ZyXEL Communications NWA3160 User Manual

Download

Page 1

NWA-3160 Series

IEEE 802.11a/b/g Business WLAN Access Point

IEEE 802.11b/g Business WLAN Access Point

IEEE WirelessN Business WLAN Access Point

User’s Guide

Version 3.60 07/2008 Edition 3

DEFAULT LOGIN

IP Address http://192.168.1.2

Password 1234

www.zyxel.com

Page 2

Page 3

About This User's Guide

Intended Audience

This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this User’s Guide.

1 Warnings tell you about things that could harm you or your device.

" Notes tell you other important information (for example, other things you may

need to configure or helpful tips) or recommendations.

Syntax Conventions

• The NWA-3160, NWA-3163 or NWA-3165 may be referred to as the “ZyXEL Device”, the “device” or the “system” in this User’s Guide.

• Product labels, screen names, field labels and field choices are all in bold font.

• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “enter” or “return” key on your keyboard.

• “Enter” means for you to type one or more characters and then press the [ENTER] key. “Select” or “choose” means for you to use one of the predefined choices.

• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen.

• Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.

• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.

ZyXEL NWA-3160 Series User’s Guide

Page 5

Document Conventions

Icons Used in Figures

Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device.

ZyXEL Device Computer Notebook computer

Server DSLAM Firewall

Telephone Switch Router

ZyXEL NWA-3160 Series User’s Guide

Page 6

Safety Warnings

1 For your safety, be sure to read and follow all warning notices and instructions.

• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT store things on the device.

• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.

• Connect ONLY suitable accessories to the device.

• ONLY qualified service personnel should service or disassemble this device.

• Make sure to connect the cables to the correct ports.

• Place connecting cables carefully so that no one will step on them or stumble over them.

• Always disconnect all cables from this device before servicing or disassembling.

• Use ONLY an appropriate power adaptor or cord for your device.

• Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).

• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.

• Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.

• If the power adaptor or cord is damaged, remove it from the power outlet.

• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.

• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.

• Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the included antenna(s).

• If you wall mount your device, make sure that no electrical lines, gas or water pipes will be damaged.

• The PoE (Power over Ethernet) devices that supply or receive power and their connected Ethernet cables must all be completely indoors.

This product is recyclable. Dispose of it properly.

ZyXEL NWA-3160 Series User’s Guide

Page 7

Safety Warnings

ZyXEL NWA-3160 Series User’s Guide

Page 8

Safety Warnings

ZyXEL NWA-3160 Series User’s Guide

Page 9

Contents Overview

Introduction ............................................................................................................................ 29

Introducing the ZyXEL Device ...................................................................................................31

Introducing the Web Configurator .............................................................................................. 41

Tutorial ....................................................................................................................................... 45

Status Screens .......................................................................................................................... 73

Management Mode .................................................................................................................... 77

AP Controller Mode (NWA-3160 Only) ...................................................................................... 81

The Web Configurator ...........................................................................................................95

System Screens ........................................................................................................................ 97

Wireless Configuration ............................................................................................................ 103

Wireless Security Configuration .............................................................................................. 121

MBSSID and SSID .................................................................................................................. 137

Other Wireless Configuration .................................................................................................. 145

IP Screen ................................................................................................................................. 155

Rogue AP ................................................................................................................................ 157

Remote Management Screens ................................................................................................ 163

Internal RADIUS Server .......................................................................................................... 175

Certificates ............................................................................................................................... 181

Log Screens ............................................................................................................................ 199

VLAN ....................................................................................................................................... 207

Maintenance ............................................................................................................................ 225

Troubleshooting and Specifications ..................................................................................233

Troubleshooting ....................................................................................................................... 235

Product Specifications ............................................................................................................. 241

Appendices and Index ......................................................................................................... 249

ZyXEL NWA-3160 Series User’s Guide

Page 10

Contents Overview

ZyXEL NWA-3160 Series User’s Guide

Page 11

Table of Contents

About This User's Guide ..........................................................................................................3

Document Conventions............................................................................................................4

Safety Warnings........................................................................................................................6

Contents Overview ...................................................................................................................9

Table of Contents.................................................................................................................... 11

List of Figures ......................................................................................................................... 19

List of Tables...........................................................................................................................25

Part I: Introduction................................................................................. 29

Chapter 1

Introducing the ZyXEL Device...............................................................................................31

1.1 Introducing the ZyXEL Device ............................................................................................ 31

1.2 Applications for the ZyXEL Device ...................................................................................... 31

1.2.1 Access Point .............................................................................................................. 32

1.2.2 Bridge / Repeater (NWA-3160 and NWA-3163 Only) ................................................ 32

1.2.3 AP + Bridge (NWA-3160 and NWA-3163 Only) ......................................................... 33

1.2.4 MBSSID ..................................................................................................................... 34

1.2.5 Pre-Configured SSID Profiles .................................................................................... 35

1.3 CAPWAP (NWA-3160 and NWA-3163 Only) ...................................................................... 36

1.4 Ways to Manage the ZyXEL Device .................................................................................... 36

1.5 Good Habits for Managing the ZyXEL Device ..................................................................... 36

1.6 Hardware Connections ........................................................................................................ 37

1.6.1 Antennas .................................................................................................................... 37

1.7 LEDs .................................................................................................................................... 37

Chapter 2

Introducing the Web Configurator ........................................................................................ 41

2.1 Accessing the Web Configurator ......................................................................................... 41

2.2 Resetting the ZyXEL Device ................................................................................................ 43

2.2.1 Methods of Restoring Factory-Defaults ...................................................................... 43

2.3 Navigating the Web Configurator ......................................................................................... 44

ZyXEL NWA-3160 Series User’s Guide

Page 12

Table of Contents

Chapter 3

Tutorial ..................................................................................................................................... 45

3.1 How to Configure the Wireless LAN .................................................................................... 45

3.1.1 Choosing the Wireless Mode ..................................................................................... 45

3.1.2 Wireless LAN Configuration Overview ....................................................................... 46

3.1.3 Further Reading ......................................................................................................... 48

3.2 How to Configure Multiple Wireless Networks ..................................................................... 48

3.2.1 Change the Operating Mode ...................................................................................... 49

3.2.2 Configure the VoIP Network ....................................................................................... 51

3.2.2.1 Set Up Security for the VoIP Profile ................................................52

3.2.2.2 Activate the VoIP Profile ..................................................................54

3.2.3 Configure the Guest Network ..................................................................................... 54

3.2.3.1 Set Up Security for the Guest Profile ..............................................55

3.2.3.2 Set up Layer 2 Isolation ..................................................................56

3.2.3.3 Activate the Guest Profile ................................................................57

3.2.4 Testing the Wireless Networks ................................................................................... 57

3.3 How to Set Up and Use Rogue AP Detection ..................................................................... 58

3.3.1 Set Up and Save a Friendly AP list ............................................................................ 60

3.3.2 Activate Periodic Rogue AP Detection ....................................................................... 62

3.3.3 Set Up E-mail Logs .................................................................................................... 63

3.3.4 Configure Your Other Access Points .......................................................................... 64

3.3.5 Test the Setup ............................................................................................................ 64

3.4 Using Multiple MAC Filters and L-2 Isolation Profiles .......................................................... 65

3.4.1 Scenario ..................................................................................................................... 65

3.4.2 Your Requirements ..................................................................................................... 65

3.4.3 Setup .......................................................................................................................... 66

3.4.4 Configure the SERVER_1 Network ............................................................................ 66

3.4.5 Configure the SERVER_2 Network ............................................................................ 69

3.4.6 Checking your Settings and Testing the Configuration .............................................. 70

3.4.6.1 Checking Settings ...........................................................................70

3.4.6.2 Testing the Configuration ................................................................70

Chapter 4

Status Screens........................................................................................................................ 73

4.1 The Status Screen ............................................................................................................... 73

Chapter 5

Management Mode.................................................................................................................. 77

5.1 About CAPWAP ................................................................................................................... 77

5.1.1 CAPWAP Discovery and Management ...................................................................... 77

5.1.2 CAPWAP and DHCP .................................................................................................. 78

5.1.3 CAPWAP and IP Subnets .......................................................................................... 78

5.1.4 Notes on CAPWAP .................................................................................................... 79

ZyXEL NWA-3160 Series User’s Guide

Page 13

Table of Contents

5.2 The Management Mode Screen .......................................................................................... 79

Chapter 6

AP Controller Mode (NWA-3160 Only) ..................................................................................81

6.1 Status Screen ...................................................................................................................... 81

6.1.1 The AP List Status Screen ......................................................................................... 82

6.1.2 The AP Statistics Screen ............................................................................................ 83

6.1.3 The AP Association List Screen ................................................................................. 84

6.1.4 The SSID Information Screen .................................................................................... 84

6.2 Navigation Bar ..................................................................................................................... 85

6.3 The Controller Screens ........................................................................................................ 86

6.3.1 The AP Lists Screen .................................................................................................. 86

6.3.2 The AP Lists Edit Screen ........................................................................................... 88

6.3.3 The Configuration Screen .......................................................................................... 89

6.4 The Profile Edit Screens ...................................................................................................... 90

6.4.1 The Radio Profile Screen ........................................................................................... 90

6.5 The Radio Profile Edit Screen ............................................................................................. 91

Part II: The Web Configurator ............................................................... 95

Chapter 7

System Screens ...................................................................................................................... 97

7.1 System Overview ................................................................................................................. 97

7.2 Configuring General Setup ..................................................................................................97

7.3 Administrator Authentication on RADIUS ............................................................................ 98

7.3.1 Configuring the Password .......................................................................................... 98

7.4 Configuring Time Setting ..................................................................................................100

7.5 Pre-defined NTP Time Servers List ................................................................................... 102

Chapter 8

Wireless Configuration.........................................................................................................103

8.1 Wireless LAN Overview ..................................................................................................... 103

8.1.1 BSS .......................................................................................................................... 103

8.1.2 ESS .......................................................................................................................... 104

8.2 Wireless LAN Basics ......................................................................................................... 104

8.3 Quality of Service .............................................................................................................. 105

8.3.1 WMM QoS ................................................................................................................ 105

8.3.1.1 WMM QoS Priorities ......................................................................105

8.3.2 ATC .......................................................................................................................... 105

8.3.3 ATC+WMM ............................................................................................................... 106

8.3.3.1 ATC+WMM from LAN to WLAN ....................................................106

ZyXEL NWA-3160 Series User’s Guide

Page 14

Table of Contents

8.3.4 Type Of Service (ToS) .............................................................................................. 107

8.3.5 ToS (Type of Service) and WMM QoS ..................................................................... 108

8.4 Spanning Tree Protocol (STP) ........................................................................................... 108

8.4.1 Rapid STP ................................................................................................................108

8.4.2 STP Terminology ...................................................................................................... 109

8.4.3 How STP Works ....................................................................................................... 109

8.4.4 STP Port States .........................................................................................................110

8.5 DFS ....................................................................................................................................110

8.6 Wireless Screen Overview .................................................................................................110

8.7 Configuring Wireless Settings ............................................................................................ 111

8.7.1 Access Point Mode: NWA-3160 and NWA-3163 ......................................................111

8.7.2 Access Point Mode: NWA-3165 ................................................................................114

8.7.3 Bridge/Repeater Mode (NWA-3160 and NWA-3163 Only) .......................................116

8.7.4 AP+Bridge Mode (NWA-3160 and NWA-3163 Only) ............................................... 120

8.7.5 MBSSID Mode ......................................................................................................... 120

8.3.3.2 ATC+WMM from WLAN to LAN ....................................................107

8.3.4.1 DiffServ ..........................................................................................107

8.3.4.2 DSCP and Per-Hop Behavior ........................................................107

Chapter 9

Wireless Security Configuration ......................................................................................... 121

9.1 Wireless Security Overview ............................................................................................... 121

9.1.1 Encryption ................................................................................................................ 121

9.1.2 Restricted Access .................................................................................................... 121

9.1.3 Hide Identity ............................................................................................................. 121

9.1.4 WEP Encryption ....................................................................................................... 121

9.2 802.1x Overview ................................................................................................................ 122

9.3 EAP Authentication Overview ............................................................................................ 122

9.4 Introduction to WPA ........................................................................................................... 122

9.4.1 User Authentication ................................................................................................. 123

9.4.2 Encryption ............................................................................................................... 123

9.4.3 WPA(2)-PSK Application Example ........................................................................... 123

9.5 WPA(2) with External RADIUS Application Example ......................................................... 124

9.6 Security Modes .................................................................................................................. 125

9.7 Wireless Client WPA Supplicants ...................................................................................... 126

9.8 Wireless Security Effectiveness ......................................................................................... 126

9.9 Configuring Security .......................................................................................................... 126

9.9.1 Security: WEP .......................................................................................................... 127

9.9.2 Security: 802.1x Only ............................................................................................... 128

9.9.3 Security: 802.1x Static 64-bit, 802.1x Static 128-bit ................................................. 129

9.9.4 Security: WPA .......................................................................................................... 131

9.9.5 Security: WPA2 or WPA2-MIX .................................................................................. 131

9.9.6 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX .................................................. 133

ZyXEL NWA-3160 Series User’s Guide

Page 15

Table of Contents

9.10 Introduction to RADIUS ................................................................................................... 134

9.11 Configuring RADIUS ........................................................................................................134

Chapter 10

MBSSID and SSID .................................................................................................................137

10.1 Wireless LAN Infrastructures ........................................................................................... 137

10.1.1 MBSSID ................................................................................................................. 137

10.1.2 Notes on Multiple BSS ........................................................................................... 137

10.1.3 Multiple BSS Example ............................................................................................ 137

10.1.4 Multiple BSS with VLAN Example .......................................................................... 137

10.1.5 Configuring Multiple BSSs ..................................................................................... 138

10.2 SSID ................................................................................................................................ 140

10.2.1 The SSID Screen ................................................................................................... 140

10.2.2 Configuring SSID ................................................................................................... 141

Chapter 11

Other Wireless Configuration..............................................................................................145

11.1 Layer-2 Isolation Introduction ........................................................................................... 145

11.2 The Layer-2 Isolation Screen ........................................................................................... 146

11.3 Configuring Layer-2 Isolation ........................................................................................... 147

11.3.1 Layer-2 Isolation Examples .................................................................................... 148

11.3.1.1 Layer-2 Isolation Example 1 ........................................................149

11.3.1.2 Layer-2 Isolation Example 2 ........................................................149

11.4 The MAC Filter Screen .................................................................................................... 150

11.4.1 Configuring MAC Filtering ...................................................................................... 151

11.5 Configuring Roaming .......................................................................................................152

11.5.1 Requirements for Roaming .................................................................................... 153

Chapter 12

IP Screen................................................................................................................................ 155

12.1 Factory Ethernet Defaults ................................................................................................ 155

12.2 TCP/IP Parameters .........................................................................................................155

12.2.1 WAN IP Address Assignment ................................................................................. 155

12.3 Configuring IP Settings .................................................................................................... 156

Chapter 13

Rogue AP...............................................................................................................................157

13.1 Rogue AP Introduction .................................................................................................... 157

13.2 Rogue AP Examples ....................................................................................................... 157

13.2.1 “Honeypot” Attack .................................................................................................. 158

13.3 Configuring Rogue AP Detection (NWA-3160 and NWA-3163 Only) .............................. 159

13.3.1 Rogue AP: Configuration ....................................................................................... 160

13.3.2 Rogue AP: Friendly AP .......................................................................................... 160

ZyXEL NWA-3160 Series User’s Guide

Page 16

Table of Contents

13.3.3 Rogue AP List ........................................................................................................ 161

Chapter 14

Remote Management Screens............................................................................................. 163

14.1 Remote Management Overview ...................................................................................... 163

14.1.1 Remote Management Limitations .......................................................................... 163

14.1.2 System Timeout .................................................................................................... 163

14.2 Configuring Telnet ............................................................................................................ 164

14.3 Configuring FTP .............................................................................................................. 165

14.4 Configuring WWW ...........................................................................................................166

14.5 SNMP .............................................................................................................................. 167

14.5.1 Supported MIBs ..................................................................................................... 168

14.5.2 SNMP Traps ........................................................................................................... 169

14.6 SNMP Trap Interface Index ............................................................................................. 169

14.6.1 SNMP v3 and Security ........................................................................................... 170

14.6.2 Configuring SNMP ................................................................................................. 170

14.6.2.1 The SNMPv3 User Profile Screen (NWA-3165 Only) .................172

Chapter 15

Internal RADIUS Server........................................................................................................175

15.1 Internal RADIUS Overview .............................................................................................. 175

15.2 Internal RADIUS Server Setting ...................................................................................... 175

15.3 Trusted AP Overview .......................................................................................................177

15.4 Configuring Trusted AP ................................................................................................... 178

15.5 Configuring Trusted Users ............................................................................................... 179

Chapter 16

Certificates ............................................................................................................................181

16.1 Certificates Overview ....................................................................................................... 181

16.1.1 Advantages of Certificates ..................................................................................... 182

16.2 Self-signed Certificates .................................................................................................... 182

16.3 Verifying a Certificate ....................................................................................................... 182

16.3.1 Checking the Fingerprint of a Certificate on Your Computer .................................. 182

16.4 Configuration Summary ................................................................................................... 183

16.5 My Certificates ................................................................................................................. 183

16.6 Certificate File Formats .................................................................................................... 185

16.7 Importing a Certificate ..................................................................................................... 186

16.8 Creating a Certificate ....................................................................................................... 187

16.9 My Certificate Details ....................................................................................................... 189

16.10 Trusted CAs ................................................................................................................... 192

16.11 Importing a Trusted CA’s Certificate .............................................................................. 193

16.12 Trusted CA Certificate Details ....................................................................................... 194

ZyXEL NWA-3160 Series User’s Guide

Page 17

Table of Contents

Chapter 17

Log Screens ..........................................................................................................................199

17.1 Configuring View Log ....................................................................................................... 199

17.2 Configuring Log Settings ................................................................................................. 200

17.3 Example Log Messages .................................................................................................. 202

17.4 Log Commands ............................................................................................................... 204

17.4.1 Configuring What You Want the ZyXEL Device to Log .......................................... 204

17.4.2 Displaying Logs ...................................................................................................... 204

17.5 Log Command Example .................................................................................................. 205

Chapter 18

VLAN ...................................................................................................................................... 207

18.1 VLAN ............................................................................................................................... 207

18.1.1 Management VLAN ID ........................................................................................... 207

18.1.2 VLAN Tagging ........................................................................................................ 207

18.2 Configuring VLAN ............................................................................................................ 208

18.2.1 Wireless VLAN ....................................................................................................... 208

18.2.2 RADIUS VLAN ....................................................................................................... 210

18.2.3 Configuring Management VLAN Example ..............................................................211

18.2.4 Configuring Microsoft’s IAS Server Example ......................................................... 214

18.2.4.1 Configuring VLAN Groups ...........................................................214

18.2.4.2 Configuring Remote Access Policies ..........................................215

18.2.5 Second Rx VLAN ID Example ................................................................................ 222

18.2.5.1 Second Rx VLAN Setup Example ...............................................222

Chapter 19

Maintenance .......................................................................................................................... 225

19.1 Maintenance Overview .................................................................................................... 225

19.2 System Status Screen (NWA-3160 and NWA-3163 Only) ............................................... 225

19.2.1 System Statistics .................................................................................................... 226

19.3 Association List ................................................................................................................ 226

19.4 Channel Usage (NWA-3160 and NWA-3163 Only) ......................................................... 227

19.5 F/W Upload Screen .........................................................................................................228

19.6 Configuration Screen ....................................................................................................... 230

19.6.1 Backup Configuration ............................................................................................. 230

19.6.2 Restore Configuration ........................................................................................... 231

19.6.3 Back to Factory Defaults ........................................................................................ 232

19.7 Restart Screen ................................................................................................................. 232

Part III: Troubleshooting and Specifications ..................................... 233

ZyXEL NWA-3160 Series User’s Guide

Page 18

Table of Contents

Chapter 20

Troubleshooting.................................................................................................................... 235

20.1 Power, Hardware Connections, and LEDs ...................................................................... 235

20.2 ZyXEL Device Access and Login .................................................................................... 236

20.3 Internet Access ................................................................................................................ 238

20.4 Wireless Router/AP Troubleshooting ............................................................................... 239

Chapter 21

Product Specifications.........................................................................................................241

Part IV: Appendices and Index ........................................................... 249

Appendix A Setting up Your Computer’s IP Address............................................................ 251

Appendix B Wireless LANs ..................................................................................................263

Appendix C Pop-up Windows, JavaScripts and Java Permissions ...................................... 277

Appendix D IP Addresses and Subnetting ........................................................................... 283

Appendix E Text File Based Auto Configuration................................................................... 291

Appendix F Legal Information ..............................................................................................299

Appendix G Customer Support ............................................................................................303

Index....................................................................................................................................... 309

ZyXEL NWA-3160 Series User’s Guide

Page 19

List of Figures

Figure 1 Access Point Application .......................................................................................................... 32

Figure 2 Bridge Application .................................................................................................................... 33

Figure 3 Repeater Application ................................................................................................................ 33

Figure 4 AP+Bridge Application ............................................................................................................. 34

Figure 5 Multiple BSSs ........................................................................................................................... 35

Figure 6 Main Antenna ........................................................................................................................... 37

Figure 7 LEDs ......................................................................................................................................... 38

Figure 8 Enter the System Name ........................................................................................................... 41

Figure 9 Change Password Screen ........................................................................................................ 42

Figure 10 Replace Certificate Screen ..................................................................................................... 43

Figure 11 The Status Screen of the Web Configurator ........................................................................... 44

Figure 12 Configuring Wireless LAN ...................................................................................................... 47

Figure 13 Tutorial: Example MBSSID Setup .......................................................................................... 49

Figure 14 Tutorial: Wireless LAN: Before ............................................................................................... 50

Figure 15 Tutorial: Wireless LAN: Change Mode ................................................................................... 50

Figure 16 Tutorial: WIRELESS > SSID .................................................................................................. 51

Figure 17 Tutorial: VoIP SSID Profile Edit .............................................................................................. 52

Figure 18 Tutorial: VoIP Security ............................................................................................................ 53

Figure 19 Tutorial: VoIP Security Profile Edit .......................................................................................... 53

Figure 20 Tutorial: VoIP Security: Updated ............................................................................................ 54

Figure 21 Tutorial: Activate VoIP Profile ................................................................................................. 54

Figure 22 Tutorial: Guest Edit ................................................................................................................. 55

Figure 23 Tutorial: Guest Security Profile Edit ........................................................................................ 55

Figure 24 Tutorial: Guest Security: Updated .......................................................................................... 56

Figure 25 Tutorial: Layer 2 Isolation ....................................................................................................... 56

Figure 26 Tutorial: Layer 2 Isolation Profile ............................................................................................ 57

Figure 27 Tutorial: Activate Guest Profile ............................................................................................... 57

Figure 28 Tutorial: Wireless Network Example ....................................................................................... 59

Figure 29 Tutorial: Friendly AP (Before Data Entry) ............................................................................... 60

Figure 30 Tutorial: Friendly AP (After Data Entry) ................................................................................. 61

Figure 31 Tutorial: Configuration ............................................................................................................ 61

Figure 32 Tutorial: Warning .................................................................................................................... 62

Figure 33 Tutorial: Save Friendly AP list ................................................................................................ 62

Figure 34 Tutorial: Periodic Rogue AP Detection .................................................................................. 62

Figure 35 Tutorial: Log Settings .............................................................................................................. 63

Figure 36 Tutorial: Example Network ..................................................................................................... 65

Figure 37 Tutorial: SSID Profile .............................................................................................................. 67

Figure 38 Tutorial: SSID Edit .................................................................................................................. 68

ZyXEL NWA-3160 Series User’s Guide

Page 20

List of Figures

Figure 39 Tutorial: Layer-2 Isolation Edit ................................................................................................ 68

Figure 40 Tutorial: MAC Filter Edit (SERVER_1) ................................................................................... 69

Figure 41 Tutorial: SSID Profiles Activated ............................................................................................ 70

Figure 42 Tutorial: SSID Tab Correct Settings ........................................................................................ 70

Figure 43 The Status Screen .................................................................................................................. 74

Figure 44 CAPWAP Network Example ................................................................................................... 77

Figure 45 CAPWAP and DHCP Option 43 ............................................................................................. 78

Figure 46 The Management Mode Screen ............................................................................................. 79

Figure 47 AP Controller: the Status Screen ............................................................................................ 81

Figure 48 AP List Status ......................................................................................................................... 82

Figure 49 AP Statistics ........................................................................................................................... 83

Figure 50 AP Association List ................................................................................................................. 84

Figure 51 SSID Information .................................................................................................................... 85

Figure 52 AP Controller: Links ................................................................................................................ 85

Figure 53 The Controller > AP Lists Screen ........................................................................................... 87

Figure 54 The Controller > AP Lists > Edit Screen ................................................................................. 88

Figure 55 The Controller > Configuration Screen ................................................................................... 89

Figure 56 The Profile Edit > Radio Screen ............................................................................................. 90

Figure 57 The Profile Edit > Radio > Edit Screen ................................................................................... 91

Figure 58 System > General .................................................................................................................. 97

Figure 59 SYSTEM > Password. ............................................................................................................ 99

Figure 60 SYSTEM > Time Setting ...................................................................................................... 100

Figure 61 Basic Service set .................................................................................................................. 103

Figure 62 Extended Service Set ........................................................................................................... 104

Figure 63 DiffServ: Differentiated Service Field .................................................................................... 107

Figure 64 Wireless: Access Point (NWA-3160 and NWA-3163) ............................................................112

Figure 65 Wireless: Access Point (NWA-3165) .....................................................................................114

Figure 66 Bridging Example ..................................................................................................................116

Figure 67 Bridge Loop: Two Bridges Connected to Hub .......................................................................117

Figure 68 Bridge Loop: Bridge Connected to Wired LAN ......................................................................117

Figure 69 Wireless: Bridge/Repeater (NWA-3160 and NWA-3163 Only) ..............................................118

Figure 70 Wireless: AP+Bridge ............................................................................................................ 120

Figure 71 EAP Authentication .............................................................................................................. 122

Figure 72 WPA(2)-PSK Authentication ................................................................................................. 124

Figure 73 WPA(2) with RADIUS Application Example ......................................................................... 125

Figure 74 Wireless > Security ............................................................................................................... 127

Figure 75 WIRELESS > Security: WEP ................................................................................................ 128

Figure 76 Security: 802.1x Only .......................................................................................................... 129

Figure 77 Security: 802.1x Static 64-bit, 802.1x Static 128-bit ............................................................ 130

Figure 78 Security: WPA ..................................................................................................................... 131

Figure 79 Security:WPA2 or WPA2-MIX ............................................................................................... 132

Figure 80 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX ........................................................... 133

Figure 81 RADIUS ................................................................................................................................ 134

ZyXEL NWA-3160 Series User’s Guide

Page 21

List of Figures

Figure 82 Multiple BSS with VLAN Example ........................................................................................ 138

Figure 83 Wireless: Multiple BSS ......................................................................................................... 138

Figure 84 SSID ..................................................................................................................................... 141

Figure 85 Configuring SSID .................................................................................................................. 142

Figure 86 Layer-2 Isolation Application ................................................................................................ 146

Figure 87 WIRELESS > Layer 2 Isolation ............................................................................................ 147

Figure 88 WIRELESS > Layer-2 Isolation Configuration Screen ......................................................... 148

Figure 89 Layer-2 Isolation Example Configuration ............................................................................. 149

Figure 90 Layer-2 Isolation Example 1 ................................................................................................. 149

Figure 91 Layer-2 Isolation Example 2 ................................................................................................. 150

Figure 92 WIRELESS > MAC Filter ...................................................................................................... 150

Figure 93 MAC Address Filter .............................................................................................................. 151

Figure 94 Roaming Example ................................................................................................................ 153

Figure 95 Roaming ............................................................................................................................... 154

Figure 96 IP Setup ................................................................................................................................ 156

Figure 97 Rogue AP: Example ............................................................................................................ 158

Figure 98 “Honeypot” Attack ................................................................................................................. 159

Figure 99 ROGUE AP > Configuration ................................................................................................. 160

Figure 100 ROGUE AP > Friendly AP .................................................................................................. 161

Figure 101 ROGUE AP > Rogue AP .................................................................................................... 162

Figure 102 Telnet Configuration on a TCP/IP Network ......................................................................... 164

Figure 103 Remote Management: Telnet ............................................................................................. 164

Figure 104 Remote Management: FTP ................................................................................................ 165

Figure 105 Remote Management: WWW ............................................................................................. 166

Figure 106 SNMP Management Model ................................................................................................ 168

Figure 107 Remote Management: SNMP ............................................................................................ 171

Figure 108 Remote Management: SNMPv3 User Profile ..................................................................... 172

Figure 109 Internal RADIUS Server Setting Screen ............................................................................. 176

Figure 110 Trusted AP Overview .......................................................................................................... 178

Figure 111 Trusted AP Screen .............................................................................................................. 179

Figure 112 Trusted Users Screen ......................................................................................................... 180

Figure 113 Certificates on Your Computer ............................................................................................ 182

Figure 114 Certificate Details ............................................................................................................... 183

Figure 115 My Certificates .................................................................................................................... 184

Figure 116 My Certificate Import .......................................................................................................... 186

Figure 117 My Certificate Create .......................................................................................................... 187

Figure 118 My Certificate Details .......................................................................................................... 190

Figure 119 Trusted CAs ........................................................................................................................ 192

Figure 120 Trusted CA Import .............................................................................................................. 194

Figure 121 Trusted CA Details ............................................................................................................. 195

Figure 122 View Log ............................................................................................................................. 199

Figure 123 Log Settings ....................................................................................................................... 201

Figure 124 WIRELESS VLAN .............................................................................................................. 209

ZyXEL NWA-3160 Series User’s Guide

Page 22

List of Figures

Figure 125 RADIUS VLAN ................................................................................................................... 210

Figure 126 Management VLAN Configuration Example ....................................................................... 212

Figure 127 VLAN-Aware Switch - Static VLAN .....................................................................................212

Figure 128 VLAN-Aware Switch ........................................................................................................... 212

Figure 129 VLAN-Aware Switch - VLAN Status .................................................................................... 213

Figure 130 VLAN Setup ........................................................................................................................ 213

Figure 131 New Global Security Group ............................................................................................... 215

Figure 132 Add Group Members ......................................................................................................... 215

Figure 133 New Remote Access Policy for VLAN Group .................................................................... 216

Figure 134 Specifying Windows-Group Condition ................................................................................ 216

Figure 135 Adding VLAN Group .......................................................................................................... 217

Figure 136 Granting Permissions and User Profile Screens ............................................................... 217

Figure 137 Authentication Tab Settings ................................................................................................ 218

Figure 138 Encryption Tab Settings ..................................................................................................... 218

Figure 139 Connection Attributes Screen ............................................................................................ 219

Figure 140 RADIUS Attribute Screen .................................................................................................. 219

Figure 141 802 Attribute Setting for Tunnel-Medium-Type .................................................................. 220

Figure 142 VLAN ID Attribute Setting for Tunnel-Pvt-Group-ID .......................................................... 220

Figure 143 VLAN Attribute Setting for Tunnel-Type ............................................................................ 221

Figure 144 Completed Advanced Tab .................................................................................................. 221

Figure 145 Second Rx VLAN ID Example ............................................................................................ 222

Figure 146 Configuring SSID: Second Rx VLAN ID Example .............................................................. 223

Figure 147 System Status .................................................................................................................... 225

Figure 148 System Status: Show Statistics .......................................................................................... 226

Figure 149 Association List .................................................................................................................. 227

Figure 150 Channel Usage ................................................................................................................... 227

Figure 151 Firmware Upload ................................................................................................................ 228

Figure 152 Firmware Upload In Process .............................................................................................. 229

Figure 153 Network Temporarily Disconnected ....................................................................................229

Figure 154 Firmware Upload Error ....................................................................................................... 230

Figure 155 Configuration ...................................................................................................................... 230

Figure 156 Configuration Upload Successful ....................................................................................... 231

Figure 157 Network Temporarily Disconnected ....................................................................................231

Figure 158 Configuration Upload Error ................................................................................................. 232

Figure 159 Reset Warning Message .................................................................................................... 232

Figure 160 Restart Screen ................................................................................................................... 232

Figure 161 Wall-mounting Example ...................................................................................................... 245

Figure 162 Masonry Plug and M4 Tap Screw .......................................................................................245

Figure 163 WIndows 95/98/Me: Network: Configuration ...................................................................... 252

Figure 164 Windows 95/98/Me: TCP/IP Properties: IP Address .......................................................... 253

Figure 165 Windows 95/98/Me: TCP/IP Properties: DNS Configuration .............................................. 254

Figure 166 Windows XP: Start Menu .................................................................................................... 255

Figure 167 Windows XP: Control Panel ............................................................................................... 255

ZyXEL NWA-3160 Series User’s Guide

Page 23

List of Figures

Figure 168 Windows XP: Control Panel: Network Connections: Properties ......................................... 256

Figure 169 Windows XP: Local Area Connection Properties ............................................................... 256

Figure 170 Windows XP: Advanced TCP/IP Settings .......................................................................... 257

Figure 171 Windows XP: Internet Protocol (TCP/IP) Properties .......................................................... 258

Figure 172 Macintosh OS 8/9: Apple Menu .......................................................................................... 259

Figure 173 Macintosh OS 8/9: TCP/IP ................................................................................................. 259

Figure 174 Macintosh OS X: Apple Menu ............................................................................................ 260

Figure 175 Macintosh OS X: Network .................................................................................................. 261

Figure 176 Peer-to-Peer Communication in an Ad-hoc Network ......................................................... 263

Figure 177 Basic Service Set ............................................................................................................... 264

Figure 178 Infrastructure WLAN ........................................................................................................... 265

Figure 179 RTS/CTS ............................................................................................................................ 266

Figure 180 WPA(2) with RADIUS Application Example ....................................................................... 273

Figure 181 WPA(2)-PSK Authentication ............................................................................................... 274

Figure 182 Pop-up Blocker ................................................................................................................... 277

Figure 183 Internet Options: Privacy .................................................................................................... 278

Figure 184 Internet Options: Privacy .................................................................................................... 279

Figure 185 Pop-up Blocker Settings ..................................................................................................... 279

Figure 186 Internet Options: Security ................................................................................................... 280

Figure 187 Security Settings - Java Scripting ....................................................................................... 281

Figure 188 Security Settings - Java ...................................................................................................... 281

Figure 189 Java (Sun) .......................................................................................................................... 282

Figure 190 Network Number and Host ID ............................................................................................ 284

Figure 191 Subnetting Example: Before Subnetting ............................................................................ 286

Figure 192 Subnetting Example: After Subnetting ............................................................................... 287

Figure 193 Text File Based Auto Configuration .................................................................................... 291

Figure 194 Configuration File Format ................................................................................................... 293

Figure 195 WEP Configuration File Example ....................................................................................... 294

Figure 196 802.1X Configuration File Example .................................................................................... 295

Figure 197 WPA-PSK Configuration File Example ............................................................................... 295

Figure 198 WPA Configuration File Example ....................................................................................... 296

Figure 199 Wlan Configuration File Example ....................................................................................... 297

ZyXEL NWA-3160 Series User’s Guide

Page 24

List of Figures

ZyXEL NWA-3160 Series User’s Guide

Page 25

List of Tables

Table 1 Models Covered ........................................................................................................................ 31

Table 2 LEDs ......................................................................................................................................... 38

Table 3 Tutorial: Example Information ................................................................................................... 49

Table 4 Tutorial: Rogue AP Example Information .................................................................................. 59

Table 5 Tutorial: Friendly AP Information ............................................................................................... 60

Table 6 Tutorial: SSID Profile Security Settings ..................................................................................... 66

Table 7 Tutorial: Example Network MAC Addresses ............................................................................. 66

Table 8 Tutorial: Example User MAC Addresses ................................................................................... 66

Table 9 Tutorial: SERVER_2 Network Information ................................................................................69

Table 10 The Status Screen .................................................................................................................. 74

Table 11 The Management Mode Screen .............................................................................................. 79

Table 12 AP Controller: the Status Screen ............................................................................................ 82

Table 13 AP List Status .......................................................................................................................... 83

Table 14 AP Statistics ............................................................................................................................ 83

Table 15 AP Association List ................................................................................................................. 84

Table 16 AP Association List ................................................................................................................. 85

Table 17 Navigation Bar Labels ............................................................................................................. 85

Table 18 The Controller > AP Lists Screen ............................................................................................ 87

Table 19 The Controller > AP Lists > Edit Screen ................................................................................. 88

Table 20 The Controller > Configuration Screen ................................................................................... 89

Table 21 The Profile Edit > Radio Screen .............................................................................................. 90

Table 22 The Profile Edit > Radio > Edit Screen ................................................................................... 92

Table 23 System > General ................................................................................................................... 97

Table 24 Password ................................................................................................................................ 99

Table 25 SYSTEM > Time Setting ....................................................................................................... 101

Table 26 Default Time Servers ............................................................................................................ 102

Table 27 WMM QoS Priorities ............................................................................................................. 105

Table 28 Typical Packet Sizes ............................................................................................................. 106

Table 29 Automatic Traffic Classifier Priorities .................................................................................... 106

Table 30 ATC + WMM Priority Assignment (LAN to WLAN) ................................................................ 107

Table 31 ATC + WMM Priority Assignment (WLAN to LAN) ................................................................ 107

Table 32 ToS and IEEE 802.1d to WMM QoS Priority Level Mapping ................................................ 108

Table 33 STP Path Costs .................................................................................................................... 109

Table 34 STP Port States .....................................................................................................................110

Table 35 Wireless: Access Point (NWA-3160 and NWA-3163) ............................................................112

Table 36 Wireless: Access Point (NWA-3165) ......................................................................................114

Table 37 Wireless: Bridge/Repeater (NWA-3160 and NWA-3163 Only) ..............................................118

Table 38 Security Modes ..................................................................................................................... 125

ZyXEL NWA-3160 Series User’s Guide

Page 26

List of Tables

Table 39 Wireless Security Levels ....................................................................................................... 126

Table 40 WIRELESS > Security .......................................................................................................... 127

Table 41 Security: WEP ....................................................................................................................... 128

Table 42 Security: 802.1x Only ............................................................................................................ 129

Table 43 Security: 802.1x Static 64-bit, 802.1x Static 128-bit .............................................................. 130

Table 44 Security: WPA ....................................................................................................................... 131

Table 45 Security: WPA2 or WPA2-MIX .............................................................................................. 132

Table 46 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX ........................................................... 133

Table 47 RADIUS ................................................................................................................................ 134

Table 48 Wireless: Multiple BSS .......................................................................................................... 139

Table 49 SSID ...................................................................................................................................... 141

Table 50 Configuring SSID .................................................................................................................. 142

Table 51 WIRELESS > Layer-2 Isolation ............................................................................................. 147

Table 52 WIRELESS > Layer-2 Isolation Configuration ...................................................................... 148

Table 53 WIRELESS > MAC Filter ...................................................................................................... 151

Table 54 MAC Address Filter ............................................................................................................... 152

Table 55 Private IP Address Ranges ................................................................................................... 155

Table 56 IP Setup ................................................................................................................................ 156

Table 57 ROGUE AP > Configuration .................................................................................................. 160

Table 58 ROGUE AP > Friendly AP .................................................................................................... 161

Table 59 ROGUE AP > Rogue AP ....................................................................................................... 162

Table 60 Remote Management Overview ...........................................................................................163

Table 61 Remote Management: Telnet ................................................................................................ 164

Table 62 Remote Management: FTP ................................................................................................... 165

Table 63 Remote Management: WWW ...............................................................................................166

Table 64 SNMP Traps .......................................................................................................................... 169

Table 65 SNMP Interface Index to Physical and Virtual Port Mapping ................................................ 169

Table 66 Remote Management: SNMP ............................................................................................... 171

Table 67 Remote Management: SNMP User Profile ........................................................................... 173

Table 68 Internal RADIUS Server Setting Screen Setting ................................................................... 176

Table 69 Trusted AP ............................................................................................................................ 179

Table 70 Trusted Users ........................................................................................................................ 180

Table 71 My Certificates ...................................................................................................................... 184

Table 72 My Certificate Import ............................................................................................................. 186

Table 73 My Certificate Create ............................................................................................................ 187

Table 74 My Certificate Details ............................................................................................................ 190

Table 75 Trusted CAs .......................................................................................................................... 193

Table 76 Trusted CA Import ................................................................................................................. 194

Table 77 Trusted CA Details ................................................................................................................ 195

Table 78 View Log ............................................................................................................................... 199

Table 79 Log Settings .......................................................................................................................... 201

Table 80 System Maintenance Logs .................................................................................................... 202

Table 81 ICMP Notes ........................................................................................................................... 203

ZyXEL NWA-3160 Series User’s Guide

Page 27

List of Tables

Table 82 Sys log .................................................................................................................................. 204

Table 83 Log Categories and Available Settings ................................................................................. 204

Table 84 WIRELESS VLAN ................................................................................................................. 209

Table 85 RADIUS VLAN .......................................................................................................................211

Table 86 Standard RADIUS Attributes ................................................................................................. 214

Table 87 System Status ....................................................................................................................... 225

Table 88 System Status: Show Statistics ............................................................................................. 226

Table 89 Association List ..................................................................................................................... 227

Table 90 Channel Usage ..................................................................................................................... 228

Table 91 Firmware Upload ................................................................................................................... 228

Table 92 Restore Configuration ........................................................................................................... 231

Table 93 Hardware Specifications ....................................................................................................... 241

Table 94 Firmware Specifications ........................................................................................................ 243

Table 95 North American Plug Standards ............................................................................................ 245

Table 96 European Plug Standards ..................................................................................................... 246

Table 97 United Kingdom Plug Standards ........................................................................................... 246

Table 98 Australia and New Zealand Plug Standards ......................................................................... 246

Table 99 Power over Ethernet Injector Specifications ........................................................................ 246

Table 100 Power over Ethernet Injector RJ-45 Port Pin Assignments ................................................ 246

Table 101 IEEE 802.11g ...................................................................................................................... 267

Table 102 Wireless Security Levels ..................................................................................................... 268

Table 103 Comparison of EAP Authentication Types .......................................................................... 271

Table 104 Wireless Security Relational Matrix .................................................................................... 274

Table 105 Subnet Masks ..................................................................................................................... 284

Table 106 Subnet Masks ..................................................................................................................... 285

Table 107 Maximum Host Numbers .................................................................................................... 285

Table 108 Alternative Subnet Mask Notation ....................................................................................... 285

Table 109 Subnet 1 .............................................................................................................................. 287

Table 110 Subnet 2 .............................................................................................................................. 288

Table 111 Subnet 3 .............................................................................................................................. 288

Table 112 Subnet 4 .............................................................................................................................. 288

Table 113 Eight Subnets ...................................................................................................................... 288

Table 114 24-bit Network Number Subnet Planning ............................................................................ 289

Table 115 16-bit Network Number Subnet Planning ............................................................................ 289

Table 116 Auto Configuration by DHCP .............................................................................................. 292

Table 117 Manual Configuration .......................................................................................................... 292

Table 118 Configuration via SNMP ...................................................................................................... 292

Table 119 Displaying the File Version .................................................................................................. 293

Table 120 Displaying the File Version .................................................................................................. 293

Table 121 Displaying the Auto Configuration Status ............................................................................294

ZyXEL NWA-3160 Series User’s Guide

Page 28

List of Tables

ZyXEL NWA-3160 Series User’s Guide

Page 29

PART I

Introduction

Introducing the ZyXEL Device (31)

Introducing the Web Configurator (41)

Tutorial (45)

Status Screens (73)

Management Mode (77)

AP Controller Mode (NWA-3160 Only) (81)

Page 30

Page 31

CHAPTER 1

Introducing the ZyXEL Device

This chapter introduces the main applications and features of the ZyXEL Device. It also introduces the ways you can manage the ZyXEL Device.

1.1 Introducing the ZyXEL Device

Your ZyXEL Device extends the range of your existing wired network without additional wiring, providing easy network access to mobile users.

It is highly versatile, supporting multiple BSSIDs simultaneously (eight in the NWA-3160 and NWA-3163, four in the NWA-3165). The Quality of Service (QoS) features allow you to prioritize time-sensitive or highly important applications such as VoIP.

Multiple security profiles allow you to easily assign different types of security to groups of users. The ZyXEL Device controls network access with MAC address filtering, rogue AP detection (NWA-3160 and NWA-3163 only), layer 2 isolation and an internal authentication server. It also provides a high level of network traffic security, supporting IEEE 802.1x, Wi-Fi Protected Access (WPA), WPA2 and WEP data encryption.

Your ZyXEL Device is easy to install, configure and use. The embedded Web-based configurator enables simple, straightforward management and maintenance.

See the Quick Start Guide for instructions on how to make hardware connections.

At the time of writing, this User’s Guide covers the following models.

Table 1 Models Covered

NWA-3160: IEEE 802.11a/b/g Business WLAN Access Point

NWA-3163: IEEE 802.11b/g Business WLAN Access Point

NWA-3165: WirelessN Business WLAN Access Point

1.2 Applications for the ZyXEL Device

The ZyXEL Device can be configured to use the following WLAN operating modes

1 AP 2 Bridge/Repeater (NWA-3160 and NWA-3163 only) 3 AP+Bridge (NWA-3160 and NWA-3163 only) 4 MBSSID

Applications for each operating mode are shown below.

ZyXEL NWA-3160 Series User’s Guide

Page 32

Chapter 1 Introducing the ZyXEL Device

" A different channel should be configured for each WLAN interface to reduce the

effects of radio interference.

1.2.1 Access Point

The ZyXEL Device is an ideal access solution for wireless Internet connection. A typical Internet access application for your ZyXEL Device is shown as follows. Stations A, B and C can access the wired network through the ZyXEL Devices.

Figure 1 Access Point Application

1.2.2 Bridge / Repeater (NWA-3160 and NWA-3163 Only)

The ZyXEL Device can act as a wireless network bridge and establish wireless links with other APs. In the figure below, the two ZyXEL Devices (A and B) are connected to independent wired networks and have a bridge connection (A can communicate with B) at the same time. A ZyXEL Device in repeater mode (C) has no Ethernet connection. When the ZyXEL Device is in bridge mode, you should enable STP to prevent bridge loops.

When the ZyXEL Device is in Bridge / Repeater mode, security between APs (the Wireless Distribution System or WDS) is independent of the security between the wireless stations and the AP. If you do not enable WDS security, traffic between APs is not encrypted. When WDS security is enabled, both APs must use the same pre-shared key. See Section 8.7.3 on page 116 for more details.

Once the security settings of peer sides match one another, the connection between devices is made.

At the time of writing, WDS security is compatible with other ZyXEL access points only. Refer to your other access point’s documentation for details.

ZyXEL NWA-3160 Series User’s Guide

Page 33

Figure 2 Bridge Application

Chapter 1 Introducing the ZyXEL Device

Figure 3 Repeater Application

1.2.3 AP + Bridge (NWA-3160 and NWA-3163 Only)

In AP+Bridge mode, the ZyXEL Device supports both AP and bridge connection at the same time.

ZyXEL NWA-3160 Series User’s Guide

Page 34

Chapter 1 Introducing the ZyXEL Device

In the figure below, A and B use X as an AP to access the wired network, while X and Y communicate in bridge mode.

When the ZyXEL Device is in AP + Bridge mode, security between APs (the Wireless Distribution System or WDS) is independent of the security between the wireless stations and the AP. If you do not enable WDS security, traffic between APs is not encrypted. When WDS security is enabled, both APs must use the same pre-shared key. See Section 8.7.4 on page 120 for more details.

Unless specified, the term “security settings” refers to the traffic between the wireless stations and the ZyXEL Device.

Figure 4 AP+Bridge Application

1.2.4 MBSSID

A BSS (Basic Service Set) is the set of devices forming a single wireless network (usually an access point and one or more wireless clients). An SSID (Service Set IDentifier) is the name of a BSS. In MBSSID (Multiple BSS) mode, the ZyXEL Device provides multiple virtual APs, each forming its own BSS and using its own individual SSID profile.

You can configure up to sixteen SSID profiles, and have up to eight active at any one time.

You can assign different wireless and security settings to each SSID profile. This allows you to compartmentalize groups of users, set varying access privileges, and prioritize network traffic to and from certain BSSs.

To the wireless clients in the network, each SSID appears to be a different access point. As in any wireless network, clients can associate only with the SSIDs for which they have the correct security settings.

ZyXEL NWA-3160 Series User’s Guide

Page 35

Chapter 1 Introducing the ZyXEL Device

For example, you might want to set up a wireless network in your office where Internet telephony (Voice over IP, or VoIP) users have priority. You also want a regular wireless network for standard users, as well as a ‘guest’ wireless network for visitors. In the following figure, VoIP_SSID users have Quality of Service (QoS) priority, SSID03 is the wireless network for standard users, and Guest_SSID is the wireless network for guest users. In this example, the guest user is forbidden access to the wired LAN behind the AP and can access only the Internet.

Figure 5 Multiple BSSs

1.2.5 Pre-Configured SSID Profiles

The ZyXEL Device has two pre-configured SSID profiles.

1 VoIP_SSID. This profile is intended for use by wireless clients requiring the highest

QoS (Quality of Service) level for VoIP (Voice over IP) telephony and other applications requiring low latency. The QoS level of this profile is not user-configurable. See Chapter

8 on page 103 for more information on QoS.

2 Guest_SSID. This profile is intended for use by visitors and others who require access

to certain resources on the network (an Internet gateway or a network printer, for example) but must not have access to the rest of the network. Layer 2 isolation is enabled (see Section 11.1 on page 145), and QoS is set to NONE. Intra-BSS traffic blocking is also enabled (see Section 8.1.1 on page 103). These fields are all user-configurable.

ZyXEL NWA-3160 Series User’s Guide

Page 36

Chapter 1 Introducing the ZyXEL Device

1.3 CAPWAP (NWA-3160 and NWA-3163 Only)

CAPWAP allows a single access point (the AP controller) to manage up to eight other access points (the managed APs). The managed APs receive all their configuration information from the AP controller. This includes radio configuration (such as the wireless channel to use, permitted data rates, and so on), security profile and SSID profile information. The managed APs’ web configurators are disabled, and they are managed entirely by the AP controller.

At the time of writing, the NWA-3160 is the only ZyXEL AP model that can be a CAPWAP controller.

At the time of writing, the following ZyXEL AP models can be CAPWAP managed APs:

•NWA-3160

•NWA-3163

•NWA-3500

•NWA-3550

1.4 Ways to Manage the ZyXEL Device

Use any of the following methods to manage the ZyXEL Device.

• Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser.

• Command Line Interface. Line commands are mostly used for troubleshooting by service engineers.

• SMT (NWA-3165 only). System Management Terminal is a text-based configuration menu that you can use to configure your device. Use Telnet to access the SMT.

• FTP for firmware upgrades and configuration backup and restore.

• SNMP. The device can be monitored by an SNMP manager. See the SNMP chapter in this User’s Guide.

1.5 Good Habits for Managing the ZyXEL Device

Do the following things regularly to make the ZyXEL Device more secure and to manage it more effectively.

• Change the password often. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.

• Write down the password and put it in a safe place.

• Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the ZyXEL Device to its factory default settings. If you backed up an earlier configuration file, you won’t have to totally re-configure the ZyXEL Device; you can simply restore your last configuration.

ZyXEL NWA-3160 Series User’s Guide

Page 37

1.6 Hardware Connections

See your Quick Start Guide for information on making hardware connections.

1.6.1 Antennas

The ZyXEL Device has two antennas. When you are looking at the ZyXEL Device from the front, the main antenna is on the left. The main antenna can both transmit and receive. If you have only one antenna, attach it to the connector on the left of the ZyXEL Device.

Figure 6 Main Antenna

Chapter 1 Introducing the ZyXEL Device

1.7 LEDs

" The figures and screens shown in this User’s Guide are from the NWA-3160

(unless otherwise stated). Your device may differ in minor ways.

ZyXEL NWA-3160 Series User’s Guide

Page 38

Chapter 1 Introducing the ZyXEL Device

Figure 7 LEDs

Table 2 LEDs

LABEL COLOR STATUS DESCRIPTION

WDS (NWA-3160

and NWA3163 only)

Green On

WLAN Green

Off The wireless LAN is not active.

Off Either

• The ZyXEL Device is in Access Point or MBSSID mode and is functioning normally.

• The ZyXEL Device is in AP+Bridge or Bridge/ Repeater mode and has not established a Wireless Distribution System (WDS) connection.

The ZyXEL Device is in AP+Bridge or Bridge/Repeater

(NWA-3160 and NWA-3163 only)

On The wireless LAN is active.

Blinking The wireless LAN is active, and transmitting or

mode, and has successfully established a Wireless Distribution System (WDS) connection.

receiving data.

ZyXEL NWA-3160 Series User’s Guide

Page 39

Chapter 1 Introducing the ZyXEL Device

Table 2 LEDs (continued)

LABEL COLOR STATUS DESCRIPTION

ETHERNET Green On The ZyXEL Device has a 10 Mbps Ethernet

connection.

Blinking The ZyXEL Device has a 10 Mbps Ethernet connection

and is sending or receiving data.

Yellow On The ZyXEL Device has a 100 Mbps Ethernet

connection.

Blinking The ZyXEL Device has a 100 Mbps Ethernet

connection and is sending/receiving data.

Off The ZyXEL Device does not have an Ethernet

POWER/SYS Green On The ZyXEL Device is receiving power and functioning

Off The ZyXEL Device is not receiving power.

Red Blinking Either

Off The ZyXEL Device successfully boots up.

connection.

properly.

• If the LED blinks during the boot up process, the system is starting up.

• If the LED blinks after the boot up process, the system has failed.

ZyXEL NWA-3160 Series User’s Guide

Page 40

Chapter 1 Introducing the ZyXEL Device

ZyXEL NWA-3160 Series User’s Guide

Page 41

CHAPTER 2

Introducing the Web

Configurator

This chapter describes how to access the ZyXEL Device’s web configurator and provides an overview of its screens.

" When your ZyXEL Device is in (CAPWAP) Managed AP mode (NWA-3160 and

NWA-3163 only) the Web Configurator is not available. The ZyXEL Device can be managed only through the controller AP’s web configurator.

2.1 Accessing the Web Configurator

1 Make sure your hardware is properly connected and prepare your computer or computer

network to connect to the ZyXEL Device (refer to the Quick Start Guide).

2 Launch your web browser.

FOR THE LOGIN SECTION:

3 If you have only one ZyXEL Device on your network, enter its System Name in your

browser’s address bar and press [ENTER]. The default System Name is NWA-Series. See Section 7.2 on page 97 for information on locating and changing the ZyXEL Device’s System Name.

" If you changed the System Name, and the new name is over 15 characters long,

you must enter NWA-Series instead.

Figure 8 Enter the System Name

ZyXEL NWA-3160 Series User’s Guide

Page 42

Chapter 2 Introducing the Web Configurator

If you have more than one ZyXEL Device on your network (that uses the default System Name) or if you are not sure of your ZyXEL Device’s System Name, use one of the following methods to access the web configurator:

• Enter the ZyXEL Device’s LAN IP address in your browser’s address bar and press [ENTER]. The default IP address is 192.168.1.2. See Section 7.2 on page 97 for information on locating and changing the ZyXEL Device’s IP.

• Alternatively, enter zyxelXX:XX:XX in your browser’s address bar, where XX:XX:XX represents the final six characters of your ZyXEL Device’s MAC (Media Access Control) address. The MAC address is usually printed on a label on the ZyXEL Device.

" The ZyXEL Device has a MAC address for each of its interfaces; for example,

one for the wired interface (LAN, or Local Area Network) and one for the wireless interface (WLAN, or Wireless Local Area Network). Use the LAN MAC address when accessing the ZyXEL Device over the wired network, and use the WLAN MAC address when accessing the ZyXEL Device over the wireless interface.

4 Type "1234" (default) as the password and click Login. In some versions, the default

password appears automatically - if this is the case, click Login.

5 Yo u

should see a screen asking you to change your password (highly recommended) as

shown next. Type a new password (and retype it to confirm) then click Apply. Alternatively, click Ignore.

" If you do not change the password, the following screen appears every time

you login.

Figure 9 Change Password Screen

ZyXEL NWA-3160 Series User’s Guide

Page 43

Chapter 2 Introducing the Web Configurator

6 Click Apply in the Replace Certificate screen to create a certificate using your ZyXEL

Device’s MAC address that will be specific to this device.

Figure 10 Replace Certificate Screen

You should now see the Status screen. See Chapter 2 on page 41 for details about the Status screen.

" The management session automatically times out when the time period set in

the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyXEL Device if this happens.

2.2 Resetting the ZyXEL Device

If you forget your password or cannot access the web configurator, you will need to use the RESET button. This replaces the current configuration file with the factory-default configuration file. This means that you will lose all the settings you previously configured. The password will be reset to 1234.

2.2.1 Methods of Restoring Factory-Defaults

You can erase the current configuration and restore factory defaults in three ways:

Use the RESET button to upload the default configuration file. Hold this button in for about 10 seconds (the lights will begin to blink). Use this method for cases when the password or IP address of the ZyXEL Device is not known.

Use the web configurator to restore defaults (refer to Chapter 19 on page 225).

Transfer the configuration file to your ZyXEL Device using FTP. See the section on SMT configuration for more information.

ZyXEL NWA-3160 Series User’s Guide

Page 44

Chapter 2 Introducing the Web Configurator

2.3 Navigating the Web Configurator

The following summarizes how to navigate the web configurator from the Status screen.

Click LOGOUT at any time to exit the web configurator.

Check the status bar at the bottom of the screen when you click Apply or OK to verify that the configuration has been updated.

Figure 11 The Status Screen of the Web Configurator

Click the links on the left of the screen to configure advanced features such as MGNT MODE (NWA-3160 and NWA-3165 only: AP Controller (NWA-3160 only), Standalone AP, Managed AP), SYSTEM (General Setup, Password and Time Zone), WIRELESS (Wireless, SSID, Security, RADIUS, Layer-2 Isolation, MAC Filter), IP, ROGUE AP (NWA-3160 and NWA- 3163 only - Configuration, Friendly AP, Rogue AP), REMOTE MGNT (Telnet, FTP, WWW and SNMP), AUTH. SERVER (Setting, Trusted AP, Trusted Users), CERTIFICATES (My Certificates, Trusted CAs), LOGS (View Logs and Log Settings) and VLAN (Wireless VLAN and RADIUS VLAN).

Click MAINTENANCE to view information about your ZyXEL Device or upgrade configuration and firmware files. Maintenance features include Status (Statistics),

Association List, Channel Usage (NWA-3160 and NWA-3163 only), F/W (firmware) Upload, Configuration (Backup, Restore and Default) and Restart.

ZyXEL NWA-3160 Series User’s Guide

Page 45

CHAPTER 3

Tutorial

This chapter first provides an overview of how to configure the wireless LAN on your ZyXEL Device, and then gives step-by-step guidelines showing how to configure your ZyXEL Device for some example scenarios.

3.1 How to Configure the Wireless LAN

This section shows how to choose which wireless operating mode you should use on the ZyXEL Device, and the steps you should take to set up the wireless LAN in each wireless mode. See Section 3.1.3 on page 48 for links to more information on each step.

" This section describes how to use the ZyXEL Device in standalone mode. For

information on using the ZyXEL Device in a CAPWAP network, see Chapter 5 on

page 77 and Chapter 6 on page 81.

3.1.1 Choosing the Wireless Mode

•Use Access Point operating mode if you want to allow wireless clients to access your wired network, all using the same security and Quality of Service (QoS) settings. See

Section 1.2.1 on page 32 for details.

•Use Bridge/Repeater operating mode (NWA-3160 and NWA-3163 only) if you want to use the ZyXEL Device to communicate with other access points. See Section 1.2.2 on

page 32 for details.

The ZyXEL Device is a bridge when other APs access your wired Ethernet network through the ZyXEL Device.

The ZyXEL Device is a repeater when it has no Ethernet connection and allows other APs to communicate with one another through the ZyXEL Device.

•Use AP+Bridge operating mode (NWA-3160 and NWA-3163 only) if you want to use the ZyXEL Device as an access point (see above) while also communicating with other access points. See Section 1.2.3 on page 33 for details.

•Use MBSSID operating mode if you want to use the ZyXEL Device as an access point with some groups of users having different security or QoS settings from other groups of users. See Section 1.2.4 on page 34 for details.

ZyXEL NWA-3160 Series User’s Guide

Page 46

Chapter 3 Tutorial

3.1.2 Wireless LAN Configuration Overview

The following figure shows the steps you should take to configure the wireless settings according to the operating mode you select. Use the Web Configurator to set up your ZyXEL Device’s wireless network (see your Quick Start Guide for information on setting up your ZyXEL Device and accessing the Web Configurator).

ZyXEL NWA-3160 Series User’s Guide

Page 47

Figure 12 Configuring Wireless LAN

Select Operating Mode

Chapter 3 Tutorial

Access Point

Mode.

Select 802.11

Mode and Channel ID.

Select SSID Profile.

Configure SSID Profile.

Edit Security Profile.

Configure RADIUS authentication (optional).

Configure internal AUTH.

SERVER (optional).

Bridge / Repeater Mode.

(NWA-3160 and NWA-3163 only).

Select 802.11

Mode and Channel ID.

Configure

WDS Security.

AP + Bridge

Mode. (NWA-3160 and NWA-3163 only).

Select 802.11 Mode and Channel ID.

Configure WDS Security.

Select SSID Profile.

Configure SSID Profile.

Edit Security Profile.

Configure RADIUS authentication (optional).

MBSSID

Mode.

Select 802.11

Mode and Channel ID.

Select SSID Profiles

Configure each SSID Profile.

Configure each Security Profile.

Configure RADIUS authentication (optional).

Configure internal

AUTH. SERVER

(optional).

Configure Layer 2 Isolation (optional).

Configure MAC Filter (optional).

ZyXEL NWA-3160 Series User’s Guide

Configure internal AUTH.

SERVER (optional).

Configure Layer 2 Isolation (optional).

Configure MAC Filter

(optional).

Check your settings and test.

Configure Layer 2 Isolation (optional).

Configure MAC Filter (optional).

Page 48

Chapter 3 Tutorial

3.1.3 Further Reading

Use these links to find more information on the steps:

• Choosing 802.11 Mode: see Section 8.7.1 on page 111.

• Choosing a wireless Channel ID: see Section 8.7.1 on page 111.

• Selecting and configuring SSID profile(s): see Section 8.7.1 on page 111 and Section

10.2.1 on page 140.

• Configuring and activating WDS Security (NWA-3160 and NWA-3163 only): see Section

8.7.3 on page 116.

• Editing Security Profile(s): see Section 9.9 on page 126.

• Configuring an external RADIUS server: see Section 9.11 on page 134.

• Configuring and activating the internal AUTH. SERVER: see Section 9.4.1 on page 123 and Chapter 15 on page 175.

• Configuring Layer 2 Isolation: see Section 11.3 on page 147.

• Configuring MAC Filtering: see Section 11.4 on page 150.

3.2 How to Configure Multiple Wireless Networks

In this example, you have been using your ZyXEL Device as an access point for your office network (See your Quick Start Guide for information on how to set up your ZyXEL Device in Access Point mode). Now your network is expanding and you want to make use of the MBSSID feature (see Section 10.1 on page 137) to provide multiple wireless networks. Each wireless network will cater for a different type of user.

You want to make three wireless networks: one standard office wireless network with all the same settings you already have, another wireless network with high Quality of Service (QoS) settings for Voice over IP users, and a guest network that allows visitors to your office to access only the Internet and the network printer.

To do this, you will take the following steps:

1 Change the operating mode from Access Point to MBSSID and reactivate the standard

network.

2 Configure a wireless network for Voice over IP users. 3 Configure a wireless network for guests to your office.

The following figure shows the multiple networks you want to set up. Your ZyXEL Device is marked Z, the main network router is marked A, and your network printer is marked B.

ZyXEL NWA-3160 Series User’s Guide

Page 49

Figure 13 Tutorial: Example MBSSID Setup

Chapter 3 Tutorial

The standard network (SSID04) has access to all resources. The VoIP network (VoIP_SSID) has access to all resources and a high Quality of Service (QoS) setting (see Chapter 8 on page

103 for information on QoS). The guest network (Guest_SSID) has access to the Internet and

the network printer only, and a low QoS setting.

To configure these settings, you need to know the MAC (Media Access Control) addresses of the devices you want to allow users of the guest network to access. The following table shows the addresses used in this example.

Table 3 Tutorial: Example Information

Network router (A) MAC address 00:AA:00:AA:00:AA

Network printer (B) MAC address AA:00:AA:00:AA:00

3.2.1 Change the Operating Mode

Log in to the ZyXEL Device (see Section 2.1 on page 41). Click WIRELESS > Wireless. The Wireless screen appears. In this example, the ZyXEL Device is using Access Point operating mode, and is currently set to use the SSID04 profile.

ZyXEL NWA-3160 Series User’s Guide

Page 50

Chapter 3 Tutorial

Figure 14 Tutorial: Wireless LAN: Before

Select MBSSID from the Operating Mode drop-down list box. The screen displays as follows.

Figure 15 Tutorial: Wireless LAN: Change Mode

This Select SSID Profile table allows you to activate or deactivate SSID profiles. Your wireless network was previously using the SSID04 profile, so select SSID04 in one of the Profile list boxes (number 3 in this example).

ZyXEL NWA-3160 Series User’s Guide

Page 51

Select the Index box for the entry and click Apply to activate the profile. Your standard wireless network (SSID04) is now accessible to your wireless clients as before. You do not need to configure anything else for your standard network.

3.2.2 Configure the VoIP Network

Next, click WIRELESS > SSID. The following screen displays. Note that the SSID04 SSID profile (the standard network) is using the security01 security profile. You cannot change this security profile without changing the standard network’s parameters, so when you set up security for the VoIP_SSID and Guest_SSID profiles you will need to set different security profiles.

Figure 16 Tutorial: WIRELESS > SSID

Chapter 3 Tutorial

The Voice over IP (VoIP) network will use the pre-configured SSID profile, so select VoIP_SSID’s radio button and click Edit. The following screen displays.

ZyXEL NWA-3160 Series User’s Guide

Page 52

Chapter 3 Tutorial

Figure 17 Tutorial: VoIP SSID Profile Edit

• Choose a new SSID for the VoIP network. In this example, enter VOIP_SSID_Example. Note that although the SSID changes, the SSID profile name (VoIP_SSID) remains the same as before.

• Select Enable from the Hide Name (SSID) list box. You want only authorized company employees to use this network, so there is no need to broadcast the SSID to wireless clients scanning the area.

• The standard network (SSID04) is currently using the security01 profile, so use a different profile for the VoIP network. If you used the security01 profile, anyone who could access the standard network could access the VoIP wireless network. Select security02 from the Security field.

• Leave all the other fields at their defaults and click Apply.

3.2.2.1 Set Up Security for the VoIP Profile

Now you need to configure the security settings to use on the VoIP wireless network. Click the Security tab.

ZyXEL NWA-3160 Series User’s Guide

Page 53

Figure 18 Tutorial: VoIP Security

Chapter 3 Tutorial

You already chose to use the security02 profile for this network, so select the radio button for security02 and click Edit. The following screen appears.

Figure 19 Tutorial: VoIP Security Profile Edit

•Change the Name field to “VoIP_Security” to make it easier to remember and identify.

• In this example, you do not have a RADIUS server for authentication, so select WPA2- PSK in the Security Mode field. WPA2-PSK provides strong security that anyone with a compatible wireless client can use, once they know the pre-shared key (PSK). Enter the PSK you want to use in your network in the Pre Shared Key field. In this example, the PSK is “ThisismyWPA2-PSKpre-sharedkey”.

ZyXEL NWA-3160 Series User’s Guide

Page 54

Chapter 3 Tutorial

• Click Apply. The WIRELESS > Security screen displays. Ensure that the Profile Name for entry 2 displays “VoIP_Security” and that the Security Mode is WPA2-PSK.

Figure 20 Tutorial: VoIP Security: Updated

3.2.2.2 Activate the VoIP Profile

You need to activate the VoIP_SSI D profile before it can be used. Click the Wireless tab. In the Select SSID Profile table, select the VoIP_SSID profile and click Apply.

Figure 21 Tutorial: Activate VoIP Profile

Your VoIP wireless network is now ready to use. Any traffic using the VoIP_SSID profile will be given the highest priority across the wireless network.

3.2.3 Configure the Guest Network

When you are setting up the wireless network for guests to your office, your primary concern is to keep your network secure while allowing access to certain resources (such as a network printer, or the Internet). For this reason, the pre-configured Guest_SSID profile has layer-2 isolation and intra-BSS traffic blocking enabled by default. “Layer-2 isolation” means that a client accessing the network via the Guest_SSID profile can access only certain pre-defined devices on the network (see Section 11.1 on page 145), and “intra-BSS traffic blocking” means that the client cannot access other clients on the same wireless network (see Section

8.1.1 on page 103).

Click WIRELESS > SSID. Select Guest_SSID’s entry in the list and click Edit. The following screen appears.

ZyXEL NWA-3160 Series User’s Guide

Page 55

Chapter 3 Tutorial

Figure 22 Tutorial: Guest Edit

• Choose a new SSID for the guest network. In this example, enter Guest_SSID_Example. Note that although the SSID changes, the SSID profile name (Guest_SSID) remains the same as before.

• Select Disable from the Hide Name (SSID) list box. This makes it easier for guests to configure their own computers’ wireless clients to your network’s settings.

• The standard network (SSID04) is already using the security01 profile, and the VoIP network is using the security02 profile (renamed VoIP_Security) so select the security03 profile from the Security field.

• Leave all the other fields at their defaults and click Apply.

3.2.3.1 Set Up Security for the Guest Profile

Now you need to configure the security settings to use on the guest wireless network. Click the Security tab.

You already chose to use the security03 profile for this network, so select security03’s entry in the list and click Edit. The following screen appears.

Figure 23 Tutorial: Guest Security Profile Edit

•Change the Name field to “Guest_Security” to make it easier to remember and identify.

ZyXEL NWA-3160 Series User’s Guide

Page 56

Chapter 3 Tutorial

• Select WPA-PSK in the Security Mode field. WPA-PSK provides strong security that is supported by most wireless clients. Even though your Guest_SSID clients do not have access to sensitive information on the network, you should not leave the network without security. An attacker could still cause damage to the network or intercept unsecured communications.

• Enter the PSK you want to use in your network in the Pre Shared Key field. In this example, the PSK is “ThisismyGuestWPApre-sharedkey”.

• Click Apply. The WIRELESS > Security screen displays. Ensure that the Profile Name for entry 3 displays “Guest_Security” and that the Security Mode is WPA-PSK.

Figure 24 Tutorial: Guest Security: Updated

3.2.3.2 Set up Layer 2 Isolation

Configure layer 2 isolation to control the specific devices you want the users on your guest network to access. Click WIRELESS > Layer-2 Isolation. The following screen appears.

Figure 25 Tutorial: Layer 2 Isolation

The Guest_SSID network uses the l2isolation01 profile by default, so select its entry and click Edit. The following screen displays.

ZyXEL NWA-3160 Series User’s Guide

Page 57

Chapter 3 Tutorial

Figure 26 Tutorial: Layer 2 Isolation Profile

Enter the MAC addresses of the two network devices you want users on the guest network to be able to access: the main network router (00:AA:00:AA:00:AA) and the network printer (AA:00:AA:00:AA:00). Click Apply.

3.2.3.3 Activate the Guest Profile

You need to activate the Guest_SSID profile before it can be used. Click the Wireless tab. In the Select SSID Profile table, select the check box for the Guest_SSID profile and click Apply.

Figure 27 Tutorial: Activate Guest Profile

Your Guest wireless network is now ready to use.

3.2.4 Testing the Wireless Networks

To make sure that the three networks are correctly configured, do the following.

• On a computer with a wireless client, scan for access points. You should see the Guest_SSID network, but not the VoIP_SSID network. If you can see the VoIP_SSID network, go to its SSID Edit screen and make sure Hide Name (SSID) is set to Enable.

Whether or not you see the standard network’s SSID (SSID04) depends on whether “hide SSID” is enabled.

ZyXEL NWA-3160 Series User’s Guide

Page 58

Chapter 3 Tutorial

• Try to access each network using the correct security settings, and then using incorrect security settings, such as the WPA-PSK for another active network. If the behavior is different from expected (for example, if you can access the VoIP wireless network using the security settings for the Guest_SSID wireless network) check that the SSID profile is set to use the correct security profile, and that the settings of the security profile are correct.

• Access the Guest_SSID network and try to access other resources than those specified in the Layer 2 Isolation (l2isolation01) profile screen.

You can use the ping utility to do this. Click Start > Run... and enter “cmd” in the Open: field. Click OK. At the c:\> prompt, enter “ping 192.168.1.10” (substitute the IP address of a real device on your network that is not on the layer 2 isolation list). If you receive a reply, check the settings in the WIRELESS > Layer-2 Isolation > Edit screen, and ensure that the correct layer 2 isolation profile is enabled in the Guest_SSID profile screen.

3.3 How to Set Up and Use Rogue AP Detection

This example shows you how to configure the rogue AP detection feature on the ZyXEL Device.

" This feature is available on the NWA-3160 and NWA-3163 only.

A rogue AP is a wireless access point operating in a network’s coverage area that is not a sanctioned part of that network. The example also shows how to set the ZyXEL Device to send out e-mail alerts whenever it detects a rogue wireless access point. See Chapter 13 on page 157 for background information on the rogue AP function and security considerations.

In this example, you want to ensure that your company’s data is not accessible to an attacker gaining entry to your wireless network through a rogue AP.

Your wireless network operates in an office building. It consists of four access points (all ZyXEL Devices) and a variable number of wireless clients. You also know that the coffee shop on the ground floor has a wireless network consisting of a single access point, which can be detected and accessed from your floor of the building. There are no other static wireless networks in your coverage area.

The following diagram shows the wireless networks in your area. Your access points are marked A, B, C and D. You also have a network mail/file server, marked E, and a computer, marked F, connected to the wired network. The coffee shop’s access point is marked 1.

ZyXEL NWA-3160 Series User’s Guide

Page 59

Figure 28 Tutorial: Wireless Network Example

Chapter 3 Tutorial

In the figure, the solid circle represents the range of your wireless network, and the dashed circle represents the extent of the coffee shop’s wireless network. Note that the two networks overlap. This means that one or more of your APs can detect the AP (1) in the other wireless network.

When configuring the rogue AP feature on your ZyXEL Devices in this example, you will need to use the information in the following table. You need the IP addresses of your APs to access their Web configurators, and you need the MAC address of each AP to configure the friendly AP list. You need the IP address of the mail server to set up e-mail alerts.

Table 4 Tutorial: Rogue AP Example Information

DEVICE IP ADDRESS MAC ADDRESS

Access Point A 192.168.1.1 00:AA:00:AA:00:AA

Access Point B 192.168.1.2 AA:00:AA:00:AA:00

Access Point C 192.168.1.3 A0:0A:A0:0A:A0:0A

Access Point D 192.168.1.4 0A:A0:0A:A0:0A:A0

File / Mail Server E 192.168.1.25 N/A

Access Point 1 UNKNOWN AF:AF:AF:FA:FA:FA

ZyXEL NWA-3160 Series User’s Guide

Page 60

Chapter 3 Tutorial

" The ZyXEL Device can detect the MAC addresses of APs automatically.

However, it is more secure to obtain the correct MAC addresses from another source and add them to the friendly AP list manually. For example, an attacker’s AP mimicking the correct SSID could be placed on the friendly AP list by accident, if selected from the list of auto-detected APs. In this example you have spoken to the coffee shop’s owner, who has told you the correct MAC address of his AP.

In this example, you will do the following things.

1 Set up and save a friendly AP list. 2 Activate periodic Rogue AP Detection. 3 Set up e-mail alerts. 4 Configure your other access points. 5 Test the setup.

3.3.1 Set Up and Save a Friendly AP list

Take the following steps to set up and save a list of access points you want to allow in your network’s coverage area.

1 On a computer connected to the wired network (F in the previous figure), open your

Internet browser and enter the URL of access point A (192.168.1.1). Login to the Web configurator and click ROGUE AP > Friendly AP. The following screen displays.

Figure 29 Tutorial: Friendly AP (Before Data Entry)

2 Fill in the MAC Address and Description fields as in the following table. Click Add

after you enter the details of each AP to include it in the list.

Table 5 Tutorial: Friendly AP Information

MAC ADDRESS DESCRIPTION

00:AA:00:AA:00:AA My Access Point _A_

AA:00:AA:00:AA:00 My Access Point _B_

A0:0A:A0:0A:A0:0A My Access Point _C_

0A:A0:0A:A0:0A:A0 My Access Point _D_

AF:AF:AF:FA:FA:FA Coffee Shop Access Point _1_

ZyXEL NWA-3160 Series User’s Guide

Page 61

Chapter 3 Tutorial

" You can add APs that are not part of your network to the friendly AP list, as long

as you know that they do not pose a threat to your network’s security.

The Friendly AP screen now appears as follows.

Figure 30 Tutorial: Friendly AP (After Data Entry)

3 Next, you will save the list of friendly APs in order to provide a backup and upload it to

your other access points. Click the Configuration tab.The following screen appears.

Figure 31 Tutorial: Configuration

4 Click Export. If a window similar to the following appears, click Save.

ZyXEL NWA-3160 Series User’s Guide

Page 62

Chapter 3 Tutorial

Figure 32 Tutorial: Warning

5 Save the friendly AP list somewhere it can be accessed by all the other access points on

Figure 33 Tutorial: Save Friendly AP list

the network. In this example, save it on the network file server (E in Figure 28 on page

59). The default filename is “Flist”.

3.3.2 Activate Periodic Rogue AP Detection

Take the following steps to activate rogue AP detection on the first of your ZyXEL Devices.

1 In the ROGUE AP > Configuration screen, select Ye s from the Activate Rogue AP

Period Detection field.

Figure 34 Tutorial: Periodic Rogue AP Detection

ZyXEL NWA-3160 Series User’s Guide

Page 63

2 In the Period (min.) field, enter how often you want the ZyXEL Device to scan for

rogue APs. You can have the ZyXEL Device scan anywhere from once every ten minutes to once every hour. In this example, enter “10”.

3 Click Apply.

3.3.3 Set Up E-mail Logs

In this section, you will configure the first of your four APs to send a log message to your email inbox whenever a rogue AP is discovered in your wireless network’s coverage area.

1 Click LOGS > Log Settings. The following screen appears.

Figure 35 Tutorial: Log Settings

Chapter 3 Tutorial

• In this example, your mail server’s IP address is 192.168.1.25. Enter this IP address in the Mail Server field.

• Enter a subject line for the alert e-mails in the Mail Subject field. Choose a subject that is eye-catching and identifies the access point - in this example, “ALERT_Access_Point_A”.

• Enter the email address to which you want alerts to be sent (myname@myfirm.com, in this example).

ZyXEL NWA-3160 Series User’s Guide

Page 64

Chapter 3 Tutorial

•In the Send Immediate Alert section, select the events you want to trigger immediate emails. Ensure that Rogue AP is selected.

• Click Apply.

3.3.4 Configure Your Other Access Points

Access point A is now configured to do the following.

• Scan for access points in its coverage area every ten minutes.

• Recognize friendly access points from a list.

• Send immediate alerts to your email account if it detects an access point not on the list.

Now you need to configure the other wireless access points on your network to do the same things.

For each access point, take the following steps.

1 From a computer on the wired network, enter the access point’s IP address and login to

its Web configurator. See Table 4 on page 59 for the example IP addresses.

2 Import the friendly AP list. Click ROGUE AP > Configuration > Browse.... Find the

“Flist” file where you previously saved it on the network and click Open.

3 Click Import. Check the ROGUE AP > Friendly AP screen to ensure that the friendly

AP list has been correctly uploaded.

4 Activate periodic rogue AP detection. See Section 3.3.2 on page 62. 5 Set up e-mail logs as in Section 3.3.3 on page 63, but change the Mail Subject field so

you can tell which AP the alerts come from (“ALERT_Access_Point_B”, etc.)

3.3.5 Test the Setup

Next, test your setup to ensure it is correctly configured.

• Log into each AP’s Web configurator and click ROGUE AP > Rogue AP. Click Refresh. If any of the MAC addresses from Table 5 on page 60 appear in the list, the friendly AP function may be incorrectly configured - check the ROGUE AP > Friendly AP screen.

If any entries appear in the rogue AP list that are not in Table 5 on page 60, write down the AP’s MAC address for future reference and check your e-mail inbox. If you have received a rogue AP alert, email alerts are correctly configured on that ZyXEL Device.

• If you have another access point that is not used in your network, make a note of its MAC address and set it up next to each of your ZyXEL Devices in turn while the network is running.

Either wait for at least ten minutes (to ensure the ZyXEL Device performs a scan in that time) or login to the ZyXEL Device’s Web configurator and click ROGUE AP > Rogue AP > Refresh to have the ZyXEL Device perform a scan immediately.

• Check the ROGUE AP > Rogue AP screen. You should see an entry in the list with the same MAC address as your “rogue” AP.

• Check the LOGS > View Logs screen. You should see a Rogue AP Detection entry in red text, including the MAC address of your “rogue” AP.

• Check your e-mail. You should have received at least one e-mail alert (your other ZyXEL Devices may also have sent alerts, depending on their proximity and the output power of your “rogue” AP).

ZyXEL NWA-3160 Series User’s Guide

Page 65

Chapter 3 Tutorial

3.4 Using Multiple MAC Filters and L-2 Isolation Profiles

This example shows you how to allow certain users to access only specific parts of your network. You can do this by using multiple MAC filters and layer-2 isolation profiles.

3.4.1 Scenario

In this example, you run a company network in which certain employees must wirelessly access secure file servers containing valuable proprietary data.

You have two secure servers (1 and 2 in the following figure). Wireless user “Alice” (A) needs to access server 1 (but should not access server 2) and wireless user “Bob” (B) needs to access server 2 (but should not access server 1). Your ZyXEL Device is marked Z. C is a workstation on your wired network, D is your main network switch, and E is the security gateway you use to connect to the Internet.

Figure 36 Tutorial: Example Network

3.4.2 Your Requirements

1 You want to set up a wireless network to allow only Alice to access Server 1 and the

Internet.

2 You want to set up a second wireless network to allow only Bob to access Server 2 and

the Internet.

3.4.3 Setup

In this example, you have already set up the ZyXEL Device in MBSSID mode (see Chapter 10

on page 137). It uses two SSID profiles simultaneously. You have configured each SSID

profile as shown in the following table.

Table 6 Tutorial: SSID Profile Security Settings

SSID Profile Name

SSID

ZyXEL NWA-3160 Series User’s Guide

SERVER_1 SERVER_2

SSID_S1 SSID_S2

Page 66

Chapter 3 Tutorial

Table 6 Tutorial: SSID Profile Security Settings

Security

Intra-BSS traffic blocking

Each SSID profile already uses a different pre-shared key.

In this example, you will configure access limitations for each SSID profile. To do this, you will take the following steps.

1 Configure the SERVER_1 network’s SSID profile to use specific MAC filter and layer-2

2 Configure the SERVER_1 network’s MAC filter profile. 3 Configure the SERVER_1 network’s layer-2 isolation profile. 4 Repeat steps 1 ~ 3 for the SERVER_2 network. 5 Check your settings and test the configuration.

To configure layer-2 isolation, you need to know the MAC addresses of the devices on your network, which are as follows.

Table 7 Tutorial: Example Network MAC Addresses

DEVICE LABEL MAC ADDRESS

ZyXEL Device Z BB:AA:99:88:77:66

Secure Server 1 1 AA:99:88:77:66:55

Secure Server 2 2 99:88:77:66:55:44

Workstation C 88:77:66:55:44:33

Switch D 77:66:55:44:33:22

Security gateway E 66:55:44:33:22:11

Security Profile security03:

isolation profiles.

Security Profile security04:

WPA2-PSK

Hide SSID

Enabled Enabled

WPA2-PSK

Hide SSID

To configure MAC filtering, you need to know the MAC addresses of the devices Alice and Bob use to connect to the network, which are as follows.

Table 8 Tutorial: Example User MAC Addresses

USER MAC ADDRESS

Alice 11:22:33:44:55:66

Bob 22:33:44:55:66:77

3.4.4 Configure the SERVER_1 Network

First, you will set up the SERVER_1 network which allows Alice to access secure server 1 via the network switch.

You will configure the MAC filter to restrict access to Alice alone, and then configure layer-2 isolation to allow her to access only the network router, the file server and the Internet security gateway.

Take the following steps to configure the SERVER_1 network.

1 Log into the ZyXEL Device’s Web Configurator and click WIRELESS > SSID. The

following screen displays, showing the SSID profiles you already configured.

ZyXEL NWA-3160 Series User’s Guide

Page 67

Figure 37 Tutorial: SSID Profile

Chapter 3 Tutorial

2 Select SERVER_1’s entry and click Edit. The following screen displays.

Figure 38 Tutorial: SSID Edit

Select l2Isolation03 in the L2 Isolation field, and select macfilter03 in the MAC Filtering field. Click Apply.

3 Click the Layer-2 Isolation tab. When the Layer-2 Isolation screen appears, select

L2Isolation03’s entry and click Edit. The following screen displays.

ZyXEL NWA-3160 Series User’s Guide

Page 68

Chapter 3 Tutorial

Figure 39 Tutorial: Layer-2 Isolation Edit

4 Click the MAC Filter tab. When the MAC Filter screen appears, select macfilter03’s

Enter the network router’s MAC Address and add a Description (“NET_ROUTER” in this case) in Set 1’s entry.

Enter server 1’s MAC Address and add a Description (“SERVER_1” in this case) in Set 2’s entry.

Change the Profile Name to “L-2-ISO_SERVER_1” and click Apply. You have restricted users on the SERVER_1 network to access only the devices with the MAC addresses you entered.

entry and click Edit. Enter the MAC address of the device Alice uses to connect to the network in Set 1’s

MAC Address field and enter her name in the Description field, as shown in the following figure. Change the Profile Name to “MacFilter_SERVER_1”. Select Allow Association from the Filter Action field and click Apply.

Figure 40 Tutorial: MAC Filter Edit (SERVER_1)

You have restricted access to the SERVER_1 network to only the networking device whose MAC address you entered. The SERVER_1 network is now configured.

ZyXEL NWA-3160 Series User’s Guide

Page 69

3.4.5 Configure the SERVER_2 Network

Next, you will configure the SERVER_2 network that allows Bob to access secure server 2 and the Internet.

To do this, repeat the procedure in Section 3.4.4 on page 66, substituting the following information.

Table 9 Tutorial: SERVER_2 Network Information

SSID Screen

Index 4

Profile Name SERVER_2

SSID Edit (SERVER_2) Screen

L2 Isolation L2Isolation04

MAC Filtering macfilter04

Layer-2 Isolation (L2Isolation04) Screen

Profile Name L-2-ISO_SERVER-2

Set 1 MAC Address: 77:66:55:44:33:22

Description: NET_ROUTER

Set 2 MAC Address: 99:88:77:66:55:44

Description: SERVER_2

Set 3 MAC Address: 66:55:44:33:22:11

Description: GATEWAY

MAC Filter (macfilter04) Edit Screen

Profile Name MacFilter_SERVER_2

Set 1 MAC Address: 22:33:44:55:66:77

Description: Bob

Chapter 3 Tutorial

3.4.6 Checking your Settings and Testing the Configuration

Use the following sections to ensure that your wireless networks are set up correctly.

3.4.6.1 Checking Settings

Take the following steps to check that the ZyXEL Device is using the correct SSIDs, MAC filters and layer-2 isolation profiles.

1 Click WIRELESS > Wireless. Check that the Operating Mode is MBSSID and that

the correct SSID profiles are selected and activated, as shown in the following figure.

ZyXEL NWA-3160 Series User’s Guide

Page 70

Chapter 3 Tutorial

Figure 41 Tutorial: SSID Profiles Activated

2 Next, click the SSID tab. Check that each configured SSID profile uses the correct

Figure 42 Tutorial: SSID Tab Correct Settings

Security, Layer-2 Isolation and MAC Filter profiles, as shown in the following figure.

V If the settings are not as shown, follow the steps in the relevant section of this

tutorial again.

3.4.6.2 Testing the Configuration

Before you allow employees to use the network, you need to thoroughly test whether the setup behaves as it should. Take the following steps to do this.

1 Test the SERVER_1 network.

• Using Alice’s computer and wireless client, and the correct security settings, do the following.

Attempt to access Server 1. You should be able to do so. Attempt to access the Internet. You should be able to do so. Attempt to access Server 2. You should be unable to do so. If you can do so, layer-2

isolation is misconfigured.

• Using Alice’s computer and wireless client, and incorrect security settings, attempt to associate with the SERVER_1 network. You should be unable to do so. If you can do so, security is misconfigured.

ZyXEL NWA-3160 Series User’s Guide

Page 71

Chapter 3 Tutorial

• Using another computer and wireless client, but with the correct security settings, attempt to associate with the SERVER_1 network. You should be unable to do so. If you can do so, MAC filtering is misconfigured.

2 Test the SERVER_2 network.

• Using Bob’s computer and wireless client, and the correct security settings, do the following.

Attempt to access Server 2. You should be able to do so. Attempt to access the Internet. You should be able to do so. Attempt to access Server 1. You should be unable to do so. If you can do so, layer-2

isolation is misconfigured.

• Using Bob’s computer and wireless client, and incorrect security settings, attempt to associate with the SERVER_2 network. You should be unable to do so. If you can do so, security is misconfigured.

• Using another computer and wireless client, but with the correct security settings, attempt to associate with the SERVER_2 network. You should be unable to do so. If you can do so, MAC filtering is misconfigured.

If you cannot do something that you should be able to do, check the settings as described in

Section 3.4.6.1 on page 70, and in the individual Security, layer-2 isolation and MAC filter

profiles for the relevant network. If this does not help, see the Troubleshooting chapter in this User’s Guide.

ZyXEL NWA-3160 Series User’s Guide

Page 72

Chapter 3 Tutorial

ZyXEL NWA-3160 Series User’s Guide

Page 73

CHAPTER 4

Status Screens

The Status screen displays when you log into the ZyXEL Device, or click STATUS in the navigation menu.

Use the Status screens to look at the current status of the device, system resources, interfaces and SSID status. The Status screen also provides detailed information about associated wireless clients, channel usage, logs and detected rogue APs.

" Fields in this screen may differ depending on the ZyXEL Device model you are

using.

" These screens display differently when the ZyXEL Device is in AP controller

mode (see Section 6.1 on page 81). At the time of writing, AP controller mode is available on the NWA-3160 only).

4.1 The Status Screen

Click Status. The following screen displays.

ZyXEL NWA-3160 Series User’s Guide

Page 74

Chapter 4 Status Screens

Figure 43 The Status Screen

The following table describes the labels in this screen.

Table 10 The Status Screen

LABEL DESCRIPTION

Automatic Refresh Interval

Refresh Click this to update this screen immediately.

System Information

System Name This field displays the ZyXEL Device’s system name. It is used for

Model This field displays the ZyXEL Device’s exact model name.

Firmware Version This field displays the current version of the firmware inside the device. It

System Up Time This field displays the elapsed time since the ZyXEL Device was turned on.

Current Date Time This field displays the date and time configured on the ZyXEL Device. You

WLAN Operating Mode

Management VLAN This field displays the management VLAN ID if VLAN is active, or

IP This field displays the current IP address of the ZyXEL Device on the

LAN MAC This displays the MAC (Media Access Control) address of the ZyXEL

WLAN MAC This displays the MAC address of the wireless module.

Enter how often you want the ZyXEL Device to update this screen.

identification. You can change this in the System > General screen’s System Name field.

also shows the date the firmware version was created. You can change the firmware version by uploading new firmware in Maintenance > F/W

Upload.

can change this in the System > Time Setting screen.

This field displays the current operating mode of the first wireless module (AP, Bridge / Repeater, AP + Bridge or MBSSID). You can change the operating mode in the Wireless > Wireless screen.

Disabled if it is not active. You can enable or disable VLAN, or change the management VLAN ID, in the VLAN > Wireless VLAN screen.

network.

Device on the LAN. Every network device has a unique MAC address which identifies it across the network.

ZyXEL NWA-3160 Series User’s Guide

Page 75

Chapter 4 Status Screens

Table 10 The Status Screen

LABEL DESCRIPTION

System Resources

Flash This field displays the amount of the ZyXEL Device’s flash memory

Memory This field displays what percentage of the ZyXEL Device’s volatile memory

CPU This field displays what percentage of the ZyXEL Device’s processing

WLAN Associations This field displays the number of wireless clients currently associated with

Interface Status

Interface This column displays each interface of the ZyXEL Device.

Status This field indicates whether or not the ZyXEL Device is using the interface.

Channel (NWA-3165 Only)

Rate For the LAN port this displays the port speed and duplex setting.

SSID Status

SSID This field displays the SSID(s) currently used by the wireless module.

BSSID This field displays the MAC address of the wireless adaptor.

Security This field displays the type of wireless security used by each SSID.

VLAN This field displays the VLAN ID of each SSID in use, or Disabled if the

System Status

Show Statistics Click this link to view port status and packet specific statistics. See Section

Association List Click this to see a list of wireless clients currently associated to each of the

Channel Usage (NWA-3160 and NWA-3163 only)

Logs Click this to see a list of logs produced by the ZyXEL Device. See Section

Rogue AP List (NWA-3160 and NWA-3163 only)

currently in use. The flash memory is used to store firmware and SSID profiles.

is currently in use. The higher the memory usage, the more likely the ZyXEL Device is to slow down. Some memory is required just to start the ZyXEL Device and to run the web configurator.

ability is currently being used. The higher the CPU usage, the more likely the ZyXEL Device is to slow down.

the wireless module. Each wireless module supports up to 128 concurrent associations.

For each interface, this field displays Up when the ZyXEL Device is using the interface and Down when the ZyXEL Device is not using the interface. For the NWA-3160 and NWA-3163, this also displays the wireless channel number(s).

For the WLAN interface, this field displays the ZyXEL Device’s active wireless channel number(s).

For the WLAN interface, it displays the downstream and upstream transmission rate or N/A if the interface is not in use.

SSID does not use VLAN.

19.2.1 on page 226.

ZyXEL Device’s wireless modules. See Section 19.3 on page 226.

Click this to see which wireless channels are currently in use in the local area. See Section 19.4 on page 227.

17.1 on page 199.

Click this to see a list of unauthorized access points in the local area. See

Section 13.3.3 on page 161.

ZyXEL NWA-3160 Series User’s Guide

Page 76

Chapter 4 Status Screens

ZyXEL NWA-3160 Series User’s Guide

Page 77

CHAPTER 5

Management Mode

This chapter discusses the MGNT MODE (Management Mode) screen (NWA-3160 and NWA-3163 only). This screen determines whether the ZyXEL Device is used in its default, standalone mode, or as part of a CAPWAP (Control And Provisioning of Wireless Access Points) network.

5.1 About CAPWAP

The NWA-3160 and NWA-3163 support CAPWAP (Control And Provisioning of Wireless Access Points). This is ZyXEL’s implementation of the IETF’s (Internet Engineering Task Force) CAPWAP protocol (RFC 4118).

The CAPWAP dataflow is protected by DTLS (Datagram Transport Layer Security).

The following figure illustrates a CAPWAP wireless network. You (U) configure the AP controller (C), which then automatically updates the configurations of the managed APs (M1 ~ M4).

Figure 44 CAPWAP Network Example

5.1.1 CAPWAP Discovery and Management

M1 M2 M3 M4

DHCP SERVER

The link between CAPWAP-enabled access points proceeds as follows:

1 An AP in managed AP mode joins a wired network (receives a dynamic IP address).

ZyXEL NWA-3160 Series User’s Guide

Page 78

Chapter 5 Management Mode

2 The AP sends out a management request, looking for an AP in CAPWAP AP controller

mode.

3 If there is an AP controller on the network, it receives the management request. If the AP

controller is in Manual mode (see Section 6.3.3 on page 89) it adds the details of the AP to its Unmanaged Access Points list (see Section 6.3.1 on page 86), and you decide which available APs to manage. If the AP is in Always Accept mode, it automatically adds the AP to its Managed Access Points list and provides the managed AP with default configuration information, as well as securely transmitting the DTLS (Datagram Transport Layer Security) pre-shared key. The managed AP is ready for association with wireless clients.

5.1.2 CAPWAP and DHCP

CAPWAP managed APs must be DHCP clients, supplied with an IP address by a DHCP server on your network.

Furthermore, the AP controller must have a static IP address; it cannot be a DHCP client.

5.1.3 CAPWAP and IP Subnets

By default, CAPWAP works only between devices with IP addresses in the same subnet (see the appendices for information on IP addresses and subnetting).

However, you can configure CAPWAP to operate between devices with IP addresses in different subnets by doing the following.

• Activate DHCP option 43 on your network’s DHCP server.

• Configure DHCP option 43 with the IP address of the CAPWAP AP controller on your network.

DHCP Option 43 allows the CAPWAP management request (from the AP in managed AP mode) to reach the AP controller in a different subnet, as shown in the following figure.

Figure 45 CAPWAP and DHCP Option 43

SUBNET 1 SUBNET 2

DHCP SERVER + OPTION 43

CAPWAP

TRAFFIC

CONTROLLER

(STATIC IP)

MANAGED

(DYNAMIC

IP)

ZyXEL NWA-3160 Series User’s Guide

Page 79

5.1.4 Notes on CAPWAP

This section lists some additional features of ZyXEL’s implementation of the CAPWAP protocol.

• When the ZyXEL Device is in AP controller mode and uses its internal RADIUS server (see Chapter 15 on page 175), managed APs also use the ZyXEL Device’s authentication server to authenticate wireless clients.

• Only one AP controller can exist in any single broadcast domain.

• If a managed AP’s link to the AP controller is broken, the managed AP continues to use the wireless settings with which it was last provided.

5.2 The Management Mode Screen

Use this screen to configure the ZyXEL Device as a CAPWAP controller (NWA-3160 only) or managed AP, or to use it in its default standalone mode.

Click MGNT MODE in the ZyXEL Device’s navigation menu. The following screen displays.

Chapter 5 Management Mode

" Not all ZyXEL Device models display all the labels in this screen.

Figure 46 The Management Mode Screen

The following table describes the labels in this screen.

Tabl e 11 The Management Mode Screen

LABEL DESCRIPTION

AP Controller Select this to use the ZyXEL Device to manage up to eight other

compatible ZyXEL access points on your network.

Standalone AP Select this to manage the ZyXEL Device using its own web configurator,

neither managing nor managed by other devices.

ZyXEL NWA-3160 Series User’s Guide

Page 80

Chapter 5 Management Mode

Tabl e 11 The Management Mode Screen

LABEL DESCRIPTION

Managed AP Select this to have the ZyXEL Device managed by another ZyXEL Device

Apply Click this to save your changes.

Reset Click this to return this screen to its previously-saved settings.

on your network. When you do this, the ZyXEL Device can be configured ONLY by the

management AP. If you do not have an AP controller on your network and want to return the

ZyXEL Device to standalone mode, you must use its physical RESET button. All settings are returned to their default values.

Note: When you set the ZyXEL Device to Managed AP

mode, it becomes a DHCP client. To discover its new IP address, check the DHCP server on your network. If your network has no DHCP server, the ZyXEL Device’s IP address remains the same. You can also check the Controller > AP Lists screen of the AP controller on your network.

Note: If you change the mode in this screen, the ZyXEL

Device restarts. Wait a short while before you attempt to log in again. If you changed the mode to Managed AP, you cannot log in as the web configurator is disabled; you must manage the ZyXEL Device through the management AP on your network.

ZyXEL NWA-3160 Series User’s Guide

Page 81

CHAPTER 6

AP Controller Mode (NWA-3160

Only)

When the ZyXEL Device is an AP controller, it can manage other access points. You configure settings for the AP controller and the managed access points in the AP controller, which then sends the configuration details to the managed APs.

The ZyXEL Device can manage compatible access points only (see Section 1.3 on page 36 for a list of compatible access points). AP controller mode is part of the ZyXEL CAPWAP implementation.

Use the Management Mode screen to set your ZyXEL Device to AP controller mode (see

Section 5.2 on page 79).

6.1 Status Screen

When the ZyXEL Device is in AP controller mode, the Status screen acquires some new fields in the System Information, AP Status, WLAN Association and System Status sections. The System Status links take you to screens that provide information on the access points managed by the ZyXEL Device.

Click Status. The following screen displays.

Figure 47 AP Controller: the Status Screen

ZyXEL NWA-3160 Series User’s Guide

Page 82

Chapter 6 AP Controller Mode (NWA-3160 Only)

The following table describes the new labels in this screen.

Table 12 AP Controller: the Status Screen

LABEL DESCRIPTION

Registration Type This field displays how the managed APs are registered with the ZyXEL

Management Mode When the ZyXEL Device is in AP controller mode, this displays Controller.

On-line This field displays the number of access points, managed by the ZyXEL

Off-line This field displays the number of access points, managed by the ZyXEL

Un-managed This field displays the number of access points on the network that are not

802.11a This field displays the number of wireless clients associated with APs

802.11b/g This field displays the number of wireless clients associated with APs

AP List Click this to see a list of the APs managed by the ZyXEL Device. See

AP Statistics Click this to see packet statistics related to each of the APs managed by

Association List Click this to see information about each of the wireless clients connected

SSID Information Click this to see details of the security settings used by each SSID (Service

Device.

• Manual displays if you add unmanaged APs to the ZyXEL Device’s list of managed APs manually.

• Always Accept displays if the ZyXEL Device automatically manages any CAPWAP-enabled AP that transmits a management request over the network.

Device, that are currently active.

Device, that are not currently active (turned off or otherwise unreachable on the network).

managed by the ZyXEL Device, but are transmitting CAPWAP management requests.

managed by the ZyXEL Device (including the ZyXEL Device itself) using IEEE 802.1a.

managed by the ZyXEL Device (including the ZyXEL Device itself) using IEEE 802.1b or IEEE 802.11g.

Section 6.1.1 on page 82.

the ZyXEL Device. See Section 6.1.2 on page 83.

to APs managed by the ZyXEL Device. See Section 6.1.3 on page 84.

Set IDentifier), and the number of wireless clients associated with each SSID. See Section 6.1.4 on page 84.

6.1.1 The AP List Status Screen

Use this screen to see a list of the APs managed by the ZyXEL Device. When the ZyXEL Device is in AP controller mode, click AP List in the Status screen. The following screen displays.

Figure 48 AP List Status

ZyXEL NWA-3160 Series User’s Guide

Page 83

Chapter 6 AP Controller Mode (NWA-3160 Only)

The following table describes the labels in this screen.

Table 13 AP List Status

LABEL DESCRIPTION

AP Description This is the description of the managed AP (either generated automatically,

Model This is the managed AP’s model number.

Radio MAC This is the MAC (Media Access Control) address of the managed AP’s

802.11 Mode This displays the IEEE 802.11 wireless mode the managed AP is currently

Channel ID This displays the wireless channel number the managed AP is currently

SSID List This displays the SSID (Service Set IDentifier) that the managed AP is

VLAN This displays the VLAN ID (Virtual LAN IDentifier) assigned to this

Stations This displays the number of wireless clients currently associated with the

or entered by you).

wireles adapter.

using.

currently using.

managed AP.

6.1.2 The AP Statistics Screen

Use this screen to statistics relating to the APs managed by the ZyXEL Device. When the ZyXEL Device is in AP controller mode, click AP Statistics in the Status screen. The following screen displays.

Figure 49 AP Statistics

The following table describes the labels in this screen.

Table 14 AP Statistics

LABEL DESCRIPTION

AP Description This is the description of the managed AP (either generated automatically,

802.11 Mode This displays the IEEE 802.11 wireless mode the managed AP is currently

Channel ID This displays the wireless channel number the managed AP is currently

Rx PKT This displays the number of packets transmitted by the managed AP.

Tx PKT This displays the number of packets received by the managed AP.

Retry Count This displays the number of times a managed AP tries to resend packets.

FCS Error Count This displays the number of Frame Check Sequence errors experienced

Automatic Refresh Interval

or entered by you).

using.

by the managed AP.

Select the frequency with which the ZyXEL Device updates this screen.

ZyXEL NWA-3160 Series User’s Guide

Page 84

Chapter 6 AP Controller Mode (NWA-3160 Only)

Table 14 AP Statistics

LABEL DESCRIPTION

Refresh Click this to update this screen immediately.

Reset Click this to return all fields in this screen to zero.

6.1.3 The AP Association List Screen

Use this screen to see information about the wireless clients associated to the APs managed by the ZyXEL Device. When the ZyXEL Device is in AP controller mode, click Association List in the Status screen. The following screen displays.

Figure 50 AP Association List

The following table describes the labels in this screen.

Table 15 AP Association List

LABEL DESCRIPTION

Index This is the associated client’s index number.

MAC This displays the MAC (Media Access Control) address of the associated

wireless client.

Associated AP This displays the description of the managed access point to which the

wireless client is associated.

SSID This displays the SSID (Service Set Identifier) with which the wireless

Security Mode This displays the type of security used by SSID to which the wireless client

Association Time This displays the length of time that the wireless client has been

Signal Lvl. This displays the RSSI (Received Signal Strength Intensity) of the link

Automatic Refresh Interval

Refresh Click this to update this screen immediately.

client is associated.

is associated.

associated with the managed AP.

between the wireless client and the managed AP with which it is associated.

Select the frequency with which ZyXEL Device updates this screen.

6.1.4 The SSID Information Screen

Use this screen to see the security settings used by each wireless network controlled by the AP controller, and the number of wireless clients associated with each network. Each network is identified by its SSID (Service Set IDentifier), which is the name of the network.

The information that displays does not differentiate by access point. Your network may have several APs using the same SSID. This screen displays the number of wireless clients using the SSID regardless of which AP they are associated with.

ZyXEL NWA-3160 Series User’s Guide

Page 85

Chapter 6 AP Controller Mode (NWA-3160 Only)

When the ZyXEL Device is in AP controller mode, click SSID Information in the Status screen. The following screen displays.

Figure 51 SSID Information

The following table describes the labels in this screen.

Table 16 AP Association List

LABEL DESCRIPTION

SSID This displays the SSID (Service Set IDentifier) that identifies your wireless

network. Each AP may use a different SSID (or different multiple SSIDs).

Security Mode This displays the type of security used by the wireless network. A

network’s security settings are the same regardless of the AP on which it is running.

Stations This displays the number of wireless clients using the wireless network.

6.2 Navigation Bar

When the ZyXEL Device is in AP controller mode, the navigation bar on the left of the web configurator screen is different from standalone mode.

Figure 52 AP Controller: Links

These links configure all CAPWAP-managed access points.

These links configure only the AP controller.

The following table describes the labels in the navigation bar.

Table 17 Navigation Bar Labels

LABEL DESCRIPTION

STATUS Click this to go to the Status screen (see Section 4.1 on page 73).

MGNT MODE Click this to go to the Management Mode screen (see Section 5.2 on page

ZyXEL NWA-3160 Series User’s Guide

79).

Page 86

Chapter 6 AP Controller Mode (NWA-3160 Only)

Table 17 Navigation Bar Labels

LABEL DESCRIPTION

CONTROLLER Click this to go to the Controller screens (see Section 6.3 on page 86).

PROFILE EDIT Click this to go to the Profile Edit screens (see Section 6.4 on page 90).

ROGUE AP Click this to go to the Rogue AP screens (see Section 13.3 on page 159).

VLAN Click this to go to the VLAN screens (see Section 18.2 on page 208).

SYSTEM Click this to go to the System screens (see Section 19.2 on page 225).

IP Click this to go to the IP screen (see Section 12.3 on page 156).

REMOTE MGNT Click this to go to the Remote Management screens (see Chapter 14 on

page 163).

AUTH. SERVER Click this to go to the Authentication Server screens (see Section 15.1 on

CERTIFICATES Click this to go to the Certificates screens (see Chapter 16 on page 181).

LOGS Click this to go to the Logs screens (see Chapter 17 on page 199).

MAINTENANCE Click this to go to the Maintenance screens (see Chapter 19 on page 225).

LOGOUT Click this to log out of the ZyXEL Device.

page 175).

6.3 The Controller Screens

This section discusses the Controller screens that display when the ZyXEL Device is in AP controller mode (NWA-3160 only).

6.3.1 The AP Lists Screen

When the ZyXEL Device is in AP controller mode, click CONTROLLER > AP Lists. The following screen displays.

ZyXEL NWA-3160 Series User’s Guide

Page 87

Figure 53 The Controller > AP Lists Screen

Chapter 6 AP Controller Mode (NWA-3160 Only)

The following table describes the labels in this screen.

Table 18 The Controller > AP Lists Screen

LABEL DESCRIPTION

Managed Access Points List This section lists the access points currently controlled by the ZyXEL

Index This is the index number of the AP.

Select Choose the AP whose Description you want to edit or delete, or

IP This is the IP address of the AP.

MAC Address This is the MAC (Media Access Control) address of the AP.

Model This is the model number of the AP.

Description This is the description you enter for the AP.

Status This displays whether the AP is currently active.

Edit Choose an AP using the Select field, then click this to change the

Delete Choose an AP using the Select field, then click this to remove the

Device. This always includes the ZyXEL Device itself.

whose radio profile you want to change.

• Red: the AP is not active.

• Green: the AP is active.

• Yellow: the AP is upgrading its firmware.

AP’s Description, or the radio profile it uses. The AP Lists Edit screen displays (see Section 6.3.2 on page 88).

AP from the Managed AP list. You cannot remove the ZyXEL Device itself from the list.

ZyXEL NWA-3160 Series User’s Guide

Page 88

Chapter 6 AP Controller Mode (NWA-3160 Only)

Table 18 The Controller > AP Lists Screen

LABEL DESCRIPTION

Unmanaged Access Points List This section lists the CAPWAP-enabled access points in the area

that are in managed AP mode, but are not currently controlled by the ZyXEL Device.

Index This is the index number of the unmanaged AP.

Select Choose the unmanaged AP to have managed by the ZyXEL Device

and click Add.

IP This is the IP address of the unmanaged AP.

MAC Address This is the MAC (Media Access Control) address of the unmanaged

AP.

Model This is the model number of the unmanaged AP.

Description This is the description you enter for the unmanaged AP.

Add Click this to add an unmanaged AP to the Managed Access Points

Automatic Refresh Interval Enter how often you want the ZyXEL Device to update this screen.

Refresh Click this to update this screen immediately.

list.

6.3.2 The AP Lists Edit Screen

Use this screen to change the description or radio profile of an AP managed by the ZyXEL Device. Click Edit in the CONTROLLER > AP Lists screen. The following screen displays.

Figure 54 The Controller > AP Lists > Edit Screen

The following table describes the labels in this screen.

Table 19 The Controller > AP Lists > Edit Screen

LABEL DESCRIPTION

Model This is the model number of the managed AP.

MAC Address This is the MAC (Media Access Control) address of the managed AP.

Description Enter a short description of this access point (up to 32 English keyboard

WLAN1 Radio Profile Select the radio profile you want to use for this AP. Configure radio profiles

characters).

in the Profile Edit > Radio screen. Select Disable if you do not want to use a radio profile. The AP’s radio is

not active when you select Disable.

ZyXEL NWA-3160 Series User’s Guide

Page 89

Table 19 The Controller > AP Lists > Edit Screen

LABEL DESCRIPTION

WLAN2 Radio Profile This field displays only if the managed AP has dual radios.

Select the second radio profile you want to use for this AP. Configure radio profiles in the Profile Edit > Radio screen.

Select Disable if you do not want to use a second radio profile. The AP’s radio is not active when you select Disable.

Apply Click this to save the changes in this screen.

Reset Click this to return the fields in this screen to their previously-saved values.

6.3.3 The Configuration Screen

Use this screen to control the way in which the ZyXEL Device accepts new APs to manage. You can also configure the pre-shared key (PSK) that is use to secure the data transmitted between the ZyXEL Device and the APs it manages.

When the ZyXEL Device is in AP controller mode, click CONTROLLER > Configuration. The following screen displays.

Figure 55 The Controller > Configuration Screen

Chapter 6 AP Controller Mode (NWA-3160 Only)

The following table describes the labels in this screen.

Table 20 The Controller > Configuration Screen

LABEL DESCRIPTION

Pre-Shared Key This is the security key used to encrypt communications between

the ZyXEL Device and its managed APs. This key is used to encrypt DTLS (Datagram Transport Layer Security) transmissions. Enter 8~32 English keyboard characters.

The proprietary AutoPSK protocol transfers the DTLS key from the ZyXEL Device to the manages AP automatically.

Registration Type This controls whether the ZyXEL Device manages all CAPWAP-

enabled APs that transmit management request packets, or requires the user to select which such APs to manage.

•Select Manual to choose which APs to manage (select the APs you want to manage in the

•Select Always Accept to manage any AP on your network that transmits a CAPWAP request for management.

Apply Click this to save the changes in this screen.

Reset Click this to return the fields in this screen to their previously-saved

values.

Controller > AP Lists screen).

ZyXEL NWA-3160 Series User’s Guide

Page 90

Chapter 6 AP Controller Mode (NWA-3160 Only)

6.4 The Profile Edit Screens

This section describes the Profile Edit screens, which are available only in AP controller mode (NWA-3160 only).

The following Profile Edit screens are identical to those available in standalone mode:

•The Profile Edit > SSID screen (see Section 10.2.1 on page 140).

•The Profile Edit > Security screen (see Section 9.9 on page 126).

•The Profile Edit > RADIUS screen (see Section 9.11 on page 134).

•The Profile Edit > Layer-2 Isolation screen (see Section 11.2 on page 146).

•The Profile Edit > MAC Filter screen (see Section 11.4 on page 150).

6.4.1 The Radio Profile Screen

Use this screen to configure radio profiles. Radio profiles contain information about an access point’s wireless settings, and can be applied to APs managed by the ZyXEL Device.

In AP Controller mode (NWA-3160 only) click Profile Edit > Radio. The following screen displays.

Figure 56 The Profile Edit > Radio Screen

The following table describes the labels in this screen.

Table 21 The Profile Edit > Radio Screen

LABEL DESCRIPTION

Index This field displays the index number of each radio profile.

Profile Name This field displays the identification name of each radio profile on the

ZyXEL Device.

ZyXEL NWA-3160 Series User’s Guide

Page 91

Table 21 The Profile Edit > Radio Screen

LABEL DESCRIPTION

802.11 Mode This field displays the IEEE 802.11 wireless mode the radio profile uses.

Channel ID This field displays the wireless channel the radio profile uses.

Edit Click the radio button next to the profile you want to configure and

click Edit to go to the radio profile configuration screen.

6.5 The Radio Profile Edit Screen

Use this screen to configure a specific radio profile. In the Profile Edit > Radio screen, select a profile and click Edit. The following screen displays.

Figure 57 The Profile Edit > Radio > Edit Screen

Chapter 6 AP Controller Mode (NWA-3160 Only)

ZyXEL NWA-3160 Series User’s Guide

Page 92

Chapter 6 AP Controller Mode (NWA-3160 Only)

The following table describes the labels in this screen.

Table 22 The Profile Edit > Radio > Edit Screen

LABEL DESCRIPTION

Profile Name Enter a name identifying this profile.

802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices

to associate with the ZyXEL Device. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices

to associate with the ZyXEL Device. Select 802.11b+g to allow both IEEE802.11b and IEEE802.11g compliant

WLAN devices to associate with the ZyXEL Device. The transmission rate of your ZyXEL Device might be reduced.

Select 802.11a (NWA-3160 only) to allow only IEEE 802.11a compliant WLAN devices to associate with the ZyXEL Device.

Super Mode Select this to improve data throughput on the WLAN by enabling fast frame

Choose Channel ID Set the operating frequency/channel depending on your particular region.

RTS/CTS Threshold (Request To Send) The threshold (number of bytes) for enabling RTS/CTS

Fragmentation Threshold

Output Power Set the output power of the ZyXEL Device in this field. If there is a high

Rates Configuration This section controls the data rates permitted for clients of an AP using this

Select SSID Profile Use this section to choose the SSID profile or profiles you want access

Index This is the SSID profile’s index number.

Active Select this to use the SSID profile selected in the Profile field.

Profile Select the profile you want to use. Ensure that you also select the Active

Enable Antenna Diversity

and packet bursting.

To manually set the ZyXEL Device to use a channel, select a channel from the drop-down list box.

To have the ZyXEL Device automatically select a channel, click Automatic Select instead.

handshake. Data with its frame size larger than this value will perform the RTS/CTS handshake. Setting this attribute to be larger than the maximum MSDU (MAC service data unit) size turns off the RTS/CTS handshake. Setting this attribute to its smallest value (256) turns on the RTS/CTS handshake. Enter a value between 256 and 2346.

The threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent. Enter an even number between 256 and 2346.

density of APs in an area, decrease the output power of the ZyXEL Device to reduce interference with other APs. Select one of the following 100%(Full Power), 50%, 25%, 12.5% or Minimum. See the product specifications for more information on your ZyXEL Device’s output power.

radio profile. For each Rate, select an option from the Configuration list. The options

are:

• Basic (1~11 Mbps only): Clients can always connect to the access point at this speed.

• Optional: Clients can connect to the access point at this speed, when permitted to do so by the AP.

• Disabled: Clients cannot connect to the access point at this speed.

points using this radio profile to use. Each AP can use multiple SSID profiles simultaneously.

Configure SSID profiles in the Profile Edit > SSID screens.

box.

Select this to have access points using this radio profile use antenna diversity, where available. Antenna diversity uses multiple antennas to reduce signal interference.

ZyXEL NWA-3160 Series User’s Guide

Page 93

Chapter 6 AP Controller Mode (NWA-3160 Only)

Table 22 The Profile Edit > Radio > Edit Screen

LABEL DESCRIPTION

Apply Click this to save your changes.

Reset Click this to reload the previous configuration for this screen.

ZyXEL NWA-3160 Series User’s Guide

Page 94

Chapter 6 AP Controller Mode (NWA-3160 Only)

ZyXEL NWA-3160 Series User’s Guide

Page 95

PART II

The Web

Configurator

System Screens (97)

Wireless Configuration (103)

Wireless Security Configuration (121)

MBSSID and SSID (137)

Other Wireless Configuration (145)

IP Screen (155)

Rogue AP (157)

Remote Management Screens (163)

Internal RADIUS Server (175)

Certificates (181)

Log Screens (199)

VLAN (207)

Maintenance (225)

Page 96

Page 97

CHAPTER 7

System Screens

7.1 System Overview

This section provides information on general system setup.

7.2 Configuring General Setup

Click SYSTEM > General.

Figure 58 System > General

The following table describes the labels in this screen.

Table 23 System > General

LABEL DESCRIPTION

General Setup

System Name Type a descriptive name to identify the ZyXEL Device in the Ethernet network.

This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted.

Domain Name This is not a required field. Leave this field blank or enter the domain name

Administrator Inactivity Timer

System DNS Servers

ZyXEL NWA-3160 Series User’s Guide

here if you know it.

Type how many minutes a management session (either via the web configurator or SMT) can be left idle before the session times out.

The default is 5 minutes. After it times out you have to log in with your password again. Very long idle timeouts may have security risks.

A value of "0" means a management session never times out, no matter how long it has been left idle (not recommended).

Page 98

Chapter 7 System Screens

Table 23 System > General

LABEL DESCRIPTION

First DNS Server Second DNS Server Third DNS Server

Apply Click Apply to save your changes.

Reset Click Reset to reload the previous configuration for this screen.

Select From DHCP if your DHCP server dynamically assigns DNS server information (and the right displays the (read-only) DNS server IP address that the DHCP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply. If you set a second choice to User-Defined, and enter the same IP address, the second User-Defined changes to None after you click Apply.

Select None if you do not want to configure DNS servers. If you do not configure a DNS server, you must know the IP address of a machine in order to access it.

The default setting is None.

ZyXEL Device's Ethernet IP address). The field to the

7.3 Administrator Authentication on RADIUS

The administrator authentication on RADIUS feature lets a (external or internal) RADIUS server authenticate management logins to the ZyXEL Device. This is useful if you need to regularly change a password that you use to manage several ZyXEL Devices.

Activate administrator authentication on RADIUS in the SYSTEM > Password screen and configure the same user name, password and RADIUS server information on each ZyXEL Device. Then, whenever you want to change the password, just change it on the RADIUS server.

7.3.1 Configuring the Password

It is strongly recommended that you change your ZyXEL Device’s password. Click SYSTEM > Password. The screen appears as shown.

If you forget your ZyXEL Device’s password (or IP address), you will need to reset the device. See the section on resetting the ZyXEL Device for details

" Regardless of how you configure this screen, you still use the local system

password to log in via the console port (not available on all models).

ZyXEL NWA-3160 Series User’s Guide

Page 99

Chapter 7 System Screens

Figure 59 SYSTEM > Password.

The following table describes the labels in this screen.

Table 24 Password

LABEL DESCRIPTIONS

Enable Admin at Local Select this check box to have the device authenticate management logins to

the device.

Use old setting Select this to have the ZyXEL Device use the local management password

already configured on the device (“1234” is the default).

Use new setting Select this if you want to change the local management password.

Old Password Type in your existing system password (“1234” is the default password).

New Password Type your new system password (up to 31 characters). Note that as you type

a password, the screen displays an asterisk (*) for each character you type.

Retype to Confirm Retype your new system password for confirmation.

Enable Admin on RADIUS

Use old setting Select this to have a RADIUS server authenticate management logins to the

Use new setting Select this if you want to change the RADIUS username and password the

User Name Enter the username for this user account. This name can be up to 31 ASCII

Password Type a password (up to 31 ASCII characters) for this user profile. Note that as

Select this (and configure the other fields in this section) to have a RADIUS server authenticate management logins to the ZyXEL Device.

ZyXEL Device using the RADIUS username and password already configured on the device.

ZyXEL Device uses to authenticate management logon.

characters long, including spaces.

you type a password, the screen displays a (*) for each character you type. Spaces are allowed.

Note: If you are using PEAP authentication, this password

ZyXEL NWA-3160 Series User’s Guide

field is limited to 14 ASCII characters in length.

Page 100

Chapter 7 System Screens

Table 24 Password

LABEL DESCRIPTIONS

RADIUS Select the RADIUS server profile of the RADIUS server that is to authenticate

management logins to the ZyXEL Device. The ZyXEL Device tests the user name and password against the RADIUS

server when you apply your settings.

• The user name and password must already be configured in the RADIUS server.

• You must already have a RADIUS profile configured for the RADIUS server (see Section 9.11 on page 134).

• The server must be set to Active in the profile.

Apply Click Apply to save your changes.

Reset Click Reset to reload the previous configuration for this screen.

7.4 Configuring Time Setting

To change your ZyXEL Device’s time and date, click SYSTEM > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone.

Figure 60 SYSTEM > Time Setting

100

ZyXEL NWA-3160 Series User’s Guide

ZyXEL Communications NWA3160 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

User’s Guide

About This User's Guide

Document Conventions

Safety Warnings

Contents Overview

Table of Contents

List of Figures

List of Tables

Introduction

Introducing the ZyXEL Device

1.1 Introducing the ZyXEL Device

1.2 Applications for the ZyXEL Device

1.2.1 Access Point

1.2.2 Bridge / Repeater (NWA-3160 and NWA-3163 Only)

1.2.3 AP + Bridge (NWA-3160 and NWA-3163 Only)

1.2.4 MBSSID

1.2.5 Pre-Configured SSID Profiles

1.3 CAPWAP (NWA-3160 and NWA-3163 Only)

1.4 Ways to Manage the ZyXEL Device

1.5 Good Habits for Managing the ZyXEL Device

1.6 Hardware Connections

1.6.1 Antennas

1.7 LEDs

2.1 Accessing the Web Configurator

2.2 Resetting the ZyXEL Device

2.2.1 Methods of Restoring Factory-Defaults

2.3 Navigating the Web Configurator

Tutorial

3.1 How to Configure the Wireless LAN

3.1.1 Choosing the Wireless Mode

3.1.2 Wireless LAN Configuration Overview

3.1.3 Further Reading

3.2 How to Configure Multiple Wireless Networks

3.2.1 Change the Operating Mode

3.2.2 Configure the VoIP Network

3.2.3 Configure the Guest Network

3.2.4 Testing the Wireless Networks

3.3 How to Set Up and Use Rogue AP Detection

3.3.1 Set Up and Save a Friendly AP list

3.3.2 Activate Periodic Rogue AP Detection

3.3.3 Set Up E-mail Logs

3.3.4 Configure Your Other Access Points

3.3.5 Test the Setup

3.4 Using Multiple MAC Filters and L-2 Isolation Profiles

3.4.1 Scenario

3.4.2 Your Requirements

3.4.3 Setup

3.4.4 Configure the SERVER_1 Network

3.4.5 Configure the SERVER_2 Network

3.4.6 Checking your Settings and Testing the Configuration

Status Screens

4.1 The Status Screen

Management Mode

5.1 About CAPWAP

5.1.1 CAPWAP Discovery and Management

5.1.2 CAPWAP and DHCP

5.1.3 CAPWAP and IP Subnets

5.1.4 Notes on CAPWAP

5.2 The Management Mode Screen

6.1 Status Screen

6.1.1 The AP List Status Screen

6.1.2 The AP Statistics Screen

6.1.3 The AP Association List Screen

6.1.4 The SSID Information Screen

6.2 Navigation Bar

6.3 The Controller Screens

6.3.1 The AP Lists Screen

6.3.2 The AP Lists Edit Screen

6.3.3 The Configuration Screen

6.4 The Profile Edit Screens

6.4.1 The Radio Profile Screen

6.5 The Radio Profile Edit Screen

System Screens

7.1 System Overview

7.2 Configuring General Setup

7.3 Administrator Authentication on RADIUS