• PEAP

EAP-MD5 cannot be used with Dynamic WEP Key Exchange.

6-10 Wireless Security

ZyAIR G-500 Wireless Access Point User’s Guide

6.9 Introduction to WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption.

6.9.1 User Authentication

WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. You can’t use the ZyAIR’s Local User Database for WPA authentication purposes since the Local User Database uses EAP-MD5 which cannot be used to generate keys. See later in this chapter and the appendices for more information on IEEE 802.1x, RADIUS and EAP.

Therefore, if you don’t have an external RADIUS server you should use WPA-PSK (WPA -Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a client will be granted access to a WLAN.

6.9.2 Encryption

WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x.

Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.

TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. This all happens in the background automatically.

The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.

By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi network than WEP, making it difficult for an intruder to break into the network.

The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials. The commonpassword approach makes WPA-PSK susceptible to brute-force password-guessing attacks but it’s still an improvement over WEP as it employs an easier-to-use, consistent, single, alphanumeric password.

Wireless Security 6-11

ZyAIR G-500 Wireless Access Point User’s Guide

6.10 WPA-PSK Application Example

A WPA-PSK application looks as follows. Step 1. First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK)

must consist of between 8 and 63 ASCII characters (including spaces and symbols).

Step 2. The AP checks each client’s password and (only) allows it to join the network if it matches its

password.

Step 3. The AP derives and distributes keys to the wireless clients. Step 4. The AP and wireless clients use the TKIP encryption process to encrypt data exchanged between

them.

Figure 6-6

WPA - PSK Authentication

6.11 WPA with RADIUS Application Example

You need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA application example with an external RADIUS server looks as follows. “A” is the RADIUS server. “DS” is the distribution system.

Step 1. The AP passes the wireless client’s authentication request to the RADIUS server. Step 2. The RADIUS server then checks the user's identification against its database and grants or denies

network access accordingly.

Step 3. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a

key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.

6-12 Wireless Security

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 6-7 WPA with RADIUS Application Example

6.12 Security Parameters Summary

Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. You enter manual keys by first selecting 64-bit WEP or 128-bit WEP from the WEP Encryption field and then typing the keys (in ASCII or hexadecimal format) in the key text boxes. MAC address filters are not dependent on how you configure these security features.

Table 6-3 Wireless Security Relational Matrix

AUTHENTICATION

METHOD/ KEY

MANAGEMENT PROTOCOL

Open None No Disable

Open WEP

Shared WEP No Enable with Dynamic WEP Key

Wireless Security 6-13

ENCRYPTION

METHOD

ENTER

MANUAL KEY

No Enable with Dynamic WEP Key

Yes Enable without Dynamic WEP Key

Yes Disable

IEEE 802.1X

ZyAIR G-500 Wireless Access Point User’s Guide

Table 6-3 Wireless Security Relational Matrix

AUTHENTICATION

METHOD/ KEY

MANAGEMENT PROTOCOL

WPA WEP No Enable

WPA TKIP No Enable

WPA-PSK WEP Yes Enable

WPA-PSK TKIP Yes Enable

ENCRYPTION

METHOD

ENTER

MANUAL KEY

Yes Enable without Dynamic WEP Key

Yes Disable

IEEE 802.1X

6.13 Wireless Client WPA Supplicants

A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicants are the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data Communications' AEGIS client.

The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it.

6.14 Configuring 802.1x and WPA

To change your ZyAIR’s authentication settings, click the WIRELESS link under ADVANCED and then the 802.1x/WPA tab.

You see the next screen when you select No Access Allowed or No Authentication Required in the

Wireless Port Control field.

The screen varies by the key management protocol you select.

6-14 Wireless Security

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 6-8 Wireless LAN: 802.1x/WPA

The following table describes the labels in this screen.

Table 6-4 Wireless LAN: 802.1x/WPA

LABEL DESCRIPTION

Wireless Port Control

To control wireless stations access to the wired network, select a control method from the drop-down list box. Choose from No Access Allowed, No Authentication

Required and Authentication Required.

No Access Allowed blocks all wireless stations access to the wired network.

No Authentication Required allows all wireless stations access to the wired network

without entering usernames and passwords. This is the default setting.

Authentication Required means that all wireless stations have to enter usernames and passwords before access to the wired network is allowed.

Select Authentication Required to configure Key Management Protocol and other related fields.

6.14.1 Authentication Required: 802.1x

Select Authentication Required in the Wireless Port Control field and 802.1x in the Key Management Protocol field to display the next screen.

Wireless Security 6-15

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 6-9 Wireless LAN: 802.1x/WPA for 802.1x Protocol

The following table describes the labels in this screen.

Table 6-5 Wireless LAN: 802.1x/WPA for 802.1x Protocol

LABEL DESCRIPTION

Wireless Port Control

To control wireless stations access to the wired network, select a control method from the drop-down list box. Choose from No Authentication Required, Authentication

Required and No Access Allowed.

No Authentication Required allows all wireless stations access to the wired network

without entering usernames and passwords. This is the default setting.

Authentication Required means that all wireless stations have to enter usernames and passwords before access to the wired network is allowed.

No Access Allowed blocks all wireless stations access to the wired network.

The following fields are only available when you select Authentication Required.

6-16 Wireless Security

ZyAIR G-500 Wireless Access Point User’s Guide

Table 6-5 Wireless LAN: 802.1x/WPA for 802.1x Protocol

LABEL DESCRIPTION

ReAuthentication Timer

(In Seconds)

Specify how often wireless stations have to reenter usernames and passwords in order to stay connected. This field is activated only when you select Authentication Required in the Wireless Port Control field.

Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes).

If wireless station authentication is done using a RADIUS

server, the reauthentication timer on the RADIUS server has

priority.

Idle Timeout

(In Seconds)

Key Management Protocol

Dynamic WEP Key Exchange

The ZyAIR automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed.

This field is activated only when you select Authentication Required in the Wireless Port Control field. The default time interval is 3600 seconds (or 1 hour).

Choose 802.1x from the drop-down list.

This field is activated only when you select Authentication Required in the Wireless Port Control field. Also set the Authentication Databases field to RADIUS Only. Local user database may not be used.

Select Disable to allow wireless stations to communicate with the access points without using dynamic WEP key exchange.

Select 64-bit WEP or 128-bit WEP to enable data encryption.

Up to 32 stations can access the ZyAIR when you configure dynamic WEP key exchange.

This field is not available when you set Key Management Protocol to WPA or WPA- PSK.

Wireless Security 6-17

ZyAIR G-500 Wireless Access Point User’s Guide

Table 6-5 Wireless LAN: 802.1x/WPA for 802.1x Protocol

LABEL DESCRIPTION

Authentication Databases

Apply

Reset

The authentication database contains wireless station login information. The local user database is the built-in database on the ZyAIR. The RADIUS is an external server. Use this drop-down list box to select which database the ZyAIR should use (first) to authenticate a wireless station.

Before you specify the priority, make sure you have set up the corresponding database correctly first.

Select Local User Database Only to have the ZyAIR just check the built-in user database on the ZyAIR for a wireless station's username and password.

Select RADIUS Only to have the ZyAIR just check the user database on the specified RADIUS server for a wireless station's username and password.

Select Local first, then RADIUS to have the ZyAIR first check the user database on the ZyAIR for a wireless station's username and password. If the user name is not found, the ZyAIR then checks the user database on the specified RADIUS server.

Select RADIUS first, then Local to have the ZyAIR first check the user database on the specified RADIUS server for a wireless station's username and password. If the ZyAIR cannot reach the RADIUS server, the ZyAIR then checks the local user database on the ZyAIR. When the user name is not found or password does not match in the RADIUS server, the ZyAIR will not check the local user database and the authentication fails.

Click Apply to save your changes back to the ZyAIR.

Click Reset to reload the previous configuration for this screen.

Once you enable user authentication, you need to specify an external RADIUS

server or create local user accounts on the ZyAIR for authentication.

6.14.2 Authentication Required: WPA

Select Authentication Required in the Wireless Port Control field and WPA in the Key Management Protocol field to display the next screen.

6-18 Wireless Security

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 6-10 Wireless LAN: 802.1x/WPA for WPA Protocol

The following table describes the labels not previously discussed

Table 6-6 Wireless LAN: 802.1x/WPA for WPA Protocol

LABEL DESCRIPTION

Key Management Protocol

WPA Mixed Mode

WPA Group Key Update Timer

Choose WPA in this field.

The ZyAIR can operate in WPA Mixed Mode, which supports both clients running WPA and clients running dynamic WEP key exchange with 802.1x in the same Wi-Fi network.

Select Enable to activate WPA mixed mode. Otherwise, select Disable.

The WPA Group Key Update Timer is the rate at which the AP (if using WPA-PSK key management) or RADIUS server (if using WPA key management) sends a new group key out to all clients. The re-keying process is the WPA equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis. Setting of the WPA Group Key Update Timer is also supported in WPA-PSK mode. The ZyAIR default is 1800 seconds (30 minutes).

Wireless Security 6-19

ZyAIR G-500 Wireless Access Point User’s Guide

Table 6-6 Wireless LAN: 802.1x/WPA for WPA Protocol

LABEL DESCRIPTION

Authentication Databases

When you configure Key Management Protocol to WPA, the Authentication

Databases must be RADIUS Only. You can only use the Local User Database Only with 802.1x Key Management Protocol.

6.14.3 Authentication Required: WPA-PSK

Select Authentication Required in the Wireless Port Control field and WPA-PSK in the Key Management Protocol field to display the next screen.

Figure 6-11 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol

The following table describes the labels not previously discussed

6-20 Wireless Security

ZyAIR G-500 Wireless Access Point User’s Guide

Table 6-7 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol

LABEL DESCRIPTION

Key Management Protocol

Pre-Shared Key

WPA Mixed Mode

WPA Group Key Update Timer

Authentication Databases

Choose WPA-PSK in this field.

The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials.

Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols).

The ZyAIR can operate in WPA Mixed Mode, which supports both clients running WPA and clients running dynamic WEP key exchange with 802.1x in the same Wi-Fi network.

Select Enable to activate WPA mixed mode. Otherwise, select Disable.

This field is only visible when WPA Mixed Mode is enabled.

When you configure Key Management Protocol to WPA, the Authentication

Databases must be RADIUS Only. You can only use the Local User Database Only with 802.1x Key Management Protocol.

6.15 Introduction to Local User Database

By storing user profiles locally on the ZyAIR, your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way.

6.16 Configuring Local User Database

To change your ZyAIR’s local user database, click the WIRELESS link under ADVANCED and then the Local User Database tab. The screen appears as shown.

Wireless Security 6-21

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 6-12 Local User Database

The following table describes the labels in this screen.

6-22 Wireless Security

ZyAIR G-500 Wireless Access Point User’s Guide

Table 6-8 Local User Database

LABEL DESCRIPTION

Active Select this check box to activate the user profile.

User Name Enter the username (up to 31 characters) for this user profile.

Password Type a password (up to 31 characters) for this user profile. Note that as you type a

password, the screen displays a (*) for each character you type.

Apply

Reset

Click Apply to save your changes back to the ZyAIR.

Click Reset to begin configuring this screen afresh.

6.17 Configuring RADIUS

Configure the RADIUS screen if you want to authenticate wireless users using an external server.

To set up your ZyAIR’s RADIUS server settings, click the WIRELESS link under ADVANCED and then the RADIUS tab. The screen appears as shown.

Figure 6-13 RADIUS

Wireless Security 6-23

ZyAIR G-500 Wireless Access Point User’s Guide

The following table describes the labels in this screen.

Table 6-9 RADIUS

LABEL DESCRIPTION

Authentication Server

Active

Server IP Address Enter the IP address of the external authentication server in dotted decimal

Port Number Enter the port number of the external authentication server. The default port

Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared

Accounting Server

Active

Server IP Address Enter the IP address of the external accounting server in dotted decimal notation.

Port Number Enter the port number of the external accounting server. The default port number

Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared

Apply

Reset

Select Yes from the drop-down list box to enable user authentication through an external authentication server.

Select No to enable user authentication using the local user profile on the ZyAIR.

notation.

number is 1812. You need not change this value unless your network administrator instructs you to do so with additional information.

between the external authentication server and the ZyAIR.

The key must be the same on the external authentication server and your ZyAIR. The key is not sent over the network.

Select Yes from the drop down list box to enable user accounting through an external authentication server.

is 1813. You need not change this value unless your network administrator instructs you to do so with additional information.

between the external authentication server and the ZyAIR.

The key must be the same on the external authentication server and your ZyAIR. The key is not sent over the network.

Click Apply to save your changes back to the ZyAIR.

Click Reset to begin configuring this screen afresh.

6-24 Wireless Security

ZyAIR G-500 Wireless Access Point User’s Guide

Chapter 7

IP Screen

This chapter discusses how to configure IP on the ZyAIR

7.1 Factory Ethernet Defaults

The Ethernet parameters of the ZyAIR are preset in the factory with the following values:

• IP address of 192.168.1.2

• Subnet mask of 255.255.255.0 (24 bits)

These parameters should work for the majority of installations.

7.2 TCP/IP Parameters

7.2.1 IP Address and Subnet Mask

Refer to the section on IP address and subnet mask in the Wizard Setup chapter for this information.

7.3 Configuring IP

Click IP to display the screen shown next.

Figure 7-1 IP Setup

IP 7-1

ZyAIR G-500 Wireless Access Point User’s Guide

The following table describes the labels in this screen.

Table 7-1 IP Setup

LABEL DESCRIPTION

IP Address Assignment

Get automatically from

DHCP

Select this option if your ZyAIR is using a dynamically assigned IP address from a DHCP server each time.

You must know the IP address assigned to the ZyAIR (by

the DHCP server) to access the ZyAIR again.

Use fixed IP address Select this option if your ZyAIR is using a static IP address. When you select

this option, fill in the fields below.

IP Address Enter the IP address of your ZyAIR in dotted decimal notation.

If you change the ZyAIR's IP address, you must use the

new IP address if you want to access the web

configurator again.

IP Subnet Mask Enter the subnet mask.

Gateway IP Address Enter the IP address of a gateway. The gateway is an immediate neighbor of

Apply

Reset

Click Apply to save your changes back to the ZyAIR.

Click Reset to begin configuring this screen afresh.

7-2 IP

Remote Management and Logs

Part III:

REMOTE MANAGEMENT AND LOGS

This part provides information and configuration instructions for Remote Management and the logs.

III

ZyAIR G-500 Wireless Access Point User’s Guide

Chapter 8

Remote Management

This chapter provides information on the Remote Management screens.

8.1 Remote Management Overview

Remote management allows you to determine which services/protocols can access which ZyAIR interface (if any) from which computers. You can customize the service port, access interface and the secured client IP address to enhance security and flexibility.

You may manage your ZyAIR from a remote location via:

 WLAN only,  ALL (LAN and WLAN),

 LAN only,  Neither (Disable).

To disable remote management of a service, select Disable in the corresponding Server Access field.

You may only have one remote management session running at a time. The ZyAIR automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts. The priorities for the different types of remote management sessions are as follows.

1. Console port

2. Telnet

3. HTTP

8.1.1 Remote Management Limitations

Remote management over LAN or WLAN will not work when:

1. You have disabled that service in one of the remote management screens.

2. The IP address in the Secured Client IP Address field does not match the client IP address. If it does not match, the ZyAIR will disconnect the session immediately.

3. There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time.

8.1.2 System Timeout

There is a default system management idle timeout of five minutes (three hundred seconds). The ZyAIR automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling. You can change the timeout period in the System screen.

Remote Management 8-1

ZyAIR G-500 Wireless Access Point User’s Guide

8.2 Telnet

You can telnet into the ZyAIR to perform remote management.

Figure 8-1 Telnet Configuration on a TCP/IP Network

8.3 Configuring TELNET

Click REMOTE MGNT to open the TELNET screen.

Figure 8-2 Telnet

The following table describes the labels in this screen.

Table 8-1 Telnet

LABEL DESCRIPTION

Server Port You may change the server port number for a service if needed, however you must

use the same port number in order to use that service for remote management.

8-2 Remote Management

ZyAIR G-500 Wireless Access Point User’s Guide

Table 8-1 Telnet

LABEL DESCRIPTION

Server Access Select the interface(s) through which a computer may access the ZyAIR using this

service.

Secured Client IP Address

Apply Reset

A secured client is a “trusted” computer that is allowed to communicate with the ZyAIR using this service.

Select All to allow any computer to access the ZyAIR using this service.

Choose Selected to just allow the computer with the IP address that you specify to access the ZyAIR using this service.

Click Apply to save your changes back to the ZyAIR. Click Reset to begin configuring this screen afresh.

8.4 Configuring FTP

You can upload and download the ZyAIR’s firmware and configuration files using FTP, please see the chapter on firmware and configuration file maintenance for details. To use this feature, your computer must have an FTP client.

To change your ZyAIR’s FTP settings, click REMOTE MGNT and then the FTP tab. The screen appears as shown.

Figure 8-3 FTP

The following table describes the labels in this screen.

Remote Management 8-3

ZyAIR G-500 Wireless Access Point User’s Guide

Table 8-2 FTP

LABEL DESCRIPTION

Server Port You may change the server port number for a service if needed, however you must

use the same port number in order to use that service for remote management.

Server Access Select the interface(s) through which a computer may access the ZyAIR using this

service.

Secured Client IP Address

Apply Reset

A secured client is a “trusted” computer that is allowed to communicate with the ZyAIR using this service.

Select All to allow any computer to access the ZyAIR using this service.

Choose Selected to just allow the computer with the IP address that you specify to access the ZyAIR using this service.

Click Apply to save your changes back to the ZyAIR. Click Reset to begin configuring this screen afresh.

8.5 Configuring WWW

To change your ZyAIR’s World Wide Web settings, click REMOTE MGNT and then the WWW tab. The screen appears as shown.

Figure 8-4 WWW

The following table describes the labels in this screen.

8-4 Remote Management

ZyAIR G-500 Wireless Access Point User’s Guide

Table 8-3 WWW

LABEL DESCRIPTION

Server Port You may change the server port number for a service if needed, however you must

use the same port number in order to use that service for remote management.

Server Access Select the interface(s) through which a computer may access the ZyAIR using this

service.

Secured Client IP Address

Apply Reset

A secured client is a “trusted” computer that is allowed to communicate with the ZyAIR using this service.

Select All to allow any computer to access the ZyAIR using this service.

Choose Selected to just allow the computer with the IP address that you specify to access the ZyAIR using this service.

Click Apply to save your changes back to the ZyAIR. Click Reset to begin configuring this screen afresh.

8.6 Configuring SNMP

Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyAIR supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyAIR through the network. The ZyAIR supports SNMP version one (SNMPv1) and version two c (SNMPv2c). The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured.

Remote Management 8-5

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 8-5 SNMP Management Model

An SNMP managed network consists of two main types of component: agents and a manager.

An agent is a management software module that resides in a managed device (the ZyAIR). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.

The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects.

SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations:

• Get - Allows the manager to retrieve an object variable from the agent.

• GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In

SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations.

• Set - Allows the manager to set values for object variables within an agent.

8-6 Remote Management

ZyAIR G-500 Wireless Access Point User’s Guide

• Trap - Used by the agent to inform the manager of some events.

8.6.1 Supported MIBs

The ZyAIR supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance.

8.6.2 SNMP Traps

The ZyAIR will send traps to the SNMP manager when any one of the following events occurs:

Table 8-4 SNMP Traps

TRAP # TRAP NAME DESCRIPTION

1 coldStart (defined in RFC-1215) A trap is sent after booting (power on).

2 warmStart (defined in RFC-1215) A trap is sent after booting (software reboot).

3 linkUp (defined in RFC-1215) A trap is sent when the port is up.

4 authenticationFailure (defined in

RFC-1215)

6 linkDown (defined in RFC-1215) A trap is sent when the port is down.

The following table maps the physical port and encapsulation to the interface type.

A trap is sent to the manager when receiving any SNMP get or set requirements with wrong community (password).

Table 8-5 Ports and Interface Types

PHYSICAL PORT/ENCAP INTERFACE TYPE

LAN port(s) enet0

Wireless port enet1

PPPoE encap pppoe

1483 encap mpoa

Ethernet encap enet-encap

PPPoA ppp

8.6.3 REMOTE MANAGEMENT: SNMP

To change your ZyAIR’s SNMP settings, click REMOTE MGNT and then the SNMP tab. The screen appears as shown.

Remote Management 8-7

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 8-6 SNMP

The following table describes the labels in this screen.

Table 8-6 SNMP

LABEL DESCRIPTION

SNMP Configuration

Get Community

Set Community

Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station.

Enter the Set community, which is the password for incoming Set requests from the management station.

8-8 Remote Management

ZyAIR G-500 Wireless Access Point User’s Guide

Table 8-6 SNMP

LABEL DESCRIPTION

Trusted Host If you enter a trusted host, your ZyAIR will only respond to SNMP messages from this

address. A blank (default) field means your ZyAIR will respond to all SNMP messages it receives, regardless of source.

Trap

Community Type the trap community, which is the password sent with each trap to the SNMP

manager.

Destination Type the IP address of the station to send your SNMP traps to.

SNMP

Service Port You may change the server port number for a service if needed, however you must

use the same port number in order to use that service for remote management.

Service Access Select the interface(s) through which a computer may access the ZyAIR using this

service.

Secured Client IP Address

Apply Reset

A secured client is a “trusted” computer that is allowed to communicate with the ZyAIR using this service.

Select All to allow any computer to access the ZyAIR using this service.

Choose Selected to just allow the computer with the IP address that you specify to access the ZyAIR using this service.

Click Apply to save your changes back to the ZyAIR. Click Reset to begin configuring this screen afresh.

Remote Management 8-9

ZyAIR G-500 Wireless Access Point User’s Guide

Chapter 9

Logs Screens

This chapter contains information about configuring general log settings and viewing the ZyAIR’s

logs. Refer to the appendix for example log message explanations.

9.1 Configuring View Log

The web configurator allows you to look at all of the ZyAIR’s logs in one location.

Click LOGS to open the View Log screen. Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen (see section 9.2). Options include logs about system maintenance, system errors and access control.

You can view logs and alert messages in this page. Once the log entries are all used, the log will wrap around and the old logs will be deleted.

Click a column heading to sort the entries. A triangle indicates the direction of the sort order.

Figure 9-1 View Log

Logs Screens 9-1

ZyAIR G-500 Wireless Access Point User’s Guide

The following table describes the labels in this screen.

Table 9-1 View Log

LABEL DESCRIPTION

Display Select a log category from the drop down list box to display logs within the selected

category. To view all logs, select All Logs. The number of categories shown in the drop down list box depends on the selection in the Log Settings page.

Time This field displays the time the log was recorded. Message This field states the reason for the log. Source This field lists the source IP address and the port number of the incoming packet. Destination This field lists the destination IP address and the port number of the incoming packet. Note This field displays additional information about the log entry.

Email Log Now

Refresh

Clear Log

Click Email Log Now to send the log screen to the e-mail address specified in the Log Settings page.

Click Refresh to renew the log screen.

Click Clear Log to clear all the logs.

9.2 Configuring Log Settings

To change your ZyAIR’s log settings, click LOGS and then the Log Settings tab. The screen appears as shown.

Use the Log Settings screen to configure to where the ZyAIR is to send the logs; the schedule for when the ZyAIR is to send the logs and which logs and/or immediate alerts the ZyAIR is to send.

An alert is a type of log that warrants more serious attention. Some categories such as System Errors consist of both logs and alerts. You may differentiate them by their color in the View Log screen. Alerts are displayed in red and logs are displayed in black.

9-2 Logs Screens

ZyAIR G-500 Wireless Access Point User’s Guide

Figure 9-2 Log Settings

The following table describes the labels in this screen.

Logs Screens 9-3

ZyAIR G-500 Wireless Access Point User’s Guide

Table 9-2 Log Settings

LABEL DESCRIPTION

Address Info

Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses

specified below. If this field is left blank, logs and alert messages will not be sent via e-mail.

Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the

ZyAIR sends.

Send log to Logs are sent to the e-mail address specified in this field. If this field is left blank,

logs will not be sent via e-mail.

Send alerts to Enter the e-mail address where the alert messages will be sent. If this field is left

blank, alert messages will not be sent via e-mail.

Syslog Logging Syslog logging sends a log to an external syslog server used to store logs.

Active

Syslog IP Address Enter the server name or IP address of the syslog server that will log the selected

Log Facility Select a location from the drop down list box. The log facility allows you to log the

Send Log

Log Schedule This drop-down menu is used to configure the frequency of log messages being

Day for Sending Log

Time for Sending Log Enter the time of the day in 24-hour format (for example 23:00 equals 11:00 pm) to

Click Active to enable syslog logging.

categories of logs.

messages to different files in the syslog server. Refer to the documentation of your syslog program for more details.

sent as E-mail:

• Daily

• Weekly

• Hourly

• When Log is Full

• None.

If the Weekly or the Daily option is selected, specify a time of day when the E-mail should be sent. If the Weekly option is selected, then also specify which day of the week the E-mail should be sent. If the When Log is Full option is selected, an alert is sent when the log fills up. If you select None, no log messages are sent.

This field is only available when you select Weekly in the Log Schedule field.

Use the drop down list box to select which day of the week to send the logs.

send the logs.

9-4 Logs Screens

ZyAIR G-500 Wireless Access Point User’s Guide

Table 9-2 Log Settings

LABEL DESCRIPTION

Clear log after sanding

Log Select the categories of logs that you want to record. Send Immediate Alert Select the categories of alerts for which you want the ZyAIR to immediately send

Apply Reset

Select the check box to clear all logs after logs and alert messages are sent via e-

mail

mail.

e-mail alerts. Click Apply to save your customized settings and exit this screen. Click Reset to reconfigure all the fields in this screen.

Logs Screens 9-5

ZyXEL ZyAIR G-500 User Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

ZyAIR G-500

Copyright

ZyXEL Limited Warranty

Customer Support

Table of Contents

List of Figures

List of Tables

Preface

Getting to Know Your ZyAIR

1.1 Introducing the ZyAIR Wireless Access Point

1.3 Applications for the ZyAIR

Introducing the Web Configurator

2.1 Accessing the ZyAIR Web Configurator

2.2 Resetting the ZyAIR

2.3 Navigating the ZyAIR Web Configurator

Wizard Setup

3.1 Wizard Setup Overview

3.2 Wizard Setup: General Setup

3.3 Wizard Setup: Wireless LAN

3.4 Wizard Setup: IP Address

3.5 Basic Setup Complete

4.2 Configuring General Setup

System Screens

4.4 Configuring Time Setting

Wireless Configuration and Roaming

5.2 Wireless LAN Basics

5.3 Configuring Wireless

Wireless Security

6.4 Configuring WEP Encryption

To change your ZyAIR’s MAC Filter settings, click the WIRELESS link under ADVANCED and then the MAC Filter tab. The screen appears as shown.

6.6 802.1x Overview

6.7 Introduction to RADIUS

6.8 Dynamic WEP Key Exchange

6.9 Introduction to WPA

IP Screen

7.3 Configuring IP

Remote Management

8.3 Configuring TELNET

Logs Screens

9.1 Configuring View Log