Page 1
NWA-1100
802.11b/g Wireless Access Point
User’s Guide
Version 1.00
7/2008
Edition 1
www.zyxel.com
Page 2
Page 3
About This User's Guide
About This User's Guide
Intended Audience
This manual is intended for people who want to configure the ZyXEL Device using the web
configurator. You should have at least a basic knowledge of TCP/IP networking concepts and
topology.
Related Documentation
• Quick Start Guide
The Quick Start Guide is designed to help you get up and running right away. It contains
information on setting up your network and configuring for Internet access.
• Supporting Disk
Refer to the included CD for support documents.
• ZyXEL Web Site
Please refer to www.zyxel.com
certifications.
for additional support documentation and product
User Guide Feedback
Help us help you. Send all User Guide-related comments, questions or suggestions for
improvement to the following address, or use e-mail instead. Thank you!
The Technical Writing Team,
ZyXEL Communications Corp.,
6 Innovation Road II,
Science-Based Industrial Park,
Hsinchu, 300, Taiwan.
E-mail: techwriters@zyxel.com.tw
ZyXEL NWA-1100 User’s Guide
3
Page 4
Document Conventions
Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
1 Warnings tell you about things that could harm you or your device.
" Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
• The NWA-1100 may be referred to as the “ZyXEL Device”, the “device” or the “system”
in this User’s Guide.
• Product labels, screen names, field labels and field choices are all in bold font.
• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER]
means the “enter” or “return” key on your keyboard.
• “Enter” means for you to type one or more characters and then press the [ENTER] key.
“Select” or “choose” means for you to use one of the predefined choices.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For example,
Maintenance > Configuration File > Backup means you first click Maintenance in the
navigation panel, then the Configuration File sub menu and finally the Backup button to
get to that screen.
• Units of measurement may denote the “metric” value or the “scientific” value. For
example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000”
or “1048576” and so on.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
4
ZyXEL NWA-1100 User’s Guide
Page 5
Document Conventions
Icons Used in Figures
Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is
not an exact representation of your device.
ZyXEL Device Computer Notebook computer
Server Printer Firewall
Ethernet Switch Switch Router
ZyXEL NWA-1100 User’s Guide
5
Page 6
Safety Warnings
Safety Warnings
1 For your safety, be sure to read and follow all warning notices and instructions.
• Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT store things on the device.
• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk
of electric shock from lightning.
• Connect ONLY suitable accessories to the device.
• ONLY qualified service personnel should service or disassemble this device.
• Make sure to connect the cables to the correct ports.
• Place connecting cables carefully so that no one will step on them or stumble over them.
• Always disconnect all cables from this device before servicing or disassembling.
• Use ONLY an appropriate power adaptor or cord for your device.
• Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in
North America or 230V AC in Europe).
• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the
product where anyone can walk on the power adaptor or cord.
• Do NOT use the device if the power adaptor or cord is damaged as it might cause
electrocution.
• If the power adaptor or cord is damaged, remove it from the power outlet.
• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a
new one.
• Do not use the device outside, and make sure all the connections are indoors. There is a
remote risk of electric shock from lightning.
• Antenna Warning! This device meets ETSI and FCC certification requirements when
using the included antenna(s). Only use the included antenna(s).
• If you wall mount your device, make sure that no electrical lines, gas or water pipes will
be damaged.
• The PoE (Power over Ethernet) devices that supply or receive power and their connected
Ethernet cables must all be completely indoors.
6
This product is recyclable. Dispose of it properly.
ZyXEL NWA-1100 User’s Guide
Page 7
Safety Warnings
ZyXEL NWA-1100 User’s Guide
7
Page 8
Safety Warnings
8
ZyXEL NWA-1100 User’s Guide
Page 9
Contents Overview
Contents Overview
Introduction ............................................................................................................................ 23
Introducing the ZyXEL Device ...................................................................................................25
Introducing the Web Configurator .............................................................................................. 35
Status Screens .......................................................................................................................... 39
Tutorial ....................................................................................................................................... 43
The Web Configurator ...........................................................................................................51
System Screens ........................................................................................................................ 53
Wireless Settings Screen .......................................................................................................... 61
Wireless Security Screen .......................................................................................................... 75
RADIUS Screen ......................................................................................................................... 89
MAC Filter Screen ..................................................................................................................... 93
IP Screen ................................................................................................................................... 97
Remote Management ..............................................................................................................101
Certificate Screen .....................................................................................................................111
Log Screens .............................................................................................................................115
Maintenance ............................................................................................................................ 121
Troubleshooting ....................................................................................................................... 129
Appendices and Index ......................................................................................................... 133
ZyXEL NWA-1100 User’s Guide
9
Page 10
Contents Overview
10
ZyXEL NWA-1100 User’s Guide
Page 11
Table of Contents
Table of Contents
About This User's Guide ..........................................................................................................3
Document Conventions............................................................................................................4
Safety Warnings........................................................................................................................6
Contents Overview ...................................................................................................................9
Table of Contents.................................................................................................................... 11
List of Figures ......................................................................................................................... 17
List of Tables...........................................................................................................................21
Part I: Introduction................................................................................. 23
Chapter 1
Introducing the ZyXEL Device...............................................................................................25
1.1 Introducing the ZyXEL Device ............................................................................................. 25
1.2 Applications for the ZyXEL Device ...................................................................................... 25
1.2.1 Access Point .............................................................................................................. 25
1.2.2 Wireless Client ........................................................................................................... 26
1.2.3 Bridge ......................................................................................................................... 27
1.2.4 AP + Bridge ................................................................................................................ 29
1.3 Ways to Manage the ZyXEL Device .................................................................................... 30
1.4 Configuring Your ZyXEL Device’s Security Features .......................................................... 30
1.4.1 Control Access to Your Device ................................................................................... 30
1.4.2 Wireless Security ....................................................................................................... 31
1.5 Good Habits for Managing the ZyXEL Device ..................................................................... 31
1.6 Hardware Connections ........................................................................................................ 32
1.7 LEDs .................................................................................................................................... 32
Chapter 2
Introducing the Web Configurator ........................................................................................ 35
2.1 Accessing the Web Configurator ......................................................................................... 35
2.2 Resetting the ZyXEL Device ................................................................................................ 36
2.2.1 Methods of Restoring Factory-Defaults ...................................................................... 36
2.3 Navigating the Web Configurator ......................................................................................... 36
ZyXEL NWA-1100 User’s Guide
11
Page 12
Table of Contents
Chapter 3
Status Screens........................................................................................................................ 39
3.1 The Status Screen ............................................................................................................... 39
3.1.1 System Statistics Screen ............................................................................................ 41
Chapter 4
Tutorial ..................................................................................................................................... 43
4.1 How to Configure the Wireless LAN .................................................................................... 43
4.1.1 Choosing the Wireless Mode ..................................................................................... 43
4.1.2 Wireless LAN Configuration Overview ....................................................................... 43
4.1.3 Further Reading ......................................................................................................... 44
4.2 ZyXEL Device Setup in Wireless Client Mode ..................................................................... 44
4.2.1 Scenario ..................................................................................................................... 45
4.2.2 Configuring the ZyXEL Device in Access Point Mode .............................................. 45
4.2.3 Configuring the ZyXEL Device in Wireless Client Mode ............................................ 46
4.2.4 Testing the Connection and Troubleshooting ............................................................. 49
Part II: The Web Configurator ............................................................... 51
Chapter 5
System Screens ...................................................................................................................... 53
5.1 Overview .............................................................................................................................. 53
5.2 What You Can Do in the System Screens ........................................................................... 53
5.3 What You Need To Know About the System Screens ......................................................... 54
5.4 General Screen ................................................................................................................... 55
5.4.1 Password Screen ....................................................................................................... 56
5.5 Time Screen ....................................................................................................................... 56
5.6 Technical Reference ............................................................................................................ 58
5.6.1 Pre-defined NTP Time Servers List ............................................................................ 58
Chapter 6
Wireless Settings Screen.......................................................................................................61
6.1 Overview .............................................................................................................................. 61
6.2 What You Can Do in the Wireless Settings Screen ............................................................. 61
6.3 What You Need To Know About Wireless Settings Screen ................................................. 62
6.4 Wireless Settings Screen .................................................................................................... 63
6.4.1 Access Point Mode .................................................................................................... 63
6.4.2 Wireless Client Mode ................................................................................................. 65
6.4.3 Bridge Mode ............................................................................................................... 68
6.4.4 AP + Bridge Mode ...................................................................................................... 70
6.5 Technical Reference ............................................................................................................ 71
12
ZyXEL NWA-1100 User’s Guide
Page 13
Table of Contents
6.5.1 WMM QoS ..................................................................................................................71
6.5.2 Spanning Tree Protocol (STP) ................................................................................... 71
6.5.2.1 Rapid STP ........................................................................................................ 71
6.5.2.2 STP Terminology .............................................................................................. 71
6.5.2.3 How STP Works ............................................................................................... 72
6.5.2.4 STP Port States ................................................................................................ 72
6.5.3 Additional Wireless Terms .......................................................................................... 73
Chapter 7
Wireless Security Screen.......................................................................................................75
7.1 Overview .............................................................................................................................. 75
7.2 What You Can Do in the Wireless Security Screen ............................................................. 75
7.3 What You Need To Know About Wireless Security .............................................................. 76
7.4 The Security Screen ............................................................................................................ 77
7.4.1 Security: WEP ............................................................................................................78
7.4.2 Security: 802.1x Only ................................................................................................. 79
7.4.2.1 Access Point ..................................................................................................... 79
7.4.2.2 Wireless Client .................................................................................................. 80
7.4.3 Security: 802.1x Static 64-bit, 802.1x Static 128-bit ................................................... 81
7.4.4 Security: WPA ............................................................................................................83
7.4.4.1 Access Point ..................................................................................................... 83
7.4.4.2 Wireless Client .................................................................................................. 84
7.4.5 Security: WPA2 or WPA2-MIX .................................................................................... 85
7.4.5.1 Access Point ..................................................................................................... 85
7.4.5.2 Wireless Client .................................................................................................. 86
7.4.6 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX .................................................... 87
7.5 Technical Reference ............................................................................................................ 87
Chapter 8
RADIUS Screen .......................................................................................................................89
8.1 Overview .............................................................................................................................. 89
8.2 What You Can Do in the RADIUS Screen ........................................................................... 89
8.3 What You Need to Know About RADIUS ............................................................................. 89
8.4 The RADIUS Screen ........................................................................................................... 90
Chapter 9
MAC Filter Screen ...................................................................................................................93
9.1 Overview .............................................................................................................................. 93
9.2 What You Can Do in the MAC Filter .................................................................................... 93
9.3 What You Need To Know About MAC Filter ........................................................................ 93
9.4 MAC Filter Screen ............................................................................................................... 94
Chapter 10
IP Screen.................................................................................................................................. 97
ZyXEL NWA-1100 User’s Guide
13
Page 14
Table of Contents
10.1 Overview ............................................................................................................................ 97
10.2 What You Can Do in the IP Screen ................................................................................... 97
10.3 What You Need to Know About IP ..................................................................................... 97
10.4 IP Screen ........................................................................................................................... 98
10.5 Technical Reference .......................................................................................................... 99
10.5.1 WAN IP Address Assignment ................................................................................... 99
Chapter 11
Remote Management............................................................................................................ 101
11.1 Overview .......................................................................................................................... 101
11.2 What You Can Do in the Remote Management Screens ................................................. 102
11.3 What You Need To Know About Remote Management ................................................... 102
11.4 The Telnet Screen ............................................................................................................ 104
11.5 The FTP Screen ............................................................................................................... 104
11.6 The WWW Screen ........................................................................................................... 105
11.7 The SNMP Screen ...........................................................................................................106
11.8 Technical Reference ........................................................................................................ 108
11.8.1 MIB ......................................................................................................................... 108
11.8.2 Supported MIBs ...................................................................................................... 108
11.8.3 SNMP Traps ........................................................................................................... 108
Chapter 12
Certificate Screen ................................................................................................................. 111
12.1 Overview ........................................................................................................................... 111
12.2 What You Can Do in the Certificate Screen ......................................................................111
12.3 What You Need To Know About Certificates ....................................................................111
12.4 Certificate Screen .............................................................................................................112
12.5 Technical Reference .........................................................................................................112
12.5.1 Private-Public Certificates .......................................................................................113
12.5.2 Certification Authorities ...........................................................................................113
12.5.3 Checking the Fingerprint of a Certificate on Your Computer ...................................113
Chapter 13
Log Screens .......................................................................................................................... 115
13.1 Overview ...........................................................................................................................115
13.2 What You Can Do in the Log Screens ..............................................................................115
13.3 What You Need To Know About Logs ...............................................................................116
13.4 View Log Screen ...............................................................................................................116
13.5 Log Settings Screen .........................................................................................................117
13.6 Technical Reference .........................................................................................................118
13.6.1 Example Log Messages ..........................................................................................119
13.7 Log Commands ................................................................................................................119
13.7.1 Configuring What You Want the ZyXEL Device to Log ...........................................119
14
ZyXEL NWA-1100 User’s Guide
Page 15
Table of Contents
13.7.2 Displaying Logs ...................................................................................................... 120
13.7.3 Command List ........................................................................................................ 120
Chapter 14
Maintenance .......................................................................................................................... 121
14.1 Overview .......................................................................................................................... 121
14.2 What You Can Do in the Maintenance Screens .............................................................. 121
14.3 What You Need To Know About the Maintenance Screens ............................................. 121
14.4 Association List Screen ...................................................................................................121
14.5 Channel Usage Screen ................................................................................................... 122
14.6 F/W Upload Screen .........................................................................................................123
14.7 Configuration Screen ....................................................................................................... 124
14.7.1 Backup Configuration ............................................................................................. 125
14.7.2 Restore Configuration ............................................................................................ 125
14.7.3 Back to Factory Defaults ........................................................................................ 126
14.8 Restart Screen ................................................................................................................. 127
Chapter 15
Troubleshooting.................................................................................................................... 129
15.1 Power, Hardware Connections, and LEDs ...................................................................... 129
15.2 ZyXEL Device Access and Login .................................................................................... 129
15.3 Internet Access ................................................................................................................ 131
Part III: Appendices and Index............................................................ 133
Appendix A Product Specifications.......................................................................................135
Appendix B Power over Ethernet (PoE) Specifications ........................................................ 137
Appendix C Power Adaptor Specifications ........................................................................... 139
Appendix D Setting up Your Computer’s IP Address ...........................................................141
Appendix E Wireless LANs ..................................................................................................153
Appendix F Pop-up Windows, JavaScripts and Java Permissions ...................................... 167
Appendix G IP Addresses and Subnetting ...........................................................................173
Appendix H Text File Based Auto Configuration ..................................................................181
Appendix I How to Access and Use the CLI......................................................................... 187
Appendix J Legal Information ...............................................................................................191
Appendix K Customer Support .............................................................................................195
ZyXEL NWA-1100 User’s Guide
15
Page 16
Table of Contents
Index....................................................................................................................................... 201
16
ZyXEL NWA-1100 User’s Guide
Page 17
List of Figures
List of Figures
Figure 1 Access Point Application .......................................................................................................... 26
Figure 2 Wireless Client Application ....................................................................................................... 26
Figure 3 Bridge Application .................................................................................................................... 27
Figure 4 Bridging Example ..................................................................................................................... 28
Figure 5 Bridge Loop: Two Bridges Connected to Hub .......................................................................... 28
Figure 6 Bridge Loop: Bridge Connected to Wired LAN ......................................................................... 29
Figure 7 AP + Bridge Application ........................................................................................................... 30
Figure 8 LEDs ......................................................................................................................................... 32
Figure 9 Change Password Screen ........................................................................................................ 35
Figure 10 Status Screen of the Web Configurator .................................................................................. 37
Figure 11 The Status Screen .................................................................................................................. 39
Figure 12 System Status: Show Statistics .............................................................................................. 41
Figure 13 Configuring Wireless LAN ...................................................................................................... 44
Figure 14 FTP Server Connected to a Wireless Client ........................................................................... 45
Figure 15 Access Point Mode Wireless Setttings ................................................................................... 46
Figure 16 Access Point Mode Security Setttings .................................................................................... 46
Figure 17 Wireless Client Mode Wireless Settings ................................................................................. 47
Figure 18 Site Survey ............................................................................................................................. 48
Figure 19 Wireless Client Mode ............................................................................................................. 48
Figure 20 Wireless Client Mode Security Setttings ................................................................................ 49
Figure 21 Wireless Client MAC Filtering ................................................................................................. 49
Figure 22 ZyXEL Device Setup .............................................................................................................. 53
Figure 23 System: General .................................................................................................................... 55
Figure 24 System: Password. ................................................................................................................. 56
Figure 25 System: Time .......................................................................................................................... 57
Figure 26 Wireless Mode ........................................................................................................................ 61
Figure 27 Wireless: Access Point ........................................................................................................... 63
Figure 28 Wireless: Wireless Client ........................................................................................................ 66
Figure 29 Wireless: Bridge ..................................................................................................................... 68
Figure 30 Wireless: AP+Bridge .............................................................................................................. 70
Figure 31 Securing the Wireless Network .............................................................................................. 75
Figure 32 Security: None ........................................................................................................................ 78
Figure 33 Security: WEP ........................................................................................................................ 78
Figure 34 Security: 802.1x Only for Access Point .................................................................................. 80
Figure 35 Security: 802.1x Only for Wireless Client ............................................................................... 81
Figure 36 Security: 802.1x Static 64-bit, 802.1x Static 128-bit (AP mode) ............................................. 82
Figure 37 Security: WPA for Access Point ............................................................................................ 83
Figure 38 Security: WPA for Wireless Client .......................................................................................... 84
ZyXEL NWA-1100 User’s Guide
17
Page 18
List of Figures
Figure 39 Security:WPA2 or WPA2-MIX for Access Point ...................................................................... 85
Figure 40 Security: WPA2 or WPA2-MIX for Wireless Client .................................................................. 86
Figure 41 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX ............................................................. 87
Figure 42 RADIUS Server Setup ............................................................................................................ 89
Figure 43 Wireless > RADIUS ................................................................................................................ 90
Figure 44 MAC Filtering ......................................................................................................................... 93
Figure 45 Wireless > MAC Filter ............................................................................................................. 94
Figure 46 IP Setup .................................................................................................................................. 97
Figure 47 IP Setup .................................................................................................................................. 98
Figure 48 Remote Management Example ............................................................................................101
Figure 49 SNMP Management Mode ................................................................................................... 103
Figure 50 Remote Management: Telnet ............................................................................................... 104
Figure 51 Remote Management: FTP .................................................................................................. 105
Figure 52 Remote Management: WWW ...............................................................................................106
Figure 53 Remote Management: SNMP ..............................................................................................107
Figure 54 Certificates Example .............................................................................................................111
Figure 55 Certificate ..............................................................................................................................112
Figure 56 Certificates on Your Computer ..............................................................................................113
Figure 57 Certificate Details .................................................................................................................114
Figure 58 Accessing Logs in the Network ............................................................................................115
Figure 59 View Log ................................................................................................................................116
Figure 60 Log Settings ..........................................................................................................................117
Figure 61 Association List .................................................................................................................... 122
Figure 62 Channel Usage ..................................................................................................................... 122
Figure 63 Firmware Upload .................................................................................................................. 123
Figure 64 Firmware Upload In Process ................................................................................................ 124
Figure 65 Network Temporarily Disconnected ...................................................................................... 124
Figure 66 Firmware Upload Error ......................................................................................................... 124
Figure 67 Configuration ........................................................................................................................ 125
Figure 68 Configuration Upload Successful ......................................................................................... 126
Figure 69 Network Temporarily Disconnected ...................................................................................... 126
Figure 70 Configuration Upload Error ................................................................................................... 126
Figure 71 Reset Warning Message ...................................................................................................... 127
Figure 72 Restart Screen ..................................................................................................................... 127
Figure 73 WIndows 95/98/Me: Network: Configuration ........................................................................ 142
Figure 74 Windows 95/98/Me: TCP/IP Properties: IP Address ............................................................ 143
Figure 75 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ................................................ 144
Figure 76 Windows XP: Start Menu ...................................................................................................... 145
Figure 77 Windows XP: Control Panel ................................................................................................. 145
Figure 78 Windows XP: Control Panel: Network Connections: Properties ........................................... 146
Figure 79 Windows XP: Local Area Connection Properties ................................................................. 146
Figure 80 Windows XP: Advanced TCP/IP Settings ............................................................................ 147
Figure 81 Windows XP: Internet Protocol (TCP/IP) Properties ............................................................ 148
18
ZyXEL NWA-1100 User’s Guide
Page 19
List of Figures
Figure 82 Macintosh OS 8/9: Apple Menu ............................................................................................ 149
Figure 83 Macintosh OS 8/9: TCP/IP ................................................................................................... 149
Figure 84 Macintosh OS X: Apple Menu .............................................................................................. 150
Figure 85 Macintosh OS X: Network .................................................................................................... 151
Figure 86 Peer-to-Peer Communication in an Ad-hoc Network ........................................................... 153
Figure 87 Basic Service Set ................................................................................................................. 154
Figure 88 Infrastructure WLAN ............................................................................................................. 155
Figure 89 RTS/CTS .............................................................................................................................. 156
Figure 90 WPA(2) with RADIUS Application Example ......................................................................... 164
Figure 91 WPA(2)-PSK Authentication ................................................................................................. 164
Figure 92 Pop-up Blocker ..................................................................................................................... 167
Figure 93 Internet Options: Privacy ...................................................................................................... 168
Figure 94 Internet Options: Privacy ...................................................................................................... 169
Figure 95 Pop-up Blocker Settings ....................................................................................................... 169
Figure 96 Internet Options: Security ..................................................................................................... 170
Figure 97 Security Settings - Java Scripting ......................................................................................... 171
Figure 98 Security Settings - Java ........................................................................................................ 171
Figure 99 Java (Sun) ............................................................................................................................ 172
Figure 100 Network Number and Host ID ............................................................................................ 174
Figure 101 Subnetting Example: Before Subnetting ............................................................................ 176
Figure 102 Subnetting Example: After Subnetting ............................................................................... 177
Figure 103 Text File Based Auto Configuration .................................................................................... 181
Figure 104 Configuration File Format ................................................................................................... 183
Figure 105 WEP Configuration File Example ....................................................................................... 184
Figure 106 802.1X Configuration File Example .................................................................................... 184
Figure 107 WPA-PSK Configuration File Example ............................................................................... 185
Figure 108 WPA Configuration File Example ....................................................................................... 185
Figure 109 Wlan Configuration File Example ....................................................................................... 185
ZyXEL NWA-1100 User’s Guide
19
Page 20
List of Figures
20
ZyXEL NWA-1100 User’s Guide
Page 21
List of Tables
List of Tables
Table 1 LEDs ......................................................................................................................................... 32
Table 2 The Status Screen .................................................................................................................... 39
Table 3 System Status: Show Statistics ................................................................................................. 41
Table 4 Private IP Address Ranges ....................................................................................................... 54
Table 5 System: General ....................................................................................................................... 55
Table 6 System: Password .................................................................................................................... 56
Table 7 System: Time ............................................................................................................................ 57
Table 8 Default Time Servers ................................................................................................................ 58
Table 9 Wireless: Access Point ............................................................................................................. 64
Table 10 Wireless: Wireless Client ........................................................................................................ 66
Table 11 Wireless: Bridge ...................................................................................................................... 68
Table 12 STP Path Costs ...................................................................................................................... 72
Table 13 STP Port States ...................................................................................................................... 72
Table 14 Additional Wireless Terms ....................................................................................................... 73
Table 15 Wireless Security Levels ......................................................................................................... 76
Table 16 Security: WEP ......................................................................................................................... 79
Table 17 Security: 802.1x Only for Access Point ................................................................................... 80
Table 18 Security: 802.1x Only for Wireless Client ................................................................................ 81
Table 19 Security: 802.1x Static 64-bit, 802.1x Static 128-bit ................................................................82
Table 20 Security: WPA for Access Point .............................................................................................. 83
Table 21 Security: WPA for Wireless Client ........................................................................................... 84
Table 22 Security: WPA2 or WPA2-MIX for Access Point ..................................................................... 85
Table 23 Security: WPA2 or WPA2-MIX for Wireless Client .................................................................. 86
Table 24 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX ............................................................. 87
Table 25 Wireless > RADIUS ................................................................................................................. 90
Table 26 Wireless > MAC Filter ............................................................................................................. 94
Table 27 IP Setup .................................................................................................................................. 98
Table 28 Private IP Address Ranges ..................................................................................................... 99
Table 29 Remote Management: Telnet ................................................................................................ 104
Table 30 Remote Management: FTP ................................................................................................... 105
Table 31 Remote Management: WWW ...............................................................................................106
Table 32 Remote Management: SNMP ............................................................................................... 107
Table 33 SNMP Traps .......................................................................................................................... 108
Table 34 SNMP Interface Index to Physical and Virtual Port Mapping ................................................ 109
Table 35 Certificate ...............................................................................................................................112
Table 36 View Log ................................................................................................................................116
Table 37 Log Settings ...........................................................................................................................117
Table 38 System Maintenance Logs .....................................................................................................119
ZyXEL NWA-1100 User’s Guide
21
Page 22
List of Tables
Table 39 Log Categories and Available Settings ................................................................................. 120
Table 40 Log Command List ................................................................................................................ 120
Table 41 Association List ..................................................................................................................... 122
Table 42 Channel Usage ..................................................................................................................... 123
Table 43 Firmware Upload ................................................................................................................... 123
Table 44 Restore Configuration ........................................................................................................... 125
Table 45 Hardware Specifications ....................................................................................................... 135
Table 46 Firmware Specifications ........................................................................................................ 135
Table 47 Power over Ethernet Injector Specifications ........................................................................ 137
Table 48 Power over Ethernet Injector RJ-45 Port Pin Assignments .................................................. 137
Table 49 North American Plug Standards ............................................................................................ 139
Table 50 European Plug Standards ..................................................................................................... 139
Table 51 United Kingdom Plug Standards ........................................................................................... 139
Table 52 Australia and New Zealand Plug Standards ......................................................................... 139
Table 53 IEEE 802.11g ........................................................................................................................ 157
Table 54 Wireless Security Levels ....................................................................................................... 158
Table 55 Comparison of EAP Authentication Types ............................................................................ 161
Table 56 Wireless Security Relational Matrix ...................................................................................... 165
Table 57 Subnet Masks ....................................................................................................................... 174
Table 58 Subnet Masks ....................................................................................................................... 175
Table 59 Maximum Host Numbers ...................................................................................................... 175
Table 60 Alternative Subnet Mask Notation ......................................................................................... 175
Table 61 Subnet 1 ................................................................................................................................ 177
Table 62 Subnet 2 ................................................................................................................................ 178
Table 63 Subnet 3 ................................................................................................................................ 178
Table 64 Subnet 4 ................................................................................................................................ 178
Table 65 Eight Subnets ........................................................................................................................ 178
Table 66 24-bit Network Number Subnet Planning .............................................................................. 179
Table 67 16-bit Network Number Subnet Planning .............................................................................. 179
Table 68 Auto Configuration by DHCP ................................................................................................ 182
Table 69 Configuration via SNMP ........................................................................................................ 182
Table 70 Displaying the File Version .................................................................................................... 182
Table 71 Displaying the File Version .................................................................................................... 183
Table 72 Displaying the Auto Configuration Status .............................................................................. 183
Table 73 Default Management IP Address .......................................................................................... 187
Table 74 Default User Name and Password ........................................................................................ 187
Table 75 Common Command Input Values ......................................................................................... 188
Table 76 CLI Shortcuts and Help ......................................................................................................... 189
22
ZyXEL NWA-1100 User’s Guide
Page 23
PART I
Introduction
Introducing the ZyXEL Device (25)
Status Screens (39)
Introducing the Web Configurator (35)
Tutorial (43)
23
Page 24
24
Page 25
CHAPTER 1
Introducing the ZyXEL Device
This chapter introduces the main applications and features of the ZyXEL Device. It also
discusses the ways you can manage your ZyXEL Device.
1.1 Introducing the ZyXEL Device
Your ZyXEL Device extends the range of your existing wired network without additional
wiring, providing easy network access to mobile users.
It controls network access with MAC address filtering and RADIUS server authentication.It
also provides a high level of network traffic security, supporting IEEE 802.1x, Wi-Fi
Protected Access (WPA), WPA2 and WEP data encryption. Its Quality of Service (QoS)
features allow you to prioritize time-sensitive or highly important applications such as VoIP.
Your ZyXEL Device is easy to install, configure and use. The embedded Web-based
configurator enables simple, straightforward management and maintenance.
See the Quick Start Guide for instructions on how to make hardware connections.
1.2 Applications for the ZyXEL Device
The ZyXEL Device can be configured to use the following WLAN operating modes
1 AP (Access Point)
2 Wireless Client
3 Bridge
4 AP + Bridge
Applications for each operating mode are shown below.
1.2.1 Access Point
The ZyXEL Device is an ideal access solution for wireless Internet connection. A typical
Internet access application for your ZyXEL Device is shown as follows. Stations A, B and C
can access the wired network through the ZyXEL Devices.
ZyXEL NWA-1100 User’s Guide
25
Page 26
Chapter 1 Introducing the ZyXEL Device
Figure 1 Access Point Application
BSS1
AP1
AP2
BSS2
A
1.2.2 Wireless Client
The ZyXEL Device can be used as a wireless client to communicate with an existing network.
In the figure below, the printer can receive requests from the wired computer clients A and B
via the ZyXEL Device in Wireless Client mode.
Figure 2 Wireless Client Application
A
B
C
26
B
ZyXEL NWA-1100 User’s Guide
Page 27
1.2.3 Bridge
The ZyXEL Device can act as a wireless network bridge and establish wireless links with
other APs. In the figure below, the ZyXEL Devices (A, B and Z) are connected to independent
wired networks and have a bridge connection (A can communicate with B and Z) at the same
time. Security between bridged APs (the Wireless Distribution System or WDS) is
independent of the security between the wired networks and their respective APs. If you do not
enable WDS security, traffic between APs is not encrypted. When WDS security is enabled,
both APs must use the same pre-shared key. See Section 6.4.3 on page 68 for more details.
Once the security settings of peer sides match one another, the connection between devices is
made.
At the time of writing, WDS security is compatible with other ZyXEL NWA-series access
points only. Refer to your other access point’s documentation for details.
Figure 3 Bridge Application
Chapter 1 Introducing the ZyXEL Device
In the example below, when both ZyXEL Devices are in Bridge mode, they form a WDS
(Wireless Distribution System) allowing the computers in LAN 1 to connect to the computers
in LAN 2.
ZyXEL NWA-1100 User’s Guide
27
Page 28
Chapter 1 Introducing the ZyXEL Device
Figure 4 Bridging Example
Be careful to avoid bridge loops when you enable bridging in the ZyXEL Device. Bridge loops
cause broadcast traffic to circle the network endlessly, resulting in possible throughput
degradation and disruption of communications. The following examples show two network
topologies that can lead to this problem:
• If two or more ZyXEL Devices (in bridge mode) are connected to the same hub.
Figure 5 Bridge Loop: Two Bridges Connected to Hub
• If your ZyXEL Device (in bridge mode) is connected to a wired LAN while
communicating with another wireless bridge that is also connected to the same wired
LAN.
28
ZyXEL NWA-1100 User’s Guide
Page 29
Chapter 1 Introducing the ZyXEL Device
Figure 6 Bridge Loop: Bridge Connected to Wired LAN
To prevent bridge loops, ensure that you enable STP in the Wireless screen or your ZyXEL
Device is not set to bridge mode while connected to both wired and wireless segments of the
same LAN.
1.2.4 AP + Bridge
In AP+Bridge mode, the ZyXEL Device supports both AP and bridge connection at the same
time.
Using AP + Bridge mode, your ZyXEL Device can extend the range of the WLAN. In the
figure below, A and B act as AP + Bridge devices that forward traffic between associated
wireless workstations and the wired LAN.
When the ZyXEL Device is in AP+Bridge mode, security between APs (the Wireless
Distribution System or WDS) is independent of the security between the wireless stations and
the AP. If you do not enable WDS security, traffic between APs is not encrypted. When WDS
security is enabled, both APs must use the same pre-shared key. See Section 6.4.4 on page 70
for more details.
Unless specified, the term “security settings” refers to the traffic between the wireless stations
and the ZyXEL Device.
ZyXEL NWA-1100 User’s Guide
29
Page 30
Chapter 1 Introducing the ZyXEL Device
Figure 7 AP + Bridge Application
1.3 Ways to Manage the ZyXEL Device
Use any of the following methods to manage the ZyXEL Device.
• Web Configurator. This is recommended for everyday management of the ZyXEL Device
using a (supported) web browser.
• CLI (Command Line Interface). Line commands are mostly used for troubleshooting by
service engineers.
• FTP (File Transfer Protocol) for firmware upgrades.
• SNMP (Simple Network Management Protocol). The device can be monitored by an
SNMP manager. See the SNMP chapter in this User’s Guide.
1.4 Configuring Your ZyXEL Device’s Security Features
Your ZyXEL Device comes with a variety of security features. This section summarizes these
features and provides links to sections in the User’s Guide to configure security settings on
your ZyXEL Device. Follow the suggestions below to improve security on your ZyXEL
Device and network.
1.4.1 Control Access to Your Device
Ensure only people with permission can access your ZyXEL Device.
30
• Control physical access by locating devices in secure areas, such as locked rooms. Most
ZyXEL Devices have a reset button. If an unauthorized person has access to the reset
button, they can then reset the device’s password to its default password, log in and
reconfigure its settings.
ZyXEL NWA-1100 User’s Guide
Page 31
• Change any default passwords on the ZyXEL Device, such as the password used for
accessing the ZyXEL Device’s web configurator (if it has a web configurator). Use a
password with a combination of letters and numbers and change your password regularly.
Write down the password and put it in a safe place.
• Avoid setting a long timeout period before the ZyXEL Device’s web configurator
automatically times out. A short timeout reduces the risk of unauthorized person accessing
the web configurator while it is left idle.
• See Chapter 5 on page 53 for instructions on changing your password and setting the
timeout period.
• Configure remote management to control who can manage your ZyXEL Device. See
Chapter 11 on page 101 for more information. If you enable remote management, ensure
you have enabled remote management only on the IP addresses, services or interfaces you
intended and that other remote management settings are disabled.
1.4.2 Wireless Security
Wireless devices are especially vulnerable to attack. If your ZyXEL Device has a wireless
function, take the following measures to improve wireless security.
• Enable wireless security on your ZyXEL Device. Choose the most secure encryption
method that all devices on your network support. See Section 7.4 on page 77 for directions
on configuring encryption. If you have a RADIUS server, enable IEEE 802.1x or WPA(2)
user identification on your network so users must log in. This method is more common in
business environments.
• Hide your wireless network name (SSID). The SSID can be regularly broadcast and
unauthorized users may use this information to access your network. See Section 6.4 on
page 63 for directions on using the web configurator to hide the SSID.
• Enable the MAC filter to allow only trusted users to access your wireless network or deny
unwanted users access based on their MAC address. See Section 9.4 on page 94 for
directions on configuring the MAC filter.
Chapter 1 Introducing the ZyXEL Device
1.5 Good Habits for Managing the ZyXEL Device
Do the following things regularly to make the ZyXEL Device more secure and to manage it
more effectively.
• Change the password often. Use a password that’s not easy to guess and that consists of
different types of characters, such as numbers and letters.
• Write down the password and put it in a safe place.
• Back up the configuration (and make sure you know how to restore it). Restoring an
earlier working configuration may be useful if the device becomes unstable or even
crashes. If you forget your password, you will have to reset the ZyXEL Device to its
factory default settings. If you backed up an earlier configuration file, you won’t have to
totally re-configure the ZyXEL Device; you can simply restore your last configuration.
ZyXEL NWA-1100 User’s Guide
31
Page 32
Chapter 1 Introducing the ZyXEL Device
1.6 Hardware Connections
See your Quick Start Guide for information on making hardware connections.
1.7 LEDs
Figure 8 LEDs
Table 1 LEDs
LABEL LED COLOR STATUS DESCRIPTION
1 SYS Green On The ZyXEL Device is in AP + Bridge or Bridge mode,
and has successfully established a Wireless Distribution
System (WDS) connection.
Amber Flashing The ZyXEL Device is starting up.
Off Either
• The ZyXEL Device is in Access Point or mode and is
functioning normally.
• The ZyXEL Device is in AP+Bridge or Bridge mode
and has not established a Wireless Distribution
System (WDS) connection.
or
• The ZyXEL Device is not receiving power.
2 WLAN Green On The wireless adaptor WLAN is active.
32
ZyXEL NWA-1100 User’s Guide
Page 33
Chapter 1 Introducing the ZyXEL Device
Table 1 LEDs (continued)
LABEL LED COLOR STATUS DESCRIPTION
Blinking The wireless adaptor WLAN is active, and transmitting
or receiving data.
Off The wireless adaptor WLAN is not active.
3 ETHERNET Green On The ZyXEL Device has a 10 Mbps Ethernet connection.
Blinking The ZyXEL Device has a 10 Mbps Ethernet connection
and is sending or receiving data.
Yellow On The ZyXEL Device has a 100 Mbps Ethernet
connection.
Blinking The ZyXEL Device has a 100 Mbps Ethernet connection
Off The ZyXEL Device does not have an Ethernet
and is sending/receiving data.
connection.
ZyXEL NWA-1100 User’s Guide
33
Page 34
Chapter 1 Introducing the ZyXEL Device
34
ZyXEL NWA-1100 User’s Guide
Page 35
CHAPTER 2
Introducing the Web
Configurator
This chapter describes how to access the ZyXEL Device’s web configurator and provides an
overview of its screens.
2.1 Accessing the Web Configurator
1 Make sure your hardware is properly connected and prepare your computer or computer
network to connect to the ZyXEL Device (refer to the Quick Start Guide).
2 Launch your web browser.
3 Type "192.168.1.2" as the URL (default).
4 Type "1234" (default) as the password and click Login. In some versions, the default
password appears automatically - if this is the case, click Login.
5 You should see a screen asking you to change your password (highly recommended) as
shown next. Type a new password (and retype it to confirm) then click Apply.
Alternatively, click Ignore.
" If you do not change the password, the following screen appears every time
you login.
Figure 9 Change Password Screen
You should now see the Status screen. See Chapter 2 on page 35 for details about the Status
screen.
ZyXEL NWA-1100 User’s Guide
35
Page 36
Chapter 2 Introducing the Web Configurator
" The management session automatically times out when the time period set in
the Administrator Inactivity Timer field expires (default five minutes). Simply
log back into the ZyXEL Device if this happens.
2.2 Resetting the ZyXEL Device
If you forget your password or cannot access the web configurator, you will need to use the
RESET button. This replaces the current configuration file with the factory-default
configuration file. This means that you will lose all the settings you previously configured.
The password will be reset to 1234.
2.2.1 Methods of Restoring Factory-Defaults
You can erase the current configuration and restore factory defaults in two ways:
Use the RESET button to upload the default configuration file. Hold this button in for about
10 seconds (the lights will begin to blink). Use this method for cases when the password or IP
address of the ZyXEL Device is not known.
Use the web configurator to restore defaults (refer to Section 14.7 on page 124).
2.3 Navigating the Web Configurator
The following summarizes how to navigate the web configurator from the Status screen.
Check the status bar at the bottom of the screen when you click Apply or OK to verify that the
configuration has been updated.
36
ZyXEL NWA-1100 User’s Guide
Page 37
Figure 10 Status Screen of the Web Configurator
Chapter 2 Introducing the Web Configurator
• Click the links on the left of the screen to configure advanced features such as SYSTEM
(General, Password and Time), WIRELESS (Wireless Settings, Security, RADIUS,
MAC Filter), IP, REMOTE MGNT (Telnet, FTP, WWW and SNMP),
CERTIFICATES, and LOGS (View Log and Log Settings).
• Click MAINTENANCE to view information about your ZyXEL Device or upgrade
configuration and firmware files. Maintenance features include Association List,
Channel Usage, F/W (firmware) Upload, Configuration File (Backup, Restore and
Default) and Restart.
• Click LOGOUT at any time to exit the web configurator.
ZyXEL NWA-1100 User’s Guide
37
Page 38
Chapter 2 Introducing the Web Configurator
38
ZyXEL NWA-1100 User’s Guide
Page 39
CHAPTER 3
Status Screens
The Status screens display when you log into the ZyXEL Device, or click Status in the
navigation menu.
Use the Status screens to look at the current status of the device, system resources, and
interfaces. The Status screens also provide detailed information about system statistics,
associated wireless clients, and logs.
3.1 The Status Screen
Use this screen to get a quick view of system, Ethernet, WLAN and other information
regarding your ZyXEL Device.
Click Status. The following screen displays.
Figure 11 The Status Screen
The following table describes the labels in this screen.
Table 2 The Status Screen
LABEL DESCRIPTION
Refresh Interval Enter how often you want the ZyXEL Device to update this screen.
Refresh Now Click this to update this screen immediately.
System Information
ZyXEL NWA-1100 User’s Guide
39
Page 40
Chapter 3 Status Screens
Table 2 The Status Screen
LABEL DESCRIPTION
Device Name This field displays the ZyXEL Device system name. It is used for
Operation Mode This field displays the current operating mode of the first wireless module
MAC Address This displays the MAC (Media Access Control) address of the ZyXEL
Firmware Version This field displays the current version of the firmware inside the device. It
Ethernet Information
IP Address This field displays the current IP address of the ZyXEL Device on the
Subnet Mask Subnet masks determine the maximum number of possible hosts on a
Gateway IP Address This is the IP address of the gateway. The gateway is a router or switch on
WLAN Information
SSID This field displays the SSID (Service Set Identifier).
Channel The channel or frequency used by the ZyXEL Device to send and receive
MAC Filter Media Access Control filtering checks incoming frames based on MAC
Security Mode This displays the security mode the ZyXEL Device is using.
System Resources
System Up Time This field displays the elapsed time since the ZyXEL Device was turned on.
CPU Usage This field displays what percentage of the ZyXEL Device’s processing
Memory Usage This field displays what percentage of the ZyXEL Device’s volatile memory
Interface Status
Interface This column displays each interface of the ZyXEL Device.
Status This field indicates whether or not the ZyXEL Device is using the interface.
Channel Click this to see which wireless channels are currently in use in the local
Rate For the LAN port this displays the port speed and duplex setting.
identification. You can change this in the System > General screen’s
Device Name field.
(AP, Wireless Client, Bridge or AP+Bridge). You can change the
operating mode in the Wireless > Wireless Settings screen.
Device on the LAN. Every network device has a unique MAC address
which identifies it across the network.
also shows the date the firmware version was created. You can change the
firmware version by uploading new firmware in Maintenance > F/W
Upload.
network.
network. You can also use subnet masks to divide one network into
multiple sub-networks.
the same network segment as the device's LAN port. The gateway helps
forward packets to their destinations.
information.
(Media Access Control) address(es) that you specify.
ability is currently being used. The higher the CPU usage, the more likely
the ZyXEL Device is to slow down.
is currently in use. The higher the memory usage, the more likely the
ZyXEL Device is to slow down. Some memory is required just to start the
ZyXEL Device and to run the web configurator.
For each interface, this field displays Up when the ZyXEL Device is using
the interface and Down when the ZyXEL Device is not using the interface.
area. See Section 14.5 on page 122.
For the WLAN interface, it displays the downstream and upstream
transmission rate or N/A if the interface is not in use.
40
ZyXEL NWA-1100 User’s Guide
Page 41
Table 2 The Status Screen
LABEL DESCRIPTION
LAN This field displays the number of wireless clients currently associated to
the first wireless module. Each wireless module supports up to 32
concurrent associations.
WLAN This field displays the number of wireless clients currently associated to
the second wireless module. Each wireless module supports up to 32
concurrent associations.
System Status
Statistics Click this link to view port status and packet specific statistics. See Section
3.1.1 on page 41.
Association List Click this to see a list of wireless clients currently associated to each of the
ZyXEL Device’s wireless modules. See Section 14.4 on page 121.
View Log Click this to see a list of logs produced by the ZyXEL Device. See Chapter
13 on page 115.
3.1.1 System Statistics Screen
Use this screen to view read-only information, including 802.11 Mode, Channel ID, Retry
Count and FCS Error Count. Also provided is the "poll interval". The Poll Interval field is
configurable. The fields in this screen vary according to the current wireless mode of each
WLAN adaptor.
Chapter 3 Status Screens
Click Status > Show Statistics. The following screen pops up.
Figure 12 System Status: Show Statistics
The following table describes the labels in this screen.
Table 3 System Status: Show Statistics
LABEL DESCRIPTION
Description
802.11 Mode This field shows which mode (802.11b Only, 802.11g Only, 802.11b+g) the
Channel ID Click this to see which wireless channels are currently in use in the local area.
RX PKT This is the number of received packets on this port.
TX PKT This is the number of transmitted packets on this port.
Retry Count This is the total number of retries for transmitted packets (TX).
FCS Error This is the ratio percentage showing the total number of checksum error of
ZyXEL Device is using.
See Section 14.5 on page 122.
received packets (RX) over total RX.
ZyXEL NWA-1100 User’s Guide
41
Page 42
Chapter 3 Status Screens
42
ZyXEL NWA-1100 User’s Guide
Page 43
CHAPTER 4
Tutorial
This chapter first provides an overview of how to configure the wireless LAN on your ZyXEL
Device, and then gives step-by-step guidelines showing how to configure your ZyXEL Device
for some example scenarios.
4.1 How to Configure the Wireless LAN
This section illustrates how to choose which wireless operating mode to use on the ZyXEL
Device and how to set up the wireless LAN in each wireless mode. See Section 4.1.3 on page
44 for links to more information on each step.
4.1.1 Choosing the Wireless Mode
•Use Access Point operating mode if you want to allow wireless clients to access your
wired network, all using the same security and Quality of Service (QoS) settings. See
Section 1.2.1 on page 25 for details.
•Use Wireless Client operating mode if you want to use the ZyXEL Device to access a
wireless network. See Section 1.2.2 on page 26 for details.
•Use Bridge operating mode if you want to use the ZyXEL Device to communicate with
other access points. See Section 1.2.2 on page 26 for details.
The ZyXEL Device is a bridge when other APs access your wired Ethernet network
through the ZyXEL Device.
•Use AP + Bridge operating mode if you want to use the ZyXEL Device as an access point
(see above) while also communicating with other access points. See Section 1.2.4 on page
29 for details.
4.1.2 Wireless LAN Configuration Overview
The following figure shows the steps you should take to configure the wireless settings
according to the operating mode you select. Use the Web Configurator to set up your ZyXEL
Device’s wireless network (see your Quick Start Guide for information on setting up your
ZyXEL Device and accessing the Web Configurator).
ZyXEL NWA-1100 User’s Guide
43
Page 44
Chapter 4 Tutorial
Figure 13 Configuring Wireless LAN
Select the WLAN Adaptor you want to configure.
Select Operating Mode.
Access Point
Mode.
Select 802.11
Mode and
Channel ID.
Configure RADIUS
authentication (optional).
Configure MAC Filter
(optional).
Wireless Client
Mode.
Select AP you
want to
connect to.
Configure Security
Settings.
Check your settings and test.
AP + Bridge
Mode.
Select 802.11 Mode
and Channel ID.
Configure RADIUS
authentication
(optional).
Configure MAC Filter
(optional).
Bridge
Mode.
Select 802.11
Mode and
Channel ID.
Configure RADIUS
authentication
(optional).
4.1.3 Further Reading
Use these links to find more information on the steps:
• Selecting a WLAN Adaptor: see Section 6.4.1 on page 63.
• Choosing 802.11 Mode: see Section 6.4.1 on page 63.
• Choosing a wireless Channel ID: see Section 6.4.1 on page 63.
• Choosing a Security mode: see Section 7.4.1 on page 78.
• Configuring an external RADIUS server: see Section 8.4 on page 90.
• Configuring MAC Filtering: see Section 9.1 on page 93.
4.2 ZyXEL Device Setup in Wireless Client Mode
This example shows you how to restrict wireless access to your ZyXEL Device.
44
ZyXEL NWA-1100 User’s Guide
Page 45
4.2.1 Scenario
In the figure below, there are two ZyXEL Devices (A and B) in the network. A is in Access
Point (AP) mode while B is in Wireless Client mode. Station B is connected to a File Transfer
Protocol (FTP) server. You want only specified wireless clients to be able to access station B.
You also want to allow wireless traffic between B and wireless clients connected to A (W, Y
and Z). Other wireless devices (X) must not be able to connect to the FTP server.
Figure 14 FTP Server Connected to a Wireless Client
Chapter 4 Tutorial
Access
Denied
4.2.2 Configuring the ZyXEL Device in Access Point Mode
Before setting up the ZyXEL Device as a wireless client (B), you need to make sure there is an
access point to connect to. Use the Ethernet port on your ZyXEL Device to configure it via a
wired connection.
Open the Web Configurator and go to the Wireless > Wireless Settings screen.
ZyXEL NWA-1100 User’s Guide
45
Page 46
Chapter 4 Tutorial
Figure 15 Access Point Mode Wireless Setttings
1 Set the Operation Mode to AP.
2 Enter an SSID name, such as “NWA-1100 A”.
3 Choose the channel you want the ZyXEL Device to use.
4 Select the Wireless Mode.
5 Set the Intra-BSS Traffic to Enable.
6 Go to Wireless > Security to configure the ZyXEL Device to use WPA-PSK security
mode.
Figure 16 Access Point Mode Security Setttings
4.2.3 Configuring the ZyXEL Device in Wireless Client Mode
Your ZyXEL Device should have a wired connection before it can be set to wireless client
operating mode. Connect your ZyXEL Device to the FTP server. Open the Web Configurator
ZyXEL Device and go to the Wireless > Wireless Settings screen. Follow these steps to
configure Station B.
46
1 Select Wireless Client as Operating Mode. Wait for the screen to refresh.
ZyXEL NWA-1100 User’s Guide
Page 47
Chapter 4 Tutorial
2 You should now see a tab that says Site Survey (refer to Figure 18). Click on this. A
window should pop up which contains a list of all available wireless devices within your
ZyXEL Device’s range. Copy the SSID of the AP you want your wireless client to
connect to (refer to Figure 19).
3 For this example, you want to connect to the access point, A.The SSID that you should
copy is ZyXEL NWA-1100 A (refer to Figure 15 to check the SSID of Station A).
4 Go back to the screen in Figure 17. In the SSID field, enter ZyXEL NWA-1100 A (refer
to Figure 18).
5 Set the Wireless Mode to the same one set for the access point. Click Apply.
Figure 17 Wireless Client Mode Wireless Settings
ZyXEL NWA-1100 User’s Guide
47
Page 48
Chapter 4 Tutorial
Figure 18 Site Survey
Figure 19 Wireless Client Mode
48
6 Go to Wireless > Security to configure the ZyXEL Device to use WPA-PSK security
mode.
ZyXEL NWA-1100 User’s Guide
Page 49
Chapter 4 Tutorial
Figure 20 Wireless Client Mode Security Setttings
7 One way to ensure that only specified wireless clients can access the FTP server is by
enabling MAC filtering on the ZyXEL Device. See Chapter 9 on page 93 for more
information on the MAC Filter screen.
8 Still in the Web Configurator, go to Wireless > MAC Filter. Click on Active then
highlight Allow the following MAC Address to associate. Enter the MAC Addresses
of the wireless clients (W, Y and Z) you want to associate with the ZyXEL Device.
Click Apply.
Figure 21 Wireless Client MAC Filtering
After following this tutorial, you should now have the same setup as shown in Figure 14.
4.2.4 Testing the Connection and Troubleshooting
This section discusses how you can check if you have correctly configured your network setup
as described in this tutorial.
• Try accessing the FTP server from wireless clients W, Y or Z. Test if you can send
or retrieve a file. If you cannot establish a connection with the FTP server, do the
following steps.
1 Make sure W, Y and Z use the same wireless security settings as A and can access A.
2 Make sure B uses the same wireless and wireless security settings as A and can access A.
3 Make sure intra-BSS traffic is enabled on A.
• Try accessing the FTP server from X. If you are able to access the FTP server, do
the following.
1 Make sure MAC filtering is enabled.
2 Make sure X’s MAC address is not entered in the list of allowed devices.
ZyXEL NWA-1100 User’s Guide
49
Page 50
Chapter 4 Tutorial
50
ZyXEL NWA-1100 User’s Guide
Page 51
PART II
The Web
Configurator
System Screens (53)
Wireless Settings Screen (61)
Wireless Security Screen (75)
RADIUS Screen (89)
MAC Filter Screen (93)
IP Screen (97)
Remote Management (101)
Certificate Screen (111)
Log Screens (115)
Maintenance (121)
Troubleshooting (129)
51
Page 52
52
Page 53
CHAPTER 5
System Screens
5.1 Overview
This chapter provides information and instructions on how to identify and manage your
ZyXEL Device over the network.
Figure 22 ZyXEL Device Setup
In the figure above, the ZyXEL Device connects to a Domain Name Server (DNS) server to
avail of a domain name. It also connects to an Network Time Protocol (NTP) server to set the
time on the device.
5.2 What You Can Do in the System Screens
•Use the System > General screen (see Section on page 55) to specify the Device name
and Administrator Inactivity Timer value. You can also configure your System DNS
Servers in this screen.
•Use the System > Password screen (see Section 5.4.1 on page 56) to manage the
password for your ZyXEL Device.
•Use the System > Time Setting screen (see Section 5.5 on page 56) to change your
ZyXEL Device’s time and date. This screen allows you to configure the ZyXEL Device’s
time based on your local time zone.
ZyXEL NWA-1100 User’s Guide
53
Page 54
Chapter 5 System Screens
5.3 What You Need To Know About the System Screens
IP Address Assignment
Every computer on the Internet must have a unique IP address. If your networks are isolated
from the Internet, for instance, only between your two branch offices, you can assign any IP
addresses to the hosts without problems. However, the Internet Assigned Numbers Authority
(IANA) has reserved the following three blocks of IP addresses specifically for private
networks.
Table 4 Private IP Address Ranges
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
You can obtain your IP address from the IANA, from an ISP or have it assigned by a private
network. If you belong to a small organization and your Internet access is through an ISP, the
ISP can provide you with the Internet addresses for your local networks. On the other hand, if
you are part of a much larger organization, you should consult your network administrator for
the appropriate IP addresses.
" Regardless of your particular situation, do not create an arbitrary IP address;
always follow the guidelines above. For more information on address
assignment, please refer to RFC 1597, Address Allocation for Private Internets
and RFC 1466, Guidelines for Management of IP Address Space.
IP Address and Subnet Mask
Similar to the way houses on a street share a common street name, computers on a LAN share
one common network number.
Where you obtain your network number depends on your particular situation. If the ISP or
your network administrator assigns you a block of registered IP addresses, follow their
instructions in selecting the IP addresses and the subnet mask.
If the ISP did not explicitly give you an IP network number, then most likely you have a single
user account and the ISP will assign you a dynamic IP address when the connection is
established. The Internet Assigned Number Authority (IANA) reserved this block of addresses
specifically for private use; please do not use any other number unless you are told otherwise.
Let's say you select 192.168.1.0 as the network number; which covers 254 individual
addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the
first three numbers specify the network number while the last number identifies an individual
computer on that network.
54
Once you have decided on the network number, pick an IP address that is easy to remember,
for instance, 192.168.1.2, for your device, but make sure that no other device on your network
is using that IP address.
ZyXEL NWA-1100 User’s Guide
Page 55
The subnet mask specifies the network number portion of an IP address. Your device will
compute the subnet mask automatically based on the IP address that you entered. You don't
need to change the subnet mask computed by the device unless you are instructed to do
otherwise.
5.4 General Screen
Use the General screen to identify your ZyXEL Device over the network. Click System >
General. The following screen displays.
Figure 23 System: General
Chapter 5 System Screens
The following table describes the labels in this screen.
Table 5 System: General
LABEL DESCRIPTION
Device Settings
Device Name Type a descriptive name to identify the ZyXEL Device in the Ethernet network.
This name can be up to 15 alphanumeric characters long. Spaces are not
allowed, but dashes "-" are accepted.
Administrator
Inactivity Timer
System DNS Servers
First DNS Server
Second DNS Server
Third DNS Server
Type how many minutes a management session (via web configurator) can be
left idle before the session times out.
The default is 5 minutes. After it times out you have to log in with your
password again. Very long idle timeouts may have security risks.
A value of "0" means a management session never times out, no matter how
long it has been left idle (not recommended).
The field to the right displays the (read-only) DNS server IP address that the
DHCP assigns.
Select User-Defined if you have the IP address of a DNS server. Enter the
DNS server's IP address in the field to the right.
Select None if you do not want to configure DNS servers. If you do not
configure a DNS server, you must know the IP address of a machine in order
to access it.
The default setting is None.
ZyXEL NWA-1100 User’s Guide
55
Page 56
Chapter 5 System Screens
Table 5 System: General
LABEL DESCRIPTION
Apply Click Apply to save your changes.
Reset Click Reset to reload the previous configuration for this screen.
5.4.1 Password Screen
Use this screen to control access to your ZyXEL Device by assigning a password to it. Click
System > Password. The following screen displays.
Figure 24 System: Password.
The following table describes the labels in this screen.
Table 6 System: Password
LABEL DESCRIPTIONS
Password Setup
Current Password Type in your existing system password (“1234” is the default password).
New Password Type your new system password (max 19 characters). Note that as you type a
Retype to Confirm Retype your new system password for confirmation.
Apply Click Apply to save your changes.
Reset Click Reset to reload the previous configuration for this screen.
5.5 Time Screen
Use this screen to change your ZyXEL Device’s time and date, click System > Time. The
following screen displays.
password, the screen displays an asterisk (*) for each character you type.
56
ZyXEL NWA-1100 User’s Guide
Page 57
Figure 25 System: Time
Chapter 5 System Screens
The following table describes the labels in this screen.
Table 7 System: Time
LABEL DESCRIPTION
Current Time and Date
Current Date This field displays the last updated date from the time server.
Current Time This field displays the time of your ZyXEL Device.
Each time you reload this page, the ZyXEL Device synchronizes the time with
the time server (if configured).
Time and Date Setup
Enable NTP client
update
Random Select this to have the ZyXEL Device select which NTP server to use.
User Defined Time
Server
Time Zone Setup
Time Zone Choose the time zone of your location. This will set the time difference
Daylight Saving Setup
Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period
Select this to have the ZyXEL Device use the predefined list of Network Time
Protocol (NTP) servers.
Enter the IP address or URL of your time server. Check with your ISP/network
administrator if you are unsure of this information.
between your time zone and Greenwich Mean Time (GMT).
from late spring to early fall when many countries set their clocks ahead of
normal local time by one hour to give more daytime light in the evening.
ZyXEL NWA-1100 User’s Guide
57
Page 58
Chapter 5 System Screens
Table 7 System: Time
LABEL DESCRIPTION
Start Date Configure the day and time when Daylight Saving Time starts if you selected
End Date Configure the day and time when Daylight Saving Time ends if you selected
Apply Click Apply to save your changes.
Reset Click Reset to reload the previous configuration for this screen.
Enable Daylight Saving. The at field uses the 24 hour format. Here are a
couple of examples:
Daylight Saving Time starts in most parts of the United States on the second
Sunday of March. Each time zone in the United States starts using Daylight
Saving Time at 2 A.M. local time. So in the United States you would select
Second, Sunday, March and 2:00.
Daylight Saving Time starts in the European Union on the last Sunday of
March. All of the time zones in the European Union start using Daylight Saving
Time at the same moment (1 A.M. GMT or UTC). So in the European Union
you would select Last, Sunday, March. The time you type in the at field
depends on your time zone. In Germany for instance, you would type 2
because Germany's time zone is one hour ahead of GMT or UTC (GMT+1).
Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are
a couple of examples:
Daylight Saving Time ends in the United States on the first Sunday of
November. Each time zone in the United States stops using Daylight Saving
Time at 2 A.M. local time. So in the United States you would select First,
Sunday, November and 2:00.
Daylight Saving Time ends in the European Union on the last Sunday of
October. All of the time zones in the European Union stop using Daylight
Saving Time at the same moment (1 A.M. GMT or UTC). So in the European
Union you would select Last, Sunday, October. The time you type in the at
field depends on your time zone. In Germany for instance, you would type 2
because Germany's time zone is one hour ahead of GMT or UTC (GMT+1).
5.6 Technical Reference
This section provides some technical information about the topics covered in this chapter.
5.6.1 Pre-defined NTP Time Servers List
When you turn on the ZyXEL Device for the first time, the date and time start at 2000-01-01
00:00:00. When you select Auto in the System > Time Setting screen, the ZyXEL Device
then attempts to synchronize with one of the following pre-defined list of NTP time servers.
The ZyXEL Device continues to use the following pre-defined list of NTP time servers if you
do not specify a time server or it cannot synchronize with the time server you specified.
Table 8 Default Time Servers
ntp1.cs.wisc.edu
ntp1.gbg.netnod.se
ntp2.cs.wisc.edu
tock.usno.navy.mil
58
ZyXEL NWA-1100 User’s Guide
Page 59
Chapter 5 System Screens
Table 8 Default Time Servers (continued)
ntp3.cs.wisc.edu
ntp.cs.strath.ac.uk
ntp1.sp.se
time1.stupi.se
tick.stdtime.gov.tw
tock.stdtime.gov.tw
time.stdtime.gov.tw
When the ZyXEL Device uses the pre-defined list of NTP time servers, it randomly selects
one server and tries to synchronize with it. If the synchronization fails, then the ZyXEL
Device goes through the rest of the list in order from the first one tried until either it is
successful or all the pre-defined NTP time servers have been tried.
ZyXEL NWA-1100 User’s Guide
59
Page 60
Chapter 5 System Screens
60
ZyXEL NWA-1100 User’s Guide
Page 61
CHAPTER 6
Wireless Settings Screen
6.1 Overview
This chapter discusses the steps to configure the Wireless Settings screen on the ZyXEL
Device. It also introduces the wireless LAN (WLAN) and some basic scenarios.
Figure 26 Wireless Mode
In the figure above, the ZyXEL Device allows access to another bridge device (A) and a
notebook computer (B) upon verifying their settings and credentials. It denies access to other
devices (C and D) with configurations that do not match those specified in your ZyXEL
Device.
6.2 What You Can Do in the Wireless Settings Screen
Use the Wireless > Wireless Settings screen (see Section 6.4 on page 63) to configure the
ZyXEL Device to operate in AP (Access Point), Wireless Client, Bridge or AP + Bridge.
ZyXEL NWA-1100 User’s Guide
61
Page 62
Chapter 6 Wireless Settings Screen
6.3 What You Need To Know About Wireless Settings Screen
BSS
A Basic Service Set (BSS) exists when all communications between wireless clients or
between a wireless client and a wired network client go through one access point (AP). IntraBSS traffic is traffic between wireless clients in the BSS.
ESS
An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an
access point, with each access point connected together by a wired network. This wired
connection between APs is called a Distribution System (DS).
Operating Mode
The ZyXEL Device can run in four operating modes as follows:
• AP (Access Point). The ZyXEL Device is wireless access point that allows
wireless communication to other devices in the network.
• Wireless Client. The ZyXEL Device acts as a wireless client to access a wireless
network.
• Bridge. The ZyXEL Device acts as a wireless network bridge and establishes
wireless links with other APs. You need to know the MAC address of the peer
device, which also must be in bridge mode. The ZyXEL Device can establish up
to five wireless links with other APs.
• AP+Bridge Mode. The ZyXEL Device functions as a bridge and access point
simultaneously.
Refer to Chapter 1 on page 25 for illustrations of these wireless applications.
SSID
The SSID (Service Set IDentifier) identifies the Service Set with which a wireless station is
associated. Wireless stations associating to the access point (AP) must have the same SSID.
Normally, the ZyXEL Device acts like a beacon and regularly broadcasts the SSID in the area.
You can hide the SSID instead, in which case the ZyXEL Device does not broadcast the SSID.
In addition, you should change the default SSID to something that is difficult to guess.
This type of security is fairly weak, however, because there are ways for unauthorized wireless
devices to get the SSID. In addition, unauthorized wireless devices can still see the
information that is sent in the wireless network.
Channel
A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels
available depend on your geographical area. You may have a choice of channels (for your
region) so you should use a different channel than an adjacent AP (access point) to reduce
interference.
62
ZyXEL NWA-1100 User’s Guide
Page 63
Wireless Mode
The IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support
extended authentication as well as providing additional accounting and control features. Your
ZyXEL Device can support 802.11b Only, 802.11g Only and 802.11b+g.
6.4 Wireless Settings Screen
Use this screen to choose the operating mode for your ZyXEL Device. Click Wireless >
Wireless Settings. The screen varies depending upon the operating mode you select.
6.4.1 Access Point Mode
Use this screen to use your ZyXEL Device as an access point. Select AP as the Operation
Mode. The following screen displays.
Figure 27 Wireless: Access Point
Chapter 6 Wireless Settings Screen
ZyXEL NWA-1100 User’s Guide
63
Page 64
Chapter 6 Wireless Settings Screen
The following table describes the general wireless LAN labels in this screen.
Table 9 Wireless: Access Point
LABEL DESCRIPTION
Basic Settings
Operation Mode Select AP from the drop-down list.
SSID The SSID (Service Set IDentifier) identifies the Service Set with which a wireless
station is associated. Wireless stations associating to the access point (AP) must
have the same SSID. Select an SSID Profile from the drop-down list box.
Note: If you are configuring the ZyXEL Device from a computer
Hide SSID If you hide the SSID, then the ZyXEL Device cannot be seen when a wireless client
scans for local APs. The trade-off for the extra security of “hiding” the ZyXEL Device
may be inconvenience for some valid WLAN clients.
Channel Set the operating frequency/channel depending on your particular region.
To manually set the ZyXEL Device to use a channel, select a channel from the
drop-down list box. Click MAINTENANCE and then the Channel Usage tab to open
the Channel Usage screen to make sure the channel is not already used by
another AP or independent peer-to-peer wireless network.
To have the ZyXEL Device automatically select a channel, click Scan instead.
Wireless Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to
Advanced
Settings
Beacon Interval When a wirelessly networked device sends a beacon, it includes with it a beacon
Intra-BSS
Traffic
DTIM Interval Delivery Traffic Indication Message (DTIM) is the time period after which broadcast
WMM Select this to turn on WMM QoS (Wireless MultiMedia Quality of Service). The
associate with the ZyXEL Device.
Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to
associate with the ZyXEL Device.
Select 802.11b+g to allow both IEEE802.11b and IEEE802.11g compliant WLAN
devices to associate with the ZyXEL Device. The transmission rate of your ZyXEL
Device might be reduced.
interval. This specifies the time period before the device sends the beacon again.
The interval tells receiving devices on the network how long they can wait in
lowpower mode before waking up to handle the beacon. This value can be set from
20ms to 1000ms. A high value helps save current consumption of the access point.
When Intra-BSS is enabled, wireless client can access the wired network and
communicate with each other. When Intra-BSS is disabled, wireless client can still
access the wired network but cannot communicate with each other.
and multicast packets are transmitted to mobile clients in the Power Saving mode.
A high DTIM value can cause clients to lose connectivity with
the network. This value can be set from 1 to 100.
ZyXEL Device assigns priority to packets based on the IEEE 802.1q or DSCP
information in their headers. If a packet has no WMM information in its header, it is
assigned the default priority.
connected to the wireless LAN and you change the
ZyXEL Device’s SSID or security settings, you will lose
your wireless connection when you press Apply to
confirm. You must then change the wireless settings of
your computer to match the ZyXEL Device’s new
settings.
64
ZyXEL NWA-1100 User’s Guide
Page 65
Chapter 6 Wireless Settings Screen
Table 9 Wireless: Access Point
LABEL DESCRIPTION
Number of
Wireless
Stations
Allowed to
Associate
Radio Enable Select Yes to enable WLAN radio, and No to turn it off. The ZyXEL Device cannot
Output Power
Management
Preamble Type Select Dynamic to have the AP automatically use short preamble when wireless
RTS/CTS
Threshold
Fragmentation The threshold (number of bytes) for the fragmentation boundary for directed
Rates
Configuration
Enable Antenna
Diversity
Enable
Spanning Tree
Control (STP)
Apply Click Apply to save your changes.
Reset Click Reset to begin configuring this screen afresh.
Specify how many wireless stations can associate with your ZyXEL Device.
be accessed wirelessly if radio is turned off.
Set the output power of the ZyXEL Device in this field. If there is a high density of
APs in an area, decrease the output power of the ZyXEL Device to reduce
interference with other APs. Select one of the following Full (Full Power), 50%,
25%, 12.5% or Min (Minimum). See the product specifications for more information
on your ZyXEL Device’s output power.
adapters support it, otherwise the AP uses long preamble.
Select Long if you are unsure what preamble mode the wireless adapters support,
and to provide more reliable communications in busy wireless networks.
(Request To Send) The threshold (number of bytes) for enabling RTS/CTS
handshake. Data with its frame size larger than this value will perform the RTS/CTS
handshake. Setting this attribute to be larger than the maximum MSDU (MAC
service data unit) size turns off the RTS/CTS handshake. Setting this attribute to its
smallest value (1) turns on the RTS/CTS handshake. Enter a value between 1 and
2346.
messages. It is the maximum data fragment size that can be sent. Enter an even
number between 256 and 2346.
This section controls the data rates permitted for clients.
For each Rate, select an option from the Configuration list. The options are:
• Basic (1~11 Mbps only): Clients can always connect to the access point at this
speed.
• Optional: Clients can connect to the access point at this speed, when permitted
to do so by the AP.
• Disable: Clients cannot connect to the access point at this speed.
Select this to use antenna diversity. Antenna diversity uses multiple antennas to
reduce signal interference.
(R)STP detects and breaks network loops and provides backup links between
switches, bridges or routers. It allows a bridge to interact with other (R)STP compliant bridges in your network to ensure that only one path exists between any
two stations on the network. Select the check box to activate STP on the ZyXEL
Device.
6.4.2 Wireless Client Mode
Use this screen to turn your ZyXEL Device into a wireless client. Select Wireless Client as
the Operation Mode. The following screen displays.
ZyXEL NWA-1100 User’s Guide
65
Page 66
Chapter 6 Wireless Settings Screen
Figure 28 Wireless: Wireless Client
The following table describes the general wireless LAN labels in this screen.
Table 10 Wireless: Wireless Client
LABEL DESCRIPTION
Basic Settings
Operation Mode Select Wireless Client from the drop-down list. Click Apply to make the Site
SSID The SSID (Service Set IDentifier) identifies the Service Set with which a wireless
Survey button appear next to the SSID field. Click this button to get a pop up
window of available APs.
station is associated. Wireless stations associating to the access point (AP) must
have the same SSID.
In this field, enter the SSID of the AP you want to use (click Site Survey button for a
list of available APs). Click Apply. Set the security configuration for this operating
mode in the Wireless > Security screen. Check the Status screen to check if the
settings you set show in the WLAN information.
Note: If you are configuring the ZyXEL Device from a computer
connected to the wireless LAN and you change the
ZyXEL Device’s SSID or security settings, you will lose
your wireless connection when you press Apply to
confirm. You must then change the wireless settings of
your computer to match the ZyXEL Device’s new
settings.
66
ZyXEL NWA-1100 User’s Guide
Page 67
Chapter 6 Wireless Settings Screen
Table 10 Wireless: Wireless Client
LABEL DESCRIPTION
Site Survey Click this to view a list of available wireless access points within the range.
Wireless Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to
Advanced
Settings
MAC Address
Clone
Radio Enable Select Yes to enable WLAN radio, and No to turn it off. The ZyXEL Device cannot
Output Power
Management
Preamble Type Select Dynamic to have the ZyXEL Device automatically use short preamble when
RTS/CTS
Threshold
Fragmentation The threshold (number of bytes) for the fragmentation boundary for directed
Rates
Configuration
Enable Antenna
Diversity
Enable
Spanning Tree
Control (STP)
Apply Click Apply to save your changes.
Reset Click Reset to begin configuring this screen afresh.
associate with the ZyXEL Device.
Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to
associate with the ZyXEL Device.
Select 802.11b+g to allow both IEEE802.11b and IEEE802.11g compliant WLAN
devices to associate with the ZyXEL Device. The transmission rate of your ZyXEL
Device might be reduced.
Choose Manual to configure the ZyXEL Device's MAC address by cloning the MAC
address from a computer on your LAN. Choose Auto to use the factory default
MAC address of your ZyXEL Device.
be accessed wirelessly if radio is turned off.
Set the output power of the ZyXEL Device in this field. If there is a high density of
APs in an area, decrease the output power of the ZyXEL Device to reduce
interference with other APs. Select one of the following Full (Full Power), 50%,
25%, 12.5% or Min (Minimum). See the product specifications for more information
on your ZyXEL Device’s output power.
the wireless network your ZyXEL Device is connected to supports it, otherwise the
ZyXEL Device uses long preamble.
Select Long preamble if you are unsure what preamble mode the wireless device
your ZyXEL Device is connected to supports, and to provide more reliable
communications in busy wireless networks.
(Request To Send) The threshold (number of bytes) for enabling RTS/CTS
handshake. Data with its frame size larger than this value will perform the RTS/CTS
handshake. Setting this attribute to be larger than the maximum MSDU (MAC
service data unit) size turns off the RTS/CTS handshake. Setting this attribute to its
smallest value (1) turns on the RTS/CTS handshake. Enter a value between 1 and
2346.
messages. It is the maximum data fragment size that can be sent. Enter an even
number between 256 and 2346.
This section controls the data rates permitted for clients.
For each Rate, select an option from the Configuration list. The options are:
• Basic (1~11 Mbps only): Clients can always connect to the access point at this
speed.
• Optional: Clients can connect to the access point at this speed, when permitted
to do so by the AP.
• Disable: Clients cannot connect to the access point at this speed.
Select this to use antenna diversity. Antenna diversity uses multiple antennas to
reduce signal interference.
(R)STP detects and breaks network loops and provides backup links between
switches, bridges or routers. It allows a bridge to interact with other (R)STP compliant bridges in your network to ensure that only one path exists between any
two stations on the network. Select the check box to activate STP on the ZyXEL
Device.
ZyXEL NWA-1100 User’s Guide
67
Page 68
Chapter 6 Wireless Settings Screen
6.4.3 Bridge Mode
Use this screen to have the ZyXEL Device act as a wireless network bridge and establish
wireless links with other APs. You need to know the MAC address of the peer device, which
also must be in bridge mode.
Use this screen to use the ZyXEL Device as a wireless bridge. Select Bridge as the
Operation Mode.
Figure 29 Wireless: Bridge
68
The following table describes the bridge labels in this screen.
Tabl e 11 Wireless: Bridge
LABEL DESCRIPTIONS
Basic Settings
Operation Mode Select Bridge in this field.
ZyXEL NWA-1100 User’s Guide
Page 69
Chapter 6 Wireless Settings Screen
Tabl e 11 Wireless: Bridge
LABEL DESCRIPTIONS
Channel Set the operating frequency/channel depending on your particular region.
To manually set the ZyXEL Device to use a channel, select a channel from the
drop-down list box. Click MAINTENANCE and then the Channel Usage tab to
open the Channel Usage screen to make sure the channel is not already used
by another AP or independent peer-to-peer wireless network.
To have the ZyXEL Device automatically select a channel, click Scan instead.
Wireless Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to
associate with the ZyXEL Device.
Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to
associate with the ZyXEL Device.
Select 802.11b+g to allow both IEEE802.11b and IEEE802.11g compliant
WLAN devices to associate with the ZyXEL Device. The transmission rate of
your ZyXEL Device might be reduced.
WDS Settings
Local Mac Address
Remote MAC
Address 1 - 4
A Wireless Distribution System is a wireless connection between two or more
APs.
Note: WDS security is independent of the security settings
between the ZyXEL Device and any wireless clients.
Local MAC Address is the MAC address of your ZyXEL Device. You can
specify up to 4 remote devices’ MAC addresses in this section.
Advanced Settings
Radio Enable Select Yes to enable WLAN radio, and No to turn it off. The ZyXEL Device
cannot be accessed wirelessly if radio is turned off.
Output Power
Management
Preamble Type Select Dynamic to have the ZyXEL Device automatically use short preamble
RTS/CTS Threshold (Request To Send) The threshold (number of bytes) for enabling RTS/CTS
Fragmentation The threshold (number of bytes) for the fragmentation boundary for directed
Rates Configuration This section controls the data rates permitted for clients.
Set the output power of the ZyXEL Device in this field. If there is a high density
of APs in an area, decrease the output power of the ZyXEL Device to reduce
interference with other APs. Select one of the following Full (Full Power), 50%,
25%, 12.5% or Min (Minimum). See the product specifications for more
information on your ZyXEL Device’s output power.
when wireless adapters support it, otherwise the AP uses long preamble.
Select Long preamble if you are unsure what preamble mode the wireless
adapters support, and to provide more reliable communications in busy
wireless networks.
handshake. Data with its frame size larger than this value will perform the RTS/
CTS handshake. Setting this attribute to be larger than the maximum MSDU
(MAC service data unit) size turns off the RTS/CTS handshake. Setting this
attribute to 1 turns on the RTS/CTS handshake. Enter a value between
2346.
messages. It is the maximum data fragment size that can be sent. Enter an
even number between 256 and 2346.
For each Rate, select an option from the Configuration list. The options are:
• Basic (1~11 Mbps only): Clients can always connect to the access point at
this speed.
• Optional: Clients can connect to the access point at this speed, when
permitted to do so by the AP.
• Disable: Clients cannot connect to the access point at this speed.
1 and
ZyXEL NWA-1100 User’s Guide
69
Page 70
Chapter 6 Wireless Settings Screen
Tabl e 11 Wireless: Bridge
LABEL DESCRIPTIONS
Enable Antenna
Diversity
Enable Spanning
Tree Protocol(STP)
6.4.4 AP + Bridge Mode
Use this screen to have the ZyXEL Device function as a bridge and access point
simultaneously. Select AP + Bridge as the Operation Mode. The following screen diplays.
Figure 30 Wireless: AP+Bridge
Select this to use antenna diversity. Antenna diversity uses multiple antennas
to reduce signal interference.
(R)STP detects and breaks network loops and provides backup links between
switches, bridges or routers. It allows a bridge to interact with other (R)STP compliant bridges in your network to ensure that only one path exists between
any two stations on the network. Select the check box to activate STP on the
ZyXEL Device.
70
ZyXEL NWA-1100 User’s Guide
Page 71
See the tables describing the fields in the Access Point and Bridge operating modes for
descriptions of the fields in this screen.
6.5 Technical Reference
This section provides technical background information about the topics covered in this
chapter. Refer to Appendix E on page 153 for further readings on Wireless LAN.
6.5.1 WMM QoS
WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless
networks. It controls WLAN transmission priority on packets to be transmitted over the
wireless network.
WMM QoS prioritizes wireless traffic according to the delivery requirements of the individual
and applications. WMM QoS is a part of the IEEE 802.11e QoS enhancement to certified WiFi wireless networks.
On APs without WMM QoS, all traffic streams are given the same access priority to the
wireless network. If the introduction of another traffic stream creates a data transmission
demand that exceeds the current network capacity, then the new traffic stream reduces the
throughput of the other traffic streams.
Chapter 6 Wireless Settings Screen
The ZyXEL Device uses WMM QoS to prioritize traffic streams according to the IEEE 802.1q
or DSCP information in each packet’s header. The ZyXEL Device automatically determines
the priority to use for an individual traffic stream. This prevents reductions in data
transmission for applications that are sensitive to latency and jitter (variations in delay).
6.5.2 Spanning Tree Protocol (STP)
STP detects and breaks network loops and provides backup links between switches, bridges or
routers. It allows a bridge to interact with other STP-compliant bridges in your network to
ensure that only one route exists between any two stations on the network.
6.5.2.1 Rapid STP
The ZyXEL Device uses IEEE 802.1w RSTP (Rapid Spanning Tree Protocol) that allow faster
convergence of the spanning tree (while also being backwards compatible with STP-only
aware bridges). Using RSTP topology change information does not have to propagate to the
root bridge and unwanted learned addresses are flushed from the filtering database. In RSTP,
the port states are Discarding, Learning, and Forwarding.
6.5.2.2 STP Terminology
The root bridge is the base of the spanning tree; it is the bridge with the lowest identifier value
(MAC address).
ZyXEL NWA-1100 User’s Guide
71
Page 72
Chapter 6 Wireless Settings Screen
Path cost is the cost of transmitting a frame onto a LAN through that port. It is assigned
according to the speed of the link to which a port is attached. The slower the media, the higher
the cost - see the following table.
Table 12 STP Path Costs
LINK SPEED
Path Cost 4Mbps 250 100 to 1000 1 to 65535
Path Cost 10Mbps 100 50 to 600 1 to 65535
Path Cost 16Mbps 62 40 to 400 1 to 65535
Path Cost 100Mbps 19 10 to 60 1 to 65535
Path Cost 1Gbps 4 3 to 10 1 to 65535
Path Cost 10Gbps 2 1 to 5 1 to 65535
On each bridge, the root port is the port through which this bridge communicates with the root.
It is the port on this switch with the lowest path cost to the root (the root path cost). If there is
no root port, then this bridge has been accepted as the root bridge of the spanning tree network.
For each LAN segment, a designated bridge is selected. This bridge has the lowest cost to the
root among the bridges connected to the LAN.
RECOMMENDED
VALUE
RECOMMENDED
RANGE
ALLOWED
RANGE
6.5.2.3 How STP Works
After a bridge determines the lowest cost-spanning tree with STP, it enables the root port and
the ports that are the designated ports for connected LANs, and disables all other ports that
participate in STP. Network packets are therefore only forwarded between enabled ports,
eliminating any possible network loops.
STP-aware bridges exchange Bridge Protocol Data Units (BPDUs) periodically. When the
bridged LAN topology changes, a new spanning tree is constructed.
Once a stable network topology has been established, all bridges listen for Hello BPDUs
(Bridge Protocol Data Units) transmitted from the root bridge. If a bridge does not get a Hello
BPDU after a predefined interval (Max Age), the bridge assumes that the link to the root
bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the
network to re-establish a valid network topology.
6.5.2.4 STP Port States
STP assigns five port states (see next table) to eliminate packet looping. A bridge port is not
allowed to go directly from blocking state to forwarding state so as to eliminate transient
loops.
Table 13 STP Port States
PORT STATES DESCRIPTIONS
Disabled STP is disabled (default).
Blocking Only configuration and management BPDUs are received and processed.
Listening All BPDUs are received and processed.
Learning All BPDUs are received and processed. Information frames are submitted to the
Forwarding All BPDUs are received and processed. All information frames are received and
learning process but not forwarded.
forwarded.
72
ZyXEL NWA-1100 User’s Guide
Page 73
6.5.3 Additional Wireless Terms
Table 14 Additional Wireless Terms
TERM DESCRIPTION
Intra-BSS Traffic This describes direct communication (not through the ZyXEL Device)
between two wireless devices within a wireless network. You might disable
this kind of communication to enhance security within your wireless network.
RTS/CTS Threshold In a wireless network which covers a large area, wireless devices are
Preamble A preamble affects the timing in your wireless network. There are two
Fragmentation
Threshold
Roaming If you have two or more ZyXEL Devices (or other wireless access points) on
Antenna An antenna couples Radio Frequency (RF) signals onto air. A transmitter
sometimes not aware of each other’s presence. This may cause them to
send information to the AP at the same time and result in information colliding
and not getting through.
By setting this value lower than the default value, the wireless devices must
sometimes get permission to send information to the ZyXEL Device. The
lower the value, the more often the devices must get permission.
If this value is greater than the fragmentation threshold value (see below),
then wireless devices never have to get permission to send information to the
ZyXEL Device.
preamble modes: long and short. If a device uses a different preamble mode
than the ZyXEL Device does, it cannot communicate with the ZyXEL Device.
A small fragmentation threshold is recommended for busy networks, while a
larger threshold provides faster performance if the network is not very busy.
your wireless network, you can enable this option so that wireless devices
can change locations without having to log in again. This is useful for devices,
such as notebooks, that move around a lot.
within a wireless device sends an RF signal to the antenna, which propagates
the signal through the air. The antenna also operates in reverse by capturing
RF signals from the air.
Positioning the antennas properly increases the range and coverage area of
a wireless LAN.
Chapter 6 Wireless Settings Screen
ZyXEL NWA-1100 User’s Guide
73
Page 74
Chapter 6 Wireless Settings Screen
74
ZyXEL NWA-1100 User’s Guide
Page 75
CHAPTER 7
Wireless Security Screen
7.1 Overview
This chapter describes how to use the Wireless Security screen. This screen allows you to
configure the security mode for your ZyXEL Device.
Wireless security is vital to your network. It protects communications between wireless
stations, access points and the wired network.
Figure 31 Securing the Wireless Network
In the figure above, the ZyXEL Device checks the identity of devices before giving them
access to the network. In this scenario, Computer A is denied access to the network, while
Computer B is granted connectivity.
The ZyXEL Device secure communications via data encryption, wireless client authentication
and MAC address filtering. It can also hide its identity in the network.
7.2 What You Can Do in the Wireless Security Screen
Use the Wireless > Security screen (see Section 7.4 on page 77) to choose the security mode
for your ZyXEL Device.
ZyXEL NWA-1100 User’s Guide
75
Page 76
Chapter 7 Wireless Security Screen
7.3 What You Need To Know About Wireless Security
User Authentication
Authentication is the process of verifying whether a wireless device is allowed to use the
wireless network. You can make every user log in to the wireless network before they can use
it. However, every device in the wireless network has to support IEEE 802.1x to do this.
For wireless networks, you can store the user names and passwords for each user in a RADIUS
server. This is a server used in businesses more than in homes. If you do not have a RADIUS
server, you cannot set up user names and passwords for your users.
Unauthorized wireless devices can still see the information that is sent in the wireless network,
even if they cannot use the wireless network. Furthermore, there are ways for unauthorized
wireless users to get a valid user name and password. Then, they can use that user name and
password to use the wireless network.
The following table shows the relative effectiveness of wireless security methods:.
Table 15 Wireless Security Levels
SECURITY
LEVEL
Least
S e c u r e
Most Secure
SECURITY TYPE
Unique SSID (Default)
Unique SSID with Hide SSID Enabled
MAC Address Filtering
WEP Encryption
IEEE802.1x EAP with RADIUS Server Authentication
Wi-Fi Protected Access (WPA)
WPA2
The available security modes in your ZyXEL Device are as follows:
• None. No data encryption.
• WEP. Wired Equivalent Privacy (WEP) encryption scrambles the data transmitted
between the wireless stations and the access points to keep network communications
private.
• 802.1x-Only. This is a standard that extends the features of IEEE 802.11 to support
extended authentication. It provides additional accounting and control features. This
option does not support data encryption.
• 802.1x-Static64. This provides 802.1x-Only authentication with a static 64bit WEP
key and an authentication server.
• 802.1x-Static128. This provides 802.1x-Only authentication with a static 128bit WEP
key and an authentication server.
• WPA. Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard.
• WPA2. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger
encryption, authentication and key management than WPA.
• WPA2-MIX. This commands the ZyXEL Device to use either WPA2 or WPA
depending on which security mode the wireless client uses.
• WPA2-PSK. This adds a pre-shared key on top of WPA2 standard.
76
ZyXEL NWA-1100 User’s Guide
Page 77
Chapter 7 Wireless Security Screen
• WPA2-PSK-MIX. This commands the ZyXEL Device to use either WPA-PSK or
WPA2-PSK depending on which security mode the wireless client uses.
" In Bridge and Bridge + AP operating modes, the only available security modes
are WEP and WPA2-PSK.
Passphrase
A passphrase functions like a password. In WEP security mode, it is further converted by the
ZyXEL Device into a complicated string that is referred to as the “key”. This key is requested
from all devices wishing to connect to a wireless network.
PSK
The Pre-Shared Key (PSK) is a password shared by a wireless access point and a client during
a previous secure connection. The key can then be used to establish a connection between the
two parties.
Encryption
Wireless networks can use encryption to protect the information that is sent in the wireless
network. Encryption is like a secret code. If you do not know the secret code, you cannot
understand the message. Encryption is the process of converting data into unreadable text.
This secures information in network communications. The intended recipient of the data can
“unlock” it with a pre-assigned key, making the information readable only to him. The ZyXEL
Device when used as a wireless client employs Temporal Key Integrity Protocol (TKIP) data
encryption.
EAP
Extensible Authentication Protocol (EAP) is a protocol used by a wireless client, an access
point and an authentication server to negotiate a connection.
The EAP methods employed by the ZyXEL Device when in Wireless Client operating mode
are Transport Layer Security (TLS), Protected Extensible Authentication Protocol (PEAP),
Lightweight Extensible Authentication Protocol (LEAP) and Tunneled Transport Layer
Security (TTLS). The authentication protocol may either be Microsoft Challenge Handshake
Authentication Protocol Version 2 (MSCHAPv2) or Generic Token Card (GTC).
Further information on these terms can be found in Appendix E on page 153.
7.4 The Security Screen
Use this screen to choose the security mode for your ZyXEL Device.
Click Wireless > Security. The screen varies depending upon the security mode you select.
ZyXEL NWA-1100 User’s Guide
77
Page 78
Chapter 7 Wireless Security Screen
Figure 32 Security: None
The default security mode is set to None.
Note that some screens display differently depending on the operating mode selected in the
Wireless > Wireless Settings screen.
" You must enable the same wireless security settings on the ZyXEL Device and
on all wireless clients that you want to associate with it.
7.4.1 Security: WEP
Use this screen to use WEP as the security mode for your ZyXEL Device. Select WEP in the
Security Mode field to display the following screen.
Figure 33 Security: WEP
78
ZyXEL NWA-1100 User’s Guide
Page 79
Chapter 7 Wireless Security Screen
The following table describes the labels in this screen.
Table 16 Security: WEP
LABEL DESCRIPTION
Security Mode Choose WEP in this field.
Authentication
Method
Data Encryption Select Disable to allow wireless stations to communicate with the access points
Passphrase Enter the passphrase or string of text used for automatic WEP key generation on
Generate Click this to get the keys from the Passphrase you entered.
Key 1 to
Key 4
Apply Click Apply to save your changes.
Reset Click Reset to begin configuring this screen afresh.
Select Open or Shared Key from the drop-down list box.
The default setting is Auto.
without any data encryption.
Select 64-bit WEP, 128-bit WEP or 152-bit WEP to enable data encryption.
wireless client adapters.
The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless
stations must use the same WEP key for data transmission.
If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal
characters ("0-9", "A-F").
If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal
characters ("0-9", "A-F").
If you chose 152-bit WEP, then enter 16 ASCII characters or 32 hexadecimal
characters ("0-9", "A-F").
You must configure all four keys, but only one key can be activated at any one
time. The default key is key 1.
7.4.2 Security: 802.1x Only
This screen varies depending on whether you select Access Point or Wireless Client in the
Wireless > Wireless Settings screen.
7.4.2.1 Access Point
Use this screen to use 802.1x-Only security mode for your ZyXEL Device that is in Access
Point operating mode. Select 802.1x-Only in the Security Mode field to display the following
screen.
ZyXEL NWA-1100 User’s Guide
79
Page 80
Chapter 7 Wireless Security Screen
Figure 34 Security: 802.1x Only for Access Point
The following table describes the labels in this screen.
Table 17 Security: 802.1x Only for Access Point
LABEL DESCRIPTION
Security Mode Choose 802.1x Only in this field.
ReAuthentication
Time
Specify how often wireless stations have to resend user names and passwords in
order to stay connected.
Enter a time interval between 10 and 9999 seconds. The default time interval is
1800 seconds (30 minutes). Alternatively, enter “0” to turn reauthentication off.
Group-Key
Update
Apply Click Apply to save your changes.
Reset Click Reset to begin configuring this screen afresh.
7.4.2.2 Wireless Client
Use this screen to use 802.1x-Only security mode for your ZyXEL Device that is in Wireless
Client operating mode. Select 802.1x-Only in the Security Mode field to display the
following screen.
Note: If wireless station authentication is done using a
RADIUS server, the reauthentication timer on the
RADIUS server has priority.
The ZyXEL Device automatically disconnects a wireless station from the wired
network after a period of inactivity. The wireless station needs to enter the user
name and password again before access to the wired network is allowed.
The default time interval is 3600 seconds (or 1 hour).
80
ZyXEL NWA-1100 User’s Guide
Page 81
Chapter 7 Wireless Security Screen
Figure 35 Security: 802.1x Only for Wireless Client
The following table describes the labels in this screen.
Table 18 Security: 802.1x Only for Wireless Client
LABEL DESCRIPTION
Security Mode Choose the same security mode used by the AP.
Data Encryption Select between None and Dynamic WEP. Refer to Section on page 161 for
IEEE802.1x
Authentication
EAP Type The options on the left refer to EAP methods. You can choose either TLS, LEAP,
User Information
Username Supply the username of the account created in the RADIUS server.
Password Supply the password of the account created in the RADIUS server.
Apply Click Apply to save your changes.
Reset Click Reset to begin configuring this screen afresh.
information on using Dynamic WEP.
PEAP or TTLS. The default value is PEAP.
The options on the right refer to authentication protocols. You can choose
between MSCHAPv2 and GT C.The default value is MSCHAPv2.
7.4.3 Security: 802.1x Static 64-bit, 802.1x Static 128-bit
Use this screen to use 802.1x Static 64 or 802.1x Static 128 security mode for your ZyXEL
Device. Select 802.1x Static 64 or 802.1x Static 128 in the Security Mode field to display the
following screen.
ZyXEL NWA-1100 User’s Guide
81
Page 82
Chapter 7 Wireless Security Screen
Figure 36 Security: 802.1x Static 64-bit, 802.1x Static 128-bit (AP mode)
The following table describes the labels in this screen.
Table 19 Security: 802.1x Static 64-bit, 802.1x Static 128-bit
LABEL DESCRIPTION
Security Mode Choose 802.1x Static 64 or 802.1x Static 128 in this field.
Passphrase
Generate
Key 1 to Key 4 If you chose 802.1x Static 64, then enter any 5 characters (ASCII string) or 10
ReAuthentication
Timer
Enter the passphrase or string of text used for automatic WEP key generation on
wireless client adapters (AP mode).
Click this to get the keys from the Passphrase you entered (AP mode).
hexadecimal characters ("0-9", "A-F") preceded by 0x for each key.
If you chose 802.1x Static 128-bit, then enter 13 characters (ASCII string) or 26
hexadecimal characters ("0-9", "A-F") preceded by 0x for each key.
There are four data encryption keys to secure your data from eavesdropping by
unauthorized wireless users. The values for the keys must be set up exactly the
same on the access points as they are on the wireless stations.
The preceding “0x” is entered automatically. You must configure all four keys, but
only one key can be activated at any one time. The default key is key 1.
Specify how often wireless stations have to resend user names and passwords in
order to stay connected.
Enter a time interval between 10 and 9999 seconds. The default time interval is
1800 seconds (30 minutes). Alternatively, enter “0” to turn reauthentication off.
Note: If wireless station authentication is done using a
RADIUS server, the reauthentication timer on the
RADIUS server has priority.
82
ZyXEL NWA-1100 User’s Guide
Page 83
Table 19 Security: 802.1x Static 64-bit, 802.1x Static 128-bit
LABEL DESCRIPTION
Group-Key
Update
Apply Click Apply to save your changes.
Reset Click Reset to begin configuring this screen afresh.
7.4.4 Security: WPA
This screen varies depending on whether you select Access Point or Wireless Client in the
Wireless > Wireless Settings screen.
7.4.4.1 Access Point
Use this screen to employ WPA as the security mode for your ZyXEL Device that is in Access
Point operating mode. Select WPA in the Security Mode field to display the following
screen.
Chapter 7 Wireless Security Screen
The ZyXEL Device automatically disconnects a wireless station from the wired
network after a period of inactivity. The wireless station needs to enter the user
name and password again before access to the wired network is allowed.
The default time interval is 3600 seconds (or 1 hour).
Figure 37 Security: WPA for Access Point
The following table describes the labels in this screen.
Table 20 Security: WPA for Access Point
LABEL DESCRIPTION
Security Mode Choose WPA in this field.
ReAuthentication
Timer
Specify how often wireless stations have to resend user names and passwords in
order to stay connected.
Enter a time interval between 10 and 9999 seconds. The default time interval is
1800 seconds (30 minutes). Alternatively, enter “0” to turn reauthentication off.
ZyXEL NWA-1100 User’s Guide
Note: If wireless station authentication is done using a
RADIUS server, the reauthentication timer on the
RADIUS server has priority.
83
Page 84
Chapter 7 Wireless Security Screen
Table 20 Security: WPA for Access Point
LABEL DESCRIPTION
Group Key
Update
Apply Click Apply to save your changes.
Reset Click Reset to begin configuring this screen afresh.
The Group Key Update Timer is the rate at which the AP sends a new group key
out to all clients. The re-keying process is the WPA equivalent of automatically
changing the group key for an AP and all stations in a WLAN on a periodic basis.
Setting of the Group Key Update Timer is also supported in WPA-PSK mode.
The ZyXEL Device default is 3800 seconds (or 1 hour).
7.4.4.2 Wireless Client
Use this screen to employ WPA as the security mode for your ZyXEL Device that is in
Wireless Client operating mode. Select WPA in the Security Mode field to display the
following screen.
Figure 38 Security: WPA for Wireless Client
84
The following table describes the labels in this screen.
Table 21 Security: WPA for Wireless Client
LABEL DESCRIPTION
Security Mode Choose the same security mode used by the AP.
Data Encryption Select between None and TKIP.
IEEE802.1x
Authentication
EAP Type The options on the left refer to EAP methods. You can choose either TLS, LEAP,
PEAP or TTLS. The default value is PEAP.
The options on the right refer to authentication protocols. You can choose
between MSCHAPv2 and GT C.The default value is MSCHAPv2.
User Information
Username Supply the username of the account created in the RADIUS server.
Password Supply the password of the account created in the RADIUS server.
ZyXEL NWA-1100 User’s Guide
Page 85
Table 21 Security: WPA for Wireless Client
LABEL DESCRIPTION
Apply Click Apply to save your changes.
Reset Click Reset to begin configuring this screen afresh.
7.4.5 Security: WPA2 or WPA2-MIX
This screen varies depending on whether you select Access Point or Wireless Client in the
Wireless > Wireless Settings screen.
7.4.5.1 Access Point
Use this screen to use WAP2 or WPA2-MIX as the security mode for your ZyXEL Device that
is in Access Point operating mode. Select WPA2 or WPA2-MIX in the Security Mode field
to display the following screen.
Figure 39 Security:WPA2 or WPA2-MIX for Access Point
Chapter 7 Wireless Security Screen
The following table describes the labels not previously discussed
Table 22 Security: WPA2 or WPA2-MIX for Access Point
LABEL DESCRIPTIONS
Security Mode Choose WPA2 or WPA2-MIX in this field.
ReAuthentication
Timer
Group Key
Update Timer
ZyXEL NWA-1100 User’s Guide
Specify how often wireless stations have to resend usernames and passwords in
order to stay connected.
Enter a time interval between 10 and 9999 seconds. The default time interval is
1800 seconds (30 minutes). Alternatively, enter “0” to turn reauthentication off.
Note: If wireless station authentication is done using a
RADIUS server, the reauthentication timer on the
RADIUS server has priority.
The Group Key Update Timer is the rate at which the AP sends a new group key
out to all clients. The re-keying process is the WPA equivalent of automatically
changing the group key for an AP and all stations in a WLAN on a periodic basis.
Setting of the Group Key Update Timer is also supported in WPA-PSK mode.
The ZyXEL Device‘s default is 3600 seconds (or 1 hour).
85
Page 86
Chapter 7 Wireless Security Screen
Table 22 Security: WPA2 or WPA2-MIX for Access Point
LABEL DESCRIPTIONS
Apply Click Apply to save your changes.
Reset Click Reset to begin configuring this screen afresh.
7.4.5.2 Wireless Client
Use this screen to employ WPA2 or WPA2-MIX as the security mode of your ZyXEL Device
that is in Wireless Client operating mode. Select WPA2 or WPA2-MIX in the Security
Mode field to display the following screen.
Figure 40 Security: WPA2 or WPA2-MIX for Wireless Client
The following table describes the labels in this screen.
Table 23 Security: WPA2 or WPA2-MIX for Wireless Client
LABEL DESCRIPTION
Security Mode Choose the same security mode used by the AP.
IEEE802.1x
Authentication
EAP Type The options on the left refer to EAP methods. You can choose either TLS, LEAP,
User Information
Username Supply the username of the account created in the RADIUS server.
Password Supply the password of the account created in the RADIUS server.
Apply Click Apply to save your changes.
Reset Click Reset to begin configuring this screen afresh.
PEAP or TTLS. The default value is PEAP.
The options on the right refer to authentication protocols. You can choose
between MSCHAPv2 and GT C.The default value is MSCHAPv2.
86
ZyXEL NWA-1100 User’s Guide
Page 87
Chapter 7 Wireless Security Screen
7.4.6 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX
Use this screen to employ WPA-PSK, WPA2-PSK or WPA2-PSK-MIX as the security mode
of your ZyXEL Device. Select WPA-PSK, WPA2-PSK or WPA2-PSK-MIX in the Security
Mode field to display the following screen.
Figure 41 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX
The following table describes the labels not previously discussed
Table 24 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX
LABEL DESCRIPTION
Security Mode Choose WPA-PSK, WPA2-PSK or WPA2-PSK-MIX in this field.
Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same. The only
Apply Click Apply to save your changes.
Reset Click Reset to begin configuring this screen afresh.
difference between the two is that WPA-PSK uses a simple common password,
instead of user-specific credentials.
Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including
spaces and symbols).
7.5 Technical Reference
This section provides technical background information on the topics discussed in this chapter.
The following is a general guideline in choosing the security mode for your ZyXEL Device.
• Use WPA(2)-PSK if you have WPA(2)-aware wireless clients but no RADIUS server.Use
WPA(2) security if you have WPA(2)-aware wireless clients and a RADIUS server. WPA
has user authentication and improved data encryption over WEP.
• Use WPA(2)-PSK if you have WPA(2)-aware wireless clients but no RADIUS server.
• If you don’t have WPA(2)-aware wireless clients, then use WEP key encrypting. A higher
bit key offers better security. You can manually enter 64-bit, 128-bit or 152-bit WEP keys.
More information on Wireless Security can be found in Appendix E on page 153.
ZyXEL NWA-1100 User’s Guide
87
Page 88
Chapter 7 Wireless Security Screen
88
ZyXEL NWA-1100 User’s Guide
Page 89
CHAPTER 8
RADIUS Screen
8.1 Overview
This chapter describes how you can use the Wireless > RADIUS screen.
Remote Authentication Dial In User Service (RADIUS) is a protocol that can be used to
manage user access to large networks. It is based on a client-server model that supports
authentication, authorization and accounting. The access point is the client and the server is
the RADIUS server.
Figure 42 RADIUS Server Setup
Authentication
In the figure above, wireless clients A and B are trying to access the Internet via the ZyXEL
Device. The ZyXEL Device in turn queries the RADIUS server if the identity of clients A and
U are allowed access to the Internet. In this scenario, only client U’s identity is verified by the
RADIUS server and allowed access to the Internet.
8.2 What You Can Do in the RADIUS Screen
Use the Security > RADIUS screen (see Section 7.4.1 on page 78) if you want to authenticate
wireless users using a RADIUS Server and/or Accounting Server.
8.3 What You Need to Know About RADIUS
The RADIUS server handles the following tasks:
• Authentication which determines the identity of the users.
• Authorization which determines the network services available to authenticated users
once they are connected to the network.
ZyXEL NWA-1100 User’s Guide
89
Page 90
Chapter 8 RADIUS Screen
• Accounting which keeps track of the client’s network activity.
RADIUS is a simple package exchange in which your AP acts as a message relay between the
wireless client and the network RADIUS server.
You should know the IP addresses, ports and share secrets of the external RADIUS server and/
or the external RADIUS accounting server you want to use with your ZyXEL Device. You can
configure a primary and backup RADIUS and RADIUS accounting server for your ZyXEL
Device.
8.4 The RADIUS Screen
Use this screen to set up your ZyXEL Device’s RADIUS server settings. Click Wireless >
RADIUS. The screen appears as shown.
Figure 43 Wireless > RADIUS
90
The following table describes the labels in this screen.
Table 25 Wireless > RADIUS
LABEL DESCRIPTION
Primary Configure the fields below to set up user authentication and accounting.
Backup If the ZyXEL Device cannot communicate with the Primary accounting server,
RADIUS Option
Active Select the check box to enable user authentication through an external
RADIUS Server IP
Address
you can have the ZyXEL Device use a Backup RADIUS server. Make sure
the Active check boxes are selected if you want to use backup servers.
The ZyXEL Device will attempt to communicate three times before using the
Backup servers. Requests can be issued from the client interface to use the
backup server. The length of time for each authentication is decided by the
wireless client or based on the configuration of the ReAuthentication Timer
field in the Security Settings screen.
authentication server. This check box is not available when you select
Internal.
Enter the IP address of the external authentication server in dotted decimal
notation. This field is not available when you select Internal.
ZyXEL NWA-1100 User’s Guide
Page 91
Chapter 8 RADIUS Screen
Table 25 Wireless > RADIUS
LABEL DESCRIPTION
RADIUS Server Port Enter the port number of the external authentication server. The default port
number is 1812. You need not change this value unless your network
administrator instructs you to do so. This field is not available when you select
Internal.
Share Secret Enter a password (up to 128 alphanumeric characters) as the key to be
shared between the external authentication server and the ZyXEL Device.
The key must be the same on the external authentication server and your
ZyXEL Device. The key is not sent over the network. This field is not available
when you select Internal.
Active Select the check box to enable user accounting through an external
authentication server.
Accounting Server IP
Address
Accounting Server
Port
Share Secret Enter a password (up to 128 alphanumeric characters) as the key to be
Apply Click Apply to save your changes.
Reset Click Reset to begin configuring this screen afresh.
Enter the IP address of the external accounting server in dotted decimal
notation.
Enter the port number of the external accounting server. The default port
number is 1813. You need not change this value unless your network
administrator instructs you to do so with additional information.
shared between the external accounting server and the ZyXEL Device. The
key must be the same on the external accounting server and your ZyXEL
Device. The key is not sent over the network.
ZyXEL NWA-1100 User’s Guide
91
Page 92
Chapter 8 RADIUS Screen
92
ZyXEL NWA-1100 User’s Guide
Page 93
CHAPTER 9
MAC Filter Screen
9.1 Overview
This chapter discusses how you can use the Wireless > MAC Filter screen.
The MAC filter function allows you to configure the ZyXEL Device to grant access to the
ZyxEL Device from other wireless devices (Allow Association) or exclude devices from
accessing the ZyXEL Device (Deny Association).
Figure 44 MAC Filtering
In the figure above, wireless client U is able to connect to the Internet because its MAC
address is in the allowed association list specified in the ZyXEL Device. The MAC address of
client A is either denied association or is not in the list of allowed wireless clients specified in
the ZyXEL Device.
9.2 What You Can Do in the MAC Filter
Use the Wireless > MAC Filter screen (see Section 9.4 on page 94) to specify which wireless
station is allowed or denied access to the ZyXEL Device.
9.3 What You Need To Know About MAC Filter
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address
is assigned at the factory and consists of six pairs of hexadecimal characters, for example,
00:A0:C5:00:00:02. You need to know the MAC address of each device to configure MAC
filtering on the ZyXEL Device.
ZyXEL NWA-1100 User’s Guide
93
Page 94
Chapter 9 MAC Filter Screen
9.4 MAC Filter Screen
Use this screen to enable MAC address filtering in your ZyXEL Device.You can specify up to
64 MAC addresses to either allow or deny association with your ZyXEL Device. Click
Wireless > MAC Filter. The screen displays as shown.
Figure 45 Wireless > MAC Filter
94
The following table describes the labels in this screen.
Table 26 Wireless > MAC Filter
LABEL DESCRIPTION
Active Click this to enable this feature.
Allow the following
MAC Address to
associate
Deny the following
MAC Address to
associate
MAC Address Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the wireless
Description Type a name to identify this wireless station.
Define the filter action for the list of MAC addresses in the MAC address filter
table.
Select this to permit access to the ZyXEL Device. MAC addresses not listed will
be denied access to the ZyXEL Device.
Select this to block access to theZyXEL Device. MAC addresses not listed will
be allowed to access the ZyXEL Device.
station to be allowed or denied access to the ZyXEL Device.
ZyXEL NWA-1100 User’s Guide
Page 95
Table 26 Wireless > MAC Filter
LABEL DESCRIPTION
Apply Click Apply to save your changes.
Reset Click Reset to begin configuring this screen afresh.
Chapter 9 MAC Filter Screen
ZyXEL NWA-1100 User’s Guide
95
Page 96
Chapter 9 MAC Filter Screen
96
ZyXEL NWA-1100 User’s Guide
Page 97
CHAPTER 10
IP Screen
10.1 Overview
This chapter describes how you can configure the IP address of your ZyXEL Device.
The Internet Protocol (IP) address identifies a device on a network. Every networking device
(including computers, servers, routers, printers, etc.) needs an IP address to communicate
across the network. These networking devices are also known as hosts.
Figure 46 IP Setup
The figure above illustrates one possible setup of your ZyXEL Device. The gateway IP
address is 192.168.1.2 and the IP address of the ZyXEL Device is 192.168.1.2 (default). The
gateway and the device must belong in the same subnet mask to be able to communicate with
each other.
10.2 What You Can Do in the IP Screen
Use the IP screen (see Section 10.4 on page 98) to configure the IP address of your ZyXEL
Device.
10.3 What You Need to Know About IP
The Ethernet parameters of the ZyXEL Device are preset in the factory with the following
values:
1 IP address of 192.168.1.2
2 Subnet mask of 255.255.255.0 (24 bits)
ZyXEL NWA-1100 User’s Guide
97
Page 98
Chapter 10 IP Screen
10.4 IP Screen
Use this screen to configure the IP address for your ZyXEL Device. Click IP to display the
following screen.
Figure 47 IP Setup
The following table describes the labels in this screen.
Table 27 IP Setup
LABEL DESCRIPTION
IP Address Assignment
Get automatically from
DHCP
Select this option if your ZyXEL Device is using a dynamically assigned IP
address from a DHCP server each time.
Note: You must know the IP address assigned to the
ZyXEL Device (by the DHCP server) to access the
ZyXEL Device again.
Use fixed IP address Select this option if your ZyXEL Device is using a static IP address. When
you select this option, fill in the fields below.
IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation.
Note: If you change the ZyXEL Device's IP address, you
must use the new IP address if you want to access
the web configurator again.
Subnet Mask Type the subnet mask.
Gateway IP Address Type the IP address of the gateway. The gateway is an immediate neighbor
of your ZyXEL Device that will forward the packet to the destination. On the
LAN, the gateway must be a router on the same segment as your ZyXEL
Device; over the WAN, the gateway must be the IP address of one of the
remote nodes.
Apply Click Apply to save your changes.
Reset Click Reset to begin configuring this screen afresh.
98
ZyXEL NWA-1100 User’s Guide
Page 99
10.5 Technical Reference
This section provides the technical background information about the topics covered in this
chapter.
10.5.1 WAN IP Address Assignment
Every computer on the Internet must have a unique IP address. If your networks are isolated
from the Internet (only between your two branch offices, for instance) you can assign any IP
addresses to the hosts without problems. However, the Internet Assigned Numbers Authority
(IANA) has reserved the following three blocks of IP addresses specifically for private
networks.
Table 28 Private IP Address Ranges
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
You can obtain your IP address from the IANA, from an ISP or have it assigned by a private
network. If you belong to a small organization and your Internet access is through an ISP, the
ISP can provide you with the Internet addresses for your local networks. On the other hand, if
you are part of a much larger organization, you should consult your network administrator for
the appropriate IP addresses.
Chapter 10 IP Screen
" Regardless of your particular situation, do not create an arbitrary IP address;
always follow the guidelines above. For more information on address
assignment, please refer to RFC 1597, Address Allocation for Private Internets
and RFC 1466, Guidelines for Management of IP Address Space.
ZyXEL NWA-1100 User’s Guide
99
Page 100
Chapter 10 IP Screen
100
ZyXEL NWA-1100 User’s Guide
Loading...