ZyXEL Communications NWA-3160 Series User Manual

9.2 Mb
Loading...

NWA-3160 Series

IEEE 802.11a/b/g Business WLAN Access Point IEEE 802.11b/g Business WLAN Access Point

User’s Guide

Version 3.60 7/2007 Edition 1

DEFAULT LOGIN

IP Address

http://192.168.1.2

 

 

Password 1234

www.zyxel.com

About This User's Guide

About This User's Guide

Intended Audience

This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.

Related Documentation

Quick Start Guide

The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access.

Supporting Disk

Refer to the included CD for support documents.

ZyXEL Web Site

Please refer to www.zyxel.com for additional support documentation and product certifications.

User Guide Feedback

Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you!

The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.

E-mail: techwriters@zyxel.com.tw

ZyXEL NWA-3160 Series User’s Guide

3

Document Conventions

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this User’s Guide.

Warnings tell you about things that could harm you or your device.

"Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.

Syntax Conventions

The NWA-3160 or NWA-3163 may be referred to as the “ZyXEL Device”, the “device” or the “system” in this User’s Guide.

Product labels, screen names, field labels and field choices are all in bold font.

A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “enter” or “return” key on your keyboard.

“Enter” means for you to type one or more characters and then press the [ENTER] key. “Select” or “choose” means for you to use one of the predefined choices.

A right angle bracket ( > ) within a screen name denotes a mouse click. For example,

Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen.

Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.

“e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.

4

ZyXEL NWA-3160 Series User’s Guide

Document Conventions

Icons Used in Figures

Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device.

ZyXEL Device

Computer

Notebook computer

 

 

 

Server

DSLAM

Firewall

 

 

 

Telephone

Switch

Router

 

 

 

ZyXEL NWA-3160 Series User’s Guide

5

Safety Warnings

Safety Warnings

For your safety, be sure to read and follow all warning notices and instructions.

Do NOT use this product near water, for example, in a wet basement or near a swimming pool.

Do NOT expose your device to dampness, dust or corrosive liquids.

Do NOT store things on the device.

Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.

Connect ONLY suitable accessories to the device.

ONLY qualified service personnel should service or disassemble this device.

Make sure to connect the cables to the correct ports.

Place connecting cables carefully so that no one will step on them or stumble over them.

Always disconnect all cables from this device before servicing or disassembling.

Use ONLY an appropriate power adaptor or cord for your device.

Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).

Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.

Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.

If the power adaptor or cord is damaged, remove it from the power outlet.

Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.

Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.

Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the included antenna(s).

If you wall mount your device, make sure that no electrical lines, gas or water pipes will be damaged.

The PoE (Power over Ethernet) devices that supply or receive power and their connected Ethernet cables must all be completely indoors.

This product is recyclable. Dispose of it properly.

6

ZyXEL NWA-3160 Series User’s Guide

Safety Warnings

ZyXEL NWA-3160 Series User’s Guide

7

Safety Warnings

8

ZyXEL NWA-3160 Series User’s Guide

Contents Overview

Contents Overview

Introduction ............................................................................................................................

31

Introducing the ZyXEL Device ...................................................................................................

33

Introducing the Web Configurator ..............................................................................................

41

Status Screens ..........................................................................................................................

45

Tutorial .......................................................................................................................................

49

The Web Configurator ...........................................................................................................

75

System Screens ........................................................................................................................

77

Wireless Configuration ..............................................................................................................

83

Wireless Security Configuration ................................................................................................

99

MBSSID and SSID ...................................................................................................................

115

Other Wireless Configuration ..................................................................................................

123

IP Screen .................................................................................................................................

133

Rogue AP ................................................................................................................................

135

Remote Management Screens ................................................................................................

141

Internal RADIUS Server ..........................................................................................................

151

Certificates ...............................................................................................................................

157

Log Screens ............................................................................................................................

175

VLAN .......................................................................................................................................

181

Maintenance ............................................................................................................................

199

SMT and Troubleshooting ...................................................................................................

207

Introducing the SMT ................................................................................................................

209

General Setup .........................................................................................................................

215

LAN Setup ...............................................................................................................................

217

SNMP Configuration ................................................................................................................

219

System Password ....................................................................................................................

221

System Information and Diagnosis ..........................................................................................

223

Firmware and Configuration File Maintenance ........................................................................

229

System Maintenance and Information .....................................................................................

235

Troubleshooting .......................................................................................................................

243

Appendices and Index .........................................................................................................

249

ZyXEL NWA-3160 Series User’s Guide

9

Contents Overview

10

ZyXEL NWA-3160 Series User’s Guide

Table of Contents

Table of Contents

About This User's Guide ..........................................................................................................

3

Document Conventions............................................................................................................

4

Safety Warnings........................................................................................................................

6

Contents Overview ...................................................................................................................

9

Table of Contents....................................................................................................................

11

List of Figures .........................................................................................................................

21

List of Tables...........................................................................................................................

27

Part I: Introduction.................................................................................

31

Chapter 1

 

Introducing the ZyXEL Device ...............................................................................................

33

1.1

Introducing the ZyXEL Device ............................................................................................

33

1.2

Applications for the ZyXEL Device ......................................................................................

33

 

1.2.1 Access Point ..............................................................................................................

34

 

1.2.2 Bridge / Repeater .......................................................................................................

34

 

1.2.3 AP + Bridge ................................................................................................................

35

 

1.2.4 MBSSID .....................................................................................................................

36

 

1.2.5 Pre-Configured SSID Profiles ....................................................................................

37

1.3

Ways to Manage the ZyXEL Device ....................................................................................

38

1.4

Good Habits for Managing the ZyXEL Device .....................................................................

38

1.5

Hardware Connections ........................................................................................................

38

1.6

LEDs ....................................................................................................................................

39

Chapter 2

 

Introducing the Web Configurator ........................................................................................

41

2.1

Accessing the Web Configurator .........................................................................................

41

2.2

Resetting the ZyXEL Device ................................................................................................

42

 

2.2.1 Methods of Restoring Factory-Defaults ......................................................................

43

2.3

Navigating the Web Configurator .........................................................................................

43

Chapter 3

 

Status Screens ........................................................................................................................

45

ZyXEL NWA-3160 Series User’s Guide

11

Table of Contents

 

3.1

The Status Screen ...............................................................................................................

45

Chapter 4

 

Tutorial .....................................................................................................................................

 

49

4.1

How to Configure the Wireless LAN ....................................................................................

49

 

4.1.1 Choosing the Wireless Mode .....................................................................................

49

 

4.1.2 Wireless LAN Configuration Overview .......................................................................

49

 

4.1.3 Further Reading .........................................................................................................

51

4.2

How to Configure Multiple Wireless Networks .....................................................................

51

 

4.2.1 Change the Operating Mode ......................................................................................

52

 

4.2.2 Configure the VoIP Network .......................................................................................

54

 

4.2.2.1 Set Up Security for the VoIP Profile ................................................

55

 

4.2.2.2 Activate the VoIP Profile ..................................................................

57

 

4.2.3 Configure the Guest Network .....................................................................................

57

 

4.2.3.1 Set Up Security for the Guest Profile ..............................................

58

 

4.2.3.2 Set up Layer 2 Isolation ..................................................................

59

 

4.2.3.3 Activate the Guest Profile ................................................................

60

 

4.2.4 Testing the Wireless Networks ...................................................................................

60

4.3

How to Set Up and Use Rogue AP Detection .....................................................................

61

 

4.3.1 Set Up and Save a Friendly AP list ............................................................................

63

 

4.3.2 Activate Periodic Rogue AP Detection .......................................................................

65

 

4.3.3 Set Up E-mail Logs ....................................................................................................

66

 

4.3.4 Configure Your Other Access Points ..........................................................................

67

 

4.3.5 Test the Setup ............................................................................................................

67

4.4

Using Multiple MAC Filters and L-2 Isolation Profiles ..........................................................

68

 

4.4.1 Scenario .....................................................................................................................

68

 

4.4.2 Your Requirements .....................................................................................................

68

 

4.4.3 Setup ..........................................................................................................................

69

 

4.4.4 Configure the SERVER_1 Network ............................................................................

69

 

4.4.5 Configure the SERVER_2 Network ............................................................................

72

 

4.4.6 Checking your Settings and Testing the Configuration ..............................................

73

 

4.4.6.1 Checking Settings ...........................................................................

73

 

4.4.6.2 Testing the Configuration ................................................................

73

Part II: The Web Configurator ...............................................................

75

Chapter 5

 

System Screens ......................................................................................................................

77

5.1

System Overview .................................................................................................................

77

5.2

Configuring General Setup ..................................................................................................

77

5.3

Administrator Authentication on RADIUS ............................................................................

78

12

ZyXEL NWA-3160 Series User’s Guide

 

 

Table of Contents

 

5.3.1 Configuring Password ................................................................................................

78

5.4

Configuring Time Setting ....................................................................................................

80

5.5

Pre-defined NTP Time Servers List .....................................................................................

82

Chapter 6

 

Wireless Configuration...........................................................................................................

83

6.1

Wireless LAN Overview .......................................................................................................

83

 

6.1.1 BSS ............................................................................................................................

83

 

6.1.2 ESS ............................................................................................................................

84

6.2

Wireless LAN Basics ...........................................................................................................

84

6.3

Quality of Service ................................................................................................................

85

 

6.3.1 WMM QoS ..................................................................................................................

85

 

6.3.1.1 WMM QoS Priorities ........................................................................

85

 

6.3.2 ATC ............................................................................................................................

85

 

6.3.3 ATC+WMM .................................................................................................................

86

 

6.3.3.1 ATC+WMM from LAN to WLAN ......................................................

86

 

6.3.3.2 ATC+WMM from WLAN to LAN ......................................................

87

 

6.3.4 Type Of Service (ToS) ................................................................................................

87

 

6.3.4.1 DiffServ ............................................................................................

87

 

6.3.4.2 DSCP and Per-Hop Behavior ..........................................................

87

 

6.3.5 ToS (Type of Service) and WMM QoS .......................................................................

88

6.4

Spanning Tree Protocol (STP) .............................................................................................

88

 

6.4.1 Rapid STP ..................................................................................................................

88

 

6.4.2 STP Terminology ........................................................................................................

89

 

6.4.3 How STP Works .........................................................................................................

89

 

6.4.4 STP Port States ..........................................................................................................

90

6.5

DFS .....................................................................................................................................

90

6.6

Wireless Screen Overview ..................................................................................................

90

6.7

Configuring Wireless Settings .............................................................................................

91

 

6.7.1 Access Point Mode ....................................................................................................

91

 

6.7.2 Bridge/Repeater Mode ...............................................................................................

92

 

6.7.3 AP+Bridge Mode ........................................................................................................

96

 

6.7.4 MBSSID Mode ...........................................................................................................

97

Chapter 7

 

Wireless Security Configuration ...........................................................................................

99

7.1

Wireless Security Overview .................................................................................................

99

 

7.1.1 Encryption ..................................................................................................................

99

 

7.1.2 Restricted Access ......................................................................................................

99

 

7.1.3 Hide Identity ...............................................................................................................

99

 

7.1.4 WEP Encryption .........................................................................................................

99

7.2

802.1x Overview ................................................................................................................

100

7.3

EAP Authentication Overview ............................................................................................

100

ZyXEL NWA-3160 Series User’s Guide

13

Table of Contents

 

7.4

Introduction to WPA ...........................................................................................................

100

 

7.4.1 User Authentication .................................................................................................

101

 

7.4.2 Encryption ...............................................................................................................

101

 

7.4.3 WPA(2)-PSK Application Example ...........................................................................

101

7.5

WPA(2) with External RADIUS Application Example .........................................................

102

7.6

Security Modes ..................................................................................................................

103

7.7

Wireless Client WPA Supplicants ......................................................................................

104

7.8

Wireless Security Effectiveness .........................................................................................

104

7.9

Configuring Security ..........................................................................................................

104

 

7.9.1 Security: WEP ..........................................................................................................

105

 

7.9.2 Security: 802.1x Only ...............................................................................................

106

 

7.9.3 Security: 802.1x Static 64-bit, 802.1x Static 128-bit .................................................

107

 

7.9.4 Security: WPA ..........................................................................................................

109

 

7.9.5 Security: WPA2 or WPA2-MIX ..................................................................................

109

 

7.9.6 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX ...................................................

111

7.10 Introduction to RADIUS ....................................................................................................

112

7.11 Configuring RADIUS .........................................................................................................

112

Chapter 8

 

MBSSID and SSID .................................................................................................................

115

8.1

Wireless LAN Infrastructures ..............................................................................................

115

 

8.1.1 MBSSID ....................................................................................................................

115

 

8.1.2 Notes on Multiple BSS ..............................................................................................

115

 

8.1.3 Multiple BSS Example ...............................................................................................

115

 

8.1.4 Multiple BSS with VLAN Example .............................................................................

115

 

8.1.5 Configuring Multiple BSSs ........................................................................................

116

8.2

SSID ...................................................................................................................................

118

 

8.2.1 The SSID Screen ......................................................................................................

118

 

8.2.2 Configuring SSID ......................................................................................................

119

Chapter 9

 

Other Wireless Configuration ..............................................................................................

123

9.1

Layer-2 Isolation Introduction ............................................................................................

123

9.2

The Layer-2 Isolation Screen ............................................................................................

124

9.3

Configuring Layer-2 Isolation .............................................................................................

125

 

9.3.1 Layer-2 Isolation Examples ......................................................................................

126

 

9.3.1.1 Layer-2 Isolation Example 1 ..........................................................

127

 

9.3.1.2 Layer-2 Isolation Example 2 ..........................................................

127

9.4

The MAC Filter Screen ......................................................................................................

128

 

9.4.1 Configuring MAC Filtering ........................................................................................

129

9.5

Configuring Roaming .........................................................................................................

130

 

9.5.1 Requirements for Roaming ......................................................................................

131

14

ZyXEL NWA-3160 Series User’s Guide

 

 

Table of Contents

Chapter 10

 

IP Screen................................................................................................................................

 

133

10.1

Factory Ethernet Defaults ................................................................................................

133

10.2

TCP/IP Parameters .........................................................................................................

133

10.2.1 WAN IP Address Assignment .................................................................................

133

10.3

Configuring IP ..................................................................................................................

134

Chapter 11

 

Rogue AP...............................................................................................................................

 

135

11.1 Rogue AP Introduction .....................................................................................................

135

11.2 Rogue AP Examples ........................................................................................................

135

11.2.1 “Honeypot” Attack ...................................................................................................

136

11.3 Configuring Rogue AP Detection .....................................................................................

137

11.3.1 Rogue AP: Configuration ........................................................................................

137

11.3.2 Rogue AP: Friendly AP ..........................................................................................

138

11.3.3 Rogue AP List ........................................................................................................

139

Chapter 12

 

Remote Management Screens.............................................................................................

141

12.1

Remote Management Overview ......................................................................................

141

12.1.1 Remote Management Limitations ..........................................................................

141

12.1.2 System Timeout ....................................................................................................

141

12.2

Configuring Telnet ............................................................................................................

142

12.3

Configuring FTP ..............................................................................................................

143

12.4

Configuring WWW ...........................................................................................................

144

12.5 SNMP ..............................................................................................................................

145

12.5.1 Supported MIBs .....................................................................................................

146

12.5.2 SNMP Traps ...........................................................................................................

147

12.6 SNMP Traps ....................................................................................................................

147

12.6.1 Configuring SNMP .................................................................................................

148

Chapter 13

 

Internal RADIUS Server........................................................................................................

151

13.1

Internal RADIUS Overview ..............................................................................................

151

13.2

Internal RADIUS Server Setting ......................................................................................

151

13.3

Trusted AP Overview .......................................................................................................

153

13.4

Configuring Trusted AP ...................................................................................................

154

13.5

Configuring Trusted Users ...............................................................................................

155

Chapter 14

 

Certificates ............................................................................................................................

157

14.1

Certificates Overview .......................................................................................................

157

14.1.1 Advantages of Certificates .....................................................................................

158

ZyXEL NWA-3160 Series User’s Guide

15

Table of Contents

 

14.2

Self-signed Certificates ....................................................................................................

158

14.3

Verifying a Certificate .......................................................................................................

158

14.3.1 Checking the Fingerprint of a Certificate on Your Computer ..................................

158

14.4

Configuration Summary ...................................................................................................

159

14.5

My Certificates .................................................................................................................

159

14.6

Certificate File Formats ....................................................................................................

161

14.7

Importing a Certificate .....................................................................................................

162

14.8

Creating a Certificate .......................................................................................................

163

14.9

My Certificate Details .......................................................................................................

165

14.10 Trusted CAs ...................................................................................................................

168

14.11 Importing a Trusted CA’s Certificate ..............................................................................

169

14.12 Trusted CA Certificate Details .......................................................................................

170

Chapter 15

 

Log Screens ..........................................................................................................................

175

15.1

Configuring View Log .......................................................................................................

175

15.2

Configuring Log Settings .................................................................................................

176

15.3

Example Log Messages ..................................................................................................

178

15.4 Log Commands ...............................................................................................................

179

15.4.1 Configuring What You Want the ZyXEL Device to Log ..........................................

179

15.4.2 Displaying Logs ......................................................................................................

180

15.5 Log Command Example ..................................................................................................

180

Chapter 16

 

VLAN ......................................................................................................................................

 

181

16.1 VLAN ...............................................................................................................................

181

16.1.1 Management VLAN ID ...........................................................................................

181

16.1.2 VLAN Tagging ........................................................................................................

181

16.2

Configuring VLAN ............................................................................................................

182

16.2.1 Wireless VLAN .......................................................................................................

182

16.2.2 RADIUS VLAN .......................................................................................................

184

16.2.3 Configuring Management VLAN Example .............................................................

185

16.2.4 Configuring Microsoft’s IAS Server Example .........................................................

188

 

16.2.4.1 Configuring VLAN Groups ...........................................................

188

 

16.2.4.2 Configuring Remote Access Policies ..........................................

189

16.2.5 Second Rx VLAN ID Example ................................................................................

196

 

16.2.5.1 Second Rx VLAN Setup Example ...............................................

196

Chapter 17

 

Maintenance ..........................................................................................................................

199

17.1

Maintenance Overview ....................................................................................................

199

17.2

System Status Screen .....................................................................................................

199

17.2.1 System Statistics ....................................................................................................

200

16

ZyXEL NWA-3160 Series User’s Guide

 

 

Table of Contents

17.3

Association List ................................................................................................................

200

17.4

Channel Usage ................................................................................................................

201

17.5

F/W Upload Screen .........................................................................................................

202

17.6

Configuration Screen .......................................................................................................

204

17.6.1 Backup Configuration .............................................................................................

204

17.6.2 Restore Configuration ...........................................................................................

205

17.6.3 Back to Factory Defaults ........................................................................................

206

17.7

Restart Screen .................................................................................................................

206

Part III: SMT and Troubleshooting......................................................

207

Chapter 18

 

Introducing the SMT .............................................................................................................

209

18.1

Introduction to the SMT ...................................................................................................

209

18.2

Accessing the SMT via the Console Port ........................................................................

209

18.2.1 Initial Screen ..........................................................................................................

209

18.2.2 Entering the Password ...........................................................................................

210

18.3

Connect to your ZyXEL Device Using Telnet ....................................................................

211

18.4

Changing the System Password ......................................................................................

211

18.5 SMT Menu Overview Example ........................................................................................

212

18.6

Navigating the SMT Interface ..........................................................................................

212

18.6.1 System Management Terminal Interface Summary ...............................................

214

Chapter 19

 

General Setup........................................................................................................................

215

19.1

General Setup .................................................................................................................

215

19.1.1 Procedure To Configure Menu 1 ............................................................................

215

Chapter 20

 

LAN Setup

..............................................................................................................................

217

20.1

LAN Setup .......................................................................................................................

217

20.2

TCP/IP Ethernet Setup ....................................................................................................

217

Chapter 21

 

SNMP Configuration .............................................................................................................

219

21.1 ........................................................................................................

SNMP Configuration

219

Chapter 22

 

System Password .................................................................................................................

221

22.1 ............................................................................................................

System Password

221

ZyXEL NWA-3160 Series User’s Guide

17

Table of Contents

Chapter 23

 

System Information and Diagnosis.....................................................................................

223

23.1

System Status ..................................................................................................................

223

23.2

System Information ..........................................................................................................

225

23.2.1 System Information ................................................................................................

225

23.2.2 Console Port Speed ...............................................................................................

226

23.3

Log and Trace ..................................................................................................................

226

23.3.1 Viewing Error Log ...................................................................................................

226

23.4

Diagnostic ........................................................................................................................

227

Chapter 24

 

Firmware and Configuration File Maintenance ..................................................................

229

24.1

Filename Conventions .....................................................................................................

229

24.2

Backup Configuration ......................................................................................................

230

24.2.1 Using the FTP command from the DOS Prompt ....................................................

230

24.2.2 Backup Configuration Using TFTP .........................................................................

231

24.2.3 Example: TFTP Command .....................................................................................

232

24.3

Restore Configuration .....................................................................................................

232

24.3.1 Using the FTP command from the DOS Prompt Example .....................................

232

24.3.2 TFTP File Upload ...................................................................................................

233

24.3.3 Example: TFTP Command .....................................................................................

234

Chapter 25

 

System Maintenance and Information ................................................................................

235

25.1

Command Interpreter Mode ............................................................................................

235

25.1.1 Command Syntax ...................................................................................................

236

25.1.2 Command Usage ...................................................................................................

236

25.1.3 Brute-Force Password Guessing Protection ..........................................................

236

 

25.1.3.1 Configuring Brute-Force Password Guessing Protection: Example ..

 

236

 

25.2

Time and Date Setting .....................................................................................................

237

25.2.1 Resetting the Time .................................................................................................

238

25.3 Remote Management Setup ............................................................................................

238

25.3.1 Telnet ......................................................................................................................

238

25.3.2 FTP ........................................................................................................................

239

25.3.3 Web ........................................................................................................................

239

25.3.4 Remote Management Setup ..................................................................................

239

25.3.5 Remote Management Limitations ..........................................................................

241

25.4

System Timeout ...............................................................................................................

241

Chapter 26

 

Troubleshooting....................................................................................................................

243

26.1

Power, Hardware Connections, and LEDs ......................................................................

243

18

ZyXEL NWA-3160 Series User’s Guide

 

 

Table of Contents

26.2

ZyXEL Device Access and Login ....................................................................................

244

26.3

Internet Access ................................................................................................................

246

26.4

Wireless Router/AP Troubleshooting ...............................................................................

247

Part IV: Appendices and Index ...........................................................

249

Appendix

A

Product Specifications.......................................................................................

251

Appendix

B Setting up Your Computer’s IP Address............................................................

257

Appendix

C Wireless LANs ..................................................................................................

269

Appendix

D Pop-up Windows, JavaScripts and Java Permissions......................................

283

Appendix

E IP Addresses and Subnetting ...........................................................................

289

Appendix

F

Text File Based Auto Configuration...................................................................

297

Appendix

G

Legal Information..............................................................................................

305

Appendix

H Customer Support.............................................................................................

309

Index.......................................................................................................................................

 

 

315

ZyXEL NWA-3160 Series User’s Guide

19

Table of Contents

20

ZyXEL NWA-3160 Series User’s Guide

List of Figures

List of Figures

Figure 1 Access Point Application ..........................................................................................................

34

Figure 2 Bridge Application ....................................................................................................................

35

Figure 3 Repeater Application ................................................................................................................

35

Figure 4 AP+Bridge Application .............................................................................................................

36

Figure 5 Multiple BSSs ...........................................................................................................................

37

Figure 6 LEDs .........................................................................................................................................

39

Figure 7 Change Password Screen ........................................................................................................

42

Figure 8 Replace Certificate Screen .......................................................................................................

42

Figure 9 The Status Screen of the Web Configurator .............................................................................

43

Figure 10 The Status Screen ..................................................................................................................

45

Figure 11 Configuring Wireless LAN ......................................................................................................

50

Figure 12 Tutorial: Example MBSSID Setup ..........................................................................................

52

Figure 13 Tutorial: Wireless LAN: Before ...............................................................................................

53

Figure 14 Tutorial: Wireless LAN: Change Mode ...................................................................................

53

Figure 15 Tutorial: WIRELESS > SSID ..................................................................................................

54

Figure 16 Tutorial: VoIP SSID Profile Edit ..............................................................................................

55

Figure 17 Tutorial: VoIP Security ............................................................................................................

56

Figure 18 Tutorial: VoIP Security Profile Edit ..........................................................................................

56

Figure 19 Tutorial: VoIP Security: Updated ............................................................................................

57

Figure 20 Tutorial: Activate VoIP Profile .................................................................................................

57

Figure 21 Tutorial: Guest Edit .................................................................................................................

58

Figure 22 Tutorial: Guest Security Profile Edit ........................................................................................

58

Figure 23 Tutorial: Guest Security: Updated ..........................................................................................

59

Figure 24 Tutorial: Layer 2 Isolation .......................................................................................................

59

Figure 25 Tutorial: Layer 2 Isolation Profile ............................................................................................

60

Figure 26 Tutorial: Activate Guest Profile ...............................................................................................

60

Figure 27 Tutorial: Wireless Network Example .......................................................................................

62

Figure 28 Tutorial: Friendly AP (Before Data Entry) ...............................................................................

63

Figure 29 Tutorial: Friendly AP (After Data Entry) .................................................................................

64

Figure 30 Tutorial: Configuration ............................................................................................................

64

Figure 31 Tutorial: Warning ....................................................................................................................

65

Figure 32 Tutorial: Save Friendly AP list ................................................................................................

65

Figure 33 Tutorial: Periodic Rogue AP Detection ..................................................................................

65

Figure 34 Tutorial: Log Settings ..............................................................................................................

66

Figure 35 Tutorial: Example Network .....................................................................................................

68

Figure 36 Tutorial: SSID Profile ..............................................................................................................

70

Figure 37 Tutorial: SSID Edit ..................................................................................................................

71

Figure 38 Tutorial: Layer-2 Isolation Edit ................................................................................................

71

ZyXEL NWA-3160 Series User’s Guide

21

List of Figures

 

Figure 39 Tutorial: MAC Filter Edit (SERVER_1) ...................................................................................

72

Figure 40 Tutorial: SSID Profiles Activated ............................................................................................

73

Figure 41 Tutorial: SSID Tab Correct Settings ........................................................................................

73

Figure 42 System > General ..................................................................................................................

77

Figure 43 SYSTEM > Password. ............................................................................................................

79

Figure 44 SYSTEM > Time Setting ........................................................................................................

80

Figure 45 Basic Service set ....................................................................................................................

83

Figure 46 Extended Service Set .............................................................................................................

84

Figure 47 DiffServ: Differentiated Service Field ......................................................................................

87

Figure 48 Wireless: Access Point ...........................................................................................................

91

Figure 49 Bridging Example ...................................................................................................................

93

Figure 50 Bridge Loop: Two Bridges Connected to Hub ........................................................................

93

Figure 51 Bridge Loop: Bridge Connected to Wired LAN .......................................................................

94

Figure 52 Wireless: Bridge/Repeater .....................................................................................................

94

Figure 53 Wireless: AP+Bridge ..............................................................................................................

97

Figure 54 EAP Authentication ..............................................................................................................

100

Figure 55 WPA(2)-PSK Authentication .................................................................................................

102

Figure 56 WPA(2) with RADIUS Application Example .........................................................................

103

Figure 57 Wireless > Security ...............................................................................................................

105

Figure 58 WIRELESS > Security: WEP ................................................................................................

106

Figure 59 Security: 802.1x Only ..........................................................................................................

107

Figure 60 Security: 802.1x Static 64-bit, 802.1x Static 128-bit ............................................................

108

Figure 61 Security: WPA .....................................................................................................................

109

Figure 62 Security:WPA2 or WPA2-MIX ................................................................................................

110

Figure 63 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX ............................................................

111

Figure 64 RADIUS .................................................................................................................................

112

Figure 65 Multiple BSS with VLAN Example .........................................................................................

116

Figure 66 Wireless: Multiple BSS ..........................................................................................................

116

Figure 67 SSID ......................................................................................................................................

119

Figure 68 Configuring SSID ..................................................................................................................

120

Figure 69 Layer-2 Isolation Application ................................................................................................

124

Figure 70 WIRELESS > Layer 2 Isolation ............................................................................................

125

Figure 71 WIRELESS > Layer-2 Isolation Configuration Screen .........................................................

126

Figure 72 Layer-2 Isolation Example Configuration .............................................................................

127

Figure 73 Layer-2 Isolation Example 1 .................................................................................................

127

Figure 74 Layer-2 Isolation Example 2 .................................................................................................

128

Figure 75 WIRELESS > MAC Filter ......................................................................................................

128

Figure 76 MAC Address Filter ..............................................................................................................

129

Figure 77 Roaming Example ................................................................................................................

131

Figure 78 Roaming ...............................................................................................................................

132

Figure 79 IP Setup ................................................................................................................................

134

Figure 80 Rogue AP: Example ............................................................................................................

136

Figure 81 “Honeypot” Attack .................................................................................................................

137

22

ZyXEL NWA-3160 Series User’s Guide

 

List of Figures

Figure 82 ROGUE AP > Configuration .................................................................................................

138

Figure 83 ROGUE AP > Friendly AP ....................................................................................................

139

Figure 84 ROGUE AP > Rogue AP ......................................................................................................

140

Figure 85 Telnet Configuration on a TCP/IP Network ...........................................................................

142

Figure 86 Remote Management: Telnet ...............................................................................................

142

Figure 87 Remote Management: FTP ..................................................................................................

143

Figure 88 Remote Management: WWW ...............................................................................................

144

Figure 89 SNMP Management Model ..................................................................................................

146

Figure 90 Remote Management: SNMP ..............................................................................................

148

Figure 91 Internal RADIUS Server Setting Screen ...............................................................................

152

Figure 92 Trusted AP Overview ............................................................................................................

154

Figure 93 Trusted AP Screen ...............................................................................................................

155

Figure 94 Trusted Users Screen ...........................................................................................................

156

Figure 95 Certificates on Your Computer .............................................................................................

158

Figure 96 Certificate Details ................................................................................................................

159

Figure 97 My Certificates ......................................................................................................................

160

Figure 98 My Certificate Import ............................................................................................................

162

Figure 99 My Certificate Create ............................................................................................................

163

Figure 100 My Certificate Details .........................................................................................................

166

Figure 101 Trusted CAs ........................................................................................................................

168

Figure 102 Trusted CA Import ..............................................................................................................

170

Figure 103 Trusted CA Details .............................................................................................................

171

Figure 104 View Log .............................................................................................................................

175

Figure 105 Log Settings .......................................................................................................................

176

Figure 106 WIRELESS VLAN ..............................................................................................................

183

Figure 107 RADIUS VLAN ...................................................................................................................

184

Figure 108 Management VLAN Configuration Example .......................................................................

186

Figure 109 VLAN-Aware Switch - Static VLAN .....................................................................................

186

Figure 110 VLAN-Aware Switch ...........................................................................................................

186

Figure 111 VLAN-Aware Switch - VLAN Status ....................................................................................

187

Figure 112 VLAN Setup ........................................................................................................................

187

Figure 113 New Global Security Group ...............................................................................................

189

Figure 114 Add Group Members .........................................................................................................

189

Figure 115 New Remote Access Policy for VLAN Group ....................................................................

190

Figure 116 Specifying Windows-Group Condition ................................................................................

190

Figure 117 Adding VLAN Group ..........................................................................................................

191

Figure 118 Granting Permissions and User Profile Screens ...............................................................

191

Figure 119 Authentication Tab Settings ................................................................................................

192

Figure 120 Encryption Tab Settings .....................................................................................................

192

Figure 121 Connection Attributes Screen ............................................................................................

193

Figure 122 RADIUS Attribute Screen ..................................................................................................

193

Figure 123 802 Attribute Setting for Tunnel-Medium-Type ..................................................................

194

Figure 124 VLAN ID Attribute Setting for Tunnel-Pvt-Group-ID ..........................................................

194

ZyXEL NWA-3160 Series User’s Guide

23

List of Figures

 

Figure 125 VLAN Attribute Setting for Tunnel-Type ............................................................................

195

Figure 126 Completed Advanced Tab ..................................................................................................

195

Figure 127 Second Rx VLAN ID Example ............................................................................................

196

Figure 128 Configuring SSID: Second Rx VLAN ID Example ..............................................................

197

Figure 129 System Status ....................................................................................................................

199

Figure 130 System Status: Show Statistics ..........................................................................................

200

Figure 131 Association List ..................................................................................................................

201

Figure 132 Channel Usage ...................................................................................................................

201

Figure 133 Firmware Upload ................................................................................................................

202

Figure 134 Firmware Upload In Process ..............................................................................................

203

Figure 135 Network Temporarily Disconnected ....................................................................................

203

Figure 136 Firmware Upload Error .......................................................................................................

204

Figure 137 Configuration ......................................................................................................................

204

Figure 138 Configuration Upload Successful .......................................................................................

205

Figure 139 Network Temporarily Disconnected ....................................................................................

205

Figure 140 Configuration Upload Error .................................................................................................

206

Figure 141 Reset Warning Message ....................................................................................................

206

Figure 142 Restart Screen ...................................................................................................................

206

Figure 143 Initial Screen .......................................................................................................................

210

Figure 144 Password Screen ...............................................................................................................

211

Figure 145 Login Screen .......................................................................................................................

211

Figure 146 Menu 23 System Password ................................................................................................

212

Figure 147 SMT Main Menu .................................................................................................................

213

Figure 148 Menu 1 General Setup .......................................................................................................

215

Figure 149 Menu 3 LAN Setup ............................................................................................................

217

Figure 150 Menu 3.2 TCP/IP Setup .....................................................................................................

217

Figure 151 Menu 22 SNMP Configuration ............................................................................................

219

Figure 152 Menu 23 System Password ................................................................................................

221

Figure 153 Menu 24 System Maintenance ...........................................................................................

223

Figure 154 Menu 24.1 System Maintenance: Status ............................................................................

224

Figure 155 Menu 24.2 System Information and Console Port Speed ..................................................

225

Figure 156 Menu 24.2.1 System Information: Information ...................................................................

225

Figure 157 Menu 24.2.2 System Maintenance: Change Console Port Speed .....................................

226

Figure 158 Menu 24.3 System Maintenance: Log and Trace ...............................................................

227

Figure 159 Sample Error and Information Messages ...........................................................................

227

Figure 160 Menu 24.4 System Maintenance: Diagnostic .....................................................................

227

Figure 161 FTP Session Example ........................................................................................................

231

Figure 162 FTP Session Example ........................................................................................................

233

Figure 163 Menu 24 System Maintenance ...........................................................................................

235

Figure 164 Valid CI Commands ............................................................................................................

236

Figure 165 Menu 24.10 System Maintenance: Time and Date Setting ................................................

237

Figure 166 Telnet Configuration on a TCP/IP Network .........................................................................

239

Figure 167 Menu 24.11 Remote Management Control ........................................................................

240

24

ZyXEL NWA-3160 Series User’s Guide

 

List of Figures

Figure 168 Wall-mounting Example ......................................................................................................

254

Figure 169 Masonry Plug and M4 Tap Screw .......................................................................................

254

Figure 170 WIndows 95/98/Me: Network: Configuration ......................................................................

258

Figure 171 Windows 95/98/Me: TCP/IP Properties: IP Address ..........................................................

259

Figure 172 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ..............................................

260

Figure 173 Windows XP: Start Menu ....................................................................................................

261

Figure 174 Windows XP: Control Panel ...............................................................................................

261

Figure 175 Windows XP: Control Panel: Network Connections: Properties .........................................

262

Figure 176 Windows XP: Local Area Connection Properties ...............................................................

262

Figure 177 Windows XP: Advanced TCP/IP Settings ..........................................................................

263

Figure 178 Windows XP: Internet Protocol (TCP/IP) Properties ..........................................................

264

Figure 179 Macintosh OS 8/9: Apple Menu ..........................................................................................

265

Figure 180 Macintosh OS 8/9: TCP/IP .................................................................................................

265

Figure 181 Macintosh OS X: Apple Menu ............................................................................................

266

Figure 182 Macintosh OS X: Network ..................................................................................................

267

Figure 183 Peer-to-Peer Communication in an Ad-hoc Network .........................................................

269

Figure 184 Basic Service Set ...............................................................................................................

270

Figure 185 Infrastructure WLAN ...........................................................................................................

271

Figure 186 RTS/CTS ............................................................................................................................

272

Figure 187 WPA(2) with RADIUS Application Example .......................................................................

279

Figure 188 WPA(2)-PSK Authentication ...............................................................................................

280

Figure 189 Pop-up Blocker ...................................................................................................................

283

Figure 190 Internet Options: Privacy ....................................................................................................

284

Figure 191 Internet Options: Privacy ....................................................................................................

285

Figure 192 Pop-up Blocker Settings .....................................................................................................

285

Figure 193 Internet Options: Security ...................................................................................................

286

Figure 194 Security Settings - Java Scripting .......................................................................................

287

Figure 195 Security Settings - Java ......................................................................................................

287

Figure 196 Java (Sun) ..........................................................................................................................

288

Figure 197 Network Number and Host ID ............................................................................................

290

Figure 198 Subnetting Example: Before Subnetting ............................................................................

292

Figure 199 Subnetting Example: After Subnetting ...............................................................................

293

Figure 200 Text File Based Auto Configuration ....................................................................................

297

Figure 201 Configuration File Format ...................................................................................................

299

Figure 202 WEP Configuration File Example .......................................................................................

300

Figure 203 802.1X Configuration File Example ....................................................................................

301

Figure 204 WPA-PSK Configuration File Example ...............................................................................

301

Figure 205 WPA Configuration File Example .......................................................................................

302

Figure 206 Wlan Configuration File Example .......................................................................................

303

ZyXEL NWA-3160 Series User’s Guide

25

List of Figures

26

ZyXEL NWA-3160 Series User’s Guide

List of Tables

List of Tables

Table 1 Models Covered ........................................................................................................................

33

Table 2 LEDs .........................................................................................................................................

39

Table 3 The Status Screen ....................................................................................................................

45

Table 4 Tutorial: Example Information ...................................................................................................

52

Table 5 Tutorial: Rogue AP Example Information ..................................................................................

62

Table 6 Tutorial: Friendly AP Information ...............................................................................................

63

Table 7 Tutorial: SSID Profile Security Settings .....................................................................................

69

Table 8 Tutorial: Example Network MAC Addresses .............................................................................

69

Table 9 Tutorial: Example User MAC Addresses ...................................................................................

69

Table 10 Tutorial: SERVER_2 Network Information ..............................................................................

72

Table 11 System > General ...................................................................................................................

77

Table 12 Password ................................................................................................................................

79

Table 13 SYSTEM > Time Setting .........................................................................................................

81

Table 14 Default Time Servers ..............................................................................................................

82

Table 15 WMM QoS Priorities ...............................................................................................................

85

Table 16 Typical Packet Sizes ...............................................................................................................

86

Table 17 Automatic Traffic Classifier Priorities ......................................................................................

86

Table 18 ATC + WMM Priority Assignment (LAN to WLAN) ..................................................................

87

Table 19 ATC + WMM Priority Assignment (WLAN to LAN) ..................................................................

87

Table 20 ToS and IEEE 802.1d to WMM QoS Priority Level Mapping ..................................................

88

Table 21 STP Path Costs ......................................................................................................................

89

Table 22 STP Port States ......................................................................................................................

90

Table 23 Wireless: Access Point ...........................................................................................................

91

Table 24 Wireless: Bridge/Repeater ......................................................................................................

95

Table 25 Security Modes .....................................................................................................................

103

Table 26 Wireless Security Levels .......................................................................................................

104

Table 27 WIRELESS > Security ..........................................................................................................

105

Table 28 Security: WEP .......................................................................................................................

106

Table 29 Security: 802.1x Only ............................................................................................................

107

Table 30 Security: 802.1x Static 64-bit, 802.1x Static 128-bit ..............................................................

108

Table 31 Security: WPA .......................................................................................................................

109

Table 32 Security: WPA2 or WPA2-MIX ...............................................................................................

110

Table 33 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIX ............................................................

111

Table 34 RADIUS .................................................................................................................................

112

Table 35 Wireless: Multiple BSS ...........................................................................................................

117

Table 36 SSID .......................................................................................................................................

119

Table 37 Configuring SSID ..................................................................................................................

120

Table 38 WIRELESS > Layer-2 Isolation .............................................................................................

125

ZyXEL NWA-3160 Series User’s Guide

27

List of Tables

 

Table 39 WIRELESS > Layer-2 Isolation Configuration ......................................................................

126

Table 40 WIRELESS > MAC Filter ......................................................................................................

129

Table 41 MAC Address Filter ...............................................................................................................

130

Table 42 Private IP Address Ranges ...................................................................................................

133

Table 43 IP Setup ................................................................................................................................

134

Table 44 ROGUE AP > Configuration ..................................................................................................

138

Table 45 ROGUE AP > Friendly AP ....................................................................................................

139

Table 46 ROGUE AP > Rogue AP .......................................................................................................

140

Table 47 Remote Management Overview ...........................................................................................

141

Table 48 Remote Management: Telnet ................................................................................................

142

Table 49 Remote Management: FTP ...................................................................................................

143

Table 50 Remote Management: WWW ...............................................................................................

144

Table 51 SNMP Traps ..........................................................................................................................

147

Table 52 SNMP Interface Index to Physical and Virtual Port Mapping ................................................

147

Table 53 Remote Management: SNMP ...............................................................................................

148

Table 54 Internal RADIUS Server Setting Screen Setting ...................................................................

152

Table 55 Trusted AP ............................................................................................................................

155

Table 56 Trusted Users ........................................................................................................................

156

Table 57 My Certificates ......................................................................................................................

160

Table 58 My Certificate Import .............................................................................................................

162

Table 59 My Certificate Create ............................................................................................................

163

Table 60 My Certificate Details ............................................................................................................

166

Table 61 Trusted CAs ..........................................................................................................................

169

Table 62 Trusted CA Import .................................................................................................................

170

Table 63 Trusted CA Details ................................................................................................................

171

Table 64 View Log ...............................................................................................................................

175

Table 65 Log Settings ..........................................................................................................................

177

Table 66 System Maintenance Logs ....................................................................................................

178

Table 67 ICMP Notes ...........................................................................................................................

178

Table 68 Sys log ..................................................................................................................................

179

Table 69 Log Categories and Available Settings .................................................................................

179

Table 70 WIRELESS VLAN .................................................................................................................

183

Table 71 RADIUS VLAN ......................................................................................................................

185

Table 72 Standard RADIUS Attributes .................................................................................................

188

Table 73 System Status .......................................................................................................................

199

Table 74 System Status: Show Statistics .............................................................................................

200

Table 75 Association List .....................................................................................................................

201

Table 76 Channel Usage .....................................................................................................................

202

Table 77 Firmware Upload ...................................................................................................................

202

Table 78 Restore Configuration ...........................................................................................................

205

Table 79 SMT Menus Overview ...........................................................................................................

212

Table 80 Main Menu Commands .........................................................................................................

213

Table 81 Main Menu Summary ............................................................................................................

214

28

ZyXEL NWA-3160 Series User’s Guide

 

List of Tables

Table 82 Menu 1 General Setup ..........................................................................................................

215

Table 83 Menu 3.2 TCP/IP Setup ........................................................................................................

218

Table 84 Menu 22 SNMP Configuration ..............................................................................................

219

Table 85 Menu 24.1 System Maintenance: Status ..............................................................................

224

Table 86 Menu 24.2.1 System Maintenance: Information ...................................................................

225

Table 87 Menu 24.4 System Maintenance Menu: Diagnostic ..............................................................

228

Table 88 Filename Conventions ..........................................................................................................

230

Table 89 General Commands for Third Party FTP Clients ..................................................................

231

Table 90 General Commands for Third Party TFTP Clients ................................................................

232

Table 91 Brute-Force Password Guessing Protection Commands .....................................................

236

Table 92 System Maintenance: Time and Date Setting .......................................................................

237

Table 93 Menu 24.11 Remote Management Control ...........................................................................

240

Table 94 Hardware Specifications .......................................................................................................

251

Table 95 Firmware Specifications ........................................................................................................

252

Table 96 North American Plug Standards ............................................................................................

255

Table 97 European Plug Standards .....................................................................................................

255

Table 98 United Kingdom Plug Standards ...........................................................................................

255

Table 99 Australia and New Zealand Plug Standards .........................................................................

255

Table 100 Power over Ethernet Injector Specifications ......................................................................

255

Table 101 Power over Ethernet Injector RJ-45 Port Pin Assignments ................................................

256

Table 102 IEEE 802.11g ......................................................................................................................

273

Table 103 Wireless Security Levels .....................................................................................................

274

Table 104 Comparison of EAP Authentication Types ..........................................................................

277

Table 105 Wireless Security Relational Matrix ....................................................................................

280

Table 106 Subnet Masks .....................................................................................................................

290

Table 107 Subnet Masks .....................................................................................................................

291

Table 108 Maximum Host Numbers ....................................................................................................

291

Table 109 Alternative Subnet Mask Notation .......................................................................................

291

Table 110 Subnet 1 ..............................................................................................................................

293

Table 111 Subnet 2 ..............................................................................................................................

294

Table 112 Subnet 3 ..............................................................................................................................

294

Table 113 Subnet 4 ..............................................................................................................................

294

Table 114 Eight Subnets ......................................................................................................................

294

Table 115 24-bit Network Number Subnet Planning ............................................................................

295

Table 116 16-bit Network Number Subnet Planning ............................................................................

295

Table 117 Auto Configuration by DHCP ..............................................................................................

298

Table 118 Manual Configuration ..........................................................................................................

298

Table 119 Configuration via SNMP ......................................................................................................

298

Table 120 Displaying the File Version ..................................................................................................

299

Table 121 Displaying the File Version ..................................................................................................

299

Table 122 Displaying the Auto Configuration Status ............................................................................

300

ZyXEL NWA-3160 Series User’s Guide

29

List of Tables

30

ZyXEL NWA-3160 Series User’s Guide

PART I

Introduction

Introducing the ZyXEL Device (33)

Introducing the Web Configurator (41)

Status Screens (45)

Tutorial (49)

31

32

1

Introducing the ZyXEL Device

This chapter introduces the main applications and features of the ZyXEL Device. It also introduces the ways you can manage the ZyXEL Device.

1.1 Introducing the ZyXEL Device

Your ZyXEL Device extends the range of your existing wired network without additional wiring, providing easy network access to mobile users.

It is highly versatile, supporting up to eight BSSIDs simultaneously. The Quality of Service (QoS) features allow you to prioritize time-sensitive or highly important applications such as VoIP.

Multiple security profiles allow you to easily assign different types of security to groups of users. The ZyXEL Device controls network access with MAC address filtering, rogue AP detection, layer 2 isolation and an internal authentication server. It also provides a high level of network traffic security, supporting IEEE 802.1x, Wi-Fi Protected Access (WPA), WPA2 and WEP data encryption.

Your ZyXEL Device is easy to install, configure and use. The embedded Web-based configurator enables simple, straightforward management and maintenance.

See the Quick Start Guide for instructions on how to make hardware connections. At the time of writing, this User’s Guide covers the following models.

Table 1 Models Covered

NWA-3160: IEEE 802.11a/b/g Business WLAN Access Point

NWA-3163: IEEE 802.11b/g Business WLAN Access Point

1.2 Applications for the ZyXEL Device

The ZyXEL Device can be configured to use the following WLAN operating modes

1AP

2Bridge/Repeater

3AP+Bridge

4MBSSID

Applications for each operating mode are shown below.

ZyXEL NWA-3160 Series User’s Guide

33

Chapter 1 Introducing the ZyXEL Device

"A different channel should be configured for each WLAN interface to reduce the effects of radio interference.

1.2.1Access Point

The ZyXEL Device is an ideal access solution for wireless Internet connection. A typical Internet access application for your ZyXEL Device is shown as follows. Stations A, B and C can access the wired network through the ZyXEL Devices.

Figure 1 Access Point Application

1.2.2 Bridge / Repeater

The ZyXEL Device can act as a wireless network bridge and establish wireless links with other APs. In the figure below, the two ZyXEL Devices (A and B) are connected to independent wired networks and have a bridge connection (A can communicate with B) at the same time. A ZyXEL Device in repeater mode (C) has no Ethernet connection. When the ZyXEL Device is in bridge mode, you should enable STP to prevent bridge loops.

When the ZyXEL Device is in Bridge / Repeater mode, security between APs (the Wireless Distribution System or WDS) is independent of the security between the wireless stations and the AP. If you do not enable WDS security, traffic between APs is not encrypted. When WDS security is enabled, both APs must use the same pre-shared key. See Section 6.7.2 on page 92 for more details.

Once the security settings of peer sides match one another, the connection between devices is made.

At the time of writing, WDS security is compatible with other ZyXEL access points only. Refer to your other access point’s documentation for details.

34

ZyXEL NWA-3160 Series User’s Guide

Chapter 1 Introducing the ZyXEL Device

Figure 2 Bridge Application

Figure 3 Repeater Application

1.2.3 AP + Bridge

In AP+Bridge mode, the ZyXEL Device supports both AP and bridge connection at the same time.

ZyXEL NWA-3160 Series User’s Guide

35

Chapter 1 Introducing the ZyXEL Device

In the figure below, A and B use X as an AP to access the wired network, while X and Y communicate in bridge mode.

When the ZyXEL Device is in AP + Bridge mode, security between APs (the Wireless Distribution System or WDS) is independent of the security between the wireless stations and the AP. If you do not enable WDS security, traffic between APs is not encrypted. When WDS security is enabled, both APs must use the same pre-shared key. See Section 6.7.3 on page 96 for more details.

Unless specified, the term “security settings” refers to the traffic between the wireless stations and the ZyXEL Device.

Figure 4 AP+Bridge Application

1.2.4 MBSSID

36

A BSS (Basic Service Set) is the set of devices forming a single wireless network (usually an access point and one or more wireless clients). An SSID (Service Set IDentifier) is the name of a BSS. In MBSSID (Multiple BSS) mode, the ZyXEL Device provides multiple virtual APs, each forming its own BSS and using its own individual SSID profile.

You can configure up to sixteen SSID profiles, and have up to eight active at any one time.

You can assign different wireless and security settings to each SSID profile. This allows you to compartmentalize groups of users, set varying access privileges, and prioritize network traffic to and from certain BSSs.

To the wireless clients in the network, each SSID appears to be a different access point. As in any wireless network, clients can associate only with the SSIDs for which they have the correct security settings.

ZyXEL NWA-3160 Series User’s Guide

Chapter 1 Introducing the ZyXEL Device

For example, you might want to set up a wireless network in your office where Internet telephony (Voice over IP, or VoIP) users have priority. You also want a regular wireless network for standard users, as well as a ‘guest’ wireless network for visitors. In the following figure, VoIP_SSID users have Quality of Service (QoS) priority, SSID03 is the wireless network for standard users, and Guest_SSID is the wireless network for guest users. In this example, the guest user is forbidden access to the wired LAN behind the AP and can access only the Internet.

Figure 5 Multiple BSSs

1.2.5 Pre-Configured SSID Profiles

The ZyXEL Device has two pre-configured SSID profiles.

1VoIP_SSID. This profile is intended for use by wireless clients requiring the highest QoS (Quality of Service) level for VoIP (Voice over IP) telephony and other applications requiring low latency. The QoS level of this profile is not user-configurable. See Chapter 6 on page 83 for more information on QoS.

2Guest_SSID. This profile is intended for use by visitors and others who require access to certain resources on the network (an Internet gateway or a network printer, for example) but must not have access to the rest of the network. Layer 2 isolation is enabled (see Section 9.1 on page 123), and QoS is set to NONE. Intra-BSS traffic blocking is also enabled (see Section 6.1.1 on page 83). These fields are all user-configurable.

ZyXEL NWA-3160 Series User’s Guide

37

Chapter 1 Introducing the ZyXEL Device

1.3 Ways to Manage the ZyXEL Device

Use any of the following methods to manage the ZyXEL Device.

Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser.

Command Line Interface. Line commands are mostly used for troubleshooting by service engineers.

SMT. System Management Terminal is a text-based configuration menu that you can use to configure your device. Use Telnet to access the SMT.

FTP for firmware upgrades and configuration backup and restore.

SNMP. The device can be monitored by an SNMP manager. See the SNMP chapter in this User’s Guide.

1.4Good Habits for Managing the ZyXEL Device

Do the following things regularly to make the ZyXEL Device more secure and to manage it more effectively.

Change the password often. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.

Write down the password and put it in a safe place.

Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the ZyXEL Device to its factory default settings. If you backed up an earlier configuration file, you won’t have to totally re-configure the ZyXEL Device; you can simply restore your last configuration.

1.5Hardware Connections

See your Quick Start Guide for information on making hardware connections.

38

ZyXEL NWA-3160 Series User’s Guide

Chapter 1 Introducing the ZyXEL Device

1.6 LEDs

Figure 6 LEDs

Table 2

LEDs

 

 

 

 

 

 

LABEL

 

COLOR

STATUS

DESCRIPTION

WDS

 

Green

On

The ZyXEL Device is in AP+Bridge or Bridge/Repeater

 

 

 

 

mode, and has successfully established a Wireless

 

 

 

 

Distribution System (WDS) connection.

 

 

 

 

 

 

 

 

 

 

 

 

Off

Either

 

 

 

 

• The ZyXEL Device is in Access Point or MBSSID

 

 

 

 

mode and is functioning normally.

 

 

 

 

or

 

 

 

 

• The ZyXEL Device is in AP+Bridge or Bridge/

 

 

 

 

Repeater mode and has not established a Wireless

 

 

 

 

Distribution System (WDS) connection.

 

 

 

 

 

 

 

 

 

WLAN

 

Green

On

The wireless LAN is active.

 

 

 

 

 

 

 

 

 

 

 

 

Blinking

The wireless LAN is active, and transmitting or receiving

 

 

 

 

data.

 

 

 

 

 

 

 

 

 

 

 

Off

 

The wireless LAN is not active.

 

 

 

 

 

 

 

 

 

ZyXEL NWA-3160 Series User’s Guide

39

Chapter 1 Introducing the ZyXEL Device

Table 2 LEDs (continued)

LABEL

COLOR

STATUS

DESCRIPTION

ETHERNET

Green

On

The ZyXEL Device has a 10 Mbps Ethernet connection.

 

 

 

 

 

 

Blinking

The ZyXEL Device has a 10 Mbps Ethernet connection

 

 

 

and is sending or receiving data.

 

 

 

 

 

Yellow

On

The ZyXEL Device has a 100 Mbps Ethernet

 

 

 

connection.

 

 

 

 

 

 

Blinking

The ZyXEL Device has a 100 Mbps Ethernet connection

 

 

 

and is sending/receiving data.

 

 

 

 

 

 

Off

The ZyXEL Device does not have an Ethernet

 

 

 

connection.

 

 

 

 

POWER/SYS

Green

On

The ZyXEL Device is receiving power and functioning

 

 

 

properly.

 

 

 

 

 

 

Off

The ZyXEL Device is not receiving power.

 

 

 

 

 

Red

Blinking

Either

 

 

 

• If the LED blinks during the boot up process, the

 

 

 

system is starting up.

 

 

 

or

 

 

 

• If the LED blinks after the boot up process, the

 

 

 

system has failed.

 

 

 

 

 

 

Off

The ZyXEL Device successfully boots up.

 

 

 

 

40

ZyXEL NWA-3160 Series User’s Guide

2

Introducing the Web

Configurator

This chapter describes how to access the ZyXEL Device’s web configurator and provides an overview of its screens.

2.1Accessing the Web Configurator

1Make sure your hardware is properly connected and prepare your computer or computer network to connect to the ZyXEL Device (refer to the Quick Start Guide).

2Launch your web browser.

3Type "192.168.1.2" as the URL (default).

4Type "1234" (default) as the password and click Login. In some versions, the default password appears automatically - if this is the case, click Login.

5You should see a screen asking you to change your password (highly recommended) as shown next. Type a new password (and retype it to confirm) then click Apply. Alternatively, click Ignore.

"If you do not change the password, the following screen appears every time you login.

ZyXEL NWA-3160 Series User’s Guide

41

Chapter 2 Introducing the Web Configurator

Figure 7 Change Password Screen

6Click Apply in the Replace Certificate screen to create a certificate using your ZyXEL Device’s MAC address that will be specific to this device.

Figure 8 Replace Certificate Screen

You should now see the Status screen. See Chapter 2 on page 41 for details about the Status screen.

"The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyXEL Device if this happens.

2.2Resetting the ZyXEL Device

If you forget your password or cannot access the web configurator, you will need to use the RESET button. This replaces the current configuration file with the factory-default configuration file. This means that you will lose all the settings you previously configured. The password will be reset to 1234.

42

ZyXEL NWA-3160 Series User’s Guide

Chapter 2 Introducing the Web Configurator

2.2.1 Methods of Restoring Factory-Defaults

You can erase the current configuration and restore factory defaults in three ways:

Use the RESET button to upload the default configuration file. Hold this button in for about 10 seconds (the lights will begin to blink). Use this method for cases when the password or IP address of the ZyXEL Device is not known.

Use the web configurator to restore defaults (refer to Chapter 17 on page 199).

Transfer the configuration file to your ZyXEL Device using FTP. See the section on SMT configuration for more information.

2.3 Navigating the Web Configurator

The following summarizes how to navigate the web configurator from the Status screen. Click LOGOUT at any time to exit the web configurator.

Check the status bar at the bottom of the screen when you click Apply or OK to verify that the configuration has been updated.

Figure 9 The Status Screen of the Web Configurator

Click the links on the left of the screen to configure advanced features such as SYSTEM (General Setup, Password and Time Zone), WIRELESS (Wireless, SSID, Security, RADIUS, Layer-2 Isolation, MAC Filter), IP, ROGUE AP (Configuration, Friendly AP, Rogue AP), REMOTE MGNT (Telnet, FTP, WWW and SNMP), AUTH. SERVER (Setting, Trusted AP, Trusted Users), CERTIFICATES (My Certificates, Trusted CAs), LOGS (View Logs and Log Settings) and VLAN (Wireless VLAN and RADIUS VLAN).

ZyXEL NWA-3160 Series User’s Guide

43

Chapter 2 Introducing the Web Configurator

Click MAINTENANCE to view information about your ZyXEL Device or upgrade configuration and firmware files. Maintenance features include Status (Statistics),

Association List, Channel Usage, F/W (firmware) Upload, Configuration (Backup, Restore and Default) and Restart.

44

ZyXEL NWA-3160 Series User’s Guide

3

Status Screens

The Status screen displays when you log into the ZyXEL Device, or click STATUS in the navigation menu.

Use the Status screens to look at the current status of the device, system resources, interfaces and SSID status. The Status screen also provides detailed information about associated wireless clients, channel usage, logs and detected rogue APs.

3.1 The Status Screen

Cluck Status. The following screen displays.

Figure 10 The Status Screen

The following table describes the labels in this screen.

Table 3 The Status Screen

LABEL

DESCRIPTION

Automatic Refresh

Enter how often you want the ZyXEL Device to update this screen.

Interval

 

 

 

Refresh

Click this to update this screen immediately.

 

 

System Information

 

 

 

System Name

This field displays the ZyXEL Device system name. It is used for

 

identification. You can change this in the System > General screen’s

 

System Name field.

ZyXEL NWA-3160 Series User’s Guide

45

Chapter 3 Status Screens

Table 3 The Status Screen

LABEL

DESCRIPTION

Model

This field displays the ZyXEL Device’s exact model name.

 

 

Firmware Version

This field displays the current version of the firmware inside the device. It

 

also shows the date the firmware version was created. You can change the

 

firmware version by uploading new firmware in Maintenance > F/W

 

Upload.

 

 

System Up Time

This field displays the elapsed time since the ZyXEL Device was turned on.

 

 

Current Date Time

This field displays the date and time configured on the ZyXEL Device. You

 

can change this in the System > Time Setting screen.

 

 

WLAN Operating

This field displays the current operating mode of the first wireless module

Mode

(AP, Bridge / Repeater, AP + Bridge or MBSSID). You can change the

 

operating mode in the Wireless > Wireless screen.

 

 

Management VLAN

This field displays the management VLAN ID if VLAN is active, or

 

Disabled if it is not active. You can enable or disable VLAN, or change the

 

management VLAN ID, in the VLAN > Wireless VLAN screen.

 

 

IP

This field displays the current IP address of the ZyXEL Device on the

 

network.

 

 

LAN MAC

This displays the MAC (Media Access Control) address of the ZyXEL

 

Device on the LAN. Every network device has a unique MAC address

 

which identifies it across the network.

 

 

WLAN MAC

This displays the MAC address of the wireless module.

 

 

System Resources

 

 

 

Flash

This field displays the amount of the ZyXEL Device’s flash memory

 

currently in use. The flash memory is used to store firmware and SSID

 

profiles.

 

 

Memory

This field displays what percentage of the ZyXEL Device’s volatile memory

 

is currently in use. The higher the memory usage, the more likely the

 

ZyXEL Device is to slow down. Some memory is required just to start the

 

ZyXEL Device and to run the web configurator.

 

 

CPU

This field displays what percentage of the ZyXEL Device’s processing

 

ability is currently being used. The higher the CPU usage, the more likely

 

the ZyXEL Device is to slow down.

 

 

WLAN Associations

This field displays the number of wireless clients currently associated with

 

the wireless module. Each wireless module supports up to 128 concurrent

 

associations.

 

 

Interface Status

 

 

 

Interface

This column displays each interface of the ZyXEL Device.

 

 

Status

This field indicates whether or not the ZyXEL Device is using the interface.

 

For each interface, this field displays Up when the ZyXEL Device is using

 

the interface and Down when the ZyXEL Device is not using the interface.

 

 

Rate

For the LAN port this displays the port speed and duplex setting.

 

For the WLAN interface, it displays the downstream and upstream

 

transmission rate or N/A if the interface is not in use.

 

 

SSID Status

 

 

 

SSID

This field displays the SSID(s) currently used by the wireless module.

 

 

BSSID

This field displays the MAC address of the wireless adaptor.

 

 

Security

This field displays the type of wireless security used by each SSID.

 

 

46

ZyXEL NWA-3160 Series User’s Guide

 

 

Chapter 3 Status Screens

 

Table 3 The Status Screen

 

LABEL

DESCRIPTION

 

 

VLAN

This field displays the VLAN ID of each SSID in use, or Disabled if the

 

 

 

SSID does not use VLAN.

 

 

 

 

 

 

System Status

 

 

 

 

 

 

 

Show Statistics

Click this link to view port status and packet specific statistics. See Section

 

 

 

17.2.1 on page 200.

 

 

 

 

 

 

Association List

Click this to see a list of wireless clients currently associated to each of the

 

 

 

ZyXEL Device’s wireless modules. See Section 17.3 on page 200.

 

 

 

 

 

 

Channel Usage

Click this to see which wireless channels are currently in use in the local

 

 

 

area. See Section 17.4 on page 201.

 

 

 

 

 

 

Logs

Click this to see a list of logs produced by the ZyXEL Device. See Section

 

 

 

15.1 on page 175.

 

 

 

 

 

 

Rogue AP List

Click this to see a list of unauthorized access points in the local area. See

 

 

 

Section 11.3.3 on page 139.

 

 

 

 

 

ZyXEL NWA-3160 Series User’s Guide

47

Chapter 3 Status Screens

48

ZyXEL NWA-3160 Series User’s Guide

4

Tutorial

This chapter first provides an overview of how to configure the wireless LAN on your ZyXEL Device, and then gives step-by-step guidelines showing how to configure your ZyXEL Device for some example scenarios.

4.1 How to Configure the Wireless LAN

This section shows how to choose which wireless operating mode you should use on the ZyXEL Device, and the steps you should take to set up the wireless LAN in each wireless mode. See Section 4.1.3 on page 51 for links to more information on each step.

4.1.1Choosing the Wireless Mode

Use Access Point operating mode if you want to allow wireless clients to access your wired network, all using the same security and Quality of Service (QoS) settings. See Section 1.2.1 on page 34 for details.

Use Bridge/Repeater operating mode if you want to use the ZyXEL Device to communicate with other access points. See Section 1.2.2 on page 34 for details.

The ZyXEL Device is a bridge when other APs access your wired Ethernet network through the ZyXEL Device.

The ZyXEL Device is a repeater when it has no Ethernet connection and allows other APs to communicate with one another through the ZyXEL Device.

Use AP+Bridge operating mode if you want to use the ZyXEL Device as an access point (see above) while also communicating with other access points. See Section 1.2.3 on page 35 for details.

Use MBSSID operating mode if you want to use the ZyXEL Device as an access point with some groups of users having different security or QoS settings from other groups of users. See Section 1.2.4 on page 36 for details.

4.1.2Wireless LAN Configuration Overview

The following figure shows the steps you should take to configure the wireless settings according to the operating mode you select. Use the Web Configurator to set up your ZyXEL Device’s wireless network (see your Quick Start Guide for information on setting up your ZyXEL Device and accessing the Web Configurator).

ZyXEL NWA-3160 Series User’s Guide

49

Chapter 4 Tutorial

Figure 11 Configuring Wireless LAN

Select Operating Mode

.

Access Point

Mode.

Select 802.11

Mode and

Channel ID.

Select SSID

Profile.

Configure SSID Profile.

Edit Security Profile.

Configure RADIUS authentication (optional).

Configure internal AUTH. SERVER (optional).

Configure Layer 2

Isolation (optional).

Configure MAC Filter (optional).

Bridge /

Repeater Mode.

Select 802.11

Mode and

Channel ID.

Configure

WDS Security.

 

 

 

AP + Bridge

 

 

 

 

MBSSID

 

 

 

 

 

Mode.

 

 

 

 

Mode.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Select 802.11 Mode

 

 

 

Select 802.11

 

 

and Channel ID.

 

 

 

Mode and

 

 

 

 

 

 

 

 

 

 

Channel ID.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Configure WDS Security.

 

Select SSID

 

 

 

 

 

 

 

 

 

Profiles.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Select SSID Profile.

 

 

 

 

 

Configure each

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SSID Profile.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Configure

SSID Profile. Configure each

Security Profile.

 

 

 

Edit Security Profile.

 

 

 

 

 

 

 

 

Configure RADIUS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

authentication

 

 

 

 

 

 

 

 

 

(optional).

 

 

Configure RADIUS

 

 

 

 

 

 

 

 

 

 

 

 

authentication (optional).

 

 

 

 

 

 

Configure internal

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

AUTH. SERVER

 

 

 

 

 

 

 

(optional).

 

 

 

Configure internal AUTH.

 

 

 

 

SERVER (optional).

 

 

 

 

 

 

 

 

 

 

 

 

 

Configure Layer 2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Isolation (optional).

 

 

 

Configure Layer 2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Isolation (optional).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Configure MAC Filter

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

(optional).

 

 

 

Configure MAC Filter

 

 

 

 

 

 

 

 

 

 

 

 

 

(optional).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Check your settings and test.

50

ZyXEL NWA-3160 Series User’s Guide

Chapter 4 Tutorial

4.1.3 Further Reading

Use these links to find more information on the steps:

Choosing 802.11 Mode: see Section 6.7.1 on page 91.

Choosing a wireless Channel ID: see Section 6.7.1 on page 91.

Selecting and configuring SSID profile(s): see Section 6.7.1 on page 91 and Section 8.2.1 on page 118.

Configuring and activating WDS Security: see Section 6.7.2 on page 92.

Editing Security Profile(s): see Section 7.9 on page 104.

Configuring an external RADIUS server: see Section 7.11 on page 112.

Configuring and activating the internal AUTH. SERVER: see Section 7.4.1 on page 101 and Chapter 13 on page 151.

Configuring Layer 2 Isolation: see Section 9.3 on page 125.

Configuring MAC Filtering: see Section 9.4 on page 128.

4.2How to Configure Multiple Wireless Networks

In this example, you have been using your ZyXEL Device as an access point for your office network (See your Quick Start Guide for information on how to set up your ZyXEL Device in Access Point mode). Now your network is expanding and you want to make use of the MBSSID feature (see Section 8.1 on page 115) to provide multiple wireless networks. Each wireless network will cater for a different type of user.

You want to make three wireless networks: one standard office wireless network with all the same settings you already have, another wireless network with high Quality of Service (QoS) settings for Voice over IP users, and a guest network that allows visitors to your office to access only the Internet and the network printer.

To do this, you will take the following steps:

1Change the operating mode from Access Point to MBSSID and reactivate the standard network.

2Configure a wireless network for Voice over IP users.

3Configure a wireless network for guests to your office.

The following figure shows the multiple networks you want to set up. Your ZyXEL Device is marked Z, the main network router is marked A, and your network printer is marked B.

ZyXEL NWA-3160 Series User’s Guide

51

Chapter 4 Tutorial

Figure 12 Tutorial: Example MBSSID Setup

The standard network (SSID04) has access to all resources. The VoIP network (VoIP_SSID) has access to all resources and a high Quality of Service (QoS) setting (see Chapter 6 on page 83 for information on QoS). The guest network (Guest_SSID) has access to the Internet and the network printer only, and a low QoS setting.

To configure these settings, you need to know the MAC (Media Access Control) addresses of the devices you want to allow users of the guest network to access. The following table shows the addresses used in this example.

Table 4 Tutorial: Example Information

Network router (A) MAC address

00:AA:00:AA:00:AA

 

 

Network printer (B) MAC address

AA:00:AA:00:AA:00

 

 

4.2.1 Change the Operating Mode

Log in to the ZyXEL Device (see Section 2.1 on page 41). Click WIRELESS > Wireless. The Wireless screen appears. In this example, the ZyXEL Device is using Access Point operating mode, and is currently set to use the SSID04 profile.

52

ZyXEL NWA-3160 Series User’s Guide

Chapter 4 Tutorial

Figure 13 Tutorial: Wireless LAN: Before

Select MBSSID from the Operating Mode drop-down list box. The screen displays as follows.

Figure 14 Tutorial: Wireless LAN: Change Mode

This Select SSID Profile table allows you to activate or deactivate SSID profiles. Your wireless network was previously using the SSID04 profile, so select SSID04 in one of the Profile list boxes (number 3 in this example).

ZyXEL NWA-3160 Series User’s Guide

53

Chapter 4 Tutorial

Select the Index box for the entry and click Apply to activate the profile. Your standard wireless network (SSID04) is now accessible to your wireless clients as before. You do not need to configure anything else for your standard network.

4.2.2 Configure the VoIP Network

Next, click WIRELESS > SSID. The following screen displays. Note that the SSID04 SSID profile (the standard network) is using the security01 security profile. You cannot change this security profile without changing the standard network’s parameters, so when you set up security for the VoIP_SSID and Guest_SSID profiles you will need to set different security profiles.

Figure 15 Tutorial: WIRELESS > SSID

The Voice over IP (VoIP) network will use the pre-configured SSID profile, so select VoIP_SSID’s radio button and click Edit. The following screen displays.

54

ZyXEL NWA-3160 Series User’s Guide

Chapter 4 Tutorial

Figure 16 Tutorial: VoIP SSID Profile Edit

Choose a new SSID for the VoIP network. In this example, enter VOIP_SSID_Example. Note that although the SSID changes, the SSID profile name (VoIP_SSID) remains the same as before.

Select Enable from the Hide Name (SSID) list box. You want only authorized company employees to use this network, so there is no need to broadcast the SSID to wireless clients scanning the area.

The standard network (SSID04) is currently using the security01 profile, so use a different profile for the VoIP network. If you used the security01 profile, anyone who could access the standard network could access the VoIP wireless network. Select security02 from the

Security field.

Leave all the other fields at their defaults and click Apply.

4.2.2.1Set Up Security for the VoIP Profile

Now you need to configure the security settings to use on the VoIP wireless network. Click the

Security tab.

ZyXEL NWA-3160 Series User’s Guide

55

Chapter 4 Tutorial

Figure 17 Tutorial: VoIP Security

56

You already chose to use the security02 profile for this network, so select the radio button for security02 and click Edit. The following screen appears.

Figure 18 Tutorial: VoIP Security Profile Edit

Change the Name field to “VoIP_Security” to make it easier to remember and identify.

In this example, you do not have a RADIUS server for authentication, so select WPA2PSK in the Security Mode field. WPA2-PSK provides strong security that anyone with a compatible wireless client can use, once they know the pre-shared key (PSK). Enter the PSK you want to use in your network in the Pre Shared Key field. In this example, the PSK is “ThisismyWPA2-PSKpre-sharedkey”.

ZyXEL NWA-3160 Series User’s Guide

Chapter 4 Tutorial

Click Apply. The WIRELESS > Security screen displays. Ensure that the Profile Name for entry 2 displays “VoIP_Security” and that the Security Mode is WPA2-PSK.

Figure 19 Tutorial: VoIP Security: Updated

4.2.2.2 Activate the VoIP Profile

You need to activate the VoIP_SSID the Select SSID Profile table, select

profile before it can be used. Click the Wireless tab. In the VoIP_SSID profile and click Apply.

Figure 20 Tutorial: Activate VoIP Profile

Your VoIP wireless network is now ready to use. Any traffic using the VoIP_SSID profile will be given the highest priority across the wireless network.

4.2.3 Configure the Guest Network

When you are setting up the wireless network for guests to your office, your primary concern is to keep your network secure while allowing access to certain resources (such as a network printer, or the Internet). For this reason, the pre-configured Guest_SSID profile has layer-2 isolation and intra-BSS traffic blocking enabled by default. “Layer-2 isolation” means that a client accessing the network via the Guest_SSID profile can access only certain pre-defined devices on the network (see Section 9.1 on page 123), and “intra-BSS traffic blocking” means that the client cannot access other clients on the same wireless network (see Section 6.1.1 on page 83).

Click WIRELESS > SSID. Select Guest_SSID’s entry in the list and click Edit. The following screen appears.

ZyXEL NWA-3160 Series User’s Guide

57

Chapter 4 Tutorial

Figure 21 Tutorial: Guest Edit

Choose a new SSID for the guest network. In this example, enter Guest_SSID_Example. Note that although the SSID changes, the SSID profile name (Guest_SSID) remains the same as before.

Select Disable from the Hide Name (SSID) list box. This makes it easier for guests to configure their own computers’ wireless clients to your network’s settings.

The standard network (SSID04) is already using the security01 profile, and the VoIP network is using the security02 profile (renamed VoIP_Security) so select the security03 profile from the Security field.

Leave all the other fields at their defaults and click Apply.

4.2.3.1Set Up Security for the Guest Profile

Now you need to configure the security settings to use on the guest wireless network. Click the

Security tab.

You already chose to use the security03 profile for this network, so select security03’s entry in the list and click Edit. The following screen appears.

Figure 22 Tutorial: Guest Security Profile Edit

• Change the Name field to “Guest_Security” to make it easier to remember and identify.

58

ZyXEL NWA-3160 Series User’s Guide

Chapter 4 Tutorial

Select WPA-PSK in the Security Mode field. WPA-PSK provides strong security that is supported by most wireless clients. Even though your Guest_SSID clients do not have access to sensitive information on the network, you should not leave the network without security. An attacker could still cause damage to the network or intercept unsecured communications.

Enter the PSK you want to use in your network in the Pre Shared Key field. In this example, the PSK is “ThisismyGuestWPApre-sharedkey”.

Click Apply. The WIRELESS > Security screen displays. Ensure that the Profile Name for entry 3 displays “Guest_Security” and that the Security Mode is WPA-PSK.

Figure 23 Tutorial: Guest Security: Updated

4.2.3.2 Set up Layer 2 Isolation

Configure layer 2 isolation to control the specific devices you want the users on your guest network to access. Click WIRELESS > Layer-2 Isolation. The following screen appears.

Figure 24 Tutorial: Layer 2 Isolation

The Guest_SSID network uses the l2isolation01 profile by default, so select its entry and click Edit. The following screen displays.

ZyXEL NWA-3160 Series User’s Guide

59

Chapter 4 Tutorial

Figure 25 Tutorial: Layer 2 Isolation Profile

Enter the MAC addresses of the two network devices you want users on the guest network to be able to access: the main network router (00:AA:00:AA:00:AA) and the network printer (AA:00:AA:00:AA:00). Click Apply.

4.2.3.3 Activate the Guest Profile

You need to activate the Guest_SSID profile before it can be used. Click the Wireless tab. In the Select SSID Profile table, select the check box for the Guest_SSID profile and click

Apply.

Figure 26 Tutorial: Activate Guest Profile

Your Guest wireless network is now ready to use.

4.2.4 Testing the Wireless Networks

To make sure that the three networks are correctly configured, do the following.

On a computer with a wireless client, scan for access points. You should see the Guest_SSID network, but not the VoIP_SSID network. If you can see the VoIP_SSID network, go to its SSID Edit screen and make sure Hide Name (SSID) is set to Enable.

Whether or not you see the standard network’s SSID (SSID04) depends on whether “hide SSID” is enabled.

60

ZyXEL NWA-3160 Series User’s Guide

Chapter 4 Tutorial

Try to access each network using the correct security settings, and then using incorrect security settings, such as the WPA-PSK for another active network. If the behavior is different from expected (for example, if you can access the VoIP wireless network using the security settings for the Guest_SSID wireless network) check that the SSID profile is set to use the correct security profile, and that the settings of the security profile are correct.

Access the Guest_SSID network and try to access other resources than those specified in the Layer 2 Isolation (l2isolation01) profile screen.

You can use the ping utility to do this. Click Start > Run... and enter “cmd” in the Open: field. Click OK. At the c:\> prompt, enter “ping 192.168.1.10” (substitute the IP address of a real device on your network that is not on the layer 2 isolation list). If you receive a reply, check the settings in the WIRELESS > Layer-2 Isolation > Edit screen, and ensure that the correct layer 2 isolation profile is enabled in the Guest_SSID profile screen.

4.3How to Set Up and Use Rogue AP Detection

This example shows you how to configure the rogue AP detection feature on the ZyXEL Device. A rogue AP is a wireless access point operating in a network’s coverage area that is not a sanctioned part of that network. The example also shows how to set the ZyXEL Device to send out e-mail alerts whenever it detects a rogue wireless access point. See Chapter 11 on page 135 for background information on the rogue AP function and security considerations.

In this example, you want to ensure that your company’s data is not accessible to an attacker gaining entry to your wireless network through a rogue AP.

Your wireless network operates in an office building. It consists of four access points (all ZyXEL Devices) and a variable number of wireless clients. You also know that the coffee shop on the ground floor has a wireless network consisting of a single access point, which can be detected and accessed from your floor of the building. There are no other static wireless networks in your coverage area.

The following diagram shows the wireless networks in your area. Your access points are marked A, B, C and D. You also have a network mail/file server, marked E, and a computer, marked F, connected to the wired network. The coffee shop’s access point is marked 1.

ZyXEL NWA-3160 Series User’s Guide

61

Chapter 4 Tutorial

Figure 27 Tutorial: Wireless Network Example

In the figure, the solid circle represents the range of your wireless network, and the dashed circle represents the extent of the coffee shop’s wireless network. Note that the two networks overlap. This means that one or more of your APs can detect the AP (1) in the other wireless network.

When configuring the rogue AP feature on your ZyXEL Devices in this example, you will need to use the information in the following table. You need the IP addresses of your APs to access their Web configurators, and you need the MAC address of each AP to configure the friendly AP list. You need the IP address of the mail server to set up e-mail alerts.

Table 5 Tutorial: Rogue AP Example Information

DEVICE

IP ADDRESS

MAC ADDRESS

Access Point A

192.168.1.1

00:AA:00:AA:00:AA

 

 

 

Access Point B

192.168.1.2

AA:00:AA:00:AA:00

 

 

 

Access Point C

192.168.1.3

A0:0A:A0:0A:A0:0A

 

 

 

Access Point D

192.168.1.4

0A:A0:0A:A0:0A:A0

 

 

 

File / Mail Server E

192.168.1.25

N/A

 

 

 

Access Point 1

UNKNOWN

AF:AF:AF:FA:FA:FA

 

 

 

62

ZyXEL NWA-3160 Series User’s Guide

Chapter 4 Tutorial

"The ZyXEL Device can detect the MAC addresses of APs automatically. However, it is more secure to obtain the correct MAC addresses from another source and add them to the friendly AP list manually. For example, an attacker’s AP mimicking the correct SSID could be placed on the friendly AP list by accident, if selected from the list of auto-detected APs. In this example you have spoken to the coffee shop’s owner, who has told you the correct MAC address of his AP.

In this example, you will do the following things.

1Set up and save a friendly AP list.

2Activate periodic Rogue AP Detection.

3Set up e-mail alerts.

4Configure your other access points.

5Test the setup.

4.3.1Set Up and Save a Friendly AP list

Take the following steps to set up and save a list of access points you want to allow in your network’s coverage area.

1On a computer connected to the wired network (F in the previous figure), open your Internet browser and enter the URL of access point A (192.168.1.1). Login to the Web configurator and click ROGUE AP > Friendly AP. The following screen displays.

Figure 28 Tutorial: Friendly AP (Before Data Entry)

2Fill in the MAC Address and Description fields as in the following table. Click Add after you enter the details of each AP to include it in the list.

Table 6 Tutorial: Friendly AP Information

MAC ADDRESS

DESCRIPTION

00:AA:00:AA:00:AA

My Access Point _A_

 

 

AA:00:AA:00:AA:00

My Access Point _B_

 

 

A0:0A:A0:0A:A0:0A

My Access Point _C_

 

 

0A:A0:0A:A0:0A:A0

My Access Point _D_

 

 

AF:AF:AF:FA:FA:FA

Coffee Shop Access Point _1_

 

 

ZyXEL NWA-3160 Series User’s Guide

63

Chapter 4 Tutorial

"You can add APs that are not part of your network to the friendly AP list, as long as you know that they do not pose a threat to your network’s security.

The Friendly AP screen now appears as follows.

Figure 29 Tutorial: Friendly AP (After Data Entry)

3Next, you will save the list of friendly APs in order to provide a backup and upload it to your other access points.

Click the Configuration tab.The following screen appears.

Figure 30 Tutorial: Configuration

4 Click Export. If a window similar to the following appears, click Save.

64

ZyXEL NWA-3160 Series User’s Guide

Chapter 4 Tutorial

Figure 31 Tutorial: Warning

5Save the friendly AP list somewhere it can be accessed by all the other access points on the network. In this example, save it on the network file server (E in Figure 27 on page 62). The default filename is “Flist”.

Figure 32 Tutorial: Save Friendly AP list

4.3.2 Activate Periodic Rogue AP Detection

Take the following steps to activate rogue AP detection on the first of your ZyXEL Devices.

1In the ROGUE AP > Configuration screen, select Yes from the Activate Rogue AP Period Detection field.

Figure 33 Tutorial: Periodic Rogue AP Detection

ZyXEL NWA-3160 Series User’s Guide

65

Chapter 4 Tutorial

2In the Period (min.) field, enter how often you want the ZyXEL Device to scan for rogue APs. You can have the ZyXEL Device scan anywhere from once every ten minutes to once every hour. In this example, enter “10”.

3Click Apply.

4.3.3Set Up E-mail Logs

In this section, you will configure the first of your four APs to send a log message to your e- mail inbox whenever a rogue AP is discovered in your wireless network’s coverage area.

1 Click LOGS > Log Settings. The following screen appears.

Figure 34 Tutorial: Log Settings

66

In this example, your mail server’s IP address is 192.168.1.25. Enter this IP address in the

Mail Server field.

Enter a subject line for the alert e-mails in the Mail Subject field. Choose a subject that is eye-catching and identifies the access point - in this example, “ALERT_Access_Point_A”.

Enter the email address to which you want alerts to be sent (myname@myfirm.com, in this example).

ZyXEL NWA-3160 Series User’s Guide

Chapter 4 Tutorial

In the Send Immediate Alert section, select the events you want to trigger immediate e- mails. Ensure that Rogue AP is selected.

Click Apply.

4.3.4Configure Your Other Access Points

Access point A is now configured to do the following.

Scan for access points in its coverage area every ten minutes.

Recognize friendly access points from a list.

Send immediate alerts to your email account if it detects an access point not on the list.

Now you need to configure the other wireless access points on your network to do the same things.

For each access point, take the following steps.

1From a computer on the wired network, enter the access point’s IP address and login to its Web configurator. See Table 5 on page 62 for the example IP addresses.

2Import the friendly AP list. Click ROGUE AP > Configuration > Browse.... Find the “Flist” file where you previously saved it on the network and click Open.

3Click Import. Check the ROGUE AP > Friendly AP screen to ensure that the friendly AP list has been correctly uploaded.

4Activate periodic rogue AP detection. See Section 4.3.2 on page 65.

5Set up e-mail logs as in Section 4.3.3 on page 66, but change the Mail Subject field so you can tell which AP the alerts come from (“ALERT_Access_Point_B”, etc.)

4.3.5Test the Setup

Next, test your setup to ensure it is correctly configured.

Log into each AP’s Web configurator and click ROGUE AP > Rogue AP. Click Refresh. If any of the MAC addresses from Table 6 on page 63 appear in the list, the friendly AP function may be incorrectly configured - check the ROGUE AP > Friendly AP screen.

If any entries appear in the rogue AP list that are not in Table 6 on page 63, write down the AP’s MAC address for future reference and check your e-mail inbox. If you have received a rogue AP alert, email alerts are correctly configured on that ZyXEL Device.

If you have another access point that is not used in your network, make a note of its MAC address and set it up next to each of your ZyXEL Devices in turn while the network is running.

Either wait for at least ten minutes (to ensure the ZyXEL Device performs a scan in that time) or login to the ZyXEL Device’s Web configurator and click ROGUE AP > Rogue AP > Refresh to have the ZyXEL Device perform a scan immediately.

Check the ROGUE AP > Rogue AP screen. You should see an entry in the list with the same MAC address as your “rogue” AP.

Check the LOGS > View Logs screen. You should see a Rogue AP Detection entry in red text, including the MAC address of your “rogue” AP.

Check your e-mail. You should have received at least one e-mail alert (your other ZyXEL Devices may also have sent alerts, depending on their proximity and the output power of your “rogue” AP).

ZyXEL NWA-3160 Series User’s Guide

67

Chapter 4 Tutorial

4.4 Using Multiple MAC Filters and L-2 Isolation Profiles

This example shows you how to allow certain users to access only specific parts of your network. You can do this by using multiple MAC filters and layer-2 isolation profiles.

4.4.1 Scenario

In this example, you run a company network in which certain employees must wirelessly access secure file servers containing valuable proprietary data.

You have two secure servers (1 and 2 in the following figure). Wireless user “Alice” (A) needs to access server 1 (but should not access server 2) and wireless user “Bob” (B) needs to access server 2 (but should not access server 1). Your ZyXEL Device is marked Z. C is a workstation on your wired network, D is your main network switch, and E is the security gateway you use to connect to the Internet.

Figure 35 Tutorial: Example Network

4.4.2Your Requirements

1You want to set up a wireless network to allow only Alice to access Server 1 and the Internet.

2You want to set up a second wireless network to allow only Bob to access Server 2 and the Internet.

4.4.3Setup

In this example, you have already set up the ZyXEL Device in MBSSID mode (see Chapter 8 on page 115). It uses two SSID profiles simultaneously. You have configured each SSID profile as shown in the following table.

Table 7 Tutorial: SSID Profile Security Settings

SSID Profile Name

SERVER_1

SERVER_2

 

 

 

SSID

SSID_S1

SSID_S2

 

 

 

68

ZyXEL NWA-3160 Series User’s Guide

Chapter 4 Tutorial

Table 7 Tutorial: SSID Profile Security Settings

Security

Security Profile security03:

Security Profile security04:

 

WPA2-PSK

WPA2-PSK

 

Hide SSID

Hide SSID

 

 

 

Intra-BSS traffic

Enabled

Enabled

blocking

 

 

 

 

 

Each SSID profile already uses a different pre-shared key.

In this example, you will configure access limitations for each SSID profile. To do this, you will take the following steps.

1Configure the SERVER_1 network’s SSID profile to use specific MAC filter and layer-2 isolation profiles.

2Configure the SERVER_1 network’s MAC filter profile.

3Configure the SERVER_1 network’s layer-2 isolation profile.

4Repeat steps 1 ~ 3 for the SERVER_2 network.

5Check your settings and test the configuration.

To configure layer-2 isolation, you need to know the MAC addresses of the devices on your network, which are as follows.

Table 8 Tutorial: Example Network MAC Addresses

DEVICE

LABEL

MAC ADDRESS

ZyXEL Device

Z

BB:AA:99:88:77:66

 

 

 

Secure Server 1

1

AA:99:88:77:66:55

 

 

 

Secure Server 2

2

99:88:77:66:55:44

 

 

 

Workstation

C

88:77:66:55:44:33

 

 

 

Switch

D

77:66:55:44:33:22

 

 

 

Security gateway

E

66:55:44:33:22:11

 

 

 

To configure MAC filtering, you need to know the MAC addresses of the devices Alice and Bob use to connect to the network, which are as follows.

Table 9 Tutorial: Example User MAC Addresses

USER

MAC ADDRESS

Alice

11:22:33:44:55:66

 

 

Bob

22:33:44:55:66:77

 

 

4.4.4 Configure the SERVER_1 Network

First, you will set up the SERVER_1 network which allows Alice to access secure server 1 via the network switch.

You will configure the MAC filter to restrict access to Alice alone, and then configure layer-2 isolation to allow her to access only the network router, the file server and the Internet security gateway.

Take the following steps to configure the SERVER_1 network.

1Log into the ZyXEL Device’s Web Configurator and click WIRELESS > SSID. The following screen displays, showing the SSID profiles you already configured.

ZyXEL NWA-3160 Series User’s Guide

69

Chapter 4 Tutorial

Figure 36 Tutorial: SSID Profile

70

2 Select SERVER_1’s entry and click Edit. The following screen displays.

Figure 37 Tutorial: SSID Edit

Select l2Isolation03 in the L2 Isolation field, and select macfilter03 in the MAC Filtering field. Click Apply.

3Click the Layer-2 Isolation tab. When the Layer-2 Isolation screen appears, select L2Isolation03’s entry and click Edit. The following screen displays.

ZyXEL NWA-3160 Series User’s Guide

Chapter 4 Tutorial

Figure 38 Tutorial: Layer-2 Isolation Edit

Enter the network router’s MAC Address and add a Description (“NET_ROUTER” in this case) in Set 1’s entry.

Enter server 1’s MAC Address and add a Description (“SERVER_1” in this case) in Set 2’s entry.

Change the Profile Name to “L-2-ISO_SERVER_1” and click Apply. You have restricted users on the SERVER_1 network to access only the devices with the MAC addresses you entered.

4Click the MAC Filter tab. When the MAC Filter screen appears, select macfilter03’s entry and click Edit.

Enter the MAC address of the device Alice uses to connect to the network in Set 1’s MAC Address field and enter her name in the Description field, as shown in the following figure. Change the Profile Name to “MacFilter_SERVER_1”. Select Allow Association from the Filter Action field and click Apply.

Figure 39 Tutorial: MAC Filter Edit (SERVER_1)

You have restricted access to the SERVER_1 network to only the networking device whose MAC address you entered. The SERVER_1 network is now configured.

ZyXEL NWA-3160 Series User’s Guide

71

Chapter 4 Tutorial

4.4.5 Configure the SERVER_2 Network

Next, you will configure the SERVER_2 network that allows Bob to access secure server 2 and the Internet.

To do this, repeat the procedure in Section 4.4.4 on page 69, substituting the following information.

Table 10 Tutorial: SERVER_2 Network Information

SSID Screen

Index

4

 

 

Profile Name

SERVER_2

 

 

SSID Edit (SERVER_2) Screen

 

 

 

L2 Isolation

L2Isolation04

 

 

MAC Filtering

macfilter04

 

 

Layer-2 Isolation (L2Isolation04) Screen

 

 

 

Profile Name

L-2-ISO_SERVER-2

 

 

Set 1

MAC Address: 77:66:55:44:33:22

 

Description: NET_ROUTER

 

 

Set 2

MAC Address: 99:88:77:66:55:44

 

Description: SERVER_2

 

 

Set 3

MAC Address: 66:55:44:33:22:11

 

Description: GATEWAY

 

 

MAC Filter (macfilter04) Edit Screen

 

 

 

Profile Name

MacFilter_SERVER_2

 

 

Set 1

MAC Address: 22:33:44:55:66:77

 

Description: Bob

 

 

4.4.6 Checking your Settings and Testing the Configuration

Use the following sections to ensure that your wireless networks are set up correctly.

4.4.6.1 Checking Settings

Take the following steps to check that the ZyXEL Device is using the correct SSIDs, MAC filters and layer-2 isolation profiles.

1Click WIRELESS > Wireless. Check that the Operating Mode is MBSSID and that the correct SSID profiles are selected and activated, as shown in the following figure.

72

ZyXEL NWA-3160 Series User’s Guide

Chapter 4 Tutorial

Figure 40 Tutorial: SSID Profiles Activated

2Next, click the SSID tab. Check that each configured SSID profile uses the correct Security, Layer-2 Isolation and MAC Filter profiles, as shown in the following figure.

Figure 41 Tutorial: SSID Tab Correct Settings

If the settings are not as shown, follow the steps in the relevant section of this tutorial again.

4.4.6.2 Testing the Configuration

Before you allow employees to use the network, you need to thoroughly test whether the setup behaves as it should. Take the following steps to do this.

1Test the SERVER_1 network.

Using Alice’s computer and wireless client, and the correct security settings, do the following.

Attempt to access Server 1. You should be able to do so. Attempt to access the Internet. You should be able to do so.

Attempt to access Server 2. You should be unable to do so. If you can do so, layer-2 isolation is misconfigured.

Using Alice’s computer and wireless client, and incorrect security settings, attempt to associate with the SERVER_1 network. You should be unable to do so. If you can do so, security is misconfigured.

ZyXEL NWA-3160 Series User’s Guide

73

Chapter 4 Tutorial

Using another computer and wireless client, but with the correct security settings, attempt to associate with the SERVER_1 network. You should be unable to do so. If you can do so, MAC filtering is misconfigured.

2Test the SERVER_2 network.

Using Bob’s computer and wireless client, and the correct security settings, do the following.

Attempt to access Server 2. You should be able to do so. Attempt to access the Internet. You should be able to do so.

Attempt to access Server 1. You should be unable to do so. If you can do so, layer-2 isolation is misconfigured.

Using Bob’s computer and wireless client, and incorrect security settings, attempt to associate with the SERVER_2 network. You should be unable to do so. If you can do so, security is misconfigured.

Using another computer and wireless client, but with the correct security settings, attempt to associate with the SERVER_2 network. You should be unable to do so. If you can do so, MAC filtering is misconfigured.

If you cannot do something that you should be able to do, check the settings as described in Section 4.4.6.1 on page 73, and in the individual Security, layer-2 isolation and MAC filter profiles for the relevant network. If this does not help, see the Troubleshooting chapter in this User’s Guide.

74

ZyXEL NWA-3160 Series User’s Guide

PART II

The Web

Configurator

System Screens (77)

Wireless Configuration (83)

Wireless Security Configuration (99)

MBSSID and SSID (115)

Other Wireless Configuration (123)

IP Screen (133)

Rogue AP (135)

Remote Management Screens (141)

Internal RADIUS Server (151)

Certificates (157)

Log Screens (175)

VLAN (181)

Maintenance (199)

75

76

5

System Screens

5.1 System Overview

This section provides information on general system setup.

5.2 Configuring General Setup

Click SYSTEM > General.

Figure 42 System > General

The following table describes the labels in this screen.

Table 11 System > General

LABEL

DESCRIPTION

General Setup

 

 

 

System Name

Type a descriptive name to identify the ZyXEL Device in the Ethernet network.

 

This name can be up to 30 alphanumeric characters long. Spaces are not

 

allowed, but dashes "-" and underscores "_" are accepted.

 

 

Domain Name

This is not a required field. Leave this field blank or enter the domain name

 

here if you know it.

 

 

Administrator

Type how many minutes a management session (either via the web

Inactivity Timer

configurator or SMT) can be left idle before the session times out.

 

The default is 5 minutes. After it times out you have to log in with your

 

password again. Very long idle timeouts may have security risks.

 

A value of "0" means a management session never times out, no matter how

 

long it has been left idle (not recommended).

 

 

System DNS Servers

 

 

 

ZyXEL NWA-3160 Series User’s Guide

77

Chapter 5 System Screens

Table 11 System > General

LABEL

DESCRIPTION

First DNS Server

Select From DHCP if your DHCP server dynamically assigns DNS server

Second DNS Server

information (and the ZyXEL Device's Ethernet IP address). The field to the

Third DNS Server

right displays the (read-only) DNS server IP address that the DHCP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the

 

 

DNS server's IP address in the field to the right. If you chose User-Defined,

 

but leave the IP address set to 0.0.0.0, User-Defined changes to None after

 

you click Apply. If you set a second choice to User-Defined, and enter the

 

same IP address, the second User-Defined changes to None after you click

 

Apply.

 

Select None if you do not want to configure DNS servers. If you do not

 

configure a DNS server, you must know the IP address of a machine in order

 

to access it.

 

The default setting is None.

 

 

Apply

Click Apply to save your changes.

 

 

Reset

Click Reset to reload the previous configuration for this screen.

 

 

5.3 Administrator Authentication on RADIUS

The administrator authentication on RADIUS feature lets a (external or internal) RADIUS server authenticate management logins to the ZyXEL Device. This is useful if you need to regularly change a password that you use to manage several ZyXEL Devices.

Activate administrator authentication on RADIUS in the SYSTEM > Password screen and configure the same user name, password and RADIUS server information on each ZyXEL Device. Then, whenever you want to change the password, just change it on the RADIUS server.

5.3.1 Configuring Password

It is strongly recommended that you change your ZyXEL Device’s password. Click SYSTEM > Password. The screen appears as shown.

If you forget your ZyXEL Device’s password (or IP address), you will need to reset the device. See the section on resetting the ZyXEL Device for details

"Regardless of how you configure this screen, you still use the local system password to log in via the console port (not available on all models).

78

ZyXEL NWA-3160 Series User’s Guide

Chapter 5 System Screens

Figure 43 SYSTEM > Password.

The following table describes the labels in this screen.

Table 12 Password

LABEL

DESCRIPTIONS

Enable Admin at Local

Select this check box to have the device authenticate management logins to

 

the device.

 

 

Use old setting

Select this to have the ZyXEL Device use the local management password

 

already configured on the device (“1234” is the default).

 

 

Use new setting

Select this if you want to change the local management password.

 

 

Old Password

Type in your existing system password (“1234” is the default password).

 

 

New Password

Type your new system password (up to 31 characters). Note that as you type

 

a password, the screen displays an asterisk (*) for each character you type.

 

 

Retype to Confirm

Retype your new system password for confirmation.

 

 

Enable Admin on

Select this (and configure the other fields in this section) to have a RADIUS

RADIUS

server authenticate management logins to the ZyXEL Device.

 

 

Use old setting

Select this to have a RADIUS server authenticate management logins to the

 

ZyXEL Device using the RADIUS username and password already configured

 

on the device.

 

 

Use new setting

Select this if you want to change the RADIUS username and password the

 

ZyXEL Device uses to authenticate management logon.

 

 

User Name

Enter the username for this user account. This name can be up to 31 ASCII

 

characters long, including spaces.

 

 

Password

Type a password (up to 31 ASCII characters) for this user profile. Note that as

 

you type a password, the screen displays a (*) for each character you type.

 

Spaces are allowed.

 

Note: If you are using PEAP authentication, this password

 

field is limited to 14 ASCII characters in length.

ZyXEL NWA-3160 Series User’s Guide

79

Chapter 5 System Screens

Table 12 Password

LABEL

DESCRIPTIONS

RADIUS

Select the RADIUS server profile of the RADIUS server that is to authenticate

 

management logins to the ZyXEL Device.

 

The ZyXEL Device tests the user name and password against the RADIUS

 

server when you apply your settings.

 

• The user name and password must already be configured in the RADIUS

 

server.

 

• You must already have a RADIUS profile configured for the RADIUS

 

server (see Section 7.11 on page 112).

 

• The server must be set to Active in the profile.

 

 

Apply

Click Apply to save your changes.

 

 

Reset

Click Reset to reload the previous configuration for this screen.

 

 

5.4 Configuring Time Setting

To change your ZyXEL Device’s time and date, click SYSTEM > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone.

Figure 44 SYSTEM > Time Setting

80

ZyXEL NWA-3160 Series User’s Guide

Chapter 5 System Screens

The following table describes the labels in this screen.

Table 13 SYSTEM > Time Setting

LABEL

DESCRIPTION

Current Time

This field displays the time of your ZyXEL Device.

 

Each time you reload this page, the ZyXEL Device synchronizes the time with

 

the time server (if configured).

 

 

Current Date

This field displays the last updated date from the time server.

 

 

Manual

Select this radio button to enter the time and date manually. If you configure a

 

new time and date, time zone and daylight saving at the same time, the time

 

zone and daylight saving will affect the new time and date you entered.

 

 

New Time (hh:mm:ss)

This field displays the last updated time from the time server or the last time

 

configured manually.

 

When you set Time and Date Setup to Manual, enter the new time in this

 

field and then click Apply.

 

 

New Date (yyyy:mm:dd)

This field displays the last updated date from the time server or the last date

 

configured manually.

 

When you set Time and Date Setup to Manual, enter the new date in this

 

field and then click Apply.

 

 

Get from Time Server

Select this radio button to have the ZyXEL Device get the time and date from

 

the time server you specify below.

 

 

Auto

Select this to have the ZyXEL Device use the predefined list of time servers.

 

 

User Defined Time

Enter the IP address or URL of your time server. Check with your ISP/network

Server Address

administrator if you are unsure of this information.

 

 

Time Zone

Choose the time zone of your location. This will set the time difference

 

between your time zone and Greenwich Mean Time (GMT).

 

 

Daylight Savings

Select this option if you use daylight savings time. Daylight saving is a period

 

from late spring to early fall when many countries set their clocks ahead of

 

normal local time by one hour to give more daytime light in the evening.

 

 

Start Date

Configure the day and time when Daylight Saving Time starts if you selected

 

Yes in the Daylight Saving field. The hr field uses the 24 hour format. Here

 

are a couple of examples:

 

Daylight Saving Time starts in most parts of the United States on the second

 

Sunday of March. Each time zone in the United States starts using Daylight

 

Saving Time at 2 A.M. local time. So in the United States you would select

 

Second, Sunday, March and 2:00.

 

Daylight Saving Time starts in the European Union on the last Sunday of

 

March. All of the time zones in the European Union start using Daylight Saving

 

Time at the same moment (1 A.M. GMT or UTC). So in the European Union

 

you would select Mar., Last, Sun. The time you type in the hr field depends

 

on your time zone. In Germany for instance, you would type 02 because

 

Germany's time zone is one hour ahead of GMT or UTC (GMT+1).

 

 

End Date

Configure the day and time when Daylight Saving Time ends if you selected

 

Yes in the Daylight Saving field. The hr field uses the 24 hour format. Here

 

are a couple of examples:

 

Daylight Saving Time ends in the United States on the first Sunday of

 

November. Each time zone in the United States stops using Daylight Saving

 

Time at 2 A.M. local time. So in the United States you would select First,

 

Sunday, November and 2:00.

 

Daylight Saving Time ends in the European Union on the last Sunday of

 

October. All of the time zones in the European Union stop using Daylight

 

Saving Time at the same moment (1 A.M. GMT or UTC). So in the European

 

Union you would select Oct., Last, Sun. The time you type in the hr field

 

depends on your time zone. In Germany for instance, you would type 02

 

because Germany's time zone is one hour ahead of GMT or UTC (GMT+1).

 

 

ZyXEL NWA-3160 Series User’s Guide

81

Chapter 5 System Screens

Table 13 SYSTEM > Time Setting

LABEL

DESCRIPTION

Apply

Click Apply to save your changes.

 

 

Reset

Click Reset to reload the previous configuration for this screen.

 

 

5.5 Pre-defined NTP Time Servers List

When you turn on the ZyXEL Device for the first time, the date and time start at 2000-01-01 00:00:00. When you select Auto in the SYSTEM > Time Setting screen, the ZyXEL Device then attempts to synchronize with one of the following pre-defined list of NTP time servers.

The ZyXEL Device continues to use the following pre-defined list of NTP time servers if you do not specify a time server or it cannot synchronize with the time server you specified.

Table 14 Default Time Servers

ntp1.cs.wisc.edu

ntp1.gbg.netnod.se

ntp2.cs.wisc.edu

tock.usno.navy.mil

ntp3.cs.wisc.edu

ntp.cs.strath.ac.uk

ntp1.sp.se

time1.stupi.se

tick.stdtime.gov.tw

tock.stdtime.gov.tw

time.stdtime.gov.tw

When the ZyXEL Device uses the pre-defined list of NTP time servers, it randomly selects one server and tries to synchronize with it. If the synchronization fails, then the ZyXEL Device goes through the rest of the list in order from the first one tried until either it is successful or all the pre-defined NTP time servers have been tried.

82

ZyXEL NWA-3160 Series User’s Guide

6

Wireless Configuration

This chapter discusses how to configure the Wireless screens on the ZyXEL Device.

6.1 Wireless LAN Overview

This section introduces the wireless LAN (WLAN) and some basic scenarios.

6.1.1 BSS

A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP).

Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS traffic blocking is disabled, wireless station A and B can access the wired network and communicate with each other. When Intra-BSS traffic blocking is enabled, wireless station A and B can still access the wired network but cannot communicate with each other.

Figure 45 Basic Service set

ZyXEL NWA-3160 Series User’s Guide

83

Chapter 6 Wireless Configuration

6.1.2 ESS

An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate.

Figure 46 Extended Service Set

6.2 Wireless LAN Basics

See the Wireless LANs Appendix for information on the following:

Wireless LAN Topologies

Channel

RTS/CTS

Fragmentation Threshold

IEEE 802.1x

RADIUS

Types of Authentication

WPA

Security Parameters Summary

84

ZyXEL NWA-3160 Series User’s Guide

Chapter 6 Wireless Configuration

6.3 Quality of Service

This section discusses the Quality of Service (QoS) features available on the ZyXEL Device.

6.3.1 WMM QoS

WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless networks. It controls WLAN transmission priority on packets to be transmitted over the wireless network.

WMM QoS prioritizes wireless traffic according to the delivery requirements of the individual and applications. WMM QoS is a part of the IEEE 802.11e QoS enhancement to certified WiFi wireless networks.

On APs without WMM QoS, all traffic streams are given the same access priority to the wireless network. If the introduction of another traffic stream creates a data transmission demand that exceeds the current network capacity, then the new traffic stream reduces the throughput of the other traffic streams.

The ZyXEL Device uses WMM QoS to prioritize traffic streams according to the IEEE 802.1q or DSCP information in each packet’s header. The ZyXEL Device automatically determines the priority to use for an individual traffic stream. This prevents reductions in data transmission for applications that are sensitive to latency and jitter (variations in delay).

6.3.1.1 WMM QoS Priorities

The following table describes the WMM QoS priority levels that the ZyXEL Device uses.

Table 15 WMM QoS Priorities

PRIORITY LEVEL

DESCRIPTION

voice

Typically used for traffic that is especially sensitive to jitter. Use this priority

(WMM_VOICE)

to reduce latency for improved voice quality.

 

 

video

Typically used for traffic which has some tolerance for jitter but needs to be

(WMM_VIDEO)

prioritized over other data traffic.

 

 

best effort

Typically used for traffic from applications or devices that lack QoS

(WMM_BEST_EFFORT)

capabilities. Use best effort priority for traffic that is less sensitive to latency,

 

but is affected by long delays, such as Internet surfing.

background

This is typically used for non-critical traffic such as bulk transfers and print

(WMM_BACKGROUND)

jobs that are allowed but that should not affect other applications and users.

 

Use background priority for applications that do not have strict latency and

 

throughput requirements.

 

 

6.3.2 ATC

Automatic Traffic Classifier (ATC) is a bandwidth management tool that prioritizes data packets sent across the network. ATC assigns each packet a priority and then queues the packet accordingly. Packets assigned a high priority are processed more quickly than those with low priority if there is congestion, allowing time-sensitive applications to flow more smoothly. Time-sensitive applications include both those that require a low level of latency and a low level of jitter such as Voice over IP or Internet gaming, and those for which jitter alone is a problem such as Internet radio or streaming video.

ZyXEL NWA-3160 Series User’s Guide

85

Chapter 6 Wireless Configuration

ATC assigns priority based on packet size, since time-sensitive applications such as Internet telephony (Voice over IP or VoIP) tend to have smaller packet sizes than non-time sensitive applications such as FTP (File Transfer Protocol). The following table shows some common applications, their time sensitivity, and their typical data packet sizes. Note that the figures given are merely examples - sizes may differ according to application and circumstances.

Table 16 Typical Packet Sizes

APPLICATION

TIME

TYPICAL PACKET SIZE

SENSITIVITY

(BYTES)

 

Voice over IP (SIP)

High

< 250

 

 

 

Online Gaming

High

60 ~ 90

 

 

 

Web browsing (http)

Medium

300 ~ 600

 

 

 

FTP

Low

1500

 

 

 

When ATC is activated, the device sends traffic with smaller packets before traffic with larger packets if the network is congested.

ATC assigns priority to packets as shown in the following table.

Table 17 Automatic Traffic Classifier Priorities

PACKET SIZE (BYTES)

ATC PRIORITY

1 ~ 250

ATC_High

 

 

250 ~ 1100

ATC_Medium

 

 

1100 +

ATC_Low

 

 

You should activate ATC on the ZyXEL Device if your wireless network includes networking devices that do not support WMM QoS, or if you want to prioritize traffic but do not want to configure WMM QoS settings.

6.3.3 ATC+WMM

The ZyXEL Device can use a mapping mechanism to use both ATC and WMM QoS. The ATC+WMM function prioritizes all packets transmitted onto the wireless network using WMM QoS, and prioritizes all packets transmitted onto the wired network using ATC. See Section 8.2.2 on page 119 for details of how to configure ATC+WMM.

Use the ATC+WMM function if you want to do the following:

enable WMM QoS on your wireless network and automatically assign a WMM priority to packets that do not already have one (see Section 6.3.3.1 on page 86).

automatically prioritize all packets going from your wireless network to the wired network (see Section 6.3.3.2 on page 87).

6.3.3.1ATC+WMM from LAN to WLAN

ATC+WMM from LAN (the wired Local Area Network) to WLAN (the Wireless Local Area Network) allows WMM prioritization of packets that do not already have WMM QoS priorities assigned. The ZyXEL Device automatically classifies data packets using ATC and then assigns WMM priorities based on that ATC classification.

86

ZyXEL NWA-3160 Series User’s Guide

Chapter 6 Wireless Configuration

The following table shows how priorities are assigned for packets coming from the LAN to the WLAN.

Table 18 ATC + WMM Priority Assignment (LAN to WLAN)

PACKET SIZE (BYTES)

 

 

 

ATC VALUE

 

 

 

WMM VALUE

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1 ~ 250

 

 

 

ATC_High

 

 

 

WMM_VIDEO

 

 

 

 

 

 

 

 

 

250 ~ 1100

 

 

 

ATC_Medium

 

 

 

WMM_BEST_EFFORT

 

 

 

 

 

 

 

 

 

1100 +

 

 

 

ATC_Low

 

 

 

WMM_BACKGROUND

 

 

 

 

 

 

 

 

 

6.3.3.2 ATC+WMM from WLAN to LAN

ATC+WMM from WLAN to LAN automatically prioritizes (assigns an ATC value to) all packets coming from the WLAN. Packets are assigned an ATC value based on their WMM value, not their size.

The following table shows how priorities are assigned for packets coming from the WLAN to the LAN when using ATC+WMM.

Table 19 ATC + WMM Priority Assignment (WLAN to LAN)

WMM VALUE

 

 

 

 

ATC VALUE

 

 

 

 

 

 

WMM_VOICE

 

 

 

 

ATC_High

 

 

 

 

 

 

WMM_VIDEO

 

 

 

 

ATC_High

 

 

 

 

 

 

WMM_BEST_EFFORT

 

 

 

 

ATC_Medium

 

 

 

 

 

 

WMM_BACKGROUND

 

 

 

 

ATC_Low

 

 

 

 

 

 

NONE

 

 

 

 

ATC_Medium

 

 

 

 

 

 

6.3.4 Type Of Service (ToS)

Network traffic can be classified by setting the ToS (Type Of Service) values at the data source (for example, at the ZyXEL Device) so a server can decide the best method of delivery, that is the least cost, fastest route and so on.

6.3.4.1 DiffServ

DiffServ is a class of service (CoS) model that marks packets so that they receive specific perhop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of service desired. This allows the intermediary DiffServ-compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow. In addition, applications do not have to request a particular service or give advanced notice of where the traffic is going.

6.3.4.2 DSCP and Per-Hop Behavior

DiffServ defines a new DS (Differentiated Services) field to replace the Type of Service (TOS) field in the IP header. The DS field contains a 2-bit unused field and a 6-bit DSCP field which can define up to 64 service levels. The following figure illustrates the DS field.

Figure 47 DiffServ: Differentiated Service Field

DSCP

Unused

(6-bit)

(2-bit)

ZyXEL NWA-3160 Series User’s Guide

87

Chapter 6 Wireless Configuration

DSCP is backward compatible with the three precedence bits in the ToS octet so that nonDiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping.

The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different priorities of forwarding. Resources can then be allocated according to the DSCP values and the configured policies.

6.3.5 ToS (Type of Service) and WMM QoS

The DSCP value of outgoing packets is between 0 and 255. 0 is the default priority. WMM QoS checks the DSCP value in the header of data packets. It gives the traffic a priority according to this number.

In order to control which priority level is given to traffic, the device sending the traffic must set the DSCP value in the header. If the DSCP value is not specified, then the traffic is treated as best-effort. This means the wireless clients and the devices with which they are communicating must both set the DSCP value in order to make the best use of WMM QoS. A Voice over IP (VoIP) device for example may allow you to define the DSCP value.

The following table lists which WMM QoS priority level the ZyXEL Device uses for specific DSCP values.

Table 20 ToS and IEEE 802.1d to WMM QoS Priority Level Mapping

DSCP VALUE

WMM QOS PRIORITY LEVEL

224, 192

voice

 

 

160, 128

video

 

 

 

96,

0 A

besteffort

64,

32

background

 

 

 

A.The ZyXEL Device also uses best effort for any DSCP value for which another WMM QoS priority is not specified (255, 158 or 37 for example).

6.4Spanning Tree Protocol (STP)

STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a bridge to interact with other STP-compliant bridges in your network to ensure that only one route exists between any two stations on the network.

6.4.1 Rapid STP

The ZyXEL Device uses IEEE 802.1w RSTP (Rapid Spanning Tree Protocol) that allow faster convergence of the spanning tree (while also being backwards compatible with STP-only aware bridges). Using RSTP topology change information does not have to propagate to the root bridge and unwanted learned addresses are flushed from the filtering database. In RSTP, the port states are Discarding, Learning, and Forwarding.

88

ZyXEL NWA-3160 Series User’s Guide

Chapter 6 Wireless Configuration

6.4.2 STP Terminology

The root bridge is the base of the spanning tree; it is the bridge with the lowest identifier value (MAC address).

Path cost is the cost of transmitting a frame onto a LAN through that port. It is assigned according to the speed of the link to which a port is attached. The slower the media, the higher the cost - see the following table.

Table 21 STP Path Costs

 

LINK SPEED

RECOMMENDED

RECOMMENDED

ALLOWED

 

VALUE

RANGE

RANGE

 

 

Path Cost

4Mbps

250

100 to 1000

1 to 65535

 

 

 

 

 

Path Cost

10Mbps

100

50 to 600

1 to 65535

 

 

 

 

 

Path Cost

16Mbps

62

40 to 400

1 to 65535

 

 

 

 

 

Path Cost

100Mbps

19

10 to 60

1 to 65535

 

 

 

 

 

Path Cost

1Gbps

4

3 to 10

1 to 65535

 

 

 

 

 

Path Cost

10Gbps

2

1 to 5

1 to 65535

 

 

 

 

 

On each bridge, the root port is the port through which this bridge communicates with the root. It is the port on this switch with the lowest path cost to the root (the root path cost). If there is no root port, then this bridge has been accepted as the root bridge of the spanning tree network.

For each LAN segment, a designated bridge is selected. This bridge has the lowest cost to the root among the bridges connected to the LAN.

6.4.3 How STP Works

After a bridge determines the lowest cost-spanning tree with STP, it enables the root port and the ports that are the designated ports for connected LANs, and disables all other ports that participate in STP. Network packets are therefore only forwarded between enabled ports, eliminating any possible network loops.

STP-aware bridges exchange Bridge Protocol Data Units (BPDUs) periodically. When the bridged LAN topology changes, a new spanning tree is constructed.

Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the root bridge. If a bridge does not get a Hello BPDU after a predefined interval (Max Age), the bridge assumes that the link to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology.

ZyXEL NWA-3160 Series User’s Guide

89

Chapter 6 Wireless Configuration

6.4.4 STP Port States

STP assigns five port states (see next table) to eliminate packet looping. A bridge port is not allowed to go directly from blocking state to forwarding state so as to eliminate transient loops.

Table 22 STP Port States

PORT STATES

DESCRIPTIONS

Disabled

STP is disabled (default).

 

 

Blocking

Only configuration and management BPDUs are received and processed.

 

 

Listening

All BPDUs are received and processed.

 

 

Learning

All BPDUs are received and processed. Information frames are submitted to the

 

learning process but not forwarded.

 

 

Forwarding

All BPDUs are received and processed. All information frames are received and

 

forwarded.

 

 

6.5 DFS

When you choose 802.11a in Access Point mode (NWA-3160 only), the ZyXEL Device uses DFS (Dynamic Frequency Selection) to give you a wider choice of wireless channels.

DFS allows you to use channels in the frequency range normally reserved for radar systems. Radar uses radio signals to detect the location of objects for military, meteorological or air traffic control purposes. As long as your ZyXEL Device detects no radar activity on the channel you select, you can use the channel to communicate. However, a wireless LAN operating on the same frequency as an active radar system could disrupt the radar system. Therefore, if the ZyXEL Device detects radar activity on the channel you select, it automatically instructs the wireless clients to move to another channel, then resumes communications on the new channel.

6.6 Wireless Screen Overview

The following is a list of the wireless screens you can configure on the ZyXEL Device.

1Configure the ZyXEL Device to operate in AP, Bridge/Repeater, AP+Bridge or MBSSID mode in the Wireless screen. You can also select an SSID Profile in the

Wireless screen.

2Use the SSID screens to view and edit SSID profiles.

3Use the Security screen to configure wireless profiles.

4Use the RADIUS screen to configure RADIUS authentication and accounting settings.

5Use the Layer-2 Isolation screen to prevent wireless clients associated with your ZyXEL Device from communicating with other wireless clients, APs, computers or routers in a network.

6Use the MAC Filter screen to allow or restrict access to your wireless network based on a client’s MAC address.

90

ZyXEL NWA-3160 Series User’s Guide

Chapter 6 Wireless Configuration

6.7 Configuring Wireless Settings

Click WIRELESS > Wireless. The screen varies depending upon the operating mode you select.

6.7.1 Access Point Mode

Select Access Point as the Operating Mode to display the screen as shown next.

Figure 48 Wireless: Access Point

The following table describes the general wireless LAN labels in this screen.

Table 23 Wireless: Access Point

LABEL

DESCRIPTION

Operating Mode

Select Access Point from the drop-down list.

 

 

802.11 Mode

Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to

 

associate with the ZyXEL Device.

 

Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to

 

associate with the ZyXEL Device.

 

Select 802.11b+g to allow both IEEE802.11b and IEEE802.11g compliant WLAN

 

devices to associate with the ZyXEL Device. The transmission rate of your ZyXEL

 

Device might be reduced.

 

Select 802.11a (NWA-3160 only) to allow only IEEE 802.11a compliant WLAN

 

devices to associate with the ZyXEL Device.

 

 

Super Mode

Select this to improve data throughput on the WLAN by enabling fast frame and

 

packet bursting.

 

 

Choose

Set the operating frequency/channel depending on your particular region.

Channel ID

To manually set the ZyXEL Device to use a channel, select a channel from the drop-

 

down list box. Click MAINTENANCE and then the Channel Usage tab to open the

 

Channel Usage screen to make sure the channel is not already used by another

 

AP or independent peer-to-peer wireless network.

 

To have the ZyXEL Device automatically select a channel, click Scan instead.

 

 

Scan

Click this button to have the ZyXEL Device automatically scan for and select the

 

channel with the least interference.

 

 

ZyXEL NWA-3160 Series User’s Guide

91

Chapter 6 Wireless Configuration

Table 23 Wireless: Access Point

LABEL

DESCRIPTION

RTS/CTS

(Request To Send) The threshold (number of bytes) for enabling RTS/CTS

Threshold

handshake. Data with its frame size larger than this value will perform the RTS/CTS

 

handshake. Setting this attribute to be larger than the maximum MSDU (MAC

 

service data unit) size turns off the RTS/CTS handshake. Setting this attribute to its

 

smallest value (256) turns on the RTS/CTS handshake. Enter a value between 256

 

and 2346.

 

 

Fragmentation

The threshold (number of bytes) for the fragmentation boundary for directed

Threshold

messages. It is the maximum data fragment size that can be sent. Enter an even

 

number between 256 and 2346.

 

 

Output Power

Set the output power of the ZyXEL Device in this field. If there is a high density of

 

APs in an area, decrease the output power of the ZyXEL Device to reduce

 

interference with other APs. Select one of the following 100%(Full Power), 50%,

 

25%, 12.5% or Minimum. See the product specifications for more information on

 

your ZyXEL Device’s output power.

 

 

SSID Profile

The SSID (Service Set IDentifier) identifies the Service Set with which a wireless

 

station is associated. Wireless stations associating to the access point (AP) must

 

have the same SSID. Select an SSID Profile from the drop-down list box.

 

Configure SSID profiles in the SSID screen (see Section 8.2 on page 118 for

 

information on configuring SSID).

 

Note: If you are configuring the ZyXEL Device from a computer

 

connected to the wireless LAN and you change the

 

ZyXEL Device’s SSID or security settings, you will lose

 

your wireless connection when you press Apply to

 

confirm. You must then change the wireless settings of

 

your computer to match the ZyXEL Device’s new

 

settings.

Enable

(R)STP detects and breaks network loops and provides backup links between

Spanning Tree

switches, bridges or routers. It allows a bridge to interact with other (R)STP -

Control (STP)

compliant bridges in your network to ensure that only one path exists between any

 

two stations on the network. Select this to activate STP on the ZyXEL Device.

 

 

Enable

Roaming allows wireless stations to switch from one access point to another as

Roaming

they move from one coverage area to another. Select this to enable roaming on the

 

ZyXEL Device if you have two or more ZyXEL Devices on the same subnet.

 

Note: All APs on the same subnet and the wireless stations

 

must have the same SSID to allow roaming.

Apply

Click Apply to save your changes.

 

 

Reset

Click Reset to begin configuring this screen afresh.

 

 

6.7.2 Bridge/Repeater Mode

The ZyXEL Device can act as a wireless network bridge and establish wireless links with other APs. You need to know the MAC address of the peer device, which also must be in bridge mode.

The ZyXEL Device can establish up to five wireless links with other APs.

In the example below, when both ZyXEL Devices are in Bridge/Repeater mode, they form a WDS (Wireless Distribution System) allowing the computers in LAN 1 to connect to the computers in LAN 2.

92

ZyXEL NWA-3160 Series User’s Guide

Chapter 6 Wireless Configuration

Figure 49 Bridging Example

Be careful to avoid bridge loops when you enable bridging in the ZyXEL Device. Bridge loops cause broadcast traffic to circle the network endlessly, resulting in possible throughput degradation and disruption of communications. The following examples show two network topologies that can lead to this problem:

• If two or more ZyXEL Devices (in bridge mode) are connected to the same hub.

Figure 50 Bridge Loop: Two Bridges Connected to Hub

If your ZyXEL Device (in bridge mode) is connected to a wired LAN while communicating with another wireless bridge that is also connected to the same wired LAN.

ZyXEL NWA-3160 Series User’s Guide

93

Chapter 6 Wireless Configuration

Figure 51 Bridge Loop: Bridge Connected to Wired LAN

To prevent bridge loops, ensure that you enable STP in the Wireless screen or your ZyXEL Device is not set to bridge mode while connected to both wired and wireless segments of the same LAN.

To have the ZyXEL Device act as a wireless bridge only, click WIRELESS > Wireless and select Bridge/Repeater as the Operating Mode.

Figure 52 Wireless: Bridge/Repeater

94

ZyXEL NWA-3160 Series User’s Guide

Chapter 6 Wireless Configuration

The following table describes the bridge labels in this screen.

Table 24 Wireless: Bridge/Repeater

LABEL

DESCRIPTIONS

Operating Mode

Select Bridge/Repeater in this field.

 

 

802.11 mode

Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to

 

associate with the ZyXEL Device.

 

Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to

 

associate with the ZyXEL Device.

 

Select 802.11b+g to allow both IEEE802.11b and IEEE802.11g compliant

 

WLAN devices to associate with the ZyXEL Device. The transmission rate of

 

your ZyXEL Device might be reduced.

 

Select 802.11a (NWA-3160 only) to allow only IEEE 802.11a compliant WLAN

 

devices to associate with the ZyXEL Device.

 

 

Choose Channel ID

Set the operating frequency/channel depending on your particular region.

 

To manually set the ZyXEL Device to use a channel, select a channel from the

 

drop-down list box. Click MAINTENANCE and then the Channel Usage tab to

 

open the Channel Usage screen to make sure the channel is not already used

 

by another AP or independent peer-to-peer wireless network.

 

To have the ZyXEL Device automatically select a channel, click Scan instead.

 

 

RTS/CTS Threshold

(Request To Send) The threshold (number of bytes) for enabling RTS/CTS

 

handshake. Data with its frame size larger than this value will perform the RTS/

 

CTS handshake. Setting this attribute to be larger than the maximum MSDU

 

(MAC service data unit) size turns off the RTS/CTS handshake. Setting this

 

attribute to zero turns on the RTS/CTS handshake. Enter a value between 256

 

and 2346.

 

 

Fragmentation

The threshold (number of bytes) for the fragmentation boundary for directed

Threshold

messages. It is the maximum data fragment size that can be sent. Enter an

 

even number between 256 and 2346.

 

 

Output Power

Set the output power of the ZyXEL Device in this field. If there is a high density

 

of APs in an area, decrease the output power of the ZyXEL Device to reduce

 

interference with other APs. Select from 100% (Full Power), 50%, 25%, 12.5%

 

and Minimum. See the product specifications for more information on your

 

ZyXEL Device’s output power.

 

 

Enable WDS Security

Select this to turn on security for the ZyXEL Device’s Wireless Distribution

 

System (WDS). A Wireless Distribution System is a wireless connection

 

between two or more APs. If you do not select the check box, traffic between

 

APs is not encrypted.

Note: WDS security is independent of the security settings between the ZyXEL Device and any wireless clients.

When you enable WDS security, also do the following:

• Select the type of security you want to use (TKIP or AES) to secure traffic on your WDS.

• Enter a pre-shared key in the PSK field for each access point in your WDS. Each access point can use a different pre-shared key.

• Configure WDS security and the relevant PSK in each of your other access point(s).

Note: Other APs must use the same encryption method to enable WDS security.

ZyXEL NWA-3160 Series User’s Guide

95

Chapter 6 Wireless Configuration

Table 24 Wireless: Bridge/Repeater

LABEL

DESCRIPTIONS

TKIP (ZyAIR Series

Select this to enable Temporal Key Integrity Protocol (TKIP) security on your

Compatible)

WDS. This option is compatible with other ZyXEL access points including that

 

support WDS security. Use this if the other access points on your network

 

support WDS security but do not have an AES option.

 

Note: Check your other AP’s documentation to make sure it

 

supports WDS security.

 

Note: At the time of writing, this option is compatible with

 

other ZyXEL NWA Series and G-3000/G-3000H access

 

points only.

AES

Select this to enable Advanced Encryption System (AES) security on your

 

WDS. AES provides superior security to TKIP. Use AES if the other access

 

points on your network support it for the WDS.

 

Note: At the time of writing, this option is compatible with

 

other ZyXEL NWA-3160 access points only.

 

 

#

This is the index number of the bridge connection.

 

 

Active

Select the check box to enable the bridge connection. Otherwise, clear the

 

check box to disable it.

 

 

Remote Bridge MAC

Type the MAC address of the peer device in a valid MAC address format, that

Address

is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.

 

 

PSK

Type a pre-shared key (PSK) from 8 to 63 case-sensitive ASCII characters

 

(including spaces and symbols). You must also set the peer device to use the

 

same pre-shared key. Each peer device can use a different pre-shared key.

 

 

See Table 23 on page 91 for information on the other labels in this screen.

6.7.3 AP+Bridge Mode

Select AP+Bridge as the Operating Mode in the WIRELESS > Wireless screen to have the ZyXEL Device function as a bridge and access point simultaneously. See the section on applications for more information.

96

ZyXEL NWA-3160 Series User’s Guide

Chapter 6 Wireless Configuration

Figure 53 Wireless: AP+Bridge

See the tables describing the fields in the Access Point and Bridge/Repeater operating modes for descriptions of the fields in this screen.

6.7.4 MBSSID Mode

Select MBSSID as the Operating Mode to display the screen. Refer to Chapter 8 on page 115 for configuration and detailed information. See Chapter 7 on page 99 for details on the security settings.

ZyXEL NWA-3160 Series User’s Guide

97

Chapter 6 Wireless Configuration

98

ZyXEL NWA-3160 Series User’s Guide

7

Wireless Security Configuration

This chapter describes how to use the Security and RADIUS screens to configure wireless security on your ZyXEL Device.

7.1 Wireless Security Overview

Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.

Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by MAC address and hiding the ZyXEL Device’s identity.

7.1.1Encryption

Use WPA(2) security if you have WPA(2)-aware wireless clients. WPA(2) uses either an external RADIUS server or the internal authentication server. WPA has user authentication and improved data encryption over WEP.

Use WPA(2)-PSK if you have WPA(2)-aware wireless clients but no RADIUS server, or do not want to use the internal authentication server.

If you don’t have WPA(2)-aware wireless clients, then use WEP key encrypting. A higher bit key offers better security. You can manually enter 64-bit, 128-bit or 152-bit WEP keys.

7.1.2Restricted Access

The MAC Filter screen allows you to configure the AP to give exclusive access to devices (Allow Association) or exclude them from accessing the AP (Deny Association).

7.1.3 Hide Identity

If you hide the SSID, then the ZyXEL Device cannot be seen when a wireless client scans for local APs. The trade-off for the extra security of “hiding” the ZyXEL Device may be inconvenience for some valid WLAN clients.

7.1.4 WEP Encryption

WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key.

ZyXEL NWA-3160 Series User’s Guide

99

Chapter 7 Wireless Security Configuration

Your ZyXEL Device allows you to configure up to four 64-bit, 128-bit or 152-bit WEP keys but only one key can be enabled at any one time.

7.2 802.1x Overview

The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management. Authentication can be done using a RADIUS server.

7.3 EAP Authentication Overview

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, the access point helps a wireless station and a RADIUS server perform authentication.

The type of authentication you use depends on the RADIUS server or the AP. The ZyXEL Device supports EAP-TLS, EAP-TTLS, EAP-MD5 and PEAP with RADIUS. Refer to the Types of EAP Authentication appendix for descriptions on the common types.

The following figure shows an overview of authentication when you specify a RADIUS server on your access point.

Figure 54 EAP Authentication

The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix.

1The wireless station sends a “start” message to the ZyXEL Device.

2The ZyXEL Device sends a “request identity” message to the wireless station for identity information.

3The wireless station replies with identity information, including username and password.

4The RADIUS server checks the user information against its user profile database and determines whether or not to authenticate the wireless station.

7.4Introduction to WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. Key differences between WPA and WEP are user authentication and improved data encryption.

100

ZyXEL NWA-3160 Series User’s Guide