Home

ZyXEL NWA3000-N User's Manual

Contents

1. Stok Aas ESA SE ELS gt JERR uU gt Zu BEA TH ATE E SE AS DOA Be aT EE BE PHAR RE 5 HAS CHER ZS RRS AMS o EE A HESS gt JEMENS H WAE RT BRE EAE HUTA GAGS TRIKEEROETETR T PRUR o SATIRE E BEAR SE LS PBR BR EL EET ES ZB FRERET FEB BK LR SFE GRRE PEA ES e VLD Be E gt ARE o Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment NWAJ3000 N Series User s Guide 375 Appendix E Legal Information 1 This device is designed for the WLAN 2 4 GHz and or 5 GHz networks throughout the EC region and Switzerland with restrictions in France Ce produit est concu pour les bandes de fr quences 2 4 GHz et ou 5 GHz conform ment la l gislation Europ enne En France m tropolitaine suivant les d cisions n 03 908 et 03 909 de l ARCEP la puissance d mission ne devra pas d passer 10 mW 10 dB dans le cadre d une installation WiFi en ext rieur pour les fr quences comprises entre 2454 MH
2. 49 NWA3000 N Series User s Guide Table of Contents EST E mem rT IE 49 IEC ne CUI NID PRO T E E E 49 S4 Feat Contiguradtion OVErViBW Rm 49 Aa r E E E E A E T 50 Tae EQ UN rs a rcsareue tcacaricrvaacsetsemnd sacra serceunns atuadeachanisaauete sedacet onedudane ean vacant aadeatintoeac 50 Sat LAN SE e 50 esd sie WORMS T EN E A E AA A E E E TT 50 A a O DONOSNA aa 51 EF Ble oe C E E 51 USOT qp T mom ee nose eaaeaiats 51 SALAF PONG M 52 ci LIS Eur T c 52 SUR UID P TL TUS E A E E A E T T 52 3 5 1 WWW SSH TELNET FTP SNMP and Auth Server iuccseecceiecee ectetuer essai 52 cele LAS RING FS p E 53 eat ups eT UH E 53 Soa PaT ES o E 53 aT MU A E E A dl d suche dn EE AN 53 Chapter 4 TUONA Sia a aa a aN a 55 ASL Sample INCOR SOT eet 55 Ai Sethe Management Modes uses sis aaa ma ESS 56 4 1 2 Set the LAN IP Address and Management VLAN vlan99 sesers 57 4 1 3 Set Up Wireless User Authentication esssssesseseseseeeenerennen nnns 58 4 1 4 Create the AP Profiles staff guest ssessssssssesesses esent 60 42 ROUS Pali t 63 42 T Bague AP COD WEE hussain pecca St pda rapi A a asa E cpi 67 a Losd ISIBHCIT aiocbusetetuin d re errr re cree pue Oder re terre ter ntis eT EN D DIES NUS DR UU UN 69 E D
3. AE 122 OE eire EE T LT SET 124 Chapter 10 Device O Y O 127 YN Ie esc R P 127 101 1 What You Can Do in this ORG uiscsiaia eccesso Ra bcc dau a P ec au 127 TOL S MWSt You eed FON 2i oissodusiieete peat tee gioi du uela dugb ae QUT EE 128 10 13 Balore VOU Bogi saccra ai a texehhaedschentbbenencesauindics 128 10 2 Devices HA General ETE LUE Lm 129 RUE Su FISE n CURRENT 131 103 4 Edit RIEU eet IFTE ssepe pour aar EX Rep aa aa a abri b o PER Lan e aab EO 134 104 M yh eli 1d e PEE T 135 Chapter 11 USET ane 137 ERES 0l Ee 137 TELI What You con Dod fus C DOSE sisisi sanni aaan iia 137 Pil dee RL Yon Need OINO E LORS 137 Toe User SoA anana LIT DU T UM 138 TET I BOE atna a cS book rtu Heck balay oec RS Seater Sau 139 ec E 141 11 3 1 Edit User Authentication Timeout Settings essen 144 Chapter 12 rail mee 147 T TOVONI aena 147 121 1 What You Can Do in this Chaplet iind prescripti asa ta a ebore donat pad adu 147 T2 12 VS OD NOO To ENON C cesaskesonbdesiducsE Rb but rr PHR UU CEDE KE dan PvE Ed a a Ea El ao ERU 147 Taa llco m 149 12821 Add Edi Radio PFOBIB s ore Fia Pn ERO ER Rp eee adel ORA RUE 150 o aec 154 Ace Ec RE M 154 dots 9 CDU DI
4. Ensures the identity of a remote computer Proves your identity to a remote computer Ensures software came from software publisher Protects software from alteration after publication Protects e mail messages Allows data to be signed with the current time Issued to CSO CA Issued by C50 CA Valid from 8 30 2003 to 8 30 2005 Issuer Statement NWA3000 N Series User s Guide Chapter 15 System 2 Click Install Certificate and follow the wizard as shown earlier in this appendix 15 5 5 6 Installing a Personal Certificate You need a password in advance The CA may issue the password or you may have to specify it during the enrollment Double click the personal certificate given to you by the CA to produce a screen similar to the one shown next 1 Click Next to begin the wizard Certificate Import Wizard f x Welcome to the Certificate Import Wizard This wizard helps you copy certificates certificate trust lists and certificate revocation ists from your disk to a certificate store A certificate which is issued by a certification authority is amp confirmation of your identity and contains information used to protect data or to establish secure network connections 4 certificate store is the system area where certificates are kept To continue click Next 2 The file name and path of the certificate you double clicked should automatically appear in the File nam
5. NWA3000 N Series User s Guide Management Mode 7 1 Overview This chapter discusses using the NWA3000 N series AP in management mode which determines whether the NWA3000 N series AP is used in its default standalone mode or as part of a Control And Provisioning of Wireless Access Points CAPWAP network 7 2 About CAPWAP The NWA3000 N series AP supports CAPWAP This is ZyXEL s implementation of the CAPWAP protocol RFC 5415 The CAPWAP dataflow is protected by Datagram Transport Layer Security DTLS The following figure illustrates a CAPWAP wireless network You U configure the AP controller C which then automatically updates the configurations of the managed APs M1 M4 Figure 38 CAPWAP Network Example hal NWA3000 N Series User s Guide Chapter 7 Management Mode Note The NWA3000 N series AP can be a standalone AP default a CAPWAP managed AP or a CAPWAP AP controller 7 2 1 CAPWAP Discovery and Management The link between CAPWAP enabled access points proceeds as follows An AP in managed AP mode joins a wired network receives a dynamic IP address The AP sends out a discovery request looking for an AP in CAPWAP AP controller mode If there is an AP controller on the network it receives the discovery request If the AP controller is in Manual mode it adds the details of the AP to its Unmanaged Access Points list and you decide which available APs to manage If the AP is in
6. NWA3000 N Series User s Guide 137 Chapter 11 User Table 47 Types of User Accounts continued TYPE ABILITIES LOGIN METHOD S limited admin Look at NWA3000 N series AP WWW TELNET SSH Console configuration web CLI Perform basic diagnostics CLI Access Users user Used for the embedded RADIUS server and SNMPv3 user access Browse user mode commands CLI Note The default admin account is always authenticated locally regardless of the authentication method setting 11 2 User Summary The User screen provides a summary of all user accounts To access this screen click Configuration gt Object gt User Figure 62 Configuration gt Object gt User Configuration UserName 1 admin admin test 2 usertest Page 1 Add J Edit Remove GA Object Reference User Type Description admin Administration account admin Local User user Local User of 1 Show 50 v items Displaying 1 4of 4 The following table describes the labels in this screen Table 48 Configuration gt Object gt User LABEL DESCRIPTION Add Click this to create a new entry Edit Double click an entry or select it and click Edit to open a screen where you can modify the entry s settings Remove To remove an entry select it and click Remove The NWA3000 N series AP confirms you want to remove it before doing so Object References
7. Appendix A Log Descriptions Table 108 CAPWAP Server Logs LOG MESSAGE DESCRIPTION Start Send Updating Configuration to Managed AP MACAddr 02x 02x 02x 0 2x 02x 2 02x Model s Name s Indicates that a Send Updating Configuration request was sent to an AP on the Managed List 1st 02x 6th 02x Managed AP MAC Address 7th 96s Managed AP Model Name 8th 96s Managed AP Description Sucess Send Updating Configuration to Managed AP MACAddr 02x 02x 02x 0 2x 02x2 02x Model s Name s Indicates that a Send Updating Configuration Response was received from an AP on the Managed List 1st 02x 6th 02x Managed AP MAC Address 7th 96s Managed AP Model Name 8th 96s Managed AP Description Send Retransmit Configuration to Managed AP MACAddr 02x 02x 02x 0 2x 02x 02x Model s Name s retry count d Indicates that the CAPWAP server retransmited configuration to an AP on the Managed List 1st 02x 6th 02x Managed AP MAC Address 7th 96s Managed AP Model Name 8th 96s Managed AP Description 9th 96d Retry count STA Association MACAddr 02x 02x 02x 0 2x 02x 02x AP s A station connected to the specified AP 1st 02x 6th 02x Managed AP MAC Address 7th 96s Managed AP s description STA Disassociation MACAddr 02x 02x 02x 0 2x 02x 02x AP s A station disconnected from the specified AP 1st 02x 6th 02x Managed AP MAC Address 7th 9
8. Indicates that rogue AP detection is enabled NWA3000 N Series User s Guide Appendix A Log Descriptions Table 112 Wireless Frame Capture Logs LOG MESSAGE DESCRIPTION Capture done check size 96d max file size 9o6 d n This message displays check size 96d and max file size 96d when the wireless frame capture has been completed 1st 96d total files size of directory 2nd 96d max files size Can not initial monitor mode signal handler An While an AP is in Monitor mode the handler functions as a daemon if it fails to initialize the handler then this message is returned Table 113 DCS Logs LOG MESSAGE DESCRIPTION dcs init failed n Indicates that the NWA3000 N series AP failed to initialize the dcs daemon init zylog fail n Indicates that the NWA3000 N series AP failed to initialize zylog channel changed s d gt d n DCS has changed the wireless interface s channel from d to channel d lst 96s interface name 1st 96d current channel 2nd 96d new channel dcs is terminated DCS was terminated for an unknown reason NWA3000 N Series User s Guide Importing Certificates This appendix shows you how to import public key certificates into your web browser Public key certificates are used by web browsers to ensure that a secure web site is legitimate When a certificate authority such as VeriSign Comodo
9. The following table describes the labels in this screen Table 35 Configuration gt LAN Setting gt Add LABEL DESCRIPTION Type Select User Defined to manually enter a DNS server s IP address Select From DHCP to dynamically get a DNS server address from a DHCP server DNS Server This appears when you set the Type to User Defined Enter the IP address of a DNS server OK Click OK to save your customized settings and exit this screen Cancel Click Cancel to exit this screen without saving NWA3000 N Series User s Guide Wireless 9 1 Overview Use the Wireless screens to configure how the NWA3000 N series AP manages the Access Point that are connected to it 9 1 1 What You Can Do in this Chapter The Controller screen Section 9 2 on page 112 sets how the NWA3000 N series AP allows new APs to connect to the network This is available when the NWA3000 N series AP is in controller mode The AP Management screen Section 9 3 on page 113 manages the NWA3000 N series AP s general wireless settings if it is in standalone mode or the general wireless settings of all of the NWA3000 N series AP s managed APs if the NWA3000 N series AP is in controller mode The MON Mode screen Section 9 4 on page 116 allows you to assign APs either to the rogue AP list or the friendly AP list The Load Balancing screen Section 9 5 on page 119 configures network traffic load balancing between the APs an
10. Click Apply to save your changes back to the NWA3000 N series AP Reset Click Reset to return the screen to its last saved settings 15 3 Date and Time For effective scheduling and logging the NWA3000 N series AP system time must be accurate The NWA3000 N series AP has a software mechanism to set the time manually or get the current time and date from an external server NWA3000 N Series User s Guide Chapter 15 System To change your NWA3000 N series AP s time based on your local time zone and date click Configuration gt System gt Date Time The screen displays as shown You can manually set the NWA3000 N series AP s time and date or have the NWA3000 N series AP get the date and time from a time server Figure 85 Configuration System Date Time Date Time Current Time and Date Current Time Current Date Time and Date Setup Manual Get from Time Server Time Server Address D pool ntp org Optional There is a pre defined NTP time server list Time Zone Setup Time Zone GMT 00 00 Greenwich Mean Time Dublin Edinburgh Li v E Enable Daylight Saving Apply Reset The following table describes the labels in this screen Table 70 Configuration System Date Time LABEL DESCRIPTION Current Time and Date Current Time This field displays the present time of your NWA3000 N series AP Current Date This field displa
11. If you want to export the certificate with its private key create a password and type it here Make sure you keep this password in a safe place You will need to use it if you import the certificate to another device Export Certificate with Private Key Use this button to save a copy of the certificate with its private key Type the certificate s password and click this button Click Save in the File Download screen The Save As screen opens browse to the location that you want to use and click Save NWAJ3000 N Series User s Guide Chapter 14 Certificates Table 64 Configuration Object Certificate My Certificates Edit LABEL DESCRIPTION can only change the name OK Click OK to save your changes back to the NWA3000 N series AP You Cancel Click Cancel to quit and return to the My Certificates screen 14 2 3 Import Certificates Click Configuration gt Object gt Certificate gt My Certificates gt Import to open the My Certificate I mport screen Follow the instructions in this screen to save an existing certificate to the NWA3000 N series AP Note You can import a certificate that matches a corresponding certification request that was generated by the NWA3000 N series AP You can also import a certificate in PKCS 12 format including the certificate s public and private keys The certificate you import replaces the corresponding request in the My Certific
12. 125 Chapter 9 Wireless Load Balancing Because there is a hard upper limit on an AP s wireless bandwidth load balancing can be crucial in areas crowded with wireless users Rather than let every user connect and subsequently dilute the available bandwidth to the point where each connecting device receives a meager trickle the load balanced AP instead limits the incoming connections as a means to maintain bandwidth integrity There are two kinds of wireless load balancing available on the NWA3000 N series AP Load balancing by station number limits the number of devices allowed to connect to your AP If you know exactly how many stations you want to let connect choose this option For example if your company s graphic design team has their own AP and they have 10 computers you can load balance for 10 Later if someone from the sales department visits the graphic design team s offices for a meeting and he tries to access the network his computer s connection is delayed giving it the opportunity to connect to a different neighboring AP If he still connects to the AP regardless of the delay then the AP may boot other people who are already connected in order to associate with the new connection Load balancing by traffic level limits the number of connections to the AP based on maximum bandwidth available If you are uncertain as to the exact number of wireless connections you will have then choose this option By setting a m
13. Note PREQUISITES or WHERE USED does not appear if there are no prerequisites or references in other features to this one For example no other features reference AP management entries so there is no WHERE USED entry 3 3 2 MGNT Mode Use this screen to set the NWA3000 N series AP to control other NWA3000 N series APs work as a standalone AP or be managed by another NWA3000 N series AP MENU ITEM S Configuration MGNT Mode 3 3 3 LAN Setting Use this screen to configure the LAN Ethernet interface including VLAN settings MENU ITEM S Configuration gt LAN Setting 3 3 4 Wireless Use these screens to manage your wireless Access Points MENU ITEM S Configuration gt Wireless NWA3000 N Series User s Guide Chapter 3 Configuration Basics PREREQUISITES Radio profiles SSID profiles and security profiles 3 3 5 Device HA To increase network reliability device HA lets a backup NWA3000 N series AP automatically take over if a master NWA3000 N series AP fails Device HA is available when the NWA3000 N series AP is in controller mode MENU ITEM S Configuration Device HA PREREQUISITES nterfaces with a static IP address to NWA3000 N series AP firewall 3 4 Objects Objects store information and are referenced by other features If you update this information in response to changes the NWA3000 N series AP automatically pr
14. Set Scan Channel Move a channel from the Available channels column to the List 5 G Channels selected column to have the APs using this profile scan that channel when Scan Channel Mode is set to manual These channels are limited to the 5 GHz range 802 11 a n OK Click OK to save your changes back to the NWA3000 N series AP Cancel Click Cancel to exit this screen without saving your changes 13 3 Technical Reference The following section contains additional technical information about the features described in this chapter Rogue APs Rogue APs are wireless access points operating in a network s coverage area that are not under the control of the network s administrators and can open up holes in a network s security Attackers can take advantage of a rogue AP s weaker or non existent security to gain access to the network or set up their own rogue APs in order to capture information from wireless clients If a scan reveals a rogue AP you can use commercially available software to physically locate it Figure 76 Rogue AP Example NWA3000 N Series User s Guide Chapter 13 MON Profile In the example above a corporate network s security is compromised by a rogue AP RG set up by an employee at his workstation in order to allow him to connect his notebook computer wirelessly A The company s legitimate wireless network the dashed ellipse B is well secured but the rogue AP uses inferior security
15. WPA2 Most Secure Note You must enable the same wireless security settings on the NWA3000 N series AP and on all wireless clients that you want to associate with it NWA3000 N Series User s Guide Appendix C Wireless LANs IEEE 802 1x In June 2001 the IEEE 802 1x standard was designed to extend the features of IEEE 802 11 to support extended authentication as well as providing additional accounting and control features It is supported by Windows XP and a number of network devices Some advantages of IEEE 802 1x are User based identification that allows for roaming Support for RADIUS Remote Authentication Dial In User Service RFC 2138 2139 for centralized user profile and accounting management on a network RADIUS server Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The RADIUS server handles the following tasks Authentication Determines the identity of the users Authorization Determines the network services available to authenticated users once they are connected to the network Accounting Keeps track of the client s network activity RADIUS is a si
16. Figure 33 Monitor Wireless Rogue AP Detected Device Detected Device e w Stat Devi Role MAC SSID Name Channel 802 11 Mc Sec Descripti Last See Page 1 ofi Show 50 items No data to display The following table describes the labels in this screen Table 28 Monitor Wireless Rogue AP LABEL DESCRIPTION Mark as Rogue Click this button to mark the selected AP as a rogue AP A rogue AP can AP be contained in the Configuration Wireless MON Mode screen Chapter 9 on page 111 Mark as Click this button to mark the selected AP as a friendly AP For more on Friendly AP managing friendly APs see the Configuration Wireless MON Mode screen Chapter 9 on page 111 This is the station s index number in this list Status This indicates the detected device s status Device This indicates the type of device detected Role This indicates the detected device s role such as friendly or rogue MAC Address This indicates the detected device s MAC address SSID Name This indicates the detected device s SSID Channel ID This indicates the detected device s channel ID 802 11 Mode This indicates the 802 11 mode a b g n transmitted by the detected device Security This indicates the encryption method if any used by the detected device Description This displays the detected device s description For more on managing friendly and rogue APs see the Confi
17. LABEL DESCRIPTION Enable Authentication Server Select this to have the NWA3000 N series AP use its internal RADIUS server to authenticate wireless clients connecting to trusted APs Authentication Server Certificate Select the certificate the NWA3000 N series AP s internal RADIUS server uses for authenticating wireless clients connecting to trusted APs Note It is recommended that you replace the factory default certificate with one that uses your NWA3000 N series AP s MAC address Do this when you first log in to the NWA3000 N series AP or in the Object Certificate My Certificates screen Trusted Client Use this table to manage the list of profiles of trusted APs for which the NWA3000 N series AP authenticates wireless clients Add Click this to add a new trusted AP profile Edit Click this to edit the selected trusted AP profile Remove Click this to remove the selected trusted AP profile Activate To turn on a profile select it and click Activate Inactivate To turn off a profile select it and click Inactivate This field is a sequential value and it is not associated with a specific profile Status This field shows whether or not the entry is activated NWA3000 N Series User s Guide E Chapter 15 System Table 80 Configuration System Auth Server continued LABEL DESCRIPTION Profile Name This field indicates th
18. Registration Type Select Manual to add each AP to the NWA3000 N series AP for management or Always Accept to automatically add APs to the NWA3000 N series AP for management Note Select the Manual option for managing a specific set of APs This is recommended as the registration mechanism cannot automatically differentiate between friendly and rogue APs For details on how to handle rogue APs see Section 6 7 on page 94 APs must be connected to the NWA3000 N series AP by a wired connection or network Apply Click Apply to save your changes back to the NWA3000 N series AP Reset Click Reset to return the screen to its last saved settings NWA3000 N Series User s Guide Chapter 9 Wireless 9 3 AP Management Use this screen to manage all of the APs connected to the NWA3000 N series AP Click Configuration Wireless AP Management to access this screen This screen manages the NWA3000 N series AP s general wireless settings if it is in standalone mode or the general wireless settings of all of the NWA3000 N series AP s managed APs if the NWA3000 N series AP is in controller mode Figure 44 Configuration Wireless AP Management Controller Mode Mgnt AP List IP Address 1 0 0 0 0 Page 1 of 1 Show 50 Mgnt AP List MAC Model R1 Mode Profile Mgnt VLAN ID 40 4A 03 47 NWA3160 N AP default 1 Description a AP 404A03427016 v items Displaying 1 1of1 The followi
19. Select an entry and click Object References to open a screen that shows which settings use the entry This field is a sequential value and it is not associated with a specific user NWA3000 N Series User s Guide Chapter 11 User Table 48 Configuration Object User continued LABEL DESCRIPTION User Name This field displays the user name of each user User Type This field displays type of user this account was configured as admin this user can look at and change the configuration of the NWA3000 N series AP limited admin this user can look at the configuration of the NWA3000 N series AP but not to change it user this user has access to the NWA3000 N series AP s services but cannot look at the configuration Description This field displays the description for each user 11 2 1 Add Edit User The User Add Edit screen allows you to create a new user account or edit an existing one 11 2 1 1 Rules for User Names Enter a user name from 1 to 31 characters The user name can only contain the following characters Alphanumeric A z 0 9 there is no unicode support e underscores dashes The first character must be alphabetical A Z a z an underscore or a dash Other limitations on user names are User names are case sensitive If you enter a user bob but use BOB when connecting via CIFS or FTP it will
20. Station Info Station List Station List MAC Address Associated AP SSID Name Security Mode Signal Strength Tx Rate RxRate Association time Page 1 of 1 Show 50 v items No data to display The following table describes the labels in this screen Table 27 Monitor gt Wireless gt Station Info LABEL DESCRIPTION This is the station s index number in this list MAC Address This is the station s MAC address Associated AP This is available when the NWA3000 N series AP is in controller mode This indicates the AP through which the station is connected to the network SSID Name This indicates the name of the wireless network to which the station is connected A single AP can have multiple SSIDs or networks Security Mode This indicates which secure encryption methods is being used by the station to connect to the network Association This indicates how long the station has been associated with the AP Time Refresh Click this to refresh the items displayed on this page NWA3000 N Series User s Guide Chapter 6 Monitor 6 7 Rogue AP Use this screen to view information about suspected rogue APs Click Monitor Wireless Rogue AP Detected Device to access this screen Note The NWA3000 N series AP or at least one of the APs the NWA3000 N series AP is managing must be set to Monitor mode in order to detect other wireless devices in its vicinity
21. This is the Advanced Encryption Standard encryption method It is a more recent development over TKIP and considerably more robust Not all wireless clients may support this Group Key Enter the interval in seconds at which the AP updates the group WPA Update Timer encryption key Pre This is available when the profile is set to use wpa2 or wpa2 mix Authentication and 802 1x Enable or Disable pre authentication to allow the AP to send authentication information to other APs on the network allowing connected wireless clients to switch APs without having to re authenticate their network connection OK Click OK to save your changes back to the NWA3000 N series AP Cancel Click Cancel to exit this screen without saving your changes 12 3 3 MAC Filter List This screen allows you to create and manage security configurations that can be used by your SSIDs To access this screen click Configuration gt Object gt AP Profile gt SSID gt MAC Filter List Note You can have a maximum of 32 MAC filtering profiles on the NWA3000 N series AP Figure 72 Configuration gt Object gt AP Profile gt SSID gt MAC Filter List SSID List Security List MAC Filter List MAC Filter List Summary Add Profile Name Fiter Action Page 1 ofi Show 50 v items No data to display The following table describes the labels in this screen Table 58 Configuration gt Object gt AP Profile gt SSID gt
22. Wireless gt AP Management Standalone Mode General Settings Model E Radio 1 Activate Radio 1 OP Mode Radio 1 Profile eea OOO NWA3160 N AP Mode MON Mode default M l y jJ Ree jJ The following fields display if the NNWA3000 N series AP is in standalone mode Table 38 Configuration Wireless AP Management Standalone Mode LABEL DESCRIPTION Model This field displays the AP s hardware model information It displays N A not applicable only when the AP disconnects from the NWA3000 N series AP and the information is unavailable as a result R1 Mode Profile This field displays the AP or MON profile for Radio 1 R2 Mode Profile If the NWA3000 N series AP has a second radio this field displays the AP or MON profile for Radio 2 NWA3000 N Series User s Guide Chapter 9 Wireless 9 3 1 Edit AP List Select an AP and click the Edit button in the Configuration Wireless AP Management tab le to display this screen Use this screen to set the managed AP s general wireless settings Figure 46 Configuration gt Wireless gt Edit AP List Q Edit AP List v Create new Object v General Settings MAC Address Model Description Radio 1 OP Mode Radio 1 Profile VLAN Settings Management VLAN ID V As Native VLAN AP 001349000001 Q9 AP Mode MON Mode default w 1 1 4094 Each fiel
23. a 6 i 134235 L 7 za E Usor 1c eeeeeert 15 Chapter 1 IEROGUCHION e 17 AES C Aere 17 1 2 Applications for the NWASGOO N serias AP ccccccccccceessesccseeennenicneenensnndeenessndenenbeanddannenesnan 18 pom ods a p i751 Et 18 Ge aoe jos eI TEN 22 jececi rcs M 22 Aso t cipio E A 23 1 4 Ways to Manage the NWA3000 N series AP ccccecessccseceeeeeeceeeeeeseceeeeesnsneceeeeensneeeeeeeneaes 24 1 5 Good Habits for Managing the NWA3000 N series AP sesssssseesseet 25 1 6 Hardware Connections 3 5 Gomera dota dept b OU EO CHE Pe pue Ka RUD e pud FOR 26 Tar CEDE we 27 1 8 Starting and Stopping the NWA3000 N series AP 29 Chapter 2 THE We gio o Bee M 31 CNRC ON NEU 31 Cpu P o 32 zT hg BIO SERERE IT Seca udi s an brad cda uxor undi du cu st na ur ou D da cm MAII rm 34 cpu pi epu nce 34 23 5 Vaid NIOSSEBE cunis asi so anie n a EL CUBE SP La ERA RUE Kee CUBO EG CIR EGER ORE Hec 38 Bd ONG Le E TT 38 ePcheEd n cMrilci o T v P 38 23O Tales GEM CE 44 Chapter 3 G nhg ration BasiG e
24. copyright holders This software is provided as is without any express or implied warranty In no event will the authors be held liable for any damages arising from the use of this software Permission is granted to anyone to use this software for any purpose including commercial applications and to alter it and redistribute it freely subject to the following restrictions 1 The origin of this software must not be misrepresented you must not claim that you wrote the original software If you use this software in a product an acknowledgment in the product documentation would be appreciated but is not required 2 Altered source versions must be plainly marked as such and must not be misrepresented as being the original software 3 This notice may not be removed or altered from any source distribution NWA3000 N Series User s Guide 371 Appendix D Open Software Announcements 372 NWA3000 N Series User s Guide Legal Information Copyright Copyright 2011 by ZyXEL Communications Corporation The contents of this publication may not be reproduced in any part or as a whole transcribed stored in a retrieval system translated into any language or transmitted in any form or by any means electronic mechanical magnetic optical chemical photocopying manual or otherwise without the prior written permission of ZyXEL Communications Corporation Published by ZyXEL Communications Corporation All right
25. defines the formats for public key certificates Version This field displays the X 509 version number Serial Number This field displays the certificate s identification number given by the certification authority Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization O and Country C Issuer This field displays identifying information about the certificate s issuing certification authority such as Common Name Organizational Unit Organization and Country With self signed certificates this is the same information as in the Subject Name field Signature Algorithm This field displays the type of algorithm that was used to sign the certificate Some certification authorities use rsa pkcs1 shal RSA public private key encryption algorithm and the SHA1 hash algorithm Other certification authorities may use rsa pkcs1 md5 RSA public private key encryption algorithm and the MD5 hash algorithm Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid message if the certificate has not yet become applicable Valid To This field displays the date that the certificate expires The text displays in red and includes an Expiring or Expired message if the certificate is about to expire or has already expired Key Alg
26. or Network Solutions to name a few receives a certificate request from a website operator they confirm that the web domain and contact information in the request match those on public record with a domain name registrar If they match then the certificate is issued to the website operator who then places it on the site to be issued to all visiting web browsers to let them know that the site is legitimate Many ZyXEL products such as the NSA 2401 issue their own public key certificates These can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate device and not one masquerading as it However because the certificates were not issued by one of the several organizations officially recognized by the most common web browsers you will need to import the ZyXEL created certificate into your web browser and flag that certificate as a trusted authority Note You can see if you are browsing on a secure website if the URL in your web browser s address bar begins with nttps orthere is a sealed padlock icon amp somewhere in the main browser window not all browsers show the padlock in the same location NWA3000 N Series User s Guide Appendix B Importing Certificates Internet Explorer The following example uses Microsoft Internet Explorer 7 on Windows XP Professional however they can also apply to Internet Explorer on Windows Vista 1 If your device s Web Configurator is set t
27. this applies the valid parts of the configuration file and generates error logs for all of the configuration file s errors This lets the NWA3000 N series AP apply most of your configuration and you can refer to the logs for what to fix Ignore errors and finish applying the configuration file and then roll back to the previous configuration this applies the valid parts of the configuration file generates error logs for all of the configuration file s errors and starts the NWA3000 N series AP with a fully valid configuration file Click OK to have the NWA3000 N series AP start applying the configuration file or click Cancel to close the screen This column displays the number for each configuration file entry This field is a sequential value and it is not associated with a specific address The total number of configuration files that you can save depends on the sizes of the configuration files and the available flash storage space 246 NWA3000 N Series User s Guide Chapter 17 File Manager Table 88 Maintenance File Manager Configuration File continued LABEL DESCRIPTION File Name This column displays the label that identifies a configuration file You cannot delete the following configuration files or change their file names The system default conf file contains the NWA3000 N series AP s default settings Select this file and click Apply to reset all of the NWA3000 N series
28. type of user account It defines the number of minutes the user can be logged into the NWA3000 N series AP in one session before having to log in again Unlike Lease Time the user has no opportunity to renew the session without logging out User Logon Settings Limit the number of simultaneous logons for administration account Select this check box if you want to set a limit on the number of simultaneous logins by admin users If you do not select this admin users can login as many times as they want at the same time using the same or different IP addresses Maximum number per administration account This field is effective when Limit for administration account is checked Type the maximum number of simultaneous logins by each admin user User Lockout Settings Enable logon retry limit Select this check box to set a limit on the number of times each user can login unsuccessfully for example wrong password before the IP address is locked out for a specified amount of time Maximum retry count This field is effective when Enable logon retry limit is checked Type the maximum number of times each user can login unsuccessfully before the IP address is locked out for the specified lockout period The number must be between 1 and 99 Lockout period This field is effective when Enable logon retry limit is checked Type the number of minutes the user must wait to try to login again if logon retr
29. you should enter the IP address or FQDN of a virtual router on a secure network If this NWA3000 N series AP is set to master role this field displays the NWA3000 N series AP s IP addresses and or Fully Qualified Domain Names FQDN through which NWA3000 N series APs in backup role can get updated configuration from this NWA3000 N series AP Sync Now Click this to copy the specified NWA3000 N series AP s configuration Server Port If this NWA3000 N series AP is set to backup role enter the port number to use for Secure FTP when synchronizing with the specified master NWA3000 N series AP If this NWA3000 N series AP is set to master role this field displays the NWA3000 N series AP s Secure FTP port number Click the link if you need to change the FTP port number Every NWA3000 N series AP in the virtual router must use the same port number If the master NWA3000 N series AP changes you have to manually change this port number in the backups NWA3000 N Series User s Guide 189 Chapter 10 Device HA Table 45 Configuration gt Device HA gt Active Passive Mode continued LABEL DESCRIPTION Password Enter the password used for verification during synchronization Every NWA3000 N series AP in the virtual router must use the same password If you leave this field blank in the master NWA3000 N series AP no backup NWA3000 N series APs can synchronize from it If you leave this field b
30. 319 C CA 327 and certificates 172 CA Certificate Authority see certificates CAPWAP 103 105 CEF Common Event Format 231 237 Certificate Authority See CA Certificate Authority CA see certificates Certificate Management Protocol CMP 179 Certificate Revocation List CRL 172 vs OCSP 191 certificates 171 advantages of 172 and CA 172 and FTP 216 and HTTPS 201 and SSH 212 and WWW 202 certification path 172 182 188 expired 172 factory default 173 file formats 173 fingerprints 183 189 importing 176 not used for encryption 172 revoked 172 self signed 173 178 serial number 182 189 storage space 175 185 thumbprint algorithms 174 thumbprints 174 used for authentication 172 verifying fingerprints 173 where used 51 certification requests 179 NWA3000 N Series User s Guide 379 Index certifications 373 notices 375 viewing 376 channel 18 321 interference 321 CLI 24 40 button 40 messages 40 popup window 40 cluster ID 136 273 cold start 29 commands 24 sent by Web Configurator 40 Common Event Format CEF 231 237 configuration 17 information 253 object based 49 overview 49 configuration files 241 at restart 243 backing up 243 downloading 245 257 261 downloading with FTP 215 editing 241 how applied 242 lastgood conf 244 247 managing 243 startup config conf 247 startup config bad conf 244 syntax 242 system default conf 247 uploading 247 uploading with FTP 215 use without
31. 5 and NWA3000 N series AP B has its own LAN management IP address of 192 168 1 6 These do not change when NWA3000 N series AP B becomes the master NWA3000 N Series User s Guide User 11 1 Overview 11 1 1 This chapter describes how to set up user accounts and user settings for the NWA3000 N series AP You can also set up rules that control when users have to log in to the NWA3000 N series AP before the NWA3000 N series AP routes traffic for them What You Can Do in this Chapter The User screen see Section 11 2 on page 138 provides a summary of all user accounts The Setting screen see Section 11 3 on page 141 controls default settings login settings lockout settings and other user settings for the NWA3000 N series AP You can also use this screen to specify when users must log in to the NWA3000 N series AP before it routes traffic for them 11 1 2 What You Need To Know The following terms and concepts may help as you read this chapter User Account A user account defines the privileges of a user logged into the NWA3000 N series AP User accounts are used in controlling access to configuration and services in the NWA3000 N series AP User Types These are the types of user accounts the NWA3000 N series AP uses Table 47 Types of User Accounts TYPE ABILITIES LOGIN METHOD S Admin Users admin Change NWA3000 N series AP WWW TELNET SSH FTP configuration web CLI Console
32. AP 1970 01 01 01 0 info CAF STA DisassociationMACAddr 0025d392faa9 AF 1970 01 01 00 5 info CAF STA AssociationMACAddr 0025d392faa9 AP 1970 01 01 00 0 info CAF Sucess Send Configuration to Managed AP MA 1970 01 01 00 0 info CAF Start Send Configuration to Managed AP MACA 1970 01 01 00 0 info CAF Managed AP Connect MACAddr 404a03427016 172 23 26 10 1970 01 01 00 0 info Sys EnterpriseWLAN is configured successfully witl 10 1970 01 01 00 0 noti WL rogue ap detection is enabled RAPD 11 1970 01 01 00 0 info inte Interface lan has been changed CONFIG CF 12 1970 01 01 00 0 info inte Interface lan has been changed CONFIG CF 13 1970 01 01 00 02 info Inte Interface lan has been added CONFIG AL 14 1970 01 01 00 02 aler Sys Port 0 is up 15 1970 01 01 00 0 info Sys Filesystem was checked 16 1970 01 01 00 0 info CAF Managed AP Start Discovery Type Broadcast 17 1970 01 01 00 0 info CAF WLAN Controller Start Registration Type Manua oon Oo on Qo NM Page 1 ofi Show 50 v items Displaying 1 17 of 17 NWA3000 N Series User s Guide 97 Chapter 6 Monitor The following table describes the labels in this screen Table 31 Monitor gt Log gt View Log LABEL DESCRIPTION Show Filter Click this button to show or hide the filter settings Hide Filter If the filter settings are hidden the Display Email Log Now Refresh and Clear Log fields are available If the filter
33. AP Receiving Updating ZySH Configuration from AC The AP is receiving configuration settings from the NWA3000 N series AP because the NWA3000 N series AP changed configuration RUN State STA Association MAC Addr 9602x 96 02x 96 02x 96 02x 9602x 96 02x AP 96s Indicates the specified station associated with the specified AP 1st 02x 6th 02x Station MAC Address 7th 96s AP s description STA Disassociation MAC Addr 9602x 96 02x 96 02x 96 02x 9602x 96 02x AP 96s Indicates the specified station de associated from the specified AP 1st 02x 6th 02x Station MAC Address 7th 96s AP s description STA Roaming MAC Addr 9602x 96 02x 96 02x 96 02x 9602x 96 02x Fromz96s To S The specified station roamed from the first specified AP to the other 1st 02x 6th 02x Station MAC Address 7th 96s Source AP s description 8th 96s Destination AP s description STA List Full STA List of Managed AP 96s is Full The number of stations connecting to the specified AP has reached its upper limit lst s WTP s description Table 110 AP Load Balancing Logs LOG MESSAGE DESCRIPTION kick station 96 02x 9602x 96 02x 96 02x 9602x 96 02x Indicates that the specified station was removed from an AP s wireless network because the AP became overloaded Table 111 Rogue AP Logs LOG MESSAGE DESCRIPTION rogue ap detection is enabled
34. AP settings to the factory defaults This configuration file is included when you upload a firmware package The startup config conf file is the configuration file that the NWA3000 N series AP is currently using If you make and save changes during your management session the changes are applied to this configuration file The NWA3000 N series AP applies configuration changes made in the Web Configurator to the configuration file when you click Apply or OK It applies configuration changes made via commands when you use the write command The lastgood conf is the most recently used valid configuration file that was saved when the device last restarted If you upload and apply a configuration file with an error you can apply lastgood conf to return to a valid configuration When you change the NWA3000 N series AP s operation mode it backs up the configuration to a xxx backup conf file where xxx denotes the mode the NWA3000 N series AP was previously using Size This column displays the size in KB of a configuration file Last Modified This column displays the date and time that the individual configuration files were last changed or saved Upload The bottom part of the screen allows you to upload a new or previously Configuration saved configuration file from your computer to your NWA3000 N series File AP You cannot upload a configuration file named system default conf or lastgood conf If you upload
35. APs on your network SSID Create SSID profiles for the APs on your network Security Create security profiles for the APs on your network MAC Filtering Create MAC filtering profiles for the APs on your network 3 4 3 MON Profile Use these screens to set up monitor mode configurations that allow your connected APs to scan for other wireless devices in the vicinity Table 15 MON Profile Types TYPE ABILITIES Monitor Create monitor mode configurations that can be used by the APs to periodically listen to a specified channel or number of channels for other wireless devices broadcasting on the 802 11 frequencies 3 5 System This section introduces some of the management features in the NWA3000 N series AP Use Host Name to configure the system and domain name for the NWA3000 N series AP Use Date Time to configure the current date time and time zone in the NWA3000 N series AP Use Console Speed to set the console speed Use Language to select a language for the Web Configurator screens 3 5 1 WWW SSH TELNET FTP SNMP and Auth Server Use these screens to set which services or protocols can be used to access the NWA3000 N series AP Configuration gt System gt WWW SSH TELNET FTP SNMP MENU ITEM S Auth Server PREREQUISITES certificates WWW SSH FTP 52 NWA3000 N Series User s Guide Chapter 3 Configuration Basics 3 5 2 Logs and Reports The NWA3000 N serie
36. Appendix D Open Software Announcements Copyright c dates as appropriate to package The Regents of the University of California All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution Neither the name of the University nor of the Laboratory may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAI MED IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTI TUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE
37. BSD license Note that the University of California now prefers this license to the BSD license with advertising clause and now allows BSD itself to be used under the three clause license NWAJ3000 N Series User s Guide Appendix D Open Software Announcements Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution Neither the name of original copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTI CULAR PURPOSE ARE DISCLAI MED IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTE
38. CONSEQUENTI AL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Part 3 Cambridge Broadband Ltd copyright notice BSD Portions of this code are copyright c 2001 2003 Cambridge Broadband Ltd All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright NWA3000 N Series User s Guide Appendix D Open Software Announcements notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution The name of Cambridge Broadband Ltd may not be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
39. Configuration gt Object gt AP Profile gt SSID gt SSID List screen and click the Add button SSID List Security List MAC Filter List SSID Summary Profile Name SSD Security Profile QoS MAC Filtering Profile VLAN ID 1 default ZyXEL default WMM disable 1 Page 1 ofi Show 50 items Displaying 1 1 of 1 NWA3000 N Series User s Guide Chapter 4 Tutorials 4 The Add SSID Profile window opens 4a 4b 4c 4d 4e 4f 4g Add SSID Profile 21x t Create new Object Profile Name staff SSID staff Security Profile wpa2 Y MAC Filtering Profile disable Y QoS WMM Y VLAN ID 101 174094 E Hidden SsID V Enable Intra BSS Traffic blocking o J cw jJ Profile Name Enter staff SSID Enter staff This is the wireless network name that appears when wireless clients are looking for networks to join Security Profile Select wpa2 from the list This is the security profile created in step 2 QoS Select WMM VLAN ID Enter 101 Turn on intra BSS traffic blocking Click OK to save these settings 5 Repeat steps 3 and 4 to create the guest SSID profile with the same settings except guest as the profile name and SSID and 102 for the VLAN ID 6 Open the Configuration gt Object AP Profile gt Radio screen and then double click the default entry Add Page 1 ofi Show 50 v items Displaying 1 2 of 2 NWA3000 N Seri
40. Configuration Files es LI File Name Size Last Modified 1 system default conf 2345 2010 11 24 02 19 31 2 startup config conf 2868 1970 01 01 14 18 46 3 lastgood conf 2879 1970 01 01 12 02 28 standalone backup conf 2652 1970 01 01 00 52 55 Page 1 ofi Show 50 v items Displaying 1 4of 4 Upload Configuration File To upload a configuration file browse to the location of the file conf and then dick Upload Feat m s Do not turn off the NWA3000 N series AP while configuration file upload is in progress NWA3000 N Series User s Guide Chapter 17 File Manager The following table describes the labels in this screen Table 88 Maintenance File Manager Configuration File LABEL DESCRIPTION Rename Use this button to change the label of a configuration file on the NWA3000 N series AP You can only rename manually saved configuration files You cannot rename the lastgood conf system default conf and startup config conf files You cannot rename a configuration file to the name of another configuration file in the NWA3000 N series AP Click a configuration file s row to select it and click Rename to open the Rename File screen i Rename J x Source file startup config back conf Target file OK f Cancel Specify the new name for the configuration file Use up to 25 characters including a zA Z0 9 amp Click OK to save the duplicate or click
41. Current Date fields will display the appropriate settings if the synchronization is successful If the synchronization was not successful a log displays in the View Log screen Try re configuring the Date Time screen To manually set the NWA3000 N series AP date and time Click System Date Time Select Manual under Time and Date Setup Enter the NWA3000 N series AP s time in the New Time field Enter the NWA3000 N series AP s date in the New Date field Under Time Zone Setup select your Time Zone from the list As an option you can select the Enable Daylight Saving check box to adjust the NWA3000 N series AP clock for daylight savings Click Apply To get the NWA3000 N series AP date and time from a time server Click System Date Time Select Get from Time Server under Time and Date Setup Under Time Zone Setup select your Time Zone from the list Under Time and Date Setup enter a Time Server Address Click Apply NWA3000 N Series User s Guide Chapter 15 System 15 4 Console Speed This section shows you how to set the console port speed when you connect to the NWA3000 N series AP via the console port using a terminal emulation program See Table 1 on page 25 for default console port settings Click Configuration System Console Speed to open this screen Figure 87 Configuration System Console Speed Console Speed General Settings Console Port Speed 115200 Y Apply
42. Flash Usage This field displays what percentage of the NWA3000 N series AP s onboard flash memory is currently being used AP Information This shows a summary of connected wireless Access Points APs All AP This section displays a summary for all connected wireless APs when the NWA3000 N series AP is in controller mode Online This displays the number of currently connected managed APs Management AP Offline This displays the number of currently offline managed APs Management AP Un This displays the number of non managed APs Management AP All Station This section displays a summary of connected stations when the NWA3000 N series AP is in controller mode Station This displays the number of stations currently connected to the network All Sensed Device This sections displays a summary of all wireless devices detected by the network Un Classified AP This displays the number of detected unclassified APs Rogue AP This displays the number of detected rogue APs Friendly AP This displays the number of detected friendly APs NWAJ3000 N Series User s Guide Chapter 5 Dashboard Table 17 Dashboard continued LABEL DESCRIPTION WDS Link Status This section displays information about the WDS settings when the NWA3000 N series AP is in controller mode and configured to use WDS Radio This field displays which radio the NWA3000
43. GHz operation Select auto to have the NWA3000 N series AP automatically select the best channel Select manual to select the individual channels the NWA3000 N series AP switches between Select channels from the Available channels list and use the right arrow button to move them to the Channels selected list Apply Click Apply to save your changes back to the NWA3000 N series AP Reset Click Reset to return the screen to its last saved settings 9 7 Technical Reference The following section contains additional technical information about the features described in this chapter Dynamic Channel Selection When numerous APs broadcast within a given area they introduce the possibility of heightened radio interference especially if some or all of them are broadcasting on the same radio channel If the interference becomes too great then the network administrator must open his AP configuration options and manually change the channel to one that no other AP is using or at least a channel that has a lower level of interference in order to give the connected stations a minimum degree of interference Dynamic channel selection frees the network administrator from this task by letting the AP do it automatically The AP can scan the area around it looking for the channel with the least amount of interference In the 2 4 GHz spectrum each channel from 1 to 13 is broken up into discrete 22 MHz segments that are spaced 5 MHz
44. Library refers to a function or a table of data to be supplied by an application program that uses the facility other than as an argument passed when the facility is invoked then you must make a good faith effort to ensure that in the event an application does not supply such function or table the facility still operates and performs whatever part of its purpose remains meaningful For example a function in a library to compute square roots has a purpose that is entirely well defined independent of the application NWA3000 N Series User s Guide Appendix D Open Software Announcements Therefore Subsection 2d requires that any application supplied function or table used by this function must be optional if the application does not supply it the square root function must still compute square roots These requirements apply to the modified work as a whole If identifiable sections of that work are not derived from the Library and can be reasonably considered independent and separate works in themselves then this License and its terms do not apply to those sections when you distribute them as separate works But when you distribute the same sections as part of a whole which is a work based on the Library the distribution of the whole must be on the terms of this License whose permissions for other licensees extend to the entire whole and thus to each and every part regardless of who wrote it Thus it is not the intent of this secti
45. MAC Filter List LABEL DESCRIPTION Add Click this to add a new MAC filtering profile Edit Click this to edit the selected MAC filtering profile Remove Click this to remove the selected MAC filtering profile NWA3000 N Series User s Guide Chapter 12 AP Profile Table 58 Configuration gt Object gt AP Profile gt SSID gt MAC Filter List continued LABEL DESCRIPTION Object Reference Click this to view which other objects are linked to the selected MAC filtering profile for example SSID profile This field is a sequential value and it is not associated with a specific user Profile Name This field indicates the name assigned to the MAC filtering profile Filter Action This field indicates this profile s filter action if any 12 3 3 1 Add Edit MAC Filter Profile This screen allows you to create a new MAC filtering profile or edit an existing one To access this screen click the Add button or select a MAC filter profile from the list and click the Edit button Note Each MAC filtering profile can include a maximum of 512 MAC addresses Figure 73 SSID gt MAC Filter List gt Add Edit MAC Filter Profile Add MAC Filter Profile x Profile Name Filter Action deny v Add MAC Description Page 1 ofi Show 50 items No data to display Cancel The following table describes the labels in this screen Table 59
46. N series AP is configured to use for WDS Link ID This field displays the name of the bridge connection Peer MAC This field displays the hardware address of the peer device Address Security This field displays which type of security the NWA3000 N series AP is using for WDS with this radio Status This field displays the status of the connection to the peer device System Status System Uptime This field displays how long the NWA3000 N series AP has been running since it last restarted or was turned on Current Date Time This field displays the current date and time in the NWA3000 N series AP The format is yyyy mm dd hh mm ss Current Login User This field displays the user name used to log in to the current session the amount of reauthentication time remaining and the amount of lease time remaining Boot Status This field displays details about the NWA3000 N series AP s startup state OK The NWA3000 N series AP started up successfully Firmware update OK A firmware update was successful Problematic configuration after firmware update The application of the configuration failed after a firmware upgrade System default configuration The NWA3000 N series AP successfully applied the system default configuration This occurs when the NWA3000 N series AP starts for the first time or you intentionally reset the NWA3000 N series AP to the system default settings Fallback to lastgood config
47. O OO General Settings Enable Server Port 23 L Amy J Rest The following table describes the labels in this screen Table 75 Configuration gt System gt TELNET LABEL DESCRIPTION Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address es in the Service Control table to access the NWA3000 N series AP CLI using this service Server Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Apply Click Apply to save your changes back to the NWA3000 N series AP Reset Click Reset to return the screen to its last saved settings 15 8 FTP You can upload and download the NWA3000 N series AP s firmware and configuration files using FTP To use this feature your computer must have an FTP client See Chapter 17 on page 241 for more information about firmware and configuration files NWA3000 N Series User s Guide 215 Chapter 15 System To change your NWA3000 N series AP s FTP settings click Configuration gt System gt FTP tab The screen appears as shown Use this screen to specify FTP settings FTP J Enable Figure 101 Configuration System FTP General Settings TLS required Server Port Server Certificate default v 21 v jJ Ree jJ The following table
48. OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE This Product includes net snmp software under BSD like license Various copyrights apply to this package listed in various separate parts below Please make sure that you read all the parts Part 1 CMU UCD copyright notice BSD like Copyright 1989 1991 1992 by Carnegie Mellon University Derivative Work 1996 1998 2000 Copyright 1996 1998 2000 The Regents of the University of California All Rights Reserved Permission to use copy modify and distribute this software and its NWA3000 N Series User s Guide Appendix D Open Software Announcements documentation for any purpose and without fee is hereby granted provided that the above copyright notice appears in all copies and that both that copyright notice and this permission notice appear in supporting documentation and that the name of CMU and The Regents of the University of California not be used in advertising or publicity pertaining to distribution of the software without specific written permission CMU AND THE REGENTS OF THE UNIVERSITY OF CALIFORNIA DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS IN NO EVENT SHALL CMU OR THE REGENTS OF THE UNIVERSITY OF CALIFORNIA BE LIABLE FOR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM THE LOSS OF USE DATA OR PROFITS WHETH
49. PARTICULAR PLATFORM SOME JURISDICTIONS DO NOT ALLOW THE WAIVER OR EXCLUSION OF IMPLIED WARRANTIES SO THEY MAY NOT APPLY TO YOU IF THIS EXCLUSION IS HELD TO BE UNENFORCEABLE BY A COURT OF COMPETENT JURISDICTION THEN ALL EXPRESS AND IMPLIED WARRANTIES SHALL BE LIMITED IN DURATION TO A PERIOD OF THIRTY 30 DAYS FROM THE DATE OF PURCHASE OF THE SOFTWARE AND NO WARRANTIES SHALL APPLY AFTER THAT PERI OD 7 Limitation of Liability IN NO EVENT WILL ZyXEL BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INCI DENTAL OR CONSEQUENTI AL DAMAGES INCLUDING WITHOUT LIMITATION INDIRECT SPECIAL PUNITI VE OR EXEMPLARY DAMAGES FOR LOSS OF BUSINESS LOSS OF PROFITS BUSINESS INTERRUPTI ON OR LOSS OF BUSINESS INFORMATION ARISING OUT OF THE USE OF OR INABILITY TO USE THE NWA3000 N Series User s Guide Appendix D Open Software Announcements SOFTWARE OR PROGRAM OR FOR ANY CLAIM BY ANY OTHER PARTY EVEN IF ZyXEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES ZyXEL s TOTAL AGGREGATE LIABILITY WITH RESPECT TO ITS OBLIGATI ONS UNDER THIS AGREEMENT OR OTHERWISE WITH RESPECT TO THE SOFTWARE AND DOCUMENTATI ON OR OTHERWISE SHALL BE EQUAL TO THE PURCHASE PRICE BUT SHALL IN NO EVENT EXCEED THE PRODUCT S PRICE BECAUSE SOME STATES COUNTRIES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES THE ABOVE LIMITATI ON MAY NOT APPLY TO YOU 8 Export Restrictions THIS LICENSE AGREEMENT IS EXPRESSLY MADE SUBJECT TO ANY A
50. RxPkts This field displays the number of packets received by the NWA3000 N series AP on the physical port since it was last connected NWA3000 N Series User s Guide Chapter 6 Monitor Table 20 Monitor gt LAN Status continued LABEL DESCRIPTION Collisions This field displays the number of collisions on the physical port since it was last connected Tx This field displays the transmission speed in bytes per second on the physical port in the one second interval before the screen updated Rx This field displays the reception speed in bytes per second on the physical port in the one second interval before the screen updated Up Time This field displays how long the physical port has been connected System Up This field displays how long the NWA3000 N series AP has been running Time since it last restarted or was turned on 6 3 1 LAN Status Graph Use the port statistics graph to look at a line graph of packet statistics for the NWA3000 N series AP s physical LAN port To view in the LAN Status screen click the Switch to Graphic View button Figure 27 Monitor gt LAN Status gt Switch to Graphic View General Settings Refresh Interval 5 minutes Y Refresh Now Port Usage Switch To Grid View 65 Kbps T F Last Update 2010 11 17 16 28 19 20 28 00 28 04 28 08 28 12 28 The following table describes the labels in this screen Table 21 Monitor LAN
51. SSID gt MAC Filter List gt Add Edit MAC Filter Profile LABEL DESCRIPTION Profile Name Enter up to 31 alphanumeric characters for the profile name This name is only visible in the Web Configurator and is only for management purposes Spaces and underscores are allowed Filter Action Select allow to permit the wireless client with the MAC addresses in this profile to connect to the network through the associated SSID select deny to block the wireless clients with the specified MAC addresses Add Click this to add a MAC address to the profile s list NWA3000 N Series User s Guide Chapter 12 AP Profile Table 59 SSID gt MAC Filter List gt Add Edit MAC Filter Profile continued LABEL DESCRIPTION Edit Click this to edit the selected MAC address in the profile s list Remove Click this to remove the selected MAC address from the profile s list This field is a sequential value and it is not associated with a specific user MAC This field specifies a MAC address associated with this profile Description This field displays a description for the MAC address associated with this profile You can click the description to make it editable Enter up to 60 characters spaces and underscores allowed NWA3000 N Series User s Guide Chapter 12 AP Profile NWA3000 N Series User s Guide MON Profile 13 1 Overview This screen allows you to
52. Status Switch to Graphic View LABEL DESCRIPTION Refresh Enter how often you want this window to be automatically updated Interval Refresh Now Click this to update the information in the window right away NWA3000 N Series User s Guide Chapter 6 Monitor Table 21 Monitor LAN Status Switch to Graphic View continued LABEL DESCRIPTION Switch to Grid Click this to display the port statistics as a table View Kbps The y axis represents the speed of transmission or reception time The x axis shows the time period over which the transmission or reception occurred TX This line represents traffic transmitted from the NWA3000 N series AP on the physical port since it was last connected RX This line represents the traffic received by the NWA3000 N series AP on the physical port since it was last connected Last Update This field displays the date and time the information in the window was last updated 6 4 APList Use this screen to view which APs are currently connected to the NWA3000 N series AP This is available when the NWA3000 N series AP is in controller mode To access this screen click Monitor Wireless AP Information AP List AP List AP List Status Page 1 ofi Figure 28 Monitor gt Wireless gt AP Information gt AP List Registration Mgnt AP Station MAC Address 40 4A 03 42 70 16 Model Mgnt VLAN ID Descrip
53. This is the entry s index number in the list Status The activate light bulb icon is lit when the entry is active and dimmed when the entry is inactive Interface This field identifies the interface At the time of writing Ethernet and bridge interfaces can be included in the active passive mode virtual router The member interfaces of any bridge interfaces do not display separately Virtual Router IP Netmask This is the master NWA3000 N series AP s static IP address and subnet mask for this interface If a backup takes over for the master it uses this IP address These fields are blank if the interface is a DHCP client or has no IP settings Management IP This field displays the interface s management IP address and subnet Netmask mask You can use this IP address and subnet mask to access the NWA3000 N series AP whether it is in master or backup mode Link Status This tells whether the monitored interface s connection is down or up Synchronization Use synchronization to have a backup NWA3000 N series AP copy the master NWA3000 N series AP s configuration and certificates Every interface s management IP address must be in the same subnet as the interface s IP address the virtual router IP address Server Address If this NWA3000 N series AP is set to backup role enter the IP address or Fully Qualified Domain Name FQDN of the NWA3000 N series AP from which to get updated configuration Usually
54. Tim can read it and verify whether it is really from him or not Tim uses his private key to sign the message and sends it to Jenny Jenny receives the message and uses Tim s public key to verify it Jenny knows that the message is from Tim and that although other people may have been able to read the message no one can have altered it because they cannot re sign the message with Tim s private key Additionally Jenny uses her own private key to sign a message and Tim uses Jenny s public key to verify the message The NWA3000 N series AP uses certificates based on public key cryptology to authenticate users attempting to establish a connection not to encrypt the data that you send after establishing a connection The method used to secure the data that you send through an established connection depends on the type of connection The certification authority uses its private key to sign certificates Anyone can then use the certification authority s public key to verify the certificates A certification path is the hierarchy of certification authority certificates that validate a certificate The NWA3000 N series AP does not trust a certificate if any certificate on its path has expired or been revoked Certification authorities maintain directory servers with databases of valid and revoked certificates A directory of certificates that have been revoked before the scheduled expiration is called a CRL Certificate Revocation List The N
55. Timeout Settings Default Authentication These authentication timeout settings are used by default Timeout Settings when you create a new user account They also control the settings for any existing user accounts that are set to use the default settings You can still manually configure any user account s authentication timeout settings Edit Double click an entry or select it and click Edit to open a screen where you can modify the entry s settings This field is a sequential value and it is not associated with a specific entry 142 NWA3000 N Series User s Guide Chapter 11 User Table 50 Configuration gt Object gt User gt Setting continued LABEL DESCRIPTION User Type These are the kinds of user account the NWA3000 N series AP supports admin this user can look at and change the configuration of the NWA3000 N series AP limited admin this user can look at the configuration of the NWA3000 N series AP but not to change it user this is used for embedded RADIUS server and SNMPv3 user access Lease Time This is the default lease time in minutes for each type of user account It defines the number of minutes the user has to renew the current session before the user is logged out Admin users renew the session every time the main screen refreshes in the Web Configurator Reauthentication Time This is the default reauthentication time in minutes for each
56. User s Guide Chapter 21 Troubleshooting If a RADIUS server authenticates wireless stations the re authentication timer on the RADIUS server has priority Change the RADIUS server s configuration if you need to use a different re authentication timer setting Device HA is not working You may need to disable STP Spanning Tree Protocol The master and its backups must all use the same device HA mode active passive Configure a static IP address for each interface that you will have device HA monitor Configure a separate management IP address for each interface You can use it to access the NWA3000 N series AP for management whether the NWA3000 N series AP is the master or a backup The management IP address should be in the same subnet as the interface IP address Enable monitoring for the same interfaces on the master and backup NWA3000 N series APs Each monitored interface must have a static IP address and be connected to the same subnet as the corresponding interface on the backup or master NWA3000 N series AP If you have multiple NWA3000 N series AP virtual routers on your network use a different cluster ID to identify each virtual router There can only be one master NWA3000 N series AP in each virtual router same cluster ID A broadcast storm results when turn on Device HA Do not connect the bridge interfaces on two NWA3000 N series APs without device HA activated on both Either activate d
57. WPA 2 and WEP are improved data encryption and user authentication IEEE 802 1x The IEEE 802 1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management Authentication is done using an external RADIUS server NWA3000 N Series User s Guide Chapter 12 AP Profile 12 2 Radio This screen allows you to create radio profiles for the APs on your network A radio profile is a list of settings that an NWA3000 N series AP AP can use to configure either one of its two radio transmitters To access this screen click Configuration gt Object gt AP Profile Note You can have a maximum of 32 radio profiles on the NWA3000 N series AP Figure 66 Configuration gt Object gt AP Profile gt Radio Radio Summary Add Status Profile Name Frequency Band Channel ID 1 Q defaut 24G 6 2 defaut 5G 36 Page 1 ofi Show 50 v items Displaying 1 20f 2 amy Reset jJ The following table describes the labels in this screen Table 52 Configuration gt Object gt AP Profile gt Radio LABEL DESCRIPTION Add Click this to add a new radio profile Edit Click this to edit the selected radio profile Remove Click this to remove the selected radio profile Activate To turn on an entry select it and click Activate Inactivate To turn off an entry select it and click I nactivate Object Click this to
58. When a data frame exceeds the RTS CTS value you set between 0 to 2432 bytes the station that wants to transmit this frame must first send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer their transmission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhead involved in the RTS Request To Send CTS Clear to Send handshake If the RTS CTS value is greater than the Fragmentation Threshold value see next then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmented before they reach RTS CTS size Note Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy E NWA3000 N Series User s Guide Appendix C Wireless LANs Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size between 256 and 2432 bytes that can be sent in the wireless network before the AP
59. You can enter 0 to make the number of minutes unlimited Unlike Lease Time the user has no opportunity to renew the session without logging out OK Click OK to save your changes back to the NWA3000 N series AP Cancel Click Cancel to exit this screen without saving your changes 11 3 Setting This screen controls default settings login settings lockout settings and other user settings for the NWA3000 N series AP You can also use this screen to specify when users must log in to the NWA3000 N series AP before it routes traffic for them To access this screen login to the Web Configurator and click Configuration gt Object gt User gt Setting NWASO000 N Series User s Guide Chapter 11 User Figure 64 Configuration Object User Setting User Setting User Default Setting Default Authentication Timeout Settings User Type Lease Time Reauthentication Time 1 admin 1440 1440 2 limited admin 1440 1440 3 user Page 1 ofi Show 50 items Displaying 1 3 of 3 User Logon Settings 7 Limit the number of simultaneous logons for administration account Maximum number per administration account 1 1 64 User Lockout Settings 7 Enable logon retry limit Maximum retry count 5 1 99 Lockout period 30 1 65535 minutes The following table describes the labels in this screen Table 50 Configuration gt Object gt User gt Setting LABEL DESCRIPTION User Authentication
60. You may not impose any further restrictions on the recipients exercise of the rights granted herein You are not responsible for enforcing compliance by third parties with this License NWA3000 N Series User s Guide Appendix D Open Software Announcements 11 If as a consequence of a court judgment or allegation of patent infringement or for any other reason not limited to patent issues conditions are imposed on you whether by court order agreement or otherwise that contradict the conditions of this License they do not excuse you from the conditions of this License If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Library at all For example if a patent license would not permit royalty free redistribution of the Library by all those who receive copies directly or indirectly through you then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library If any portion of this section is held invalid or unenforceable under any particular circumstance the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims this section has the sole purpose of
61. a charge of no more than our cost of physically performing source code distribution a complete machine readable NWA3000 N Series User s Guide Appendix D Open Software Announcements copy of the complete corresponding source code for the version of the Programs that we distributed to you if we are in possession of such Notice Information herein is subject to change without notice Companies names and data used in examples herein are fictitious unless otherwise noted No part may be reproduced or transmitted in any form or by any means electronic or mechanical for any purpose except the express written permission of ZyXEL Communications Corporation This Product includes ntp software under the NTP License NTP License Copyright c David L Mills 1992 2004 Permission to use copy modify and distribute this software and its documentation for any purpose and without fee is hereby granted provided that the above copyright notice appears in all copies and that both the copyright notice and this permission notice appear in supporting documentation and that the name University of Delaware not be used in advertising or publicity pertaining to distribution of the software without specific written prior permission The University of Delaware makes no representations about the suitability this software for any purpose It is provided as is without express or implied warranty This Product includes expat software under the Expat Li
62. a different subnet as shown in the following figure Figure 39 CAPWAP and DHCP Option 138 SUBNET erm s SUBNET 2 hs F d N 4 NY DHCP EN NY F __ SERVER OPTION 138 X u7 Y CAPWAP I TRAFFIC I 1 I l I I CONTROLLER i A STATIC IP 3 4 i A 3 MANAGED N N AP 7 s 4 N EN sN fs _ d es a fh a 7 2 4 Notes on CAPWAP This section lists some additional features of ZyXEL s implementation of the CAPWAP protocol When the AP controller uses its internal Remote Authentication Dial In User Service RADIUS server managed APs also use the AP controller s authentication server to authenticate wireless clients f a managed AP s link to the AP controller is broken the managed AP continues to use the wireless settings with which it was last provided 7 3 The Management Mode Screen Use this screen to configure the NWA3000 N series AP as an a controller of managed NWA3000 N series APs a standalone AP or a managed AP NWA3000 N Series User s Guide Chapter 7 Management Mode Note After you change the operation mode the NWA3000 N series AP resets to its default settings for the mode you set it to including the IP address of 192 168 1 2 It also backs up its configuration to a xxx backup conf file where xxx denotes the mode the NWA3000 N series AP was previously using Click Configuration MGNT MODE in the NWA3000 N series AP s navigation menu The
63. a screen that shows which settings use the entry This field displays the certificate index number The certificates are listed in alphabetical order Name This field displays the name used to identify this certificate It is recommended that you give each certificate a unique name NWA3000 N Series User s Guide 1 75 Chapter 14 Certificates 176 Table 62 Configuration Object Certificate My Certificates continued LABEL DESCRIPTION Type This field displays what kind of certificate this is REQ represents a certification request and is not yet a valid certificate Send a certification request to a certification authority which then issues a certificate Use the My Certificate I mport screen to import the certificate and replace the request SELF represents a self signed certificate CERT represents a certificate issued by a certification authority Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country t is recommended that each certificate have unique subject information Issuer This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or department organization or company and country With self signed certificates this is the same informati
64. and LEAP Your wireless LAN device may not support all authentication types EAP Extensible Authentication Protocol is an authentication protocol that runs on top of the IEEE 802 1x transport mechanism in order to support multiple types of user authentication By using EAP to interact with an EAP compatible RADIUS server an access point helps a wireless station and a RADIUS server perform authentication The type of authentication you use depends on the RADIUS server and an intermediary AP s that supports IEEE 802 1x For EAP TLS authentication type you must first have a wired connection to the network and obtain the certificate s from a certificate authority CA A certificate also called digital IDs can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner EAP MD5 Message Digest Algorithm 5 MD5 authentication is the simplest one way authentication method The authentication server sends a challenge to the wireless client The wireless client proves that it knows the password by encrypting the password with the challenge and sends back the information Password is not sent in plain text NWA3000 N Series User s Guide Appendix C Wireless LANs However MD5 authentication has some weaknesses Since the authentication server needs to get the plaintext passwords the passwords must be stored Thus someone other than the authentication server may access the passw
65. and time NWA3000 N Series User s Guide Appendix A Log Descriptions Table 101 System Logs continued LOG MESSAGE DESCRIPTION s becomes Zombie at SS A process is present but not functioning 1st 96s Daemon Name 2nd 96s date and time When memory usage exceed threshold max memory usage reaches 96 d9696 mem threshold max When local storage usage exceeds threshold max 965 Partition name file system usage reaches d disk threshold max When memory usage drops below threshold min System Memory usage drops below the threshold of d mem threshold min When local storage usage drops below threshold min 96s partition name file system drops below the threshold of 96 d9696 disk threshold min DHCP Server executed with cautious mode enabled DHCP Server executed with cautious mode enabled DHCP Server executed with cautious mode disabled DHCP Server executed with cautious mode disabled Received packet is not an ARP response packet A packet was received but it is not an ARP response packet Receive an ARP response The device received an ARP response Receiv from s ARP respons s The device received an ARP response from the listed source A s The request IP is sent from s The device accepted a request Received ARP response NOT for the request IP address The device received an ARP response that is NOT for the reques
66. buttons deal with how and when the certificate is to be generated Create a self signed certificate Select this to have the NWA3000 N series AP generate the certificate and act as the Certification Authority CA itself This way you do not need to apply to a certification authority for certificates NWA3000 N Series User s Guide Chapter 14 Certificates Table 63 Configuration Object Certificate My Certificates Add continued LABEL DESCRIPTION Create a certification request and save it locally for later manual enrollment Select this to have the NWA3000 N series AP generate and store a request for a certificate Use the My Certificate Details screen to view the certification request and copy it to send to the certification authority Copy the certification request from the My Certificate Details screen and then send it to the certification authority Create a certification request and enroll for a certificate immediately online Select this to have the NWA3000 N series AP generate a request for a certificate and apply to a certification authority for a certificate You must have the certification authority s certificate already imported in the Trusted Certificates screen When you select this option you must select the certification authority s enrollment protocol and the certification authority s certificate from the drop down list boxes and enter the certification a
67. case you need to return to your previous settings Configuration File Flow at Restart f there is not a startup config conf when you restart the NWA3000 N series AP whether through a management interface or by physically turning the power off and back on the NWA3000 N series AP uses the system default conf configuration file with the NWA3000 N series AP s default settings NWA3000 N Series User s Guide Chapter 17 File Manager f there is a startup config conf the NWA3000 N series AP checks it for errors and applies it If there are no errors the NWA3000 N series AP uses it and copies it to the lastgood conf configuration file as a back up file If there is an error the NWA3000 N series AP generates a log and copies the startup config conf configuration file to the startup config bad conf configuration file and tries the existing lastgood conf configuration file If there isn t a lastgood conf configuration file or it also has an error the NWA3000 N series AP applies the system default conf configuration file You can change the way the startup config conf file is applied Include the setenv startup stop on error off command The NWA3000 N series AP ignores any errors in the startup config conf file and applies all of the valid commands The NWA3000 N series AP still generates a log for any errors Figure 113 Maintenance File Manager Configuration File Configuration File S cript ware Package Shell Script
68. continued LOG MESSAGE DESCRIPTION Master configuration is the same with Backup Skip updating TE The System Startup configuration file synchronized from the Master is the same with the one in the Backup so the configuration does not have to be updated s file not existed Skip syncing it for s There is no file to be synchronized from the Master when syncing a object AV AS IDP Certificate System Configuration But in fact there should be something in the Master for the device to synchronize with 1st 96s The syncing object 2ed 96s The feature name for the syncing object Master firmware version can not be recognized Stop syncing from Master Synchronizing stopped because the firmware version file was not found in the Master A Backup device only synchronizes from the Master if the firmware versions are the same between the Master and the Backup Device HA Sync has The synchronization password was incorrect when attempting failed when syncing s to synchronize a certain object AV AS IDP Certificate for s due to bad System Configuration Sync Password i 1st 96s The object to be synchronized 2ed 96s The feature name for the object to be synchronized Device HA Sync has The Sync From IP address or Sync Port may be incorrect failed when syncing s when synchronizing a certain object AV AS IDP Certificate for s due to bad System Configuration NV Sync From NM or
69. describes the labels in this screen Table 76 Configuration System FTP LABEL DESCRIPTION Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address es in the Service Control table to access the NWA3000 N series AP using this service TLS required Select the check box to use FTP over TLS Transport Layer Security to encrypt communication This implements TLS as a security mechanism to secure FTP clients and or servers Server Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Server Certificate Select the certificate whose corresponding private key is to be used to identify the NWA3000 N series AP for FTP connections You must have certificates already configured in the My Certificates screen Apply Click Apply to save your changes back to the NWA3000 N series AP Reset Click Reset to return the screen to its last saved settings NWA3000 N Series User s Guide Chapter 15 System 15 9 SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices Your NWA3000 N series AP supports SNMP agent functionality which allows a manager station to manage and monitor the NWA3000 N series AP through the network The NWA3000 N series AP supports SNMP ver
70. ent emarb ncs 268 APA oo eree TTE IL Ll 270 KAESEVIL ceres eer ET 272 21 6 Resetting tha NWASOOD0 N series AP 1 sescenti rte erbaut tn nun Red rpnuE Rates 277 21 7 Getting More Troubleshooting Belpsssa iis eas dieci cx dddbe tais dk Cada Ra Radius 278 Chapter 22 Product SPeCHICAN ONS 279 sh sMarasBiiter r eet RE 282 DEDOnUON A Los DOS NS oiids send TRU Finale DM D A BO fg on Fr bn 285 Appendix B imperng Cerificate S Lisssscexecaxonernietexdennd oco dc AER RAT d GER ced RE ER FORTE Gb 305 Appendix Wireless LANS uada H TREAT LU RR Gh RM HEAR Va P ELE 319 Appendix D Open Software Announcements eene nnne 333 Appendix E Cegal Cr RGN vice So ETRAS TRTDME RU MM TELE MET RUNG BH RI cr bl A EIE ag lj 379 NWA3000 N Series User s Guide 18 Table of Contents NWA3000 N Series User s Guide PART I User s Guide Introduction 1 1 Overview Your NWA3000 N series AP s business class reliability SMB features and centralized wireless management make it ideally suited for advanced service delivery in mission critical networks The NWA3000 N series AP provides secure mobility across the 2 4GHz and 5GHz spectrums and the IEEE 802 11n standard s high bandwidth to support high performance applications It uses Multiple BSSID and VLAN to provide up to eight simultaneous independent virtual AP
71. even if this setting is selected E mail Server 1 Select whether each category of events should be included in the log messages when it is e mailed green check mark and or in alerts red exclamation point for the e mail settings specified in E Mail Server 1 The NWA3000 N series AP does not e mail debugging information even if it is recorded in the System log E mail Server 2 Select whether each category of events should be included in log messages when it is e mailed green check mark and or in alerts red exclamation point for the e mail settings specified in E Mail Server 2 The NWA3000 N series AP does not e mail debugging information even if it is recorded in the System log Log Consolidation NWA3000 N Series User s Guide Chapter 16 Log and Report Table 84 Configuration Log amp Report Log Setting Edit continued LABEL DESCRIPTION Active Select this to activate log consolidation Log consolidation aggregates multiple log messages that arrive within the specified Log Consolidation I nterval In the View Log tab the text count x where x is the number of original log messages is appended at the end of the Message field when multiple log messages were aggregated Log Type how often in seconds to consolidate log information If the onol danon same log message appears multiple times it is aggregated into one log message with the text count x whe
72. following screen displays MGNT Mode Figure 40 Configuration gt MGNT MODE n Management Mode AP Controller Standalone AP Managed AP Manual Auto DHCP Server Option 138 setting required amy Reset The following table describes the labels in this screen Table 33 Configuration gt MGNT MODE LABEL DESCRIPTION AP Controller Select this option to have the NWA3000 N series AP act as a managing device for other NWA3000 N series APs on your network The NWA3000 N series AP only acts as a controller when you select this Wireless clients cannot connect directly to the controller you have to connect to it through the wired network Standalone AP Select this to manage the NWA3000 N series AP using its own web configurator neither managing nor managed by other devices Managed AP Select this to have the NWA3000 N series AP managed by another NWA3000 N series AP on your network When you do this the NWA3000 N series AP can be configured ONLY by the management AP If you do not have an AP controller on your network and want to return the NWA3000 N series AP to standalone mode you must use the its physical RESET button or the commands All settings are returned to their default values Apply Click this to save your changes If you change the mode in this screen the NWA3000 N series AP restarts Wait a short while before you attempt to log in again If
73. gt Object gt Certificate gt Trusted Certificates gt Edit 7 Edit Trusted Certificates Configuration Name default cer Certification Path CN usg100 001349000001 _Refresh_ Certificate Validation E Enable X 509v3 CRL Distribution Points and OCSP checking OCSP Server LDAP Server Certificate Information Type Self signed X 509 Certificate Version Serial Number Subject Issuer Signature Algorithm Valid From Valid To 2033 11 25 07 15 15 GMT Key Algorithm Subject Alternative Name Key Usage Basic Constraint MD5 Fingerprint SHA1 Fingerprint Certificate pg BEGIN X509 CERTIFICATE MIIB zCCAWSgAwIBAgIEUpmQgzANBgkqhkiG9SwO0BAQUFADAeMRvewGgYDVOQDDBN1 C2cxMDB MDAxMzQSMDAwMDAxMBAXDTEzMTEzMDA3MTUxNVoOXDTMzMTEyNTA3MTUx NVowHjEcMBoGA1UEAwwTdXNnMTAwXzAwMTMOOTAwMDAwMTCBnzANBgkqhkiG9w0B Ix NWAJ3000 N Series User s Guide 187 Chapter 14 Certificates 188 The following table describes the labels in this screen Table 67 Configuration Object Certificate Trusted Certificates Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate You can change the name You can use up to 31 alphanumeric and Me9x 96 amp 10 characters Certification Path Click the Refresh button to have this read only text box display the end entity s certificate and a list of certification authority cer
74. in the System log E mail Server 2 E mail Select whether each category of events should be included in log messages when it is e mailed green check mark and or in alerts red exclamation point for the e mail settings specified in E Mail Server 2 The NWA3000 N series AP does not e mail debugging information even if it is recorded in the System log Remote Server 1 4 For each remote server select what information you want to log from each Log Category except All Logs see below Choices are disable all logs red X do not log any information from this category enable normal logs green checkmark log regular information and alerts from this category enable normal logs and debug logs yellow check mark log regular information alerts and debugging information from this category OK Click this to save your changes and return to the previous screen Cancel Click this to return to the previous screen without saving your changes NWA3000 N Series User s Guide 17 1 17 1 1 17 1 2 File Manager Overview Configuration files define the NWA3000 N series AP s settings Shell scripts are files of commands that you can store on the NWA3000 N series AP and run when you need them You can apply a configuration file or run a shell script without the NWA3000 N series AP restarting You can store multiple configuration files and shell script files on the NWA3000 N series AP You can ed
75. is not precisely defined by law If such an object file uses only numerical parameters data structure layouts and accessors and small macros and small inline functions ten lines or less in length then the use of the object file is unrestricted regardless of whether it is legally a derivative work Executables containing this object code plus portions of the Library will still fall under Section 6 Otherwise if the work is a derivative of the Library you may distribute the object code for the work under the terms of Section 6 Any executables containing that work also fall under Section 6 whether or not they are linked directly with the Library itself 6 As an exception to the Sections above you may also combine or link a work that uses the Library with the Library to produce a work containing portions of the Library and distribute that work under terms of your choice provided that the terms permit modification of the work for the customer s own use and reverse engineering for debugging such modifications You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this NWAJ3000 N Series User s Guide Appendix D Open Software Announcements License You must supply a copy of this License If the work during execution displays copyright notices you must include the copyright notice for the Library among them as well as a reference directing the user to t
76. more information on your NWA3000 N series AP s output power Note Reducing the output power also reduces the NWA3000 N series AP s effective broadcast radius NWA3000 N Series User s Guide Chapter 12 AP Profile Table 53 Configuration gt Object gt AP Profile gt Add Edit Profile continued LABEL DESCRIPTION Rate Configuration This section controls the data rates permitted for clients For each Rate select a rate option from its list The rates are Fast Select Select an 802 11 broadcast frequency to determine the baseline rate configuration Basic Rate Mbps Set the basic rate configuration in Mbps Support Rate Mbps Set the support rate configuration in Mbps e MCS Rate Set the MCS rate configuration WDS Settings This section displays if you set the Operating Mode to AP Bridge or Bridge Repeater Configure the security settings for the NWA3000 N series AP s Wireless Distribution System WDS the wireless connection between two or more APs Select No Security to not encrypt the traffic between APs Note WDS security is independent of the security settings between the NWA3000 N series AP and any wireless clients Select TKI P ZyAI R Series Compatible to enable Temporal Key Integrity Protocol TKIP security on your WDS This option is compatible with other ZyXEL access points that support WDS security Use this if the other access points on your network support WDS sec
77. not support WPA or WPA2 WEP is less secure than WPA or WPA2 Encryption WPA improves data encryption by using Temporal Key Integrity Protocol TKIP Message Integrity Check MIC and IEEE 802 1x WPA2 also uses TKIP when required for compatibility reasons but offers stronger encryption than TKIP with Advanced Encryption Standard AES in the Counter mode with Cipher block chaining Message authentication code Protocol CCMP TKIP uses 128 bit keys that are dynamically generated and distributed by the authentication server AES Advanced Encryption Standard is a block cipher that uses a 256 bit mathematical algorithm called Rijndael They both include a per packet key mixing function a Message Integrity Check MIC named Michael an extended initialization vector IV with sequencing rules and a re keying mechanism WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is never used twice The RADIUS server distributes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients This all happens in the background automatically The Message Integrity Check MIC is designed to prevent an attacker from capturing data packets altering them and resending them The MIC provides a strong mathemati
78. obligated to provide any maintenance technical or other support for the resultant modified Software You may not copy reverse engineer decompile reverse compile translate adapt or disassemble the Software or any part thereof nor shall you attempt to create the source code from the object code for the Software Except as and only to the extent expressly permitted in this License you may not market co brand and private label or otherwise permit third parties to link to the Software or any part thereof You may not use the Software or any part thereof in the operation of a service bureau or for the benefit of any other person or entity You may not cause assist or permit any third party to do any of the foregoing Portions of the Software utilize or include third party software and other copyright material Acknowledgements licensing terms and disclaimers for such material are contained in the License Notice as below for the third party software and your use of such material is exclusively governed by their respective terms ZyXEL has provided as part of the Software package access to certain third party software as a convenience To the extent that the Software contains third party software ZyXEL has no express or implied obligation to provide any technical or other support for such software other than compliance with the applicable license terms of such third party and makes no warranty express implied or statutory whatsoever with respe
79. on your network use a different cluster ID for each virtual router Authentication Select the authentication method the virtual router uses Every interface in a virtual router must use the same authentication method and password Choices are None this virtual router does not use any authentication method Text this virtual router uses a plain text password for authentication Type the password in the field next to the radio button The password can consist of alphanumeric characters the underscore and some punctuation marks amp and it can be up to eight characters long IP AH MD5 this virtual router uses an encrypted MD5 password for authentication Type the password in the field next to the radio button The password can consist of alphanumeric characters the underscore and some punctuation marks 9 amp 963 and it can be up to eight characters long NWA3000 N Series User s Guide Chapter 10 Device HA Table 45 Configuration gt Device HA gt Active Passive Mode continued LABEL DESCRIPTION Monitored This table shows the status of the device HA settings and status of the Interface NWA3000 N series AP s interfaces Summary Edit Select an entry and click this to be able to modify it Activate To turn on an entry select it and click Activate Inactivate To turn off an entry select it and click Inactivate
80. ours we want to make certain that everyone understands that there is no warranty for this free software If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors reputations NWA3000 N Series User s Guide Appendix D Open Software Announcements Finally any free program is threatened constantly by software patents We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary To prevent this we have made it clear that any patent must be licensed for everyone s free use or not licensed at all The precise terms and conditions for copying distribution and modification follow TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION 0 This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License The Program below refers to any such program or work and a work based on the Program means either the Program or any derivative work under copyright law that is to say a work containing the Program or a portion of it either verbatim or with modifications and or translated into another language Hereinafter translation is included without limitation in the term modificati
81. pre authentication These two features are optional and may not be supported in all wireless devices Key caching allows a wireless client to store the PMK it derived through a successful authentication with an AP The wireless client uses the PMK when it tries to connect to the same AP and does not need to go with the authentication process again Pre authentication enables fast roaming by allowing the wireless client already connecting to an AP to perform IEEE 802 1x authentication with another AP before connecting to it Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA At the time of writing the most widely available supplicant is the WPA patch for Windows XP Funk Software s Odyssey client The Windows XP patch is a free download that adds WPA capability to Windows XP s built in Zero Configuration wireless client However you must run Windows XP to use it WPA 2 with RADIUS Application Example To set up WPA 2 you need the IP address of the RADIUS server its port number default is 1812 and the RADIUS shared secret A WPA 2 application example with an external RADIUS server looks as follows A is the RADIUS server DS is the distribution system The AP passes the wireless client s authentication request to the RADIUS server The RADIUS server then checks the user s identification against its database and
82. profile default 2g channel 11 output power 50 exit write While configuration files and shell scripts have the same syntax the NWA3000 N series AP applies configuration files differently than it runs shell scripts This is explained below Table 87 Configuration Files and Shell Scripts in the NWA3000 N series AP Configuration Files conf Shell Scripts zysh Resets to default configuration Goes into CLI Privilege mode Goes into CLI Configuration mode Runs the commands in the shell script Runs the commands in the configuration file You have to run the aforementioned example as a shell script because the first command is run in Privilege mode If you remove the first command you have to run the example as a configuration file because the rest of the commands are executed in Configuration mode Comments in Configuration Files or Shell Scripts In a configuration file or shell script use or as the first character of a command line to have the NWA3000 N series AP treat the line as a comment Your configuration files or shell scripts can use exit or a command line consisting of a single to have the NWA3000 N series AP exit sub command mode Note exit or I must follow sub commands if it is to make the NWA3000 N series AP exit sub command mode NWA3000 N Series User s Guide Chapter 17 File Manager In the following example lines 1 and 2 are comments Line 5 e
83. redistribution of the Program by all those who receive copies directly or indirectly through you then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program If any portion of this section is held invalid or unenforceable under any particular circumstance the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system it is up to the author donor to decide if he or she is willing to NWA3000 N Series User s Guide Appendix D Open Software Announcements distribute software through any other system and a licensee cannot impose that choice This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License 8 If the distribution and or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces the original copyright holder who places the Program under this License may add an explicit g
84. restart 241 console port 25 speed 199 Control and Provisioning of Wireless Access Points See CAPWAP cookies 31 copyright 373 CPU usage 77 80 CTS Clear to Send 322 current date time 78 194 daylight savings 196 setting manually 198 time server 198 D date 194 daylight savings 196 device HA 127 active passive mode 131 cluster D 136 273 configuration overview 51 copying configuration 128 device role 132 HA status 130 management access 128 management IP address 128 monitored interfaces 134 136 password 134 prerequisites 51 synchronization 128 synchronization password 134 synchronization port number 133 virtual router 135 virtual router and management IP addresses 136 device High Availability see device HA 127 DHCP 194 and domain name 194 diagnostics 253 Digital Signature Algorithm public key algorithm see DSA dimensions 280 disclaimer 373 DNS 107 DNS servers 107 domain name 194 Domain Name System see DNS DSA 178 DTLS 103 dynamic WEP key exchange 328 E EAP Authentication 326 e mail daily statistics report 228 encryption 22 329 RSA 182 NWA3000 N Series User s Guide Index ESS 320 ESSID 272 Extended Service Set IDentification 148 Extended Service Set See ESS 320 F FCC interference statement 373 file extensions configuration files 241 shell scripts 241 file manager 241 configuration overview 53 Firefox 31 firmware and restart 248 boot module see b
85. s Guide Chapter 12 AP Profile Table 57 SSID gt Security Profile gt Add Edit Security Profile continued Server Activate LABEL DESCRIPTION Primary Select the check box to enable user accounting through an external Secondary authentication server Accounting Server Port Accounting Enter the IP address of the external accounting server in dotted Server IP decimal notation Address Accounting Enter the port number of the external accounting server The default port number is 1813 You need not change this value unless your network administrator instructs you to do so with additional information Accounting Share Secret Enter a password up to 128 alphanumeric characters as the key to be shared between the external accounting server and the NWA3000 N series AP The key must be the same on the external accounting server and your NWA3000 N series AP The key is not sent over the network Reauthentication Timer Enter the interval in seconds between authentication requests Enter a 0 for unlimited requests Idle Timeout Enter the idle interval in seconds that a client can be idle before authentication is discontinued Authentication Type Select a WEP authentication method Choices are Open or Share key Share key is only available if you are not using 802 1x Key Length Select the bit length of the encryption key to be used in WEP connections If you
86. sat tune naire tenant 218 ox megan emirebe ee dicabaanesctesaeeidcataneededeanceeeadtetanenieis 219 15 9 4 Adding or Editing an SNMPv3 User Profile ie eccentric 220 1510 Mema RADIUS Serer senienas 221 15 10 1 Configuring the Internal RADIUS Server essere 222 1510 2 Adding or Editing a Trusted AP Profile 1 teeth Een aa Eom tuin annes 224 19 11 Technical Relerent 225 Chapter 16 Log and BepoOlT uiussasseian anat RIRRRAKRB MERI ELIUXERIB ETE AATAEAA ERR AUAR ARA REARNRKR A ME AM NE RAAKE RAIDER ERA 227 DA RUE NND RN E E IT 227 16 1 1 What You Can Do In this Chapter 2 cscsckooei nido poet eaae Ee tH REEF iin 227 ae Emad Dally REDON 227 WE OO cule MERE mm 229 T633 T Log Seting SUMMA Locust toes tae Pace cta tpa Schr e iach SE eae 230 I6 Bie Eon SOINS iier et dan epa ibd p dpa ac ras nis pp eR t tud RS 232 16 5 2 EHE Remo Sael Liccudiatuecidi cit bsec onto a a do taped aa 236 OE Nerei ESSET DL MT 238 Chapter 17 Pie MINGE ieee 241 12 3 OVES scs otudu bass luii ttn aont add d uftun duod anu oca a EUER Lacu statis Fe DUOC aR ERN b 241 173 1 What You Can Doin this Chaplet 22e era o reper ca ao 241 TaLe Yet you MBSO ORTON LastsppodssktavpnocaE SE pri YS Fi daa xaxa va RA manda Kinda aS doa us y End 241 jubes iki m ER S EUST 243
87. screen is polling Each user is also forced to log in the NWA3000 N series AP for authentication again when the reauthentication time expires You can change the timeout settings in the User screens HTTPS You can set the NWA3000 N series AP to use HTTP or HTTPS HTTPS adds security for Web Configurator sessions HTTPS HyperText Transfer Protocol over Secure Socket Layer or HTTP over SSL is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transactions of data by ensuring confidentiality an unauthorized party cannot read the transferred data NWA3000 N Series User s Guide Chapter 15 System authentication one party can identify the other party and data integrity you know if data has been changed It relies upon certificates public keys and private keys see Chapter 14 on page 171 for more information HTTPS on the NWA3000 N series AP is used so that you can securely access the NWA3000 N series AP using the Web Configurator The SSL protocol specifies that the HTTPS server the NWA3000 N series AP must always authenticate itself to the HTTPS client the computer which requests the HTTPS connection with the NWA3000 N series AP whereas the HTTPS client only should authenticate itself when the HTTPS server requires it to do so select Authenticate Client Certificates in the WWW screen Authenticate Client Certificates is optional an
88. sure about the number and location of any other devices in the region set the level to Medium The AP s tolerance for interference is relatively narrow On the other hand if you know there are numerous other devices in the region you should set the level to High to keep the interference to a minimum In this case the NWA3000 N series AP s tolerance for interference is quite strict Note Generally speaking the higher the sensitivity level the more frequently the AP switches channels As a consequence anyone connected to the AP will experience more frequent disconnects and reconnects unless you select Enable DCS Client Aware Enable DCS Client Select this to have the AP wait until all connected clients have Aware disconnected before switching channels If you disable this then the AP switches channels immediately regardless of any client connections In this instance clients that are connected to the AP when it switches channels are dropped 2 4 GHz Channel Select how you want to specify the channels the NWA3000 N series Selection Method AP switches between for 2 4 GHz operation Select auto to have the NWA3000 N series AP display a 2 4 GHz Channel Deployment field you can use to limit channel switching to 3 or 4 channels Select manual to select the individual channels the NWA3000 N series AP switches between Select channels from the Available channels list and use the right arrow button to move them to the Channels
89. the computer with the listed hostname and MAC address Requested s from S S The NWA3000 N series AP received a DHCP request for the specified IP address from the computer with the listed hostname and MAC address No applicable lease found for DHCP request s There is no matching DHCP lease for a DHCP client s request for the specified IP address DHCP released s with s s A DHCP client released the specified IP address The DHCP client s hostname and MAC address are listed Sending ACK to s The DHCP server feature received a DHCP client s inform packet and is sending an ACK to the client DHCP server assigned s to s s The DHCP server feature assigned a client the IP address that it requested The DHCP client s hostname and MAC address are listed Table 107 E mail Daily Report Logs LOG MESSAGE DESCRIPTION Email Daily Report has been activated The daily e mail report function has been turned on The NWA3000 N series AP will e mail a daily report about the selected items at the scheduled time if the required settings are configured correctly Email Daily Report has been deactivated The daily e mail report function has been turned off The NWA3000 N series AP will not e mail daily reports NWA3000 N Series User s Guide Appendix A Log Descriptions Table 107 E mail Daily Report Logs continued LOG MESSAGE DESCRI
90. the NWA3000 N series AP exit sub command mode Include write commands in your scripts Otherwise the changes will be lost when the NWA3000 N series AP restarts You could use multiple write commands in a long script Note exit or I must follow sub commands if it is to make the NWA3000 N series AP exit sub command mode cannot get the firmware uploaded using the commands The Web Configurator is the recommended method for uploading firmware You only need to use the command line interface if you need to recover the firmware See the CLI Reference Guide for how to determine if you need to recover the firmware and how to recover it My packet capture captured less than wanted or failed The packet capture screen s File Size sets a maximum size limit for the total combined size of all the capture files on the NWA3000 N series AP including any existing capture files and any new capture files you generate If you have existing capture files you may need to set this size larger or delete existing capture files The NWA3000 N series AP stops the capture and generates the capture file when either the capture files reach the File Size or the time period specified in the Duration field expires My earlier packet capture files are missing New capture files overwrite existing files of the same name Change the File Suffix field s setting to avoid this NWA3000 N Series User s Guide 275 Chapter 21 Troubleshoot
91. the configuration of the NWA3000 N series AP limited admin this user can look at the configuration of the NWA3000 N series AP but not to change it user this user has access to the NWA3000 N series AP s services but cannot look at the configuration Lease Time Enter the number of minutes this type of user account has to renew the current session before the user is logged out You can specify 1 to 1440 minutes You can enter 0 to make the number of minutes unlimited Admin users renew the session every time the main screen refreshes in the Web Configurator Access users can renew the session by clicking the Renew button on their screen If you allow access users to renew time automatically the users can select this check box on their screen as well In this case the session is automatically renewed before the lease time expires NWA3000 N Series User s Guide Chapter 11 User Table 51 User gt Setting gt Edit User Authentication Timeout Settings continued LABEL DESCRIPTION Reauthentication Type the number of minutes this type of user account can be logged Time into the NWA3000 N series AP in one session before the user has to log in again You can specify 1 to 1440 minutes You can enter 0 to make the number of minutes unlimited Unlike Lease Time the user has no opportunity to renew the session without logging out OK Click OK to save your changes back to the NWA3000 N series A
92. this option then the AP simply delays the connection until it can afford the bandwidth it requires or it shunts the connection to another AP within its broadcast radius The kick priority is determined automatically by the NWA3000 N series AP and is as follows dle Timeout Devices that have been idle the longest will be kicked first If none of the connected devices are idle then the priority shifts to Signal Strength Signal Strength Devices with the weakest signal strength will be kicked first Note If you enable this function you should ensure that there are multiple APs within the broadcast radius that can accept any rejected or kicked wireless clients otherwise a wireless client attempting to connect to an overloaded AP will be kicked continuously and never be allowed to connect Apply Click Apply to save your changes back to the NWA3000 N series AP Reset Click Reset to return the screen to its last saved settings 9 5 1 Disassociating and Delaying Connections When your AP becomes overloaded there are two basic responses it can take The first one is to delay a client connection This means that the AP withholds the connection until the data transfer throughput is lowered or the client connection is picked up by another AP If the client is picked up by another AP then the original AP cannot resume the connection For example here the AP has a balanced bandwidth allotment of 6 Mbps
93. this value to verify with the certification authority over the phone for example that this is actually their certificate Certificate This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses lowercase letters uppercase letters and numerals to convert a binary certificate into a printable form You can copy and paste the certificate into an e mail to send to friends or colleagues or you can copy and paste the certificate into a text editor and save the file on a management computer for later distribution via floppy disk for example Export Certificate Click this button and then Save in the File Download screen The Save As screen opens browse to the location that you want to use and click Save OK Click OK to save your changes back to the NWA3000 N series AP You can only change the name Cancel Click Cancel to quit and return to the Trusted Certificates screen 14 3 2 Import Trusted Certificates Click Configuration gt Object gt Certificate gt Trusted Certificates gt I mport to open the Trusted Certificates I mport screen Follow the instructions in this screen to save a trusted certificate to the NWA3000 N series AP Note You must remove any spaces from the certificate s filename before you can import the certificate Figure 83 Configuration Object Certificate Trusted Certificates Import Import Trusted Ce
94. to force user authentication AP Profile Radio Create and manage wireless radio settings files that can be associated with different APs SSID Create and manage wireless SSID security and MAC filtering settings files that can be associated with different APs MON Profile Create and manage rogue AP monitoring files that can be associated with different APs Certificate My Certificates Create and manage the NWA3000 N series AP s certificates Trusted Import and manage certificates from trusted Certificates sources System Host Name Configure the system and domain name for the NWA3000 N series AP Date Time Configure the current date time and time zone in the NWA3000 N series AP Console Set the console speed Speed WWW Configure HTTP HTTPS and general authentication SSH Configure SSH server and SSH service settings TELNET Configure telnet server settings for the NWA3000 N series AP NWA3000 N Series User s Guide Chapter 2 The Web Configurator Table 6 Configuration Menu Screens Summary continued FOLDER OR LINK TAB FUNCTION FTP Configure FTP server settings SNMP Configure SNMP communities and services Auth Server Configure settings for the NWA3000 N series AP s built in authentication server Log amp Report Email Daily Configure where and how to send daily reports and Report what reports to send Log Setting Configure the system log e mail logs and re
95. use the account settings used for BOB not bob User names have to be different than user group names Here are the reserved user names adm admin debug devicehaecived dap users Ip operator e radius users Sync e uucp any ftp mail root zyxel bin games news shutdown daemon halt nobody sshd NWAJ3000 N Series User s Guide Chapter 11 User To access this screen go to the User screen and click Add or Edit Figure 63 Configuration User User Add Edit A User 3 Add A User x User Configuration User Name User Type admin v Password Retype Description Local User Authentication Timeout Settings Use Default Settings Use Manual Settings Lease Time 1440 minutes Reauthentication Time 1440 minutes Cancel The following table describes the labels in this screen Table 49 Configuration gt User gt User gt Add Edit A User LABEL DESCRIPTION User Name Type the user name for this user account You may use 1 31 alphanumeric characters underscores _ or dashes but the first character cannot be a number This value is case sensitive User names have to be different than user group names and some words are reserved User Type Select what type of user this is Choices are admin this user can look at and change the configuration of the NWA3000 N series AP limited admin this use
96. user When you configure your Windows XP SP2 Wireless Zero Configuration PEAP MS CHAPv2 settings clear the Use Windows logon name and password check box When authentication begins a pop up dialog box requests you to type a Name Password and Domain of the RADIUS server Specify a name and password only do not specify a domain NWA3000 N Series User s Guide Chapter 15 System NWA3000 N Series User s Guide Log and Report 16 1 Overview Use the system screens to configure daily reporting and log settings 16 1 1 What You Can Do In this Chapter The Email Daily Report screen Section 16 2 on page 227 configures how and where to send daily reports and what reports to send The Log Setting screens Section 16 3 on page 229 specify which logs are e mailed where they are e mailed and how often they are e mailed 16 2 Email Daily Report Use this screen to start or stop data collection and view various statistics about traffic passing through your NWA3000 N series AP Note Data collection may decrease the NWA3000 N series AP s traffic throughput rate NWA3000 N Series User s Guide 227 Chapter 16 Log and Report Click Configuration Log amp Report Email Daily Report to display the following screen Configure this screen to have the NWA3000 N series AP e mail you system statistics every day Email Daily Report General Settings 7 Enable Email Daily Report Email Settings Mai
97. we e e 4 Default Mea ME e e 9 2 DHCP e Me 9 J 9 9 6 File Manager v F v 9 J Interface e E E wo e o 3 Interface Statistics e 7 9 9 9 PKI g we v 9 g e e 10 System 59 vi 7 v 9 i 11 System Monitoring e e 12 TrafficLog e e 9 9 13 User MA vi 7 e lt 1 This screen provides a different view and a different way of indicating which messages are included in each log and each alert The Default category includes debugging messages generated by open source software NWA3000 N Series User s Guide Chapter 16 Log and Report The following table describes the fields in this screen Table 86 Configuration Log amp Report Log Setting Active Log Summary LABEL DESCRIPTION Active Log If the NWA3000 N series AP is set to controller mode the AC section Summary controls logs generated by the controller and the AP section controls logs generated by the managed APs System log Use the System Log drop down list to change the log settings for all of the log categories disable all logs red X do not log any information for any category for the system log or e mail any logs to e mail server 1 or 2 enable normal logs green check mark create log messages and alerts for all categories for the system log If e mail server 1 or 2 also has normal logs enabled the NWA3000 N series AP will e mail logs to them enable normal l
98. will fragment the packet into smaller data frames A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference If the Fragmentation Threshold value is smaller than the RTS CTS value see previously you set then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmented before they reach RTS CTS size Preamble Type Preamble is used to signal that data is coming to the receiver Short and long refer to the length of the synchronization field in a packet Short preamble increases performance as less time sending preamble means more time for sending data All IEEE 802 11 compliant wireless adapters support long preamble but not all support short preamble Use long preamble if you are unsure what preamble mode other wireless devices on the network support and to provide more reliable communications in busy wireless networks Use short preamble if you are sure all wireless devices on the network support it and to provide more efficient communications Use the dynamic setting to automatically use short preamble when all wireless devices on the network support it otherwise the NWA3000 N series AP uses long preamble Note The wireless devices MUST use the same preamble mode in order to communicate IEEE 802 11g Wireless LAN IEEE 802 11g is fully compatibl
99. x A ri J o JU a B of ESS An Extended Service Set ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood NWA3000 N Series User s Guide Appendix C Wireless LANs An ESSID ESS IDentification uniquely identifies each ESS All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate Figure 129 Infrastructure WLAN Ethernet JU amp P Y g AS AP1 2 y X w AP2 N ri A P Y A rv 1 r i i i LI a EA BE esse Nx m ks 4 SS n EON g L4 ur et BSS1 B M P a o s peru in T mU cd ESS y Channel A channel is the radio frequency ies used by wireless devices to transmit and receive data Channels available depend on your geographical area You may have a choice of channels for your region so you should use a channel different from an adjacent AP access point to reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overlap howeve
100. you changed the mode to Managed AP you cannot log in as the web configurator is disabled you must manage the NWA3000 N series AP through the controller AP on your network Reset Click this to return this screen to its previously saved settings NWA3000 N Series User s Guide LAN Setting 8 1 LAN Setting Overview Use these screens to configure the NWA3000 N series AP s LAN Ethernet interface including VLAN settings 8 1 1 What You Can Do in this Chapter The LAN Setting screens Section 8 2 on page 108 manage the LAN Ethernet interface including VLAN settings 8 1 2 What You Need to Know DNS Overview DNS Domain Name System is for mapping a domain name to its corresponding P address and vice versa The DNS server is extremely important because without it you must know the IP address of a machine before you can access it DNS Server Address Assignment The NWA3000 N series AP can get the DNS server addresses in the following ways The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If your ISP gives you DNS server addresses manually enter them in the DNS server fields If your ISP dynamically assigns the DNS server IP addresses along with the NWA3000 N series AP s WAN IP address set the DNS server fields to get the DNS server address from the ISP You can manually enter the IP addresses of other DNS servers NWA3000 N Series U
101. 0 N series AP You cannot rename a shell script to the name of another shell script in the NWA3000 N series AP Click a shell script s row to select it and click Rename to open the Rename File screen Specify the new name for the shell script file Use up to 25 characters including a zA Z0 9 amp _ Click OK to save the duplicate or click Cancel to close the screen without saving a duplicate of the configuration file Remove Click a shell script file s row to select it and click Delete to delete the shell script file from the NWA3000 N series AP A pop up window asks you to confirm that you want to delete the shell script file Click OK to delete the shell script file or click Cancel to close the screen without deleting the shell script file Download Click a shell script file s row to select it and click Download to save the configuration to your computer Copy Use this button to save a duplicate of a shell script file on the NWA3000 N series AP Click a shell script file s row to select it and click Copy to open the Copy File screen Specify a name for the duplicate file Use up to 25 characters including a zA Z0 9 amp 111 Click OK to save the duplicate or click Cancel to close the screen without saving a duplicate of the configuration file Run Use this button to have the NWA3000 N series AP use a specific shell script file Click a shell script file s row to select it and click Run
102. 00 N Series User s Guide Chapter 2 The Web Configurator NWA3000 N Series User s Guide Configuration Basics 3 1 Overview This section provides information to help you configure the NWA3000 N series AP effectively Some of it is helpful when you are just getting started Some of it is provided for your reference when you configure various features in the NWA3000 N series AP 3 2 Object based Configuration The NWA3000 N series AP stores information or settings as objects You use these objects to configure many of the NWA3000 N series AP s features and settings Once you configure an object you can reuse it in configuring other features When you change an object s settings the NWA3000 N series AP automatically updates all the settings or rules that use the object For example if you create a local certificate object you can have HTTPS FTP SSH and other settings use it If you modify the local certificate object all the HTTPS FTP SSH and other settings that are linked to that object automatically apply the updated settings You can use the Configuration Objects screens to create objects before you configure features that use them If you are in a screen that uses objects you can also usually select Create new Object to be able to configure a new object Use the Object Reference screen to see what objects are configured and which configuration settings reference specific objects 3 3 Feature Configuration Ove
103. 115 Network Temporarily Disconnected D Local Area Connection Network cable unplugged After five minutes log in again and check your new firmware version in the Dashboard screen 17 4 Shell Script Use shell script files to have the NWA3000 N series AP use commands that you specify Use a text editor to create the shell script files They must use a zysh filename extension Click Maintenance gt File Manager gt Shell Script to open this screen Use the Shell Script screen to store name download upload and run shell script files You can store multiple shell script files on the NWA3000 N series AP at the same time Note You should include write commands in your scripts If you do not use the write command the changes will be lost when the NWA3000 N series AP restarts You could use multiple write commands in a long script Figure 116 Maintenance gt File Manager gt Shell Script Shell Scripts File Name Size Last Modified Page 1 of 1 Show 50 v items No data to display Upload Shell Script To upload a shell script browse to the location of the file zysh and then dick Upload NWA3000 N Series User s Guide Chapter 17 File Manager Each field is described in the following table Table 90 Maintenance File Manager Shell Script LABEL DESCRIPTION Rename Use this button to change the label of a shell script file on the NWA300
104. 123 Firmware Package tM n 248 UE erp boe anan I TI T Uu te sens ren tren 249 Chapter 18 E AAA u I 253 HT SNE Hr 253 18 1 1 What You Can Dein this Cheaper sosisini RR dca as az a e ora az b ger Ee 253 Pu ecce ETT 253 I 1 7 q9 10 A i ae A EE O EEA EE EEES 254 A ce EMMIS FES iadaaa aeaa S AAi 256 18 3 2 Example of Viewing a Packet Capture File ssssssseeene 257 18 4 Wireless Frame Capia uio edendis paleis a aca abrasa p dd apad C AR UA 258 18 4 1 Wireless Frame Capture Files ususceu ase iac edad rir eto ng cuni aod das Eus CAR a ER UBND seer 261 12 NWA3000 N Series User s Guide Table of Contents Chapter 19 263 NE E gt eet conn nett tem nee CHORI TUERI AA N Ment RSEN IET ORNA ESTNE UNT 263 19 1 1 What You Need TO KNOW x csscnsccctcascndccerasernatedonumpeccceasncbactesaxeracedanmmendummanaacetamusiee 263 E PAIN tM E 263 Chapter 20 s A 265 AINESCIIS UP UR T 265 Ot Vhet You Need TORON causceientcsr i pbecissb v pere qur Float ela Saure ga abs L iaa estu eda 265 BUS 2 Ue PE TE 265 Chapter 21 ll M 267 PA A OMB e 267 21 2 Power Hardware Connections and LEDS eee 267 21 2 NWA3000 N series AP Access and LOGIN iuc rm rte ttn
105. 2nd 96s is error message when apply CLI command SS WARNING s Apply configuration failed this log will be what CLI command is and what warning message is 1st 96s is CLI command 2nd 96s is warning message when apply CLI command SS ERROR S Run script failed this log will be what wrong CLI command is and what error message is 1st 96s is CLI command 2nd 96s is error message when apply CLI command NWA3000 N Series User s Guide 297 Appendix A Log Descriptions Table 105 File Manager Logs continued LOG MESSAGE DESCRIPTION WARNING 4 s s Run script failed this log will be what wrong CLI command is and what warning message is 1st 96s is CLI command 2nd 96s is warning message when apply CLI command Resetting system Before apply configuration file System resetted Now apply s After the system reset it started to apply the configuration file 96s is configuration file name Running s An administrator ran the listed shell script 96s is script file name Table 106 DHCP Logs LOG MESSAGE DESCRIPTION Can t find any lease for this client s DHCP pool full All of the IP addresses in the DHCP pool are already assigned to DHCP clients so there is no IP address to give to the listed DHCP client DHCP server offered s to s s The DHCP server feature gave the listed IP address to
106. 3 Bridging Example Be careful to avoid bridge loops when you enable bridging in the NWA3000 N series AP Bridge loops cause broadcast traffic to circle the network endlessly resulting in possible throughput degradation and disruption of communications The following examples show two network topologies that can lead to this problem NWA3000 N Series User s Guide Chapter 1 Introduction f two or more NWA3000 N series APs in bridge mode are connected to the same hub Figure 4 Bridge Loop Two Bridges Connected to Hub P Bridge b AP Bridge o Ww f your NWA3000 N series AP in bridge mode is connected to a wired LAN while communicating with another wireless bridge that is also connected to the same wired LAN Figure 5 Bridge Loop Bridge Connected to Wired LAN ZyXEL Device ZyXEL Device Bridge Bridge To prevent bridge loops ensure that you enable Spanning Tree Protocol STP in the Wireless screen or your NWA3000 N series AP is not set to bridge mode while connected to both wired and wireless segments of the same LAN NWA3000 N Series User s Guide 2 Chapter 1 Introduction 1 2 2 AP Bridge In AP Bridge mode the NWA3000 N series AP supports both AP and bridge connection at the same time In the figure below A and B use X as an AP to access the wired network while X and Y communicate in bridge mode When the NWA3000 N series AP is in AP Bridge mode security between APs W
107. 3000 N series AP NWA3000 N Series User s Guide Chapter 10 Device HA 10 2 Device HA General This screen lets you enable or disable device HA and displays which device HA mode the NWA3000 N series AP is set to use along with a summary of the monitored interfaces Click Configuration Device HA General to display Figure 57 Co General General Settings E Enable Device HA Device HA Mode Interface a Page 1 Monitored Interface Summary ofi nfiguration Device HA General Virtual Router IP Netmask Management IP Netmask Link Status HA Status Show 50 v items No data to display The following table describes the labels in this screen Table 44 Configuration gt Device HA gt General LABEL DESCRIPTION Enable Device HA Turn the NWA3000 N series AP s device HA feature on or off Note It is not recommended to use STP Spanning Tree Protocol with device HA Device HA This displays active passive mode by default Legacy mode device HA is Mode not supported by the NWA3000 N series AP The master and its backups must all use the same device HA mode Monitored This table shows the status of the interfaces that you selected for Interface monitoring in the other device HA screens Summary This is the entry s index number in the list Interface These are the names of the interfaces that are monitored by device HA Virtual Router This is th
108. 4 15 5 1 Pre defined NTP Time Servers LIST cciisccisssiescdcniacviacsenctevadsedcssiadedentcculadsetesasaedgieosis 197 159 2 Time Server SZ uei ccscciu d petes aa easi aa 198 1500 LBNDAIG ODIT iig teens tm d E E enu ER Ub bun CUN osi rd drop nn errr ee ELA NE UOS 199 15 5 JAMADAT acer cee dent tuque aepo N i 200 155 1 Sanic Access LITIUIEOIS a possintiercdiba eroi pci asa a Ra ona do v pupa a da 200 cs rc cio NEU TT 200 TEU CIPS m 200 15 54 Gontlgudng WWW Se niiee GOHITO sia ra p br b rci o de brad ab za iE e 201 IXSOSMIIPSEJZGNDE 2 peepee tou ets oaa tenuis etre MitbbeYideu bun den te beU DEDECUS 203 TSG SOM m 209 1980 J Eur SOL WOE Ne Guusaceniusdskeasonndr anions de stan ON EN drio buda S S dca E ot 210 15 6 2 SSH Implementation on the NWA3000 N series AP sss 211 158 3 Meiuibsiments mr Delo SSH asc tme dist rae D patients pud la a RP Re 211 1599 CUI Sod Soscntosoaaiduber ciate cia tlbaiveue dn ab da uae dation dew UD Eo dp RUSO A NOE 212 1545 5 Examples of Secure Telnet USING SSH uei eret tenter ente n erre epRE recta a 213 NWA3000 N Series User s Guide Table of Contents 3 q A 214 TER DU Loncndeidcssebadaieaph A nid E eta Lar buit dace don nat dead EE Oa P OA CEU 215 TOT SNME ee m 217 TOT SUIHORSO NIBE cas abad orn aed den EU B Monac bord uad dnb ut etd 218 TELLE GRIPE TESEIB esi en ttn EH bebe BRE Cup dte tus LR npe
109. 6s Managed AP s description STA Roaming MAC Addr 02x 02x 02x 0 2x 02x 02x From s To s The specified station moved from the first specified AP to other specified AP 1st 02x 6th 02x Station MAC Address 7th 96s Source AP s description 8th 96s Destination AP s description STA List Full STA List of Managed AP s is Full Indicates that the number of stations connecting to the specified AP has reached its upper limit 1st 96s Managed AP s description NWA3000 N Series User s Guide Appendix A Log Descriptions Table 109 CAPWAP Client Logs LOG MESSAGE DESCRIPTION anaged AP Start Discovery Type s The CAPWAP Client service started 1st 96s Discovery type By DHCP Broadcast anaged AP Reset Discovery Type s Reset the CAPWAP Client service 1st 96s Discovery type By DHCP Broadcast anaged AP End The CAPWAP Client service was ended Connect to WLAN Controller WLAN o Controller s The CAPWAP Client connected to the WLAN Controller 1st 96s WLAN Controller IP Address Disconnect to WLAN Controller WLAN Controller s The CAPWAP Client was disconnected from the WLAN Controller 1st 96s WLAN Controller IP Address Updated configuration by a WLAN Controller Success s The configuration was upgraded successfully by the WLAN Controller 1st 96s Partial Updating Updated configurat
110. 7 NWA3000 N Series User s Guide Index Web Configurator 24 31 access 32 requirements 31 supported browsers 31 web configurator 17 WEP Wired Equivalent Privacy 148 Wi Fi Protected Access 148 328 wired network 17 18 wireless channel 272 wireless client WPA supplicants 330 Wireless Distribution System WDS 22 wireless LAN 272 wireless security 23 272 324 WLAN interference 321 security parameters 332 WLAN interface 18 WPA 148 328 key caching 330 pre authentication 330 user authentication 330 vs WPA PSK 329 wireless client supplicant 330 with RADIUS application example 330 WPA2 148 328 user authentication 330 vs WPA2 PSK 329 wireless client supplicant 330 with RADIUS application example 330 WPA2 Pre Shared Key 328 WPA2 PSK 328 329 application example 331 WPA PSK 329 application example 331 WWW 201 and certificates 202 see also HTTP HTTPS 201 NWA3000 N Series User s Guide Index NWA3000 N Series User s Guide
111. 9 configures device HA global settings and displays the status of each interface monitored by device HA The Active Passive Mode screens Section 10 3 on page 131 use active passive mode device HA You can configure general active passive mode device HA settings view and manage the list of monitored interfaces and synchronize backup NWA3000 N series APs NWA3000 N Series User s Guide 1 27 Chapter 10 Device HA 10 1 2 What You Need to Know 10 1 3 The following terms and concepts may help as you read this chapter Management Access You can configure a separate management IP address for each interface You can use it to access the NWA3000 N series AP for management whether the NWA3000 N series AP is the master or a backup The management IP address should be in the same subnet as the interface IP address Synchronization Use synchronization to have a backup NWA3000 N series AP copy the master NWA3000 N series AP s configuration and certificates Note Only NWA3000 N series APs of the same model and firmware version can synchronize Otherwise you must manually configure the master NWA3000 N series AP s settings on the backup by editing copies of the configuration files in a text editor for example Before You Begin Configure a static IP address for each interface that you will have device HA monitor Note Subscribe to services on the backup NWA3000 N series AP before synchronizing it with the master NWA
112. A3000 N series AP using another service such as Telnet If you can access the NWA3000 N series AP check the remote management settings to find out why the NWA3000 N series AP does not respond to HTTP f your computer is connected wirelessly use a computer that is connected to a LAN ETHERNET port f you ve forgotten the NWA3000 N series AP s IP address you can use the commands through the console port to check it Connect your computer to the CONSOLE port using a console cable Your computer should have a terminal emulation communications program such as HyperTerminal set to VT100 terminal emulation no parity 8 data bits 1 stop bit no flow control and 115200 bps port speed forgot the password 1 The default password is 1234 2 If this does not work you have to reset the device to its factory defaults See Section 21 6 on page 277 can see the Login screen but cannot log in to the NWA3000 N series AP NWA3000 N Series User s Guide Chapter 21 Troubleshooting 1 Make sure you have entered the user name and password correctly The default password is 1234 This fields are case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the NWA3000 N series AP Log out of the NWA3000 N series AP in the other session or ask the person who is logged in to log out 3 Disconnect and re connect the power adaptor or PoE power inje
113. AP TTLS server side certificate authentication is used to establish a secure connection then use simple username and password methods through the secured connection to authenticate the clients thus hiding client identity However PEAP only supports EAP methods such as EAP MD5 EAP MSCHAPv2 and EAP GTC EAP Generic Token Card for client authentication EAP GTC is implemented only by Cisco LEAP Lightweight Extensible Authentication Protocol is a Cisco implementation of IEEE 802 1x NWAJ3000 N Series User s Guide 327 Appendix C Wireless LANs Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server This key expires when the wireless connection times out disconnects or reauthentication times out A new WEP key is generated each time reauthentication is performed If this feature is enabled it is not necessary to configure a default encryption key in the wireless security configuration screen You may still configure and store keys but they will not be used while dynamic WEP is enabled Note EAP MD5 cannot be used with Dynamic WEP Key Exchange For added security certificate based authentications EAP TLS EAP TTLS and PEAP use dynamic keys for data encryption They are often deployed in corporate environments but for public deployment a simple user name and password pair is more practical The following table is a comparison of the features of authentication types Table 116 Comp
114. APs to use this profile Profile Name For the purposes of this tutorial set this to MonitorO1 Channel Dwell Time Leave this as the default 100 milliseconds This field is the number of milliseconds that the monitor AP scans each channel before moving on to the next Scan Channel Mode Set this to auto to automatically scan channels in the area 3 Click OK to save your changes 4 Next click Configuration gt Wireless gt AP Management Mgnt AP List Managed AP List id P MAC Address Mode Description 1 1 1 1 1 00 13 49 00 00 01 N A AP 001349000001 Page 1 of 1 Show 50 v items Displaying 1 1of1 NWA3000 N Series User s Guide Chapter 4 Tutorials 5 Select an AP and click Edit Edit AP List 21x t Create new Object v General Settings MAC Address 00 13 49 00 00 01 Model N A Description AP 001349000001 Radio 1 OP Mode AP Mode Q9 MON Mode Radio 1 Profile default M default VLAN Settings Monitor01 dr Management VLAN ID 1 1 4094 V As Native VLAN When the Edit AP List window opens configure the following Radio 1 OP Mode Set this to MON Mode to turn the AP into a rogue AP monitoring device Radio 1 Profile Select your newly created MonitorO1 profile from the list 6 Click OK to save your changes See also Chapter 6 on page 83 and Chapter 13 on page 165 4 2 1 Rogue AP Containment When the NWA3000 N series AP discovers a rogue AP within its b
115. Always Accept mode it automatically adds the AP to its Managed Access Points list and provides the managed AP with default configuration information as well as securely transmitting the DTLS pre shared key The managed AP is ready for association with wireless clients 7 2 2 Managed AP Finds the Controller A managed NWA3000 N series AP can find the controller in one of the following Ways Manually specify the controller s IP address using the commands See the NWA3000 N series AP CLI Reference Guide for details Get the controller s IP address from a DHCP server with the controller s P address configured as option 138 Broadcasting to discover the controller within the broadcast domain The AP controller must have a static IP address it cannot be a DHCP client 7 2 3 CAPWAP and IP Subnets By default CAPWAP works only between devices with IP addresses in the same subnet see the appendices for information on IP addresses and subnetting However you can configure CAPWAP to operate between devices with IP addresses in different subnets by doing the following Activate DHCP Your network s DHCP server must support option 138 defined in RFC 5415 NWA3000 N Series User s Guide Chapter 7 Management Mode Configure DHCP option 138 with the IP address of the CAPWAP AP controller on your network DHCP Option 138 allows the CAPWAP management request from the AP in managed AP mode to reach the AP controller in
116. Cancel to close the screen without saving a duplicate of the configuration file Remove Click a configuration file s row to select it and click Remove to delete it from the NWA3000 N series AP You can only delete manually saved configuration files You cannot delete the system default conf startup config conf and lastgood conf files A pop up window asks you to confirm that you want to delete the configuration file Click OK to delete the configuration file or click Cancel to close the screen without deleting the configuration file Download Click a configuration file s row to select it and click Download to save the configuration to your computer Copy Use this button to save a duplicate of a configuration file on the NWA3000 N series AP Click a configuration file s row to select it and click Copy to open the Copy File screen 1 Copy File 2x Source file startup config conf Target file OK Cancel Specify a name for the duplicate configuration file Use up to 25 characters including a zA Z0 9 amp _ Click OK to save the duplicate or click Cancel to close the screen without saving a duplicate of the configuration file NWA3000 N Series User s Guide Chapter 17 File Manager Table 88 Maintenance File Manager Configuration File continued LABEL DESCRIPTION Apply Use this button to have the NWA3000 N series AP use a specific configu
117. Customer Support use the built in wireless frame capture tools Chapter 18 on page 253 to capture data that can be used for more granular troubleshooting procedures To use the built in wireless frame capture tool first set up a second NWA3000 N series AP nearby to act as a Monitor AP Chapter 9 on page 111 The AP status is registered as offline even though it is on Check the network connections between the NWA3000 N series AP and the AP to ensure they are still intact The AP may be suffering from instability Disconnect it to turn its power off wait some time then reconnect it and see if that resolves the issue The CAPWAP daemon may be down Use the NWA3000 N series AP s built in diagnostic tools and CLI console to get CAPWAP debug messages which can later be sent to customer service for analysis 276 NWA3000 N Series User s Guide Chapter 21 Troubleshooting Wireless clients are not being load balanced among my APs Make sure that all the APs used by the wireless clients in question share the same SSID security and radio settings Make sure that all the APs are in the same broadcast domain Make sure that the wireless clients are in range of the other APs if they are only in range of a single AP then load balancing may not be as effective In the Monitor gt Wireless gt AP Information gt Radio List page there is no load balancing indicator associated with any APs assigned to the lo
118. DS is independent of the security between the wireless stations and the AP If you do not enable WDS security traffic between APs is not encrypted When WDS security is enabled both APs must use the same pre shared key Unless specified the term security settings refers to the traffic between the wireless stations and the NWA3000 N series AP Figure 6 AP Bridge Application 1 2 3 MBSSID A Basic Service Set BSS is the set of devices forming a single wireless network usually an access point and one or more wireless clients The Service Set IDentifier SSID is the name of a BSS In Multiple BSS MBSSID mode the 22 NWA3000 N Series User s Guide Chapter 1 Introduction NWA3000 N series AP provides multiple virtual APs each forming its own BSS and using its own individual SSID profile You can assign different wireless and security settings to each SSID profile This allows you to compartmentalize groups of users set varying access privileges and prioritize network traffic to and from certain BSSs To the wireless clients in the network each SSID appears to be a different access point As in any wireless network clients can associate only with the SSIDs for which they have the correct security settings See Section 4 1 on page 55 for an example of using MBSS 1 3 Management Mode One NWA3000 N series AP uses Control And Provisioning of Wireless Access Points CAPWAP see RFC 5415 to allow one AP to conf
119. Dashboard CPU Usage oo x Refresh Interval 4 24 24 19 41 23 a 3 41 5minutes v 1 224242 2 25 4 03 41 07 41 11 41 15 41 The following table describes the labels in this screen Table 18 Dashboard CPU Usage LABEL DESCRIPTION 96 The y axis represents the percentage of CPU usage time The x axis shows the time period over which the CPU usage occurred Refresh Interval Enter how often you want this window to be automatically updated Refresh Now Click this to update the information in the window right away NWA3000 N Series User s Guide Chapter 5 Dashboard 5 2 2 Memory Usage Use this screen to look at a chart of the NWA3000 N series AP s recent memory RAM usage To access this screen click Memory Usage in the dashboard Figure 25 Dashboard Memory Usage 100 2 La 12 22 15 42 16 90 80 70 60 50 40 30 20 10 19 42 23 42 03 42 07 42 11 42 Refresh Interval 5 minutes v The following table describes the labels in this screen Table 19 Dashboard gt Memory Usage LABEL DESCRIPTION The y axis represents the percentage of RAM usage The x axis shows the time period over which the RAM usage occurred Refresh Enter how often you want this window to be automatically updated Interval Refresh Now Click this to update the information in the window right a
120. Descriptions Table 100 Built in Services Logs continued LOG MESSAGE DESCRIPTION Enable daylight saving An administrator turned on daylight saving Disable daylight saving An administrator turned off daylight saving The default record of Zone Forwarder have reached the maximum number of 128 DNS servers The default record DNS servers is more than 128 Interface s ping check is successful Zone Forwarder adds DNS servers in records Ping check ok add DNS servers in bind 96s is interface name Interface s ping check is failed Zone Forwarder removes DNS servers in records Ping check failed remove DNS servers from bind 96s is interface name Interface s ping check is disabled Zone Forwarder adds DNS servers in records Ping check disabled add DNS servers in bind 96s is interface name SNMP trap can not be sent successfully Cannot send a SNMP trap to a remote host due to network error Table 101 System Logs LOG MESSAGE DESCRIPTION Port d is up When LINK is up 96d is the port number Port d is down When LINK is down 96d is the port number s is dead at s A daemon process is gone was killed by the operating System lst 96s Daemon Name 2nd 96s date and time s process count is incorrect at SS The count of the listed process is incorrect lst 96s Daemon Name 2nd 96s date
121. Document Conventions Icons Used in Figures Figures in this User s Guide may use the following generic icons The NWA3000 N series AP icon is not an exact representation of your device NWA3000 N series AP Computer Notebook computer os Server Printer Firewall Telephone Switch Router NWA3000 N Series User s Guide 5 Safety Warnings Safety Warnings Do NOT use this product near water for example in a wet basement or near a swimming pool Do NOT expose your device to dampness dust or corrosive liquids Do NOT store things on the device Do NOT install use or service this device during a thunderstorm There is a remote risk of electric shock from lightning Connect ONLY suitable accessories to the device ONLY qualified service personnel should service or disassemble this device Make sure to connect the cables to the correct ports Place connecting cables carefully so that no one will step on them or stumble over them Always disconnect all cables from this device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect the power adaptor or cord to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the dev
122. E POSSIBILITY OF SUCH DAMAGE Part 7 Fabasoft R amp D Software GmbH amp Co KG copyright notice BSD NWA3000 N Series User s Guide Appendix D Open Software Announcements Copyright c Fabasoft R amp D Software GmbH amp Co KG 2003 oss fabasoft com Author Bernhard Penz Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution The name of Fabasoft R amp D Software GmbH amp Co KG or any of its subsidiaries brand or product names may not be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR P
123. E odiis oui Sasa npn assis pasa rd Or baa seas ican a daro un uei N t 158 Tea erigcuaMomx ccd seit iadinkamesadsttesacalediad ab aiasatLacniaceitaalequbee ia 161 Chapter 13 MON Prole V E m 165 NWA3000 N Series User s Guide Table of Contents Do Ee LUC NT teeta MIENNE 165 Tai What You Gan Do ohio Chapter siiras naiiai rlw putas 165 13 1 2 What You Need To KNOW A 165 TA MON PTO ainara T 166 18r ABO ECE MON PEDIS soient dante pede tun RIP E A aTi 167 ERCMI v e EI pr e 168 Chapter 14 uu 171 LE TL c NEN ETT TTL LI 171 14 1 1 What You Can Do in this Chaplet 2 cce rcese cie cuice tene prac tue pe kcu eia 171 T2 Yvhat You Negd I8 RION icssssssipooar Pepe tpa ooa RER aab ad c duaprs ia aont ad ap pu 171 IEEE S LIICRE asco Mee TT 173 E x9 jg Wert 175 142 1 eo Reale DTE D 177 pL Eat Ny CICI O n m 181 14 25 IMPOR CONE A BB arii E N E 184 ae eE e A T E E A A Dd tac b 185 T4 3 1 Edit Trusted COR AIS oiiro ue ea a Fees s nA ese REN PERUs 187 T2532 IMPOR TRISH Certi AIO sce ede aa od x Ga tr nian Mod adr OR pU ER 190 pn Meu i re Wt 191 Chapter 15 is rol BERNER E E E E 193 DIES UC AR I T 193 15 1 3 What You Can Do in this Chapter x22 uiae setas peni dtsak kk rran Eod ck xn uk ues 193 d c EL Me 194 cR EBD C a 19
124. EE OF CHARGE THERE IS NO WARRANTY FOR THE PROGRAM TO THE EXTENT PERMITTED BY APPLI CABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE PROGRAM AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTI ES OF MERCHANTABILITY AND FITNESS FOR A PARTI CULAR PURPOSE THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU SHOULD THE PROGRAM PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORRECTION 12 IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRI GHT HOLDER OR ANY OTHER PARTY WHO MAY MODIFY AND OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE BE LIABLE TO YOU FOR DAMAGES INCLUDING ANY GENERAL SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THI RD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES END OF TERMS AND CONDITIONS All other trademarks or trade names mentioned herein if any are the property of their respective owners This Product includes ppp tcpdump unzip zip libnet openssh hostapd and ftp tls software under BSD license BSD NWAJ3000 N Series User s Guide
125. EMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLI GENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE NWA3000 N Series User s Guide Appendix D Open Software Announcements Part 9 ScienceLogic LLC copyright notice BSD Copyright c 2009 ScienceLogic LLC All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution Neither the name of ScienceLogic LLC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABIL
126. ER IN AN ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTIOUS ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE Part 2 Networks Associates Technology Inc copyright notice BSD Copyright c 2001 2003 Networks Associates Technology Inc All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the NWAJ3000 N Series User s Guide 357 Appendix D Open Software Announcements documentation and or other materials provided with the distribution Neither the name of the Networks Associates Technology Inc nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTI CULAR PURPOSE ARE DISCLAI MED IN NO EVENT SHALL THE COPYRI GHT HOLDERS OR CONTRI BUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCI DENTAL SPECIAL EXEMPLARY OR
127. ESSAGE DESCRIPTION Wlan s is enabled The WLAN IEEE 802 11 b and or g feature has been turned on 96s is the slot number where the WLAN card is or can be installed Wlan s is disabled The WLAN IEEE 802 11 b and or g feature has been turned off 96s is the slot number where the WLAN card is or can be installed Wlan s has been The WLAN IEEE 802 11 b and or g feature s configuration configured has been changed 96s is the slot number where the WLAN card is or can be installed Interface s has been The configuration of the specified WLAN interface 96s has configured been changed Interface s has been The specified WLAN interface 96s has been removed deleted Create interface s The wireless device failed to create the specified WLAN has failed Wlan device does not exist interface 96s Remove the wireless device and reinstall it System internal error o 802 1X or WPA enabled IEEE 802 1x or WPA is not enabled System internal error Error configuring WPA The NWA3000 N series AP was not able to configure the wireless device to use WPA Remove the wireless device and state reinstall it System internal error The NWA3000 N series AP was not able to enable WPA IEEE Error enabling WPA 802 1X 802 1X Station has A wireless client with the specified MAC address second 96s associated Interface associated with the specified WLAN interfa
128. FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Part 4 Sun Microsystems Inc copyright notice BSD Copyright 2003 Sun Microsystems Inc 4150 Network Circle Santa Clara California 95054 U S A All rights reserved Use is subject to license terms below This distribution may include materials developed by third parties Sun Sun Microsystems the Sun logo and Solaris are trademarks or registered trademarks of Sun Microsystems Inc in the U S and other countries NWAJ3000 N Series User s Guide Appendix D Open Software Announcements Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following di
129. For example on rare occasions there may be a special need to encourage the widest possible use of a certain library so that it becomes a de facto standard To achieve this non free programs must be allowed to use the library A more frequent case is that a free library does the same job as widely used non free libraries In this case there is little to gain by limiting the free library to free software only so NWAJ3000 N Series User s Guide 347 Appendix D Open Software Announcements we use the Lesser General Public License In other cases permission to use a particular library in non free programs enables a greater number of people to use a large body of free software For example permission to use the GNU C Library in non free programs enables many more people to use the whole GNU operating system as well as its variant the GNU Linux operating system Although the Lesser General Public License is Less protective of the users freedom it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library The precise terms and conditions for copying distribution and modification follow Pay close attention to the difference between a work based on the library and a work that uses the library The former contains code derived from the library whereas the latter must be combined with the library in order to run GNU LESSER GENE
130. General Detais Certification Path Certificate Information This CA Root certificate is not trusted To enable trust install this certificate in the Trusted Root Certification Authorities store Issued to nsa2401 Issued by nsa2401 Valid from 5 20 2008 to 5 20 2011 5 Welcome to the Certificate Import Wizard This wizard helps you copy certificates certificate trust lists and certificate revocation lists from your disk to a certificate store A certificate which is issued by a certification authority is a confirmation of your identity and contains information used to protect data or to establish secure network connections A certificate store is the system area where certificates are kept To continue click Next NWA3000 N Series User s Guide 307 Appendix B Importing Certificates 6 If you want Internet Explorer to Automatically select certificate store based on the type of certificate click Next again and then go to step 9 Ir Certificate Import Wizard Certificate Store Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location for 9 Automatically select the certificate store based on the type of certificate Place all certificates in the following store 7 Otherwise select Place all certificates in the following store and then click Browse Place all certificate
131. ITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH NWAJ3000 N Series User s Guide Appendix D Open Software Announcements DAMAGE This Product includes libxml2 software under the MIT License The MIT License Copyright c year copyright holders Permission is hereby granted free of charge to any person obtaining a copy of this software and associated documentation files the Software to deal in the Software without restriction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES
132. If laptop R connects and it pushes the AP over its allotment say to 7 Mbps then the AP NWA3000 N Series User s Guide Chapter 9 Wireless delays the red laptop s connection until it can afford the bandwidth or the laptop is picked up by a different AP with bandwidth to spare Figure 50 Delaying a Connection A 1 Mbps c 6 Mbps 7 Mbps 2 Mbps amp amp C S c C CRD 2 Mbps 2 Mbps The second response your AP can take is to kick the connections that are pushing it over its balanced bandwidth allotment Figure 51 Kicking a Connection 1 Mbps c 6 Mbps 7 Mbps 2 Mbps K amp 3 C e c C CRY 2 Mbps 2 Mbps Connections are kicked based on either idle timeout or signal strength The NWA3000 N series AP first looks to see which devices have been idle the longest then starts kicking them in order of highest idle time If no connections are idle the next criteria the NWA3000 N series AP analyzes is signal strength Devices with the weakest signal strength are kicked first NWA3000 N Series User s Guide 121 Chapter 9 Wireless 9 6 DCS Use this screen to configure dynamic radio channel selection Click Configuration gt Wireless gt DCS to access this screen Figure 52 Configuration Wireless DCS o lum ocn MM General Settings 7 Enable Dynamic Channel Selection DCS Time Interval DCS Sensitivity Level 7 Enable DCS Client Aware 2 4 GHz Settings 2 4 GHz Chann
133. Introduction Console Port You can use the console port to manage the NWA3000 N series AP using CLI commands See the Command Reference Guide for more information about the CLI The default settings for the console port are as follows Table 1 Console Port Default Settings SETTING VALUE Speed 115200 bps Data Bits 8 Parity None Stop Bit 1 Flow Control Off File Transfer Protocol FTP This protocol can be used for firmware upgrades and configuration backup and restore Simple Network Management Protocol SNMP The NWA3000 N series AP can be monitored by an SNMP manager See the SNMP chapter in this User s Guide Controller Set one NWA3000 N series AP to be a controller and set other NWA3000 N series APs to be managed by it 1 5 Good Habits for Managing the NWA3000 N series AP Do the following things regularly to make the NWA3000 N series AP more secure and to manage it more effectively Change the password often Use a password that s not easy to guess and that consists of different types of characters such as numbers and letters Write down the password and put it in a safe place NWA3000 N Series User s Guide 25 Chapter 1 Introduction Back up the configuration and make sure you know how to restore it Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes If you forget your password you will have to reset th
134. LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAI MED IN NO EVENT SHALL THE OPENLDAP FOUNDATION ITS CONTRIBUTORS OR THE AUTHOR S OR OWNER S OF THE SOFTWARE BE LI ABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTI AL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLI GENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The names of the authors and copyright holders must not be used in advertising or otherwise to promote the sale use or other dealing in this Software without specific written prior permission Title to copyright in this Software shall at all times remain with copyright holders OpenLDAP is a registered trademark of the OpenLDAP Foundation Copyright 1999 2003 The OpenLDAP Foundation Redwood City California USA All Rights Reserved Permission to copy and distribute verbatim copies of this document is granted This Product includes libpng software under the Libpng License This copy of the libpng notices is provided for your convenience In case of any discrepancy between this copy and the notices in the file png h that is included in the libpng distribution the latter shall pr
135. Launch the SSH client and specify the connection information IP address port number for the NWA3000 N series AP 2 Configure the SSH client to accept connection using SSH version 1 3 A window displays prompting you to store the host key in you computer Click Yes to continue Figure 97 SSH Example 1 Store Host Key Host Identification E x 4 You are connecting to the host 192 168 1 1 for the first time i The host has provided you its identification a host public key t The fingerprint of the host public key is xevac bycor kubyz dipah ravut fyduz kazuk goler cavom hifot sexox You can save the host key to the local database by clicking Yes You can continue without saving the host key by clicking No You can also cancel the connection by clicking Cancel Do you want to save the new host key to the local database Enter the password to log in to the NWA3000 N series AP The CLI screen displays next 15 6 5 2 Example 2 Linux This section describes how to access the NWA3000 N series AP using the OpenSSH client program that comes with most Linux distributions NWA3000 N Series User s Guide 213 Chapter 15 System 1 Test whether the SSH service is available on the NWA3000 N series AP Enter telnet 192 168 1 2 22 ata terminal prompt and press ENTER The computer attempts to connect to port 22 on the NWA3000 N series AP using the default IP address of 192 168 1 2 A message
136. MAY MODIFY AND OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE BE LIABLE TO YOU FOR DAMAGES INCLUDING ANY GENERAL SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH NWAJ3000 N Series User s Guide Appendix D Open Software Announcements ANY OTHER SOFTWARE EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCHDAMAGES END OF TERMS AND CONDITIONS This Product includes arp sk bridge utils busybox dhcpcd dhcp helper freeradius server gd hostapd iproute2 ipset iptables keepalived kismet libeeprog libol Linux kernel msmtp netkit telnet pam pptp ppp proftpd rp pppoe vlan syslog ng tzcode quagga and wireless tools software under GPL license GNU GENERAL PUBLIC LI CENSE Version 2 June 1991 Copyright C 1989 1991 Free Software Foundation Inc 59 Temple Place Suite 330 Boston MA 02111 1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed Preamble The licenses for most software are designed to take away your freedom to share and change it By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software to make sure the software is free for al
137. Mode Edit Monitored Interface LABEL DESCRIPTION Enable Select this to have device HA monitor the status of this interface s Monitored connection Interface Interface This identifies the interface Name Virtual Router IP VRIP Subnet Mask This is the interface s static IP address and subnet mask in the virtual router Whichever NWA3000 N series AP is currently serving as the master uses this virtual router IP address and subnet mask These fields are blank if the interface is a DHCP client or has no IP settings Manage IP Enter the interface s IP address for management access You can use this IP address to access the NWA3000 N series AP whether it is the master or a backup This management IP address should be in the same subnet as the interface IP address Manage IP Enter the subnet mask of the interface s management IP address Subnet Mask OK Click OK to save your changes back to the NWA3000 N series AP Cancel Click Cancel to exit this screen without saving your changes 10 4 Technical Reference The following section contains additional technical information about the features described in this chapter Virtual Router The master and backup NWA3000 N series AP form a single virtual router In the following example master NWA3000 N series AP A and backup NWA3000 N series AP B form a virtual router Figure 60 Virtual Router INTERNEJ NWA3000 N Series User s Gui
138. Mode manual Y Set Scan Channel List 2 4 G Available channels Channels selected HE OO M O UO b QN Ke 5 lt Set Scan Channel List 5 G Available channels Channels selected 36 40 44 48 52 56 60 64 100 104 v 8 The following table describes the labels in this screen Table 61 Configuration gt Object gt MON Profile gt Add Edit MON Profile LABEL DESCRIPTION Activate Select this to activate this monitor mode profile Profile Name This field indicates the name assigned to the monitor mode profile Channel dwell Enter the interval in milliseconds before the AP switches to another time channel for monitoring Scan Channel Select auto to have the AP switch to the next sequential channel Mode once the Channel dwell time expires Select manual to set specific channels through which to cycle sequentially when the Channel dwell time expires Selecting this options makes the Scan Channel List options available NWA3000 N Series User s Guide 1 67 Chapter 13 MON Profile Table 61 Configuration gt Object gt MON Profile gt Add Edit MON Profile continued LABEL DESCRIPTION Set Scan Channel Move a channel from the Available channels column to the List 2 4 G Channels selected column to have the APs using this profile scan that channel when Scan Channel Mode is set to manual These channels are limited to the 2 4 GHz range 802 11 b g n
139. N Example vian 102 Server 3 Server 1 Server 2 Controller SSID staff amp SSID gen Q Managed APs CD vlan 102 In this example the guest VLAN 102 can only access the Internet while the staff VLAN 101 has access to all aspects of the network 4 1 1 Set the Management Modes Use this section to set the management modes for the controller and managed APs NWA3000 N Series User s Guide Chapter 4 Tutorials 4 1 1 1 Controller 1 Usethe Configuration MGNT MODE screen to set the NWA3000 N series AP to controller mode Management Mode AP Controller Standalone AP Managed AP 2 The NWA3000 N series AP resets to its default settings for the controller mode including the IP address of 192 168 1 2 and restarts Wait a short while before you attempt to log in again 4 1 1 2 Managed APs 1 Log into the other NWA3000 N series APs and use the Configuration gt MGNT MODE screen to set them to be the managed APs using the Auto IP address option so they obtain the controller s IP address from the DHCP server MGNT Mode Management Mode AP Controller Standalone AP Managed AP Auto DHCP Server Option 138 setting required Manual 2 Now you can no longer log into the web configurator of the managed NWA3000 N series APs you must manage the NWA3000 N series AP through the controller AP on your network 4 1 2 Set th
140. NWA3000 N Series Wireless N Business WLAN 3000 Series Access Point Default Login Details IP Address https 192 168 1 2 User Name admin Password 1234 Version 2 23 Edition 1 1 2011 www zyxel com Copyright 2011 ZyXEL Communications Corporation About This User s Guide About This User s Guide Intended Audience This manual is intended for people who want to configure a NWA3000 N series AP using the web configurator You should have at least a basic knowledge of TCP IP networking concepts and topology Related Documentation Quick Start Guide The Quick Start Guide is designed to help you get up and running right away It contains information on setting up your network and configuring for Internet access Support Disc Refer to the included CD for support documents ZyXEL Web Site Please refer to www zyxel com for additional support documentation and product certifications User Guide Feedback Help us help you Send all User Guide related comments questions or suggestions for improvement to the following address or use e mail instead Thank you The Technical Writing Team ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park Hsinchu 300 Taiwan E mail techwriters zyxel com tw NWA3000 N Series User s Guide 3 Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User s Guide Wa
141. OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE This Product includes openldap software under the OpenLdap License The Public License Version 2 8 17 August 2003 Redistribution and use of this software and associated documentation Software with or without modification are permitted provided that the following conditions are met 1 Redistributions in source form must retain copyright statements and notices 2 Redistributions in binary form must reproduce applicable copyright statements and notices this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution and 3 Redistributions must contain a verbatim copy of this document NWA3000 N Series User s Guide Appendix D Open Software Announcements The OpenLDAP Foundation may revise this license from time to time Each revision is distinguished by a version number You may use this Software under terms of this license revision or under the terms of any subsequent revision of the license THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS CONTRIBUTORS AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT
142. Object Reference screen Select the type of object and the individual object and click Refresh to show which configuration NWA3000 N Series User s Guide Chapter 2 The Web Configurator settings reference the object The following example shows which configuration settings reference the Idap users user object in this case the first firewall rule Figure 14 Object Reference ys Object References Object Type Service Page 1 of 1 Y Object Name ease select one Y Priority Name Description Show 50 v items No data to display Refresh Cancel The fields vary with the type of object The following table describes labels that can appear in this screen Table 8 Object References LABEL DESCRIPTION Object Name This identifies the object for which the configuration settings that use it are displayed Click the object s name to display the object s configuration screen in the main window This field is a sequential value and it is not associated with any entry Service This is the type of setting that references the selected object Click a service s name to display the service s configuration screen in the main window Priority If it is applicable this field lists the referencing configuration item s position in its list otherwise N A displays Name This field identifies the configuration item that references the object Description If the referen
143. P Cancel Click Cancel to exit this screen without saving your changes NWA3000 N Series User s Guide Chapter 11 User NWA3000 N Series User s Guide 12 1 12 1 1 12 1 2 AP Profile Overview This chapter shows you how to configure preset profiles for the Access Points APs connected to your NWA3000 N series AP s wireless network What You Can Do in this Chapter The Radio screen Section 12 2 on page 149 creates radio configurations that can be used by the APs The SSID screen Section 12 3 on page 154 configures three different types of profiles for your networked APs What You Need To Know The following terms and concepts may help as you read this chapter Wireless Profiles At the heart of all wireless AP configurations on the NWA3000 N series AP are profiles A profile represents a group of saved settings that you can use across any number of connected APs You can set up the following wireless profile types Radio This profile type defines the properties of an AP s radio transmitter You can have a maximum of 32 radio profiles on the NWA3000 N series AP SSID This profile type defines the properties of a single wireless network signal broadcast by an AP Each radio on a single AP can broadcast up to 8 SSIDs You can have a maximum of 32 SSID profiles on the NWA3000 N series AP Security This profile type defines the security settings used by a single SSID It controls th
144. P s list of certificates of trusted certification authorities NWASO000 N Series User s Guide 179 Chapter 14 Certificates Table 63 Configuration Object Certificate My Certificates Add continued LABEL DESCRIPTION Request When you select Create a certification request and enroll for a Authentication certificate immediately online the certification authority may want you to include a reference number and key to identify you when you send a certification request Fill in both the Reference Number and the Key fields if your certification authority uses the CMP enrollment protocol Just the Key field displays if your certification authority uses the SCEP enrollment protocol For the reference number use 0 to 99999999 For the key use up to 31 of the following characters a zA Z0 9 G 96 amp 4M lt gt OK Click OK to begin certificate or certification request generation Cancel Click Cancel to quit and return to the My Certificates screen If you configured the My Certificate Create screen to have the NWA3000 N series AP enroll a certificate and the certificate enrollment is not successful you see a screen with a Return button that takes you back to the My Certificate Create screen Click Return and check your information in the My Certificate Create screen Make sure that the certification authority information is correct and that your Internet connection is working
145. PPLICABLE LAWS REGULATIONS ORDERS OR OTHER RESTRICTI ONS ON THE EXPORT OF THE SOFTWARE OR INFORMATI ON ABOUT SUCH SOFTWARE WHICH MAY BE IMPOSED FROM TIME TO TIME YOU SHALL NOT EXPORT THE SOFTWARE DOCUMENTATI ON OR INFORMATI ON ABOUT THE SOFTWARE AND DOCUMENTATI ON WITHOUT COMPLYING WITH SUCH LAWS REGULATI ONS ORDERS OR OTHER RESTRICTIONS YOU AGREE TO INDEMNIFY ZyXEL AGAINST ALL CLAIMS LOSSES DAMAGES LIABILITIES COSTS AND EXPENSES INCLUDING REASONABLE ATTORNEYS FEES TO THE EXTENT SUCH CLAIMS ARISE OUT OF ANY BREACH OF THIS SECTION 8 9 Audit Rights ZyXEL SHALL HAVE THE RIGHT AT ITS OWN EXPENSE UPON REASONABLE PRIOR NOTICE TO PERIODI CALLY INSPECT AND AUDIT YOUR RECORDS TO ENSURE YOUR COMPLIANCE WITH THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT 10 Termination This License Agreement is effective until it is terminated You may terminate this License Agreement at any time by destroying or returning to ZyXEL all copies of the Software and Documentation in your possession or under your control ZyXEL may terminate this License Agreement for any reason including but not limited to if ZyXEL finds that you have violated any of the terms of this License Agreement Upon notification of termination you agree to destroy or return to ZyXEL all copies of the Software and Documentation and to certify in writing that all known copies including backup copies have been destroyed All provisions relating to confidentiality proprietary r
146. PTION Email daily report has been sent successfully The NWA3000 N series AP sent a daily e mail report mail successfully Cannot resolve mail server address SS The listed SMTP address configured for the daily e mail report function is incorrect Mail server authentication failed The user name or password configured for authenticating with the e mail server is incorrect Failed to send report Mail From address s1 is inconsistent with SMTP account s2 The user name and password configured for authenticating with the e mail server are correct but the listed sender e mail address does not match the listed SMTP e mail account Failed to connect to mail server SS The NWA3000 N series AP could not connect to the SMTP e mail server 96s The address configured for the server may be incorrect or there may be a problem with the NWA3000 N series AP s or the server s network connection Table 108 CAPWAP Server Logs LOG MESSAGE DESCRIPTION WLAN Controller Start Registration Type s Indicates that AP management services has started WLAN Controller Reset The AP management service has reset WLA End Controller The AP management service has ended anaged AP Connect IACAddr 02x 02x 02x 0 2x 02x 02x Model s ame s The specified Managed AP connected to the CAPWAP server 1st 02x 6th 02x Managed AP MAC Address 7t
147. Privacy This field displays the type of encryption the SNMPv3 user must use to connect to the NWA3000 N series AP using this SNMPv3 user profile Privilege This field displays whether the SNMPv3 user can have read only or read and write access to the NWA3000 N series AP using this SNMPv3 user profile Apply Click Apply to save your changes back to the NWA3000 N series AP Reset Click Reset to return the screen to its last saved settings 15 9 4 Adding or Editing an SNMPv3 User Profile This screen allows you to add or edit an SNMPv3 user profile To access this screen click the Configuration gt System gt SNMP screen s Add button or select a SNMPv3 user profile from the list and click the Edit button Figure 104 Configuration gt System gt SNMP gt Add Add SNMPv3 User X User Name admin ic Authentication NONE M Privacy NONE Ad Privilege Read Write M NWA3000 N Series User s Guide Chapter 15 System The following table describes the labels in this screen Table 79 Configuration gt System gt SNMP LABEL DESCRIPTION User Name Select the user name of the user account for which this SNMPv3 user profile is configured Authentication Select the type of authentication the SNMPv3 user must use to connect to the NWA3000 N series AP using this SNMPv3 user profile Select NONE to not authenticate the SNMPv3 user Select MD5 to require the SNMPv3 user s password be encrypt
148. RAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION 0 This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License also called this License Each licensee is addressed as you A library means a collection of software functions and or data prepared so as to be conveniently linked with application programs which use some of those functions and data to form executables The Library below refers to any such software library or work which has been distributed under these terms A work based on the Library means either the Library or any derivative work under copyright law that is to say a work containing the Library or a portion of it either verbatim or with modifications and or translated straightforwardly into another language Hereinafter translation is included without limitation in the term modification Source code for a work means the preferred form of the work for making modifications to it For a library complete source code means all the source code for all modules it contains plus any associated interface definition files plus the scripts used to control compilation and installation of the library Activities other than copying distribution and modification are not covered by this License they are outside its sc
149. RED OR ZyXEL AND YOUR MONEY WILL BE REFUNDED HOWEVER CERTAIN ZYXEL S PRODUCTS MAY CONTAIN IN PART SOME THIRD PARTY S FREE AND OPEN SOFTWARE PROGRAMS WHICH ALLOW YOU TO FREELY COPY RUN DISTRIBUTE MODIFY AND IMPROVE THE SOFTWARE UNDER THE APPLI CABLE TERMS OF SUCH THRID PARTY S LICENSES OPEN SOURCED COMPONENTS THE OPEN SOURCED COMPONENTS ARE LISTED IN THE NOTICE OR APPENDIX BELOW ZYXEL MAY HAVE DISTRIBUTED TO YOU HARDWARE AND OR SOFTWARE OR MADE AVAILABLE FOR ELECTRONIC DOWNLOADS THESE FREE SOFTWARE PROGRAMS OF THRID PARTIES AND YOU ARE LICENSED TO FREELY COPY MODIFY AND REDISTIBUTE THAT SOFTWARE UNDER THE APPLI CABLE LICENSE TERMS OF SUCH THIRD PARTY NONE OF THE STATEMENTS OR DOCUMENTATI ON FROM ZYXEL INCLUDING ANY RESTRI CTIONS OR CONDITIONS STATED IN THIS END USER LICENSE AGREEMENT SHALL RESTRICT ANY RIGHTS AND LICENSES YOU MAY HAVE WITH RESPECT TO THE OPEN SOURCED COMPONENTS UNDER THE APPLI CABLE LICENSE TERMS OF SUCH THIRD PARTY 1 Grant of License for Personal Use ZyXEL Communications Corp ZyXEL grants you a non exclusive non sublicense non transferable license to use the program with which this license is distributed the Software including any documentation files accompanying the Software Documentation for internal business use only for up to the number of users specified in sales order and invoice You have the right to make one backup copy of the Software and Documentation solely for archival back up or disaster r
150. ROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE NWAJ3000 N Series User s Guide Appendix D Open Software Announcements Part 8 Apple Inc copyright notice BSD Copyright c 2007 Apple Inc All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 Neither the name of Apple Inc Apple nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTI CULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL APPLE OR ITS CONTRI BUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCI DENTAL SPECIAL EX
151. RRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE This Product includes bind and dhcp software under the ISC License ISC license Copyright c 4 digit year Company or Person s Name NWA3000 N Series User s Guide Appendix D Open Software Announcements Permission to use copy modify and distribute this software for any purpose with or without fee is hereby granted provided that the above copyright notice and this permission notice appear in all copies THE SOFTWARE IS PROVIDED AS IS AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL DIRECT INDIRECT OR CONSEQUENTI AL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTIOUS ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE This Product includes httpd software developed by the Apache Software Foundation under Apache License Apache License Version 2 0 January 2004 http www apache org licenses TERMS AND CONDITI ONS FOR USE REPRODUCTION AND DISTRI BUTION 1 Definitions License shall mean the terms and conditions for use reproduc
152. Reset The following table describes the labels in this screen Table 72 Configuration System Console Speed LABEL DESCRIPTION Console Port Use the drop down list box to change the speed of the console port Speed Your NWA3000 N series AP supports 9600 19200 38400 57600 and 115200 bps default for the console port The Console Port Speed applies to a console port connection using terminal emulation software and NOT the Console in the NWA3000 N series AP Web Configurator Status screen Apply Click Apply to save your changes back to the NWA3000 N series AP Reset Click Reset to return the screen to its last saved settings NWA3000 N Series User s Guide Chapter 15 System 15 5 WWW Overview 15 5 1 15 5 2 15 5 3 The following figure shows secure and insecure management of the NWA3000 N series AP coming in from the WAN HTTPS and SSH access are secure HTTP and Telnet management access are not secure Figure 88 Secure and Insecure Service Access From the WAN LAN WAN Telnet Service Access Limitations A service cannot be used to access the NWA3000 N series AP when you have disabled that service in the corresponding screen System Timeout There is a lease timeout for administrators The NWA3000 N series AP automatically logs you out if the management session remains idle for longer than this timeout period The management session does not time out when a statistics
153. Rogue Friendly MAC Address Description Role Q Edit Rogue Friendly AP List 2 x Optional 9 Rogue AP Friendly AP Cancel Each field is described in the following table Table 41 Configuration gt Wireless gt MON Mode gt Add Edit Rogue Friendly LABEL DESCRIPTION MAC Address Enter the MAC address of the AP you want to add to the list A MAC address is a unique hardware identifier in the following hexadecimal format xx Xx xx Xxx Xx xx where xx is a hexadecimal number separated by colons Description Enter up to 60 characters for the AP s description Spaces and underscores are allowed Role Select either Rogue AP or Friendly AP for the AP s role NWA3000 N Series User s Guide Chapter 9 Wireless Table 41 Configuration gt Wireless gt MON Mode gt Add Edit Rogue Friendly LABEL DESCRIPTION OK Click OK to save your changes back to the NWA3000 N series AP Cancel Click Cancel to close the window with changes unsaved 9 5 Load Balancing Use this screen to configure wireless network traffic load balancing between the APs on your network Click Configuration gt Wireless gt Load Balancing to access this screen Figure 49 Configuration gt Wireless gt Load Balancing Load Balancing Load Balancing Configuration E Enable Load Balancing Mode By Station Number v Max Station Number 1 17127 7 D
154. SK Authentication Security Parameters Summary INTERNEJ Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type MAC address filters are not dependent on how you configure these security features Table 117 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY ENCRYPTIO ENTER IEEE 802 1X MANAGEMENT N METHOD MANUAL KEY i PROTOCOL Open None No Disable Enable without Dynamic WEP Key Open WEP No Enable with Dynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable Shared WEP No Enable with Dynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable WPA TKIP AES No Enable WPA PSK TKIP AES Yes Disable WPA2 TKIP AES No Enable WPA2 PSK TKIP AES Yes Disable NWA3000 N Series User s Guide Open Software Announcements End User License Agreement for NWA3160 N WARNING ZyXEL Communications Corp IS WILLING TO LICENSE THE SOFTWARE TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS LICENSE AGREEMENT PLEASE READ THE TERMS CAREFULLY BEFORE COMPLETING THE INSTALLATI ON PROCESS AS INSTALLING THE SOFTWARE WILL INDICATE YOUR ASSENT TO THEM IF YOU DO NOT AGREE TO THESE TERMS THEN ZyXEL IS UNWILLING TO LICENSE THE SOFTWARE TO YOU IN WHICH EVENT YOU SHOULD RETURN THE UNINSTALLED SOFTWARE AND PACKAGING TO THE PLACE FROM WHICH IT WAS ACQUI
155. SNMP traps to SNMPv2c Select this to allow SNMP managers using SNMPv2c to access the NWA3000 N series AP Get Community Enter the Get Community which is the password for the incoming Get and GetNext requests from the management station The default is public and allows all requests NWA3000 N Series User s Guide Chapter 15 System Table 78 Configuration System SNMP continued LABEL DESCRIPTION Set Community Enter the Set community which is the password for incoming Set requests from the management station The default is private and allows all requests SNMPv3 Select this to allow SNMP managers using SNMPv3 to access the NWA3000 N series AP Add Click this to create a new entry Select an entry and click Add to create a new entry after the selected entry Edit Double click an entry or select it and click Edit to be able to modify the entry s settings Remove To remove an entry select it and click Remove The NWA3000 N series AP confirms you want to remove it before doing so Note that subsequent entries move up by one when you take this action This the index number of an SNMPv3 user profile User Name This is the name of the user for which this SNMPv3 user profile is configured Authentication This field displays the type of authentication the SNMPv3 user must use to connect to the NWA3000 N series AP using this SNMPv3 user profile
156. Sync Port NV Device HA Sync has Synchronization failed when synchronizing a certain object failed when syncing s for s AV AS IDP Certificate System Configuration due to an unknown reason 1st 96s The object to be synchronized 2ed 96s The feature name for the object to be synchronized Sync Failed Cannot connect to Master when syncing s for s Synchronization failed because the Backup could not connect to the Master The object to be synchronized 2ed 96s The feature name for the object to be synchronized Backup firmware version can not be recognized Stop syncing from Master The firmware version on the Backup cannot be resolved to check if it is the same as on the Master A Backup device only synchronizes from the Master if the Master and the Backup have the same firmware versions Sync failed Remote Firmware Version Unknown The firmware version on the Master cannot be resolved to check if it is the same as on the Master A Backup device only synchronizes from the Master if the Master and the Backup have the same firmware versions Master firmware version should be the same with Backup The Backup and Master have different firmware versions A Backup device only synchronizes from the Master if the Master and the Backup have the same firmware versions Update s for s has failed Updating a certain object failed when updating AS AV IDP Certificate System Configuration 1st 96s Th
157. View AP Log screen Section 6 10 on page 100 displays the NWA3000 N series AP s current wireless AP log messages This is available when the NWA3000 N series AP is in controller mode 6 2 What You Need to Know The following terms and concepts may help as you read through the chapter NWA3000 N Series User s Guide Chapter 6 Monitor Rogue AP Rogue APs are wireless access points operating in a network s coverage area that are not under the control of the network s administrators and can open up holes in a network s security See Chapter 13 on page 165 for details Friendly AP Friendly APs are other wireless access points that are detected in your network as well as any others that you know are not a threat those from neighboring networks for example See Chapter 13 on page 165 for details 6 3 LAN Status Use this screen to look at general LAN interface information and packet statistics To access this screen click Monitor gt LAN Status Figure 26 Monitor LAN Status LAN Status General Settings Poll Interval 5 Seconds Set Interval Interface Summary Name Status HA Status VD IP Addr Netmask IP Assignment Action lan 100M Full 1 255 255 255 0 Static n a Port Statistics Table Switch To Graphic View Status TxPkts RxPkts Collisions Tx Rx Up Time 100M Full 2672 421049 0 0 127 06 05 46 System Up Time 06 06 08 The following table describes the labels in this screen Table 20 Monitor gt LAN S
158. WA3000 N series AP can check a peer s certificate against a directory server s list of revoked certificates The framework of servers software procedures and policies that handles keys is called PKI public key infrastructure Advantages of Certificates Certificates offer the following benefits The NWA3000 N series AP only has to store the certificates of the certification authorities that you decide to trust no matter how many devices you need to authenticate NWA3000 N Series User s Guide Chapter 14 Certificates Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys Self signed Certificates You can have the NWA3000 N series AP act as a certification authority and sign its own certificates Factory Default Certificate The NWA3000 N series AP generates its own unique self signed certificate when you first turn it on This certificate is referred to in the GUI as the factory default certificate Certificate File Formats Any certificate that you want to import has to be in one of these file formats Binary X 509 This is an ITU T recommendation that defines the formats for X 509 certificates PEM Base 64 encoded X 509 This Privacy Enhanced Mail format uses lowercase letters uppercase letters and numerals to convert a binary X 509 certificate into a printable form Binary PKCS 7 This is a standard that defines the general s
159. Y AND FITNESS FOR A PARTI CULAR PURPOSE ARE DISCLAI MED IN NO EVENT SHALL THE OpenSSL PROJ ECT OR ITS CONTRI BUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLI GENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE This product includes cryptographic software written by Eric Young eay cryptsoft com This product includes software written by Tim Hudson tjh cryptsoft com f Original SSLeay License Copyright C 1995 1998 Eric Young eay cryptsoft com All rights reserved NWA3000 N Series User s Guide Appendix D Open Software Announcements This package is an SSL implementation written by Eric Young eay cryptsoft com The implementation was written so as to conform with Netscapes SSL This library is free for commercial and non commercial use as long as the following conditions are aheared to The following conditions apply to all code found in this distribution be it the RC4 RSA Ihash DES etc code not just the SSL code The SSL documentation included w
160. You can use alphanumeric characters the hyphen the symbol periods and the underscore Organizational Unit Identify the organizational unit or department to which the certificate owner belongs You can use up to 31 characters You can use alphanumeric characters the hyphen and the underscore Organization Identify the company or group to which the certificate owner belongs You can use up to 31 characters You can use alphanumeric characters the hyphen and the underscore Town City Identify the town or city where the certificate owner is located You can use up to 31 characters You can use alphanumeric characters the hyphen and the underscore State Province Identify the state or province where the certificate owner is located You can use up to 31 characters You can use alphanumeric characters the hyphen and the underscore Country Identify the nation where the certificate owner is located You can use up to 31 characters You can use alphanumeric characters the hyphen and the underscore Key Type Select RSA to use the Rivest Shamir and Adleman public key algorithm Select DSA to use the Digital Signature Algorithm public key algorithm Key Length Select a number from the drop down list box to determine how many bits the key should use 512 to 2048 The longer the key the more secure it is A longer key also uses more PKI storage space Enrollment Options These radio
161. a summary of the settings for each log Active Log Click this button to open the Active Log Summary Edit screen Summary Apply Click this button to save your changes activate and deactivate logs and make them take effect NWA3000 N Series User s Guide Chapter 16 Log and Report 16 3 2 Edit Log Settings This screen controls the detailed settings for each log in the system log which includes the e mail profiles Go to the Log Settings Summary screen and click the system log Edit icon Figure 110 Configuration Log amp Report Log Setting Edit E mail Server 1 7 Active Mail Server Mail Subject Send From Send Log to Send Alerts to 7 SMTP Authentication User Name Password E mail Server 2 7 Active Sending Log When Full Outgoing SMTP Server Name or IP Address E Mail Address E Mail Address E Mail Address v 34 Edit Log Setting 21x Mail Server Qutgoing SMTP Server Name or IP Address Mail Subject Send From E Mail Address Send Log to E Mail Address Send Alerts to E Mail Address Sending Log When Full X 7 SMTP Authentication User Name Password Active Log and Alert System Log Bl E mail Server 1 Bl E mail Server 2 v System Log E mail Server 1 E mail Server 2 Log Category G amp eo eo 1 Built in Service 59 iv 7 v 7 2 CAPWAP 59 v 7 v 7 3 Connertivity Check e 7 Iz rm Ig m n NWA3000 N Series Use
162. able 73 Configuration gt System gt WWW gt Service Control continued LABEL DESCRIPTION Server Port You may change the server port number for a service if needed however you must use the same port number in order to use that service to access the NWA3000 N series AP Apply Click Apply to save your changes back to the NWA3000 N series AP Reset Click Reset to return the screen to its last saved settings 15 5 5 HTTPS Example If you haven t changed the default HTTPS port on the NWA3000 N series AP then in your browser enter https NWA3000 N series AP IP Address as the web site address where NWA3000 N series AP IP Address is the IP address or domain name of the NWA3000 N series AP you wish to access 15 5 5 1 Internet Explorer Warning Messages When you attempt to access the NWA3000 N series AP HTTPS server a Windows dialog box pops up asking if you trust the server certificate Click View Certificate if you want to verify that the certificate is from the NWA3000 N series AP You see the following Security Alert screen in Internet Explorer Select Yes to proceed to the Web Configurator login screen if you select No then Web Configurator access is blocked Figure 91 Security Alert Dialog Box Internet Explorer Security Alert changed by others However there is a problem with the site s FD Information you exchange with this site cannot be viewed or K security certificate The se
163. ad balancing task Check to be sure that the AP profile which contains the load balancing settings is correctly assigned to the APs in question The load balancing task may have been terminated because further load balancing on the APs in question is no longer required 21 6 Resetting the NWA3000 N series AP If you cannot access the NWA3000 N series AP by any method try restarting it by turning the power off and then on again If you still cannot access the NWA3000 N series AP by any method or you forget the administrator password s you can reset the NWA3000 N series AP to its factory default settings Any configuration files or shell scripts that you saved on the NWA3000 N series AP should still be available afterwards Use the following procedure to reset the NWA3000 N series AP to its factory default settings This overwrites the settings in the startup config conf file with the settings in the system default conf file Note This procedure removes the current configuration 1 Make sure the PWR SYS LED is on and not blinking 2 Press the RESET button and hold it until the PWR SYS LED begins to blink This usually takes about five seconds 3 Release the RESET button and wait for the NWA3000 N series AP to restart You should be able to access the NWA3000 N series AP using the default settings NWA3000 N Series User s Guide 277 Chapter 21 Troubleshooting 21 7 Getting More Troubleshooting Help Search fo
164. adio 1 operating mode This field shows whether the radio is set to function as an AP or a monitor Please configure at least one radio to MON mode Click this to go the Configuration Wireless AP Management screen where you can set a radio to monitor mode MON Mode APs This section appears when the NWA3000 N series AP is set to the controller mode Configure AP to Click this to go the Configuration Wireless AP MON Mode Management screen where you can set one or more APs to monitor mode Available MON This column displays which APs on your wireless network are Mode APs currently configured for monitor mode Use the arrow buttons to move APs off this list and onto the Captured MON Mode APs list Capture MON Mode APs This column displays the monitor mode configured APs selected to for wireless frame capture Misc Setting NWA3000 N Series User s Guide Chapter 18 Diagnostics Table 94 Maintenance Diagnostics Wireless Frame Capture Capture LABEL DESCRIPTION File Size Specify a maximum size limit in kilobytes for the total combined size of all the capture files on the NWA3000 N series AP including any existing capture files and any new capture files you generate Note If you have existing capture files you may need to set this size larger or delete existing capture files The valid range is 1 to 50000 The NWA3000 N series AP stops the ca
165. an set the DCS Sensitivity Level to Low This means that the AP has a very broad tolerance 5 Select Enable DCS Client Aware Select this so that the APs on your network do not change channels as long as any wireless clients are connected to them When they must change channels they will wait until all stations disconnect first 6 Set the 2 4 GHz Channel Selection Method to auto 7 Select a 2 4 GHz Channel Deployment scheme Choose Three Channel Deployment to have the device rotate through 3 channels Choose Four Channel Deployment to have the device rotate through 4 channels if allowed 8 Click Apply to save your changes See also Chapter 9 on page 111 NWA3000 N Series User s Guide Chapter 4 Tutorials NWA3000 N Series User s Guide PART Il Technical Reference Dashboard 5 1 Overview Use the Dashboard screens to check status information about the NWA3000 N series AP 5 1 1 What You Can Do in this Chapter The main Dashboard screen Section 5 2 on page 76 displays the NWA3000 N series AP s general device information system status system resource usage and interface status You can also display other status screens for more information NWA3000 N Series User s Guide Chapter 5 Dashboard 5 2 Dashboard This screen is the first thing you see when you log into the NWA3000 N series AP It also appears every time you click the Dashboard icon in the navigation panel The Dashboard displa
166. apart Channel 1 is centered on 2 412 GHz while channel 13 is centered on 2 472 GHz NWA3000 N Series User s Guide Chapter 9 Wireless Figure 53 An Edd Three Channel m IM N BEE Three channels are situated in such a way as to create almost no interference with one another if used exclusively 1 6 and 11 When an AP broadcasts on any of these three channels it should not interfere with neighboring APs as long as they are also limited to same trio Tove Tec STbz gvz Tet Tstc esvz 19bZ ELbz BLbZ S6tc Figure 54 An Mie dedi Deployment eC However some regions require the use of other channels and often use a safety scheme with the following four channels 1 4 7 and 11 While they are situated sufficiently close to both each other and the three so called safe channels 1 6 and 11 that interference becomes inevitable the severity of it is dependent upon other factors proximity to the affected AP signal strength activity and so on TObZ Tite gitz Tevc gvz TEtZ ttt 9tt BEY voz Ebt Tstc esvz T9tc t9tz Elb BLvC S6tc Finally there is an alternative four channel scheme for ETSI consisting of channels 1 5 9 13 This offers significantly less overlap that the other one Figure 55 An Alternative Four Channel oppi 974 SO cora gt N N NN M NN NN NN NN NN ON ON ON N N N N N B B R BBB52555522 3 BERR S e 28 Bab ununi S53 BB ES RECARE 3 2 a NWA3000 N Series User s Guide
167. arison of EAP Authentication Types EAP MD5 EAP TLS EAP TTLS PEAP LEAP Mutual Authentication No Yes Yes Yes Yes Certificate Client No Yes Optional Optional No Certificate Server No Yes Yes Yes No Dynamic Key Exchange No Yes Yes Yes Yes Credential Integrity None Strong Strong Strong Moderate Deployment Difficulty Easy Hard Moderate Moderate Moderate Client Identity No No Yes Yes No Protection WPA and WPA2 Wi Fi Protected Access WPA is a subset of the IEEE 802 11i standard WPA2 IEEE 802 11i is a wireless security standard that defines stronger encryption authentication and key management than WPA Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication If both an AP and the wireless clients support WPA2 and you have an external RADI US server use WPA2 for stronger data encryption If you don t have an external RADIUS server you should use WPA2 PSK WPA2 Pre Shared Key that only requires a single identical password entered into each access point wireless gateway and wireless client As long as the passwords match a wireless client will be granted access to a WLAN NWA3000 N Series User s Guide Appendix C Wireless LANs If the AP or the wireless clients do not support WPA2 just use WPA or WPA PSK depending on whether you have an external RADIUS server or not Select WEP only when the AP and or wireless clients do
168. ates screen You must remove any spaces in the certificate s filename before you can import it Figure 80 Configuration gt Object gt Certificate gt My Certificates gt Import 5 Import Certificates Please specify the location of the certificate file to be imported The certificate File must be in one of the following Formats Binary x 509 PEM Base 64 encoded x 509 Binary PKCS 7 PEM Base 64 encoded PKCS 7 Binary PKCS 12 For my certificate importation to be successful a certification request corresponding to the imported certificate must already exist on ZyWALL After the importation the certification request will automatically be deleted File Path Select a file path Password PKCS 12 only X OK J Cancel The following table describes the labels in this screen Table 65 Configuration gt Object gt Certificate gt My Certificates gt Import LABEL DESCRIPTION to find it already in the NWA3000 N series AP File Path Type in the location of the file you want to upload in this field or click Browse You cannot import a certificate with the same name as a certificate that is Browse Click Browse to find the certificate file you want to upload NWA3000 N Series User s Guide Chapter 14 Certificates Table 65 Configuration gt Object gt Certificate gt My Certificates gt Import continued LABEL DESCRIPTION Passwo
169. ation and diagnostic information if you need to provide it to customer support during troubleshooting The Packet Capture screen Section 18 3 on page 254 captures data packets going through the NWA3000 N series AP The Wireless Frame Capture screens Section 18 4 on page 258 capture network traffic going through the AP interfaces connected to your NWA3000 N series AP 18 2 Diagnostics This screen provides an easy way for you to generate a file containing the NWA3000 N series AP s configuration and diagnostic information You may need to generate this file and send it to customer support during troubleshooting NWA3000 N Series User s Guide 253 Chapter 18 Diagnostics Click Maintenance Diagnostics to open the Diagnostic screen Figure 117 wee gt Ia QnOslics Diagnostics Pad Diagnostic Information Collector Filename none Last modified none Size none Collect Now Download The following table describes the labels in this screen Table 91 Maintenance Diagnostics LABEL DESCRIPTION Filename This is the name of the most recently created diagnostic file Last modified This is the date and time that the last diagnostic file was created The format is yyyy mm dd hh mm ss Size This is the size of the most recently created diagnostic file Collect Now Click this to have the NWA3000 N series AP create a new diagnostic file Download Click
170. aximum bandwidth cap you allow any number of devices to connect as long as their total bandwidth usage does not exceed the configured bandwidth cap associated with this setting Once the cap is hit any new connections are rejected or delayed provided that there are other APs in range I magine a coffee shop in a crowded business district that offers free wireless connectivity to its customers The coffee shop owner can t possibly know how many connections his AP will have at any given moment As such he decides to put a limit on the bandwidth that is available to his customers but not on the actual number of connections he allows This means anyone can connect to his wireless network as long as the AP has the bandwidth to spare If too many people connect and the AP hits its bandwidth cap then all new connections must basically wait for their turn or get shunted to the nearest identical AP NWA3000 N Series User s Guide Device HA 10 1 Overview Device HA is available when the NWA3000 N series AP is in controller mode Device HA lets a backup NWA3000 N series AP also in controller mode automatically take over if the master NWA3000 N series AP fails Figure 56 Device HA Backup Taking Over for the Master In this example device B is the backup for device A in the event something happens to it and prevents it from managing the wireless network 10 1 1 What You Can Do in this Chapter The General screen Section 10 2 on page 12
171. blinks during the boot up process the system is starting up or Ifthe LED blinks after the boot up process the system has failed Off The NWA3000 N series AP successfully boots up NWA3000 N Series User s Guide Chapter 1 Introduction 1 8 Starting and Stopping the NWA3000 N series AP Here are some of the ways to start and stop the NWA3000 N series AP Always use Maintenance gt Shutdown or the shutdown command before you turn off the NWA3000 N series AP or remove the power Not doing so can cause the firmware to become corrupt Table 3 Starting and Stopping the NWA3000 N series AP METHOD DESCRIPTION Turning on the A cold start occurs when you turn on the power to the NWA3000 N power series AP The NWA3000 N series AP powers up checks the hardware and starts the system processes Rebooting the A warm start without powering down and powering up again NWA3000 N series occurs when you use the Reboot button in the Reboot screen or AP when you use the reboot command The NWA3000 N series AP writes all cached data to the local storage stops the system processes and then does a warm start Using the RESET If you press the RESET button the NWA3000 N series AP sets the button configuration to its default values and then reboots Clicking Clicking Maintenance gt Shutdown gt Shutdown or using the Maintenance shutdown command writes all cached data to the local storage and Shutdo
172. bnet mask indicates what part of the IP address is the same for all computers in the network NWA3000 N Series User s Guide Chapter 15 System Table 81 Configuration System Auth Server continued LABEL DESCRIPTION Secret Enter a password up to 31 alphanumeric characters no spaces as the key for encrypting communications between the NWA3000 N series AP and this entry s AP The key is not sent over the network This key must be the same on the NWA3000 N series AP and the AP Both the NWA3000 N series AP s IP address and this shared secret must also be configured in the external RADIUS server fields of the trusted AP Description Type some information to help identify the trusted AP OK Click OK to save your changes back to the NWA3000 N series AP Cancel Click Cancel to exit this screen without saving your changes 15 11 Technical Reference This section provides some technical background information about the topics covered in this chapter Internal RADIUS Server PEAP Protected EAP and MD5 authentication is implemented on the internal RADIUS server using simple username and password methods over a secure TLS connection See Appendix C on page 319 for more information on the types of EAP authentication and the internal RADIUS authentication method used in your NWA3000 N series AP Note The internal RADIUS server does not support domain accounts DOMAIN
173. by this CA Installing a certificate with an unconfirmed thumbprint is a security risk If you dick Yes you acknowledge this risk Do you want to install this certificate 11 Finally click OK when presented with the successful certificate installation message Certificate Import Wizard Jj The import was successful NWA3000 N Series User s Guide Appendix B Importing Certificates 12 The next time you start Internet Explorer and go to a ZyXEL Web Configurator page a sealed padlock icon appears in the address bar Click it to view the page s Website I dentification information ls 2 Website Identification 172 20 37 202 has 172 20 37 202 This connection to the server is encrypted Should I trustthis site View certificates Installing a Stand Alone Certificate File in Internet Explorer Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted you can install a stand alone certificate file if one has been issued to you 1 Double click the public key certificate file 2 In the security warning dialog box click Open Open File Security Warning Do you want to open this file Name CA cer Publisher Unknown Publisher Type Security Certificate From D Documents and Settings 13435 Desktop ares Always ask before opening this file While files from the Intemet can be useful this file type can potentially harm your computer If you do
174. cal function in which the receiver and the transmitter each compute and then compare the MIC If they do not match it is assumed that the data has been tampered with and the packet is dropped By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism MIC with TKIP and AES it is more difficult to decrypt data on a Wi Fi network than WEP and difficult for an intruder to break into the network The encryption mechanisms used for WPA 2 and WPA 2 PSK are the same The only difference between the two is that WPA 2 PSK uses a simple common password instead of user specific credentials The common password approach makes WPA 2 PSK susceptible to brute force password guessing attacks but it s still an improvement over WEP as it employs a consistent single alphanumeric password to derive a PMK which is used to generate unique temporal encryption NWAJ3000 N Series User s Guide Appendix C Wireless LANs keys This prevent all wireless devices sharing the same encryption keys a weakness of WEP User Authentication WPA and WPA2 apply IEEE 802 1x and Extensible Authentication Protocol EAP to authenticate wireless clients using an external RADIUS database WPA2 reduces the number of key exchange messages from six to four CCMP 4 way handshake and shortens the time required to connect to a network Other WPA2 authentication features that are different from WPA include key caching and
175. cate you just removed a certification error appears NWA3000 N Series User s Guide 31 7 Appendix B Importing Certificates NWA3000 N Series User s Guide Wireless LANs Wireless LAN Topologies This section discusses ad hoc and infrastructure wireless LAN topologies Ad hoc Wireless LAN Configuration BSS The simplest WLAN configuration is an independent Ad hoc WLAN that connects a set of computers with wireless adapters A B C Any time two or more wireless adapters are within range of each other they can set up an independent network which is commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 127 Peer to Peer Communication in an Ad hoc Network A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point AP Intra BSS traffic is traffic between wireless clients in the BSS When Intra BSS is enabled wireless client A and B can access the wired network and communicate NWA3000 N Series User s Guide Appendix C Wireless LANs with each other When Intra BSS is disabled wireless client A and B can still access the wired network but cannot communicate with each other Figure 128 Basic Service Set SY CT H qq BSS 1 1 d A
176. ccording to the same disclaimer and license as libpng 0 96 with the following individuals added to the list of Contributing Authors Tom Lane NWA3000 N Series User s Guide Appendix D Open Software Announcements Glenn Randers Pehrson Willem van Schaik libpng versions 0 89 June 1996 through 0 96 May 1997 are Copyright c 1996 1997 Andreas Dilger Distributed according to the same disclaimer and license as libpng 0 88 with the following individuals added to the list of Contributing Authors John Bowler Kevin Bracey Sam Bushell Magnus Holmgren Greg Roelofs Tom Tanner libpng versions 0 5 May 1995 through 0 88 January 1996 are Copyright c 1995 1996 Guy Eric Schalnat Group 42 Inc For the purposes of this copyright and license Contributing Authors is defined as the following set of individuals Andreas Dilger Dave Martindale Guy Eric Schalnat Paul Schmidt Tim Wegner The PNG Reference Library is supplied AS IS The Contributing Authors and Group 42 Inc disclaim all warranties expressed or implied including without limitation the warranties of merchantability and of fitness for any purpose The Contributing Authors and Group 42 Inc NWAJ3000 N Series User s Guide Appendix D Open Software Announcements 370 assume no liability for direct indirect incidental special exemplary or consequential damages which may result from the use of the PNG Reference Library ev
177. ce first 96s Ss MAC s WPA or WPA2 enterprise There was an EAP timeout for a wireless client connected to EAP timeout Interface Ss MAC o s the specified WLAN interface first 96s The MAC address of the wireless client is listed second 96s Station association has failed Maximum associations have reached the maximum number Interface MAC 7 s s A wireless client with the specified MAC address second 965 failed to connect to the specified WLAN interface first 96s because the WLAN interface already has its maximum number of wireless clients WPA authentication has failed Interface MAC 9 SS Ss A wireless client used an incorrect WPA key and thus failed to connect to the specified WLAN interface first s The MAC address of the wireless client is listed second s Incorrect password for WPA or WPA2 enterprise internal authentication Interface SS MAC H s A wireless client used an incorrect WPA or WPA2 user password and failed authentication by the NWA3000 N series AP s local user database while trying to connect to the specified WLAN interface first 96s The MAC address of the wireless client is listed second 96s NWA3000 N Series User s Guide Appendix A Log Descriptions Table 103 WLAN Logs continued LOG MESSAGE DESCRIPTION Incorrect username or password for WPA or WPA2 enterprise internal aut
178. cense Expat License Copyright c 1998 1999 2000 Thai Open Source Software Center Ltd Permission is hereby granted free of charge to any person obtaining a copy of this software and associated documentation files the Software to deal in the Software without restriction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTI CULAR PURPOSE AND NONI NFRI NGEMENT IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE NWA3000 N Series User s Guide Appendix D Open Software Announcements This Product includes libtecla software under the an X11 style License an X11 style license This is a Free Software License This license is compatible with The GNU General Public License Version 1 This license is compatible with The GNU General Public License Ve
179. ces SNMP is a member of the TCP IP protocol suite Your NWA3000 N series AP supports SNMP agent functionality which allows a manger station to manage and monitor the NWA3000 N series AP through the network The NWA3000 N series AP supports SNMP version one SNMPv1 version two c SNMPv2c and version three SNMPv3 DFS DFS Dynamic Frequency Selection and TPC Transmit Power Control from IEEE 802 11h allows a wider choice of 802 11a wireless channels CAPWAP The ZyXEL Device can be managed via CAPWAP Control And Provisioning of Wireless Access Points which allows multiple APs to be configured and managed by a single AP controller NWA3000 N Series User s Guide Chapter 22 Product Specifications 22 1 Wall Mounting Instructions Complete the following steps to hang your NWA3000 N series AP on a wall Note See Table 96 on page 279 for the size of screws to use and how far apart to place them Select a position free of obstructions on a sturdy wall Drill two holes for the screws Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws Do not insert the screws all the way into the wall Leave a small gap of about 0 5 cm between the heads of the screws and the wall Make sure the screws are snugly fastened to the wall They need to hold the weight of the NWA3000 N series AP with the connection cables Align the holes on the back of the NWA3000 N ser
180. cing Radio 1 OP Mode AP Mode MON Mode DCS 3 Object Radio 1 Profile default M bi 3 System Log amp Report E NWA3000 N Series User s Guide Chapter 2 The Web Configurator 2 3 2 1 Dashboard The dashboard displays general device information system status system resource usage and interface status in widgets that you can re arrange to suit your needs For details on the Dashboard s features see Chapter 5 on page 75 2 3 2 2 Monitor Menu The monitor menu screens display status and statistics information Table 5 Monitor Menu Screens Summary FOLDER OR LINK TAB FUNCTION LAN Status Displays general LAN interface information and packet statistics Wireless AP Info Radio List Displays information about the radios of the connected APs AP List Displays which APs are currently connected to the NWA3000 N series AP This is available when the NWA3000 N series AP is in controller mode Station Info Displays information about the connected stations Rogue AP Displays information about suspected rogue APs Legacy Device Use these screens to connect to legacy NWA3000 N Info series AP 3000 APs This is available when the NWA3000 N series AP is in controller mode Log View Log Displays log entries for the NWA3000 N series AP View AP Displays logs for connected APs Log 2 3 2 3 Configuration Menu Use the configuration menu screens to configure t
181. cing configuration item has a description configured it displays here Refresh Click this to update the information in this screen Cancel Click Cancel to close the screen NWA3000 N Series User s Guide Chapter 2 The Web Configurator 2 3 5 1 CLI Messages Click CLI to look at the CLI commands sent by the Web Configurator These commands appear in a popup window such as the following Figure 15 CLI Messages gs cux Gear CLI start Click Clear to remove the currently displayed information Note See the Command Reference Guide for information about the commands 2 3 5 2 Console The Console allows you to use CLI commands from directly within the Web Configurator rather than having to use a separate terminal program In addition to logging in directly to the NWA3000 N series AP s CLI you can also log into other devices on the network through this Console It uses SSH to establish a connection NWA3000 N Series User s Guide Chapter 2 The Web Configurator Note To view the functions in the Web Configurator user interface that correspond directly to specific NWA3000 N series AP CLI commands use the CLI Messages window see Section 2 3 5 1 on page 40 in tandem with this one Figure 16 Console 192 168 1 1 22 Done 4 5 The following table describes the elements in this screen Table9 Console LABEL DESCRIPTION Command Line Rou
182. ck Apply to save your changes back to the NWA3000 N series AP Reset Click Reset to return the screen to its last saved settings NWA3000 N Series User s Guide Chapter 10 Device HA 10 3 Active Passive Mode The Device HA Active Passive Mode screen lets you configure general active passive mode device HA settings view and manage the list of monitored interfaces and synchronize backup NWA3000 N series APs To access this screen click Configuration gt Device HA gt Active Passive Mode Figure 58 Configuration gt Device HA gt Active Passive Mode Seo arae Hide Advanced Settings General Settings Device Role Master Backup Cluster Settings Cluster ID 1 Authentication None Y Monitored Interface Summary Statt Interface Virtual Router IP Netmask Management IP Netmas Link Status 1 y lan 1255 255 255 255 255 0 Up Page 1 ofi Show 50 items Displaying 1 1of 1 Synchronization Server Address Server Port 21 Configure Password Q Note Backup device s configuration can synchronize with master device s NWA3000 N Series User s Guide Chapter 10 Device HA The following table describes the labels in this screen Table 45 Configuration gt Device HA gt Active Passive Mode LABEL DESCRIPTION Show Hide Advanced Settings Click this button to display a greater or lesser number of configuration fields Device Role S
183. code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgment This product includes software developed by the OpenSSL Project foruse in the OpenSSL Toolkit http www openssl org 4 The names OpenSSL Toolkit and OpenSSL Project must not be used to endorse or promote products derived from this software without prior written permission For written permission please contact openssl core openssl org 5 Products derived from this software may not be called OpenSSL nor may OpenSSL appear in their names without prior written permission of the OpenSSL Project 6 Redistributions of any form whatsoever must retain the following NWA3000 N Series User s Guide Appendix D Open Software Announcements acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILIT
184. ct thereto Please contact the appropriate software vendor or manufacturer directly for technical support and customer service related to its software and products 5 Confidentiality You acknowledge that the Software contains proprietary trade secrets of ZyXEL and you hereby agree to maintain the confidentiality of the Software using at least as great a degree of care as you use to maintain the confidentiality of your own most confidential information You agree to reasonably communicate the terms and conditions of this License Agreement to those persons employed by you who come into contact with the Software and to use reasonable best efforts to ensure their compliance with such terms and conditions including without limitation not knowingly permitting such persons to use any portion of the Software for the purpose of deriving the source code of the Software 6 No Warranty THE SOFTWARE IS PROVIDED AS IS TO THE MAXI MUM EXTENT PERMITTED BY LAW ZyXEL DISCLAI MS ALL WARRANTIES OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT ZyXEL DOES NOT WARRANT THAT THE FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET ANY REQUIREMENTS OR NEEDS YOU MAY HAVE OR THAT THE SOFTWARE WILL OPERATE ERROR FREE OR IN AN UNINTERUPTED FASHION OR THAT ANY DEFECTS OR ERRORS IN THE SOFTWARE WILL BE CORRECTED OR THAT THE SOFTWARE IS COMPATIBLE WITH ANY
185. ctor to the NWA3000 N series AP 4 Ifthis does not work you have to reset the device to its factory defaults See Section 21 6 on page 277 cannot access the NWA3000 N series AP via the console port 1 Check to see if the NWA3000 N series AP is connected to your computer s console port 2 Check to see if the communications program is configured correctly The communications software should be configured as follows VT100 terminal emulation 115200 bps is the default speed on leaving the factory Try other speeds in case the speed has been changed No parity 8 data bits 1 stop bit data flow set to none cannot use FTP to upload download the configuration file cannot use FTP to upload new firmware See the troubleshooting suggestions for cannot see or access the Login screen in the web configurator Ignore the suggestions about your browser 21 4 Internet Access cannot access the Internet 270 NWA3000 N Series User s Guide Chapter 21 Troubleshooting 1 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 21 2 on page 267 2 Make sure you entered your ISP account information correctly These fields are case sensitive so make sure Caps Lock is not on 3 If you are trying to access the Internet wirelessly make sure the wireless settings on the wireless client are the same as the settings on the AP 4 Disconnect a
186. ctory application code you must include an acknowledgement This product includes software written by Tim Hudson tjh cryptsoft com THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTI CULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LI ABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTI ON HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDI NG NEGLI GENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The licence and distribution terms for any publically available version or derivative of this code cannot be changed i e this code cannot simply be copied and put under another distribution licence This Product includes libevent and xinetd software under the a 3 clause BSD License a 3 clause BSD style license This is a Free Software License This license is compatible with The GNU General Public License Version 1 This license is compatible with The GNU General Public License Version 2 This is the BSD license without the obnoxious advertising clause It s also known as the modified
187. curity certificate was issued by a company you have not chosen to trust View the certificate to determine whether you want to trust the certifying authority The security certificate date is valid The name on the security certificate is invalid or does not match the name of the site Do you want to proceed View Certificate NWA3000 N Series User s Guide Chapter 15 System 15 5 5 2 Avoiding Browser Warning Messages Here are the main reasons your browser displays warnings about the NWA3000 N series AP s HTTPS server certificate and what you can do to avoid seeing the warnings The issuing certificate authority of the NWA3000 N series AP s HTTPS server certificate is not one of the browser s trusted certificate authorities The issuing certificate authority of the NWA3000 N series AP s factory default certificate is the NWA3000 N series AP itself since the certificate is a self signed certificate For the browser to trust a self signed certificate import the self signed certificate into your operating system as a trusted certificate To have the browser trust the certificates issued by a certificate authority import the certificate authority s certificate into your operating system as a trusted certificate Refer to Appendix B on page 305 for details 15 5 5 3 Login Screen After you accept the certificate the NWA3000 N series AP login screen appears The lock displayed in the bottom of the browser status ba
188. d if selected means the HTTPS client must send the NWA3000 N series AP a certificate You must apply for a certificate for the browser from a CA that is a trusted CA on the NWA3000 N series AP Please refer to the following figure 1 HTTPS connection requests from an SSL aware web browser go to port 443 by default on the NWA3000 N series AP s web server 2 HTTP connection requests from a web browser go to port 80 by default on the NWA3000 N series AP s web server Figure 89 HTTP HTTPS Implementation Web Server 443 80 HTTPS HTTP Note If you disable HTTP in the WWW screen then the NWA3000 N series AP blocks all HTTP connection attempts 15 5 4 Configuring WWW Service Control Click Configuration System WWW to open the WWW screen Use this screen to specify HTTP or HTTPS settings NWA3000 N Series User s Guide Chapter 15 System Figure 90 Configuration gt System gt WWW gt Service Control HTTPS 7 Enable Server Port Server Certificate HTTP V Enable Server Port Authenticate Client Certificates F Redirect HTTP to HTTPS Service Control 443 See Trusted CAs default x 80 Apply Reset The following table describes the labels in this screen Table 73 Configuration gt System gt WWW gt Service Control LABEL DESCRIPTION HTTPS Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address
189. d is a reduction in network traffic since the NWA3000 N series AP only gets information on the certificates that it needs to verify not a huge list When the NWA3000 N series AP requests certificate status information the OCSP server returns a expired current or unknown response NWA3000 N Series User s Guide Chapter 14 Certificates NWA3000 N Series User s Guide System 15 1 Overview Use the system screens to configure general NWA3000 N series AP settings 15 1 1 What You Can Do in this Chapter The Host Name screen Section 15 2 on page 194 configures a unique name for the NWA3000 N series AP in your network The Date Time screen Section 15 3 on page 194 configures the date and time for the NWA3000 N series AP The Console Speed screen Section 15 4 on page 199 configures the console port speed when you connect to the NWA3000 N series AP via the console port using a terminal emulation program The WWW screens Section 15 5 on page 200 configure settings for HTTP or HTTPS access to the NWA3000 N series AP The SSH screen Section 15 6 on page 209 configures SSH Secure SHell for securely accessing the NWA3000 N series AP s command line interface The Telnet screen Section 15 7 on page 214 configures Telnet for accessing the NWA3000 N series AP s command line interface The FTP screen Section 15 8 on page 215 specifies FTP server settings You can upload and download the NWA3000 N se
190. d is descri bed in the following table Table 39 Configuration gt Wireless gt Edit AP List LABEL DESCRIPTION Create new Use this menu to create a new Radio or SSI D object to associate Object with this AP MAC Address This displays the MAC address of the selected AP Model This field displays the AP s hardware model information It displays N A not applicable only when the AP disconnects from the NWA3000 N series AP and the information is unavailable as a result Description Enter a description for this AP You can use up to 31 characters spaces and underscores allowed NWA3000 N Series User s Guide Chapter 9 Wireless 9 4 MON Mode Table 39 Configuration gt Wireless gt Edit AP List continued LABEL DESCRIPTION Radio 1 OP Mode Select the operating mode for radio 1 AP Mode means the AP can receive connections from wireless clients and pass their data traffic through to the NWA3000 N series AP to be managed or subsequently passed on to an upstream gateway for managing MON Mode means the AP monitors the broadcast area for other APs then passes their information on to the NWA3000 N series AP where it can be determined if those APs are friendly or rogue If an AP is set to this mode it cannot receive connections from wireless clients Radio 1 Profile Select the profile the radio uses If no profile exists you can create a new one through the Create new Objec
191. d the NWA3000 N series AP The DCS screen Section 9 6 on page 122 configures dynamic radio channel selection 9 1 2 What You Need to Know The following terms and concepts may help as you read this chapter Station Wireless Client A station or wireless client is any wireless capable device that can connect to an AP using a wireless signal Dynamic Channel Selection DCS Dynamic Channel Selection DCS is a feature that allows an AP to automatically select the radio channel upon which it broadcasts by scanning the area around it and determining what channels are currently being used by other devices NWA3000 N Series User s Guide EU Chapter 9 Wireless Load Balancing Wireless Wireless load balancing is the process where you limit the number of connections allowed on an wireless access point AP or you limit the amount of wireless traffic transmitted and received on it so the AP does not become overloaded 9 2 Controller Use this screen to set how the NWA3000 N series AP allows new APs to connect to the network This is available when the NWA3000 N series AP is in controller mode Click Configuration gt Wireless gt Controller to access this screen Figure 43 Configuration Wireless Controller Controller Setting Registration Type 2 Manual 9 Always Accept Each field is described in the following table Table 36 Configuration Wireless Controller LABEL DESCRIPTION
192. dd Name Subject Issuer Valid From Valid To 1 example CNeexample example c CN example example c 2009 11 13 05 23 03 GM 2012 11 12 05 23 03 GM Page 1 of 1 Show 50 v items Displaying 1 1 of 1 Import Refresh The following table describes the labels in this screen Table 62 Configuration Object Certificate My Certificates LABEL DESCRIPTION PKI Storage This bar displays the percentage of the NWA3000 N series AP s PKI Space in Use storage space that is currently in use When the storage space is almost full you should consider deleting expired or unnecessary certificates before adding more certificates Add Click this to go to the screen where you can have the NWA3000 N series AP generate a certificate or a certification request Edit Double click an entry or select it and click Edit to open a screen with an in depth list of information about the certificate Remove The NWA3000 N series AP keeps all of your certificates unless you specifically delete them Uploading a new firmware or default configuration file does not delete your certificates To remove an entry select it and click Remove The NWA3000 N series AP confirms you want to remove it before doing so Subsequent certificates move up by one when you take this action Object You cannot delete certificates that any of the NWA3000 N series AP s References features are configured to use Select an entry and click Object References to open
193. ddr Netmask This field displays the current IP address and subnet mask assigned to the interface If the IP address and subnet mask are 0 0 0 0 the interface is disabled or did not receive an IP address and subnet mask via DHCP If this interface is a member of an active virtual router this field displays the IP address it is currently using This is either the static IP address of the interface if it is the master or the management IP address if it is a backup IP Assignment This field displays how the interface gets its IP address Static This interface has a static IP address DHCP Client This interface gets its IP address from a DHCP server Action Use this field to get or to update the IP address for the interface Click Renew to send a new DHCP request to a DHCP server Click Connect to try to connect the interface If the interface cannot use one of these ways to get or to update its IP address this field displays n a Port Statistics Table Switch to Click this to display the port statistics as a line graph Graphic View Status This field displays the current status of the physical port Down The physical port is not connected Speed Duplex The physical port is connected This field displays the port speed and duplex setting Full or Half TxPkts This field displays the number of packets transmitted from the NWA3000 N series AP on the physical port since it was last connected
194. de Chapter 10 Device HA Cluster ID You can have multiple NWA3000 N series AP virtual routers on your network Use a different cluster ID to identify each virtual router In the following example NWA3000 N series APs A and B form a virtual router that uses cluster ID 1 NWA3000 N series APs C and D form a virtual router that uses cluster ID 2 Figure 61 Cluster IDs for Multiple Virtual Routers Monitored Interfaces in Active Passive Mode Device HA You can select which interfaces device HA monitors If a monitored interface on the NWA3000 N series AP loses its connection device HA has the backup NWA3000 N series AP take over Enable monitoring for the same interfaces on the master and backup NWA3000 N series APs Each monitored interface must have a static IP address and be connected to the same subnet as the corresponding interface on the backup or master NWA3000 N series AP Virtual Router and Management IP Addresses f a backup takes over for the master it uses the master s IP addresses These P addresses are know as the virtual router IP addresses Each interface can also have a management IP address You can connect to this P address to manage the NWA3000 N series AP regardless of whether it is the master or the backup For example NWA3000 N series AP B takes over A s 192 168 1 2 LAN interface IP address This is a virtual router IP address NWA3000 N series AP A keeps it s LAN management IP address of 192 168 1
195. displays indicating the SSH protocol version supported by the NWA3000 N series AP Figure 98 SSH Example 2 Test telnet 192 168 1 2 22 Trying 192 168J1 2415 Connected to 192 168 1 2 Escape character is SSH 1 5 1 0 0 2 Enter ssh 1 192 168 1 2 This command forces your computer to connect to the NWA3000 N series AP using SSH version 1 If this is the first time you are connecting to the NWA3000 N series AP using SSH a message displays prompting you to save the host information of the NWA3000 N series AP Type yes and press ENTER Then enter the password to log in to the NWA3000 N series AP Figure 99 SSH Example 2 Log in ssh 1 192 168 1 2 The authenticity of host 192 168 1 2 192 168 1 2 RSAl key fingerprint is 21 6c 07 25 7e f4 75 80 ec a bd d4 34d4 80 53 d1 Are you sure you want to continue connecting yes no yes Warning Permanently added 192 168 1 2 RSA1 to the list of known hosts Administrator8192 168 1 2 s password can t be established 3 The CLI screen displays next 15 7 Telnet You can use Telnet to access the NWA3000 N series AP s command line interface Click Configuration System TELNET to configure your NWA3000 N series AP for remote Telnet access Use this screen to enable or disable Telnet and set the server port number NWA3000 N Series User s Guide Chapter 15 System Figure 100 Configuration System TELNET er O O O O OOOO
196. e Version Boot Module Current Version 2 23 UJA 0 Released Date 2010 11 24 10 58 37 Upload File To upload firmware package browse to the location of the file and then dick Upload File Path Browse The following table describes the labels in this screen Table 89 Maintenance gt File Manager gt Firmware Package LABEL DESCRIPTION Boot This is the version of the boot module that is currently on the NWA3000 N Module series AP Current This is the firmware version and the date created Version Released This is the date that the version of the firmware was created Date File Path Type in the location of the file you want to upload in this field or click Browse to find it Browse Click Browse to find the bin file you want to upload Remember that you must decompress compressed zip files before you can upload them Upload Click Upload to begin the upload process This process may take up to two minutes NWA3000 N Series User s Guide Chapter 17 File Manager After you see the Firmware Upload in Process screen wait two minutes before logging into the NWA3000 N series AP again Note The NWA3000 N series AP automatically reboots after a successful upload The NWA3000 N series AP automatically restarts causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure
197. e NWA3000 N series AP to its factory default settings If you backed up an earlier configuration file you won t have to totally re configure the NWA3000 N series AP you can simply restore your last configuration 1 6 Hardware Connections See your Quick Start Guide for information on making hardware connections NWA3000 N Series User s Guide Chapter 1 Introduction 1 7 LEDs The following are the LED descriptions for your NWA3000 N series AP Figure8 LEDs Table2 LEDs LABEL COLOR STATUS DESCRIPTION WLAN Green On The wireless LAN is active Blinking The wireless LAN is active and transmitting or receiving data Off The wireless LAN is not active NWA3000 N Series User s Guide Chapter 1 Introduction Table 2 LEDs continued LABEL COLOR STATUS DESCRIPTION ETHERNET Green On The NWA3000 N series AP has a 10 100 Mbps Ethernet connection Blinking The NWA3000 N series AP has a 10 100 Mbps Ethernet connection and is sending or receiving data Yellow On The NWA3000 N series AP has a 1000 Mbps Ethernet connection Blinking The NWA3000 N series AP has a 1000 Mbps Ethernet connection and is sending receiving data Off The NWA3000 N series AP does not have an Ethernet connection POWER SYS Green On The NWA3000 N series AP is receiving power and functioning properly Off The NWA3000 N series AP is not receiving power Red Blinking Either fthe LED
198. e IP address of the gateway The NWA3000 N series AP sends packets to the gateway when it does not know how to route the packet to its destination The gateway should be on the same network as the interface DNS Server Use this section to specify the IP addresses for the NWA3000 N series Settings AP to use Use one of the following ways to specify these IP addresses User Defined enter a static IP address From I SP select the DNS server that another interface received from its DHCP server Add Click this to create a new entry Select an entry and click Add to create a new entry after the selected entry Edit Double click an entry or select it and click Edit to be able to modify the entry s settings Remove To remove an entry select it and click Remove The NWA3000 N series AP confirms you want to remove it before doing so Note that subsequent entries move up by one when you take this action Move To change an entry s position in the numbered list select the entry and click Move to display a field to type a number for where you want to put it and press ENTER to move the rule to the number that you typed This is the index number of the DNS server address entry The ordering of your entries is important as the NWA3000 N series AP uses them in sequence A hyphen displays for the default DNS server address entry The NWA3000 N series AP uses this default entry if it cannot get a reply for any of the
199. e LAN IP Address and Management VLAN vlan99 This section shows you how to set up the LAN IP address and the VLAN for managing the controller This is only for network administrators to manage the controller NWA3000 N Series User s Guide Chapter 4 Tutorials 1 Open the controller s Configuration gt LAN Setting screen occ BEEN IP Address Assignment IP Address 10 10 99 10 Subnet Mask 255 255 255 0 Gateway 10 10 99 10 Optional DNS Server Settings Add gt a Type DNS Server Default N A VLAN Settings Management VLAN ID 99 154094 V As Native VLAN Apply Reset IP Address Enter 10 10 99 10 Subnet Mask Enter 255 255 255 0 Gateway Enter 10 10 99 10 Management VLAN ID Enter 99 as the VLAN ID tag Click Apply to save these changes 2 Configure your DHCP server with the controller s IP address configured as option 138 so the managed NWA3000 N series APs can get the controller s IP address from it See Chapter 7 on page 103 for details 4 1 3 Set Up Wireless User Authentication This section shows you how to set up the controller s internal RADIUS server and user accounts Note If you did not replace the factory default certificate with one that uses your NWA3000 N series AP s MAC address when you first logged into the NWA3000 N series AP do it now in the Object gt Certificate gt My Certificates Screen NWA3000 N Series User s Guide Chapter 4 Tu
200. e a certification request and enroll For a certificate immediately online Enrollment Protocol Certificate Management Protocol CMP CA Server Address CA Certificate test cer See Truste Cancel NWA3000 N Series User s Guide 177 Chapter 14 Certificates 178 The following table describes the labels in this screen Table 63 Configuration Object Certificate My Certificates Add LABEL DESCRIPTION Name Type a name to identify this certificate You can use up to 31 alphanumeric and amp characters Subject Use these fields to record information that identifies the owner of Information the certificate You do not have to fill in every field although you must specify a Host IP Address Host Domain Name or E Mail The certification authority may add fields such as a serial number to the subject information when it issues a certificate It is recommended that each certificate have unique subject information Select a radio button to identify the certificate s owner by IP address domain name or e mail address Type the IP address in dotted decimal notation domain name or e mail address in the field provided The domain name or e mail address is for identification purposes only and can be any string A domain name can be up to 255 characters You can use alphanumeric characters the hyphen and periods An e mail address can be up to 63 characters
201. e encryption method required for a wireless client to associate itself with the SSID You can have a maximum of 32 security profiles on the NWA3000 N series AP NWA3000 N Series User s Guide 147 Chapter 12 AP Profile MACFiltering This profile provides an additional layer of security for an SSID allowing you to block access or allow access to that SSID based on wireless client MAC addresses If a client s MAC address is on the list then it is either allowed or denied depending on how you set up the MAC Filter profile You can have a maximum of 32 MAC filtering profiles on the NWA3000 N series AP SSID The SSID Service Set IDentifier is the name that identifies the Service Set with which a wireless station is associated Wireless stations associating to the access point AP must have the same SSID In other words it is the name of the wireless network that clients use to connect to it WEP WEP Wired Equivalent Privacy encryption scrambles all data packets transmitted between the AP and the wireless stations associated with it in order to keep network communications private Both the wireless stations and the access points must use the same WEP key for data encryption and decryption WPA and WPA2 Wi Fi Protected Access WPA is a subset of the IEEE 802 11i standard WPA2 IEEE 802 11i is a wireless security standard that defines stronger encryption authentication and key management than WPA Key differences between
202. e highest number of station aka wireless client connections during the past 24 hours This field displays the rank of the station AP MAC This field displays the MAC address of the AP to which the station belongs Max Station Count This field displays the maximum number of wireless clients that have connected to this AP AP Description This displays the description of the AP to which the radio belongs WLAN Interface Status Summary When the NWA3000 N series AP is in standalone mode this displays status information for the WLAN interface Status This displays whether or not the WLAN interface is activated MAC Address This displays the MAC address of the radio NWAJ3000 N Series User s Guide Chapter 5 Dashboard Table 17 Dashboard continued LABEL DESCRIPTION Radio This indicates the radio number on the NWA3000 N series AP Band This indicates the wireless frequency band currently being used by the radio OP Mode This indicates the radio s operating mode Operating modes are AP access point or MON monitor Channel This indicates the channel number the radio is using Station This displays the number of wireless clients connected to the NWA3000 N series AP 5 2 1 CPU Usage Use this screen to look at a chart of the NWA3000 N series AP s recent CPU usage To access this screen click CPU Usage in the dashboard Figure 24
203. e interface s IP address and subnet mask Whichever IP Netmask NWA3000 N series AP is the master uses this virtual router IP address and subnet mask Management This field displays the interface s management IP address and subnet IP Netmask mask You can use this IP address and subnet mask to access the NWA3000 N series AP whether it is in master or backup mode Link Status This tells whether the monitored interface s connection is down or up NWA3000 N Series User s Guide Chapter 10 Device HA Table 44 Configuration gt Device HA gt General continued LABEL DESCRIPTION HA Status The text before the slash shows whether the device is configured as the master or the backup role This text after the slash displays the monitored interface s status in the virtual router Active This interface is up and using the virtual IP address and subnet mask Stand By This interface is a backup interface in the virtual router It is not using the virtual IP address and subnet mask Fault This interface is not functioning in the virtual router right now In active passive mode or in legacy mode with link monitoring enabled if one of the master NWA3000 N series AP s interfaces loses its connection the master NWA3000 N series AP forces all of its interfaces to the fault state so the backup NWA3000 N series AP can take over all of the master NWA3000 N series AP s functions Apply Cli
204. e latest version of the Java program http www java com To login in through the Console 1 Click the Console button on the Web Configurator title bar MeamERdmin icacut QHep ZAbout Sitemap object Reference NWA3000 N Series User s Guide Chapter 2 The Web Configurator 3 Next enter the User Name of the account being used to log into your target device and then click OK v Console 4 You may be prompted to authenticate your account password depending on the type of device that you are logging into Enter the password and click OK If your login is successful the command line appears and the status bar at the 5 bottom of the Console updates to reflect your connection state NWA3000 N Series User s Guide Chapter 2 The Web Configurator 2 3 6 Tables and Lists The Web Configurator tables and lists are quite flexible and provide several options for how to display their entries 2 3 6 1 Manipulating Table Display Here are some of the ways you can manipulate the Web Configurator tables 1 Click a column heading to sort the table s entries according to that column s criteria Configuration Add m m 1 admin admin Administration account 2 test limited admin limited admin Local User 3 test user user Local User Page 1 ofi Show 50 v items Displaying 1 3 of 3 2 Click the down arrow next to a column heading for more options about how to display the entries Th
205. e may not be called Apache nor may Apache appear in their name without prior written permission of the Apache Software Foundation THIS SOFTWARE IS PROVIDED AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTI CULAR PURPOSE ARE DISCLAI MED IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE This software consists of voluntary contributions made by many individuals on behalf of the Apache Software Foundation For more information on the Apache Software Foundation please see lt http www apache org gt Portions of this software are based upon public domain software originally written at the National Center for Supercomputing Applications University of Illinois Urbana Champaign This Product includes gmp under LGPL license GNU LESSER GENERAL PUBLIC LICENSE Version 2 1 February 1999 Copyright C 1991 1999 Free Software Foundation Inc 59 Temple Place Suite 330 B
206. e name assigned to the trusted AP profile IP Address This field indicates the IP address of the trusted AP in dotted decimal notation Mask This field indicates the subnet mask of the trusted AP in dotted decimal notation The subnet mask indicates what part of the IP address is the same for all computers in the network Description This field shows the information listed to help identify the trusted AP profile Apply Click OK to save your changes back to the NWA3000 N series AP Reset Click Reset to start configuring this screen afresh 15 10 2 Adding or Editing a Trusted AP Profile This screen allows you to add or edit an internal RADIUS server trusted AP profile To access this screen click the Configuration gt System gt Auth Server screen s Add button or select a trusted AP profile from the list and click the Edit button Figure 107 Configuration System Auth Server Add Add Trusted Client V Activate Profile Name IP Address Netmask Secret Description The following table describes the labels in this screen Table 81 Configuration System Auth Server LABEL DESCRIPTION Activate Select this to turn on this trusted AP profile Profile Name Type a name for the trusted AP profile IP Address Type the IP address of the trusted AP in dotted decimal notation Netmask Type the subnet mask of the trusted AP in dotted decimal notation The su
207. e object to be synchronized 2ed 96s The feature name for the object to be synchronized Update s for s has failed s Updating a certain object failed when updating AS AV IDP Certificate System Configuration due to some reason 1st name for the object to be synchronized NWA3000 N Series User s Guide 96s The object to be synchronized 2ed 96s The feature Appendix A Log Descriptions Table 102 Device HA Logs continued LOG MESSAGE DESCRIPTION Device HA has skipped syncing s since s is Ss A certain service has no license or the license is expired so it was not synchronized from the Master 1st s The object to be synchronized 2ed s The feature name for the object to be synchronized 3rd s unlicensed or license expired Device HA authentication type for VRRP group s maybe wrong A VRRP group s Authentication Type Md5 or IPSec AH configuration may not match between the Backup and the Master s The name of the VRRP group Device HA authenticaton string of text for VRRP group s maybe wrong A VRRP group s Simple String Md5 configuration may not match between the Backup and the Master 96s The name of the VRRP group Device HA authentication string of AH for VRRP group s maybe wrong A VRRP group s AH String IPSec AH configuration may not match between the Backup and the Master 96s The name of the VRRP group Retrying to update
208. e of encryption method to use 3 Authentication and Data Transmission After the identification is verified and data encryption activated a secure tunnel is established between the client and the server The client then sends its authentication information user name and password to the server to log in to the server 15 6 2 SSH Implementation on the NWA3000 N series AP Your NWA3000 N series AP supports SSH versions 1 and 2 using RSA authentication and four encryption methods AES 3DES Archfour and Blowfish The SSH server is implemented on the NWA3000 N series AP for management using port 22 by default 15 6 3 Requirements for Using SSH You must install an SSH client program on a client computer Windows or Linux operating system that is used to connect to the NWA3000 N series AP over SSH NWA3000 N Series User s Guide 29 Chapter 15 System 15 6 4 Configuring SSH Click Configuration System SSH to open the following screen Use this screen to configure your NWA3000 N series AP s Secure Shell settings Note It is recommended that you disable Telnet and FTP when you configure SSH for secure connections Figure 96 Configuration System SSH SSH General Settings 7 Enable 7 Version 1 Server Port Server Certificate default hi The following table describes the labels in this screen Table 74 Configuration System SSH LABEL DESCRIPTION Enable Select t
209. e options available vary depending on the type of fields in the column Here are some examples of what you can do Sort in ascending alphabetical order Sort in descending reverse alphabetical order Select which columns to display Group entries by field Show entries in groups Filter by mathematical operators lt gt or or searching for text Configuration Add User Name User Type 1 admin admin Sort Ascending 2 test limted admin limited admin Z Sort Descending 3 test user user Page 1 of i Show 50 items 8 Columns rim s Group By This Field V User Name M Show in Groups V User Type 1 V Description NWA3000 N Series User s Guide Chapter 2 The Web Configurator 3 Select a column heading cell s right border and drag to re size the column Configuration Add amp User Name a Description 1 admin Administration account 2 test limited admin Local User 3 test user Local User Page 1 ofi Displaying 1 3of 3 4 Select a column heading and drag and drop it to change the column order A green check mark displays next to the column s title when you drag the column to a valid new location Configuration Add 9 4 User Name User Type Description 1 admin admin X RERE account F User Name 2 test limted admin limited admin 3 test user user Local User Page 1 ofi Show 50 v items Displaying 1 3of 3 5 Use the icons and fields at the bot
210. e text box Click Browse if you wish to import a different certificate Certificate Import Wizard Xj File to Import Specify the file you want to import ile name Note More than one certificate can be stored in a single file in the Following Formats Personal Information Exchange PKCS 12 PFX P12 Cryptographic Message Syntax Standard PKCS 7 Certificates P7B Microsoft Serialized Certificate Store SST NWA3000 N Series User s Guide Chapter 15 System 3 Enter the password given to you by the CA Certificate Import Wizard Ni xij Password To maintain security the private key was protected with a password Type the password for the private key Password pee Enable strong private key protection You wil be prompted every time the private key is used by an application if you enable this option Mark the private key as exportable cma 4 Havethe wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location Certificate Import Wizard E xi Certificate Store Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location for C Place all certificates in the following store NWA3000 N Series User s Guide 207 Chapter 15 System 5 Click Finish to complet
211. e the wizard and begin the import process Certificate Import Wizard g XI Completing the Certificate Import Wizard You have successfully completed the Certificate Import wizard You have specified the following settings Certificate Store Selected Automatically determined by t D Projects_2003 10 CPE2 cp 6 You should see the following screen when the certificate is correctly installed on your computer a i The import was successful 15 5 5 7 Using a Certificate When Accessing the NWA3000 N series AP To access the NWA3000 N series AP via HTTPS 1 Enter https NWA3000 N series AP IP Address in your browser s web address field E about blank Microsoft Internet Explorer Elle Edit view Favorites Tools Help Bak v gt A search GgFavorites History Eh 3 mi gl C3 o Address httos 192 166 1 1 NWA3000 N Series User s Guide Chapter 15 System When Authenticate Client Certificates is selected on the NWA3000 N series AP the following screen asks you to select a personal certificate to send to the NWA3000 N series AP This screen displays even if you only have a single certificate as in the example Client Authentication Id i m The Web ate vol anl Vo we rents Menlo Select the certificate to use when connecting Note r T i aie eee Turn off Popup Window Blocking in 5 Tum on Sava RNs CNFUURUE RE M your WD bro
212. e with the IEEE 802 11b standard This means an IEEE 802 11b adapter can interface directly with an IEEE 802 11g access point and vice versa at 11 Mbps or lower depending on range IEEE 802 11g has NWAJ3000 N Series User s Guide 323 Appendix C Wireless LANs several intermediate rate steps between the maximum and minimum data rates The IEEE 802 11g data rate and modulation are as follows Table 114 IEEE 802 11g MBPS MODULATION 1 DBPSK Differential Binary Phase Shift Keyed 2 DQPSK Differential Quadrature Phase Shift Keying 5 5 11 CCK Complementary Code Keying 6 9 12 18 24 36 OFDM Orthogonal Frequency Division Multiplexing 48 54 Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless clients access points and the wired network Wireless security methods available on the NWA3000 N series AP are data encryption wireless client authentication restricting access by device MAC address and hiding the NWA3000 N series AP identity The following figure shows the relative effectiveness of these wireless security methods available on your NWA3000 N series AP Table 115 Wireless Security Levels SECURITY LEVEL SECURITY TYPE Least Unique SSID Default Secure Unique SSID with Hide SSID Enabled MAC Address Filtering WEP Encryption EEE802 1x EAP with RADIUS Server Authentication Wi Fi Protected Access WPA
213. eb Configurator screens NWA3000 N Series User s Guide Chapter 6 Monitor Table 29 Monitor gt Wireless gt Legacy Device Info continued LABEL DESCRIPTION IP This is the IP address of the legacy AP Description This is manually entered information about the legacy AP represented by this entry 6 8 1 Legacy Device Info Add or Edit Use this screen to configure an entry for linking to a compatible legacy AP s Web Configurator The legacy AP must also be in controller mode Click Monitor gt Wireless gt Rogue AP gt Legacy Device Info and then click the Add button or select a radio profile from the list and click the Edit button to access this screen Figure 35 Monitor gt Wireless gt Legacy Device Info gt Add Add Legacy Device x Device IP Address Description Cancel The following table describes the labels in this screen Table 30 Monitor Wireless Legacy Device Info LABEL DESCRIPTION Device IP Enter the legacy AP s IP address Address Description Enter a description to help you identify the legacy AP OK Click OK to save your changes back to the NWA3000 N series AP Cancel Click Cancel to exit this screen without saving your changes 6 9 View Log Log messages are stored in two separate logs one for regular log messages and one for debugging messages In the regular log you can look at all the log messages b
214. ecovery purposes You shall not exceed the scope of the license granted hereunder Any rights not expressly granted by ZyXEL to you are reserved by ZyXEL and all implied licenses are disclaimed 2 Ownership You have no ownership rights in the Software Rather you have a license to use the Software as long as this License Agreement remains in full force and effect Ownership of the Software Documentation and all intellectual property rights therein shall remain at all times with ZyXEL Any other use of the Software by any other entity is strictly forbidden and is a violation of this License Agreement 3 Copyright The Software and Documentation contain material that is protected by international copyright law trade secret law international treaty provisions and the applicable national laws of each respective country All rights not granted to you herein are expressly reserved by ZyXEL You may not remove NWA3000 N Series User s Guide Appendix D Open Software Announcements any proprietary notice of ZyXEL or any of its licensors from any copy of the Software or Documentation 4 Restrictions You may not publish display disclose sell rent lease modify store loan distribute or create derivative works of the Software or any part thereof You may not assign sublicense convey or otherwise transfer pledge as security or otherwise encumber the rights and licenses granted hereunder with respect to the Software ZyXEL is not
215. ed by MD5 for authentication Select SHA to require the SNMPv3 user s password be encrypted by SHA for authentication Privacy Select the type of encryption the SNMPv3 user must use to connect to the NWA3000 N series AP using this SNMPv3 user profile Select NONE to not encrypt the SNMPv3 communications Select DES to use DES to encrypt the SNMPv3 communications Select AES to use AES to encrypt the SNMPv3 communications Privilege Select whether the SNMPv3 user can have read only or read and write access to the NWA3000 N series AP using this SNMPv3 user profile OK Click OK to save your changes back to the NWA3000 N series AP Cancel Click Cancel to exit this screen without saving your changes 15 10 Internal RADIUS Server The NWA3000 N series AP can use its internal Remote Authentication Dial In User Service RADIUS server to authenticate the wireless clients of trusted APs RADIUS is a protocol that enables you to control access to a network by authenticating user credentials NWA3000 N Series User s Guide Chapter 15 System The following figure shows how this is done Wireless clients make access requests to trusted APs which relay the requests to the NWA3000 N series AP Figure 105 Trusted APs Overview RADIUS Server Trusted APs Wireless clients Certificates are used by wireless clients to authenticate the RADIUS server These are digital signatures that identify netw
216. ed to accept this License since you have not signed it However nothing else grants you permission to modify or distribute the Program or its derivative works These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License to do so and all its terms and conditions for copying distributing or modifying the Program or works based on it 6 Each time you redistribute the Program or any work based on the Program the recipient automatically receives a license from the original licensor to copy distribute or modify the Program subject to these terms and conditions You may not impose any further restrictions on the recipients exercise of the rights granted herein You are not responsible for enforcing compliance by third parties to this License 7 If as a consequence of a court judgment or allegation of patent infringement or for any other reason not limited to patent issues conditions are imposed on you whether by court order agreement or otherwise that contradict the conditions of this License they do not excuse you from the conditions of this License If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Program at all For example if a patent license would not permit royalty free
217. el Selection Method Available channels m NOM b QN ne 5 GHz Settings 7 Enable 5 GHz DFS Aware 5 GHz Channel Selection Method IET 720 1071440 minutes w High manual Channels selected auto Each field is described in the following table Table 43 Configuration Wireless DCS LABEL DESCRIPTION Enable Dynamic Channel Selection Select this to have the NWA3000 N series AP automatically select the radio channel upon which it broadcasts by scanning the area around it and determining what channels are currently being used by other devices DCS Time Interval Enter a number of minutes This regulates how often the NWA3000 N series AP surveys the other APs within its broadcast radius If the channel on which it is currently broadcasting suddenly comes into use by another AP the NWA3000 N series AP will then dynamically select the next available clean channel or a channel with lower interference NWA3000 N Series User s Guide Chapter 9 Wireless Table 43 Configuration gt Wireless gt DCS continued LABEL DESCRIPTION DCS Sensitivity Select the AP s sensitivity level toward other channels Options are Level High Medium and Low Generally as long as the area in which your AP is located has minimal interference from other devices you can set the DCS Sensitivity Level to Low This means that the AP has a very broad tolerance If you are not
218. elect the device HA role that the NWA3000 N series AP plays in the virtual router Choices are Master This NWA3000 N series AP is the master NWA3000 N series AP in the virtual router This NWA3000 N series AP uses the virtual IP address for each monitored interface Note Do not set this field to Master for two or more NWA3000 N series APs in the same virtual router same cluster ID Backup This NWA3000 N series AP is a backup NWA3000 N series AP in the virtual router This NWA3000 N series AP does not use any of the virtual IP addresses Priority This field is available for a backup NWA3000 N series AP Type the priority of the backup NWA3000 N series AP The backup NWA3000 N series AP with the highest value takes over the role of the master NWA3000 N series AP if the master NWA3000 N series AP becomes unavailable The priority must be between 1 and 254 The master interface has priority 255 Enable Preemption This field is available for a backup NWA3000 N series AP Select this if this NWA3000 N series AP should become the master NWA3000 N series AP if a lower priority NWA3000 N series AP is the master when this one is enabled If the role is master the NWA3000 N series AP preempts by default Cluster Settings Cluster ID Type the cluster ID number A virtual router consists of a master NWA3000 N series AP and all of its backup NWA3000 N series APs If you have multiple NWA3000 N series AP virtual routers
219. eless Frame Capture Files Click Maintenance gt Diagnostics gt Wireless Frame Capture gt Files to open this screen This screen lists the files of wireless frame captures the NWA3000 N series AP has performed You can download the files to your computer where you can study them using a packet analyzer also known as a network or protocol analyzer such as Wireshark Figure 122 Maintenance Diagnostics Wireless Frame Capture Files Capture Files Captured Packet Files ce File Name Size Last Modified Page 1 ofi Show 50 items No data to display The following table describes the labels in this screen Table 95 Maintenance gt Diagnostics gt Wireless Frame Capture gt Files LABEL DESCRIPTION Remove Select files and click Remove to delete them from the NWA3000 N series AP Use the Shift and or Ctrl key to select multiple files A pop up window asks you to confirm that you want to delete Download Click a file to select it and click Download to save it to your computer This column displays the number for each packet capture file entry The total number of packet capture files that you can save depends on the file sizes and the available flash storage space File Name This column displays the label that identifies the file The file name format is interface name file suffix cap Size This column displays the size in bytes of a configuration file Last This column disp
220. em Before accepting this certificate you should examine this site s certificate carefully Are you willing to to accept this certificate for the purpose of identifying the Web site 172 20 37 202 Examine Certificate Accept this certificate permanently SST x pue Wf this session Do not accept this certificate and do not connect to this Web site 3 The certificate is stored and you can now connect securely to the Web Configurator A sealed padlock appears in the address bar which you can click to open the Page I nfo Security window to view the web page s security information i Page Info ity Web Site Identity Verified The web site 172 20 37 202 supports authentication for the page you are viewing The identity of this web site has been verified by ZyXEL a certificate authority you trust for this purpose View the security certificate that verifies this web site s a identity Connection Encrypted High grade Encryption AES 256 256 bit The page you are viewing was encrypted before being transmitted over the Internet Encryption makes it very difficult for unauthorized people to view information traveling between computers It is therefore very unlikely that anyone read this page as it traveled across the network NWA3000 N Series User s Guide Appendix B Importing Certificates Installing a Stand Alone Certificate File in Firefox Rather than browsing to a ZyXEL Web Configurator and installi
221. en if advised of the possibility of such damage Permission is hereby granted to use copy modify and distribute this source code or portions hereof for any purpose without fee subject to the following restrictions 1 The origin of this source code must not be misrepresented 2 Altered versions must be plainly marked as such and must not be misrepresented as being the original source 3 This Copyright notice may not be removed or altered from any Source or altered source distribution The Contributing Authors and Group 42 Inc specifically permit without fee and encourage the use of this source code as a component to supporting the PNG file format in commercial products If you use this source code in a product acknowledgment is not required but would be appreciated A png get copyright function is available for convenient use in about boxes and the like printf 96s png get copyright NULL Also the PNG logo in PNG format of course is supplied in the files pngbar png and pngbar jpg 88x31 and pngnow png 98x31 NWA3000 N Series User s Guide Appendix D Open Software Announcements Libpng is OSI Certified Open Source Software OSI Certified Open Source is a certification mark of the Open Source Initiative Glenn Randers Pehrson glennrp at users sourceforge net February 25 2010 This Product includes libmd5 rfc software under the Zlib libpng License Copyright c year
222. entirely by you rather the intent is to exercise the right to control the distribution of derivative or collective works based on the Program In addition mere aggregation of another work not based on the Program with the Program or with a work based on the Program on a volume of a storage or distribution medium does not bring the other work under the scope of this License NWAJ3000 N Series User s Guide Appendix D Open Software Announcements 3 You may copy and distribute the Program or a work based on it under Section 2 in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following a Accompany it with the complete corresponding machine readable source code which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange or b Accompany it with a written offer valid for at least three years to give any third party for a charge no more than your cost of physically performing source distribution a complete machine readable copy of the corresponding source code to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange or c Accompany it with the information you received as to the offer to distribute corresponding source code This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable
223. eographical distribution limitation excluding those countries so that distribution is permitted only in or among countries not thus excluded In such case this License incorporates the limitation as if written in the body of this License 9 The Free Software Foundation may publish revised and or new versions of the General Public License from time to time Such new versions will be similar in spirit to the present version but may differ in detail to address new problems or concerns Each version is given a distinguishing version number If the Program specifies a version number of this License which applies to it and any later version you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation If the Program does not specify a version number of this License you may choose any version ever published by the Free Software Foundation 10 If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different write to the author to ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 11 BECAUSE THE PROGRAM IS LICENSED FR
224. epair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or NWA3000 N Series User s Guide Appendix E Legal Information purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact your vendor You may also refer to the warranty policy for the region in which you bought the device at http WWW Zyxel com web support warranty info php Registration Register your product online to receive e mail notices of firmware upgrades and information at www zyxel com NWA3000 N Series User s Guide 377 Appendix E Legal Information 378 NWA3000 N Series User s Guide Index Symbols A access 32 access privileges 23 access users 138 see also users 138 account user 137 admin users 137 multiple logins 143 see also users 137 Advanced Encryption Standard See AES AES 329 alerts 230 233 234 237 238 240 antenna 279 AP 18 22 AP access point 321 AP Bridge 18 AP Bridge 22 applications 18 AP Bridge 22 Bridge Repeater 18 MBSSID 22 backing up configuration files 243 Basic Service Set see BSS Basic Service Set See BSS 319 boot module 248 bridge 18 22 Index Bridge Repeater 18 BSS 22 23
225. equently incorporated within the Work 2 Grant of Copyright License Subject to the terms and conditions of this License each Contributor hereby grants to You a perpetual worldwide non exclusive no charge royalty free irrevocable copyright license to reproduce prepare Derivative Works of publicly display publicly perform sublicense and distribute the Work and such Derivative Works in Source or Object form 3 Grant of Patent License Subject to the terms and conditions of this License each Contributor hereby grants to You a perpetual worldwide non exclusive no charge royalty free irrevocable except as stated in this section patent license to make have made use offer to sell sell import and otherwise transfer the Work where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution s alone or by combination of their Contribution s with the Work to which such Contribution s was submitted If You institute patent litigation against any entity including a cross claim or counterclaim in a lawsuit alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed 4 Redistribution You may reproduce and distribute copies of the Work or Derivative Works hereof in any medi
226. er Not doing so can cause the firmware to become corrupt MENU ITEM S Maintenance gt Shutdown NWA3000 N Series User s Guide 53 Chapter 3 Configuration Basics NWA3000 N Series User s Guide Tutorials 4 1 Sample Network Setup This tutorial shows you how to use CAPWAP to have one NWA3000 N series AP control other NWA3000 N series APs to create a wireless network that allows two types of connections staff and guest Staff connections have full access to the network while guests are limited to Internet access DNS HTTP and HTTPS services Figure 18 Tutorial Network Topology VLAN 199 VLAN 99 Server 1 Server 2 Server 3 10 1 199 250 A VLAN 99 10 10 99 10 24 SSID staff amp VLAN 101 10 1 101 254 24 VLAN 102 10 1 102 254 24 VLAN 199 10 1 199 254 24 C S SSID guest C C Requirements A DHCP server A with Option 138 an AD server a switch B that supports 802 1q a Layer 3 routing device and a firewall C Note In this topology the firewall such as a ZyWALL controls what services traffic from different VLANs can use NWA3000 N Series User s Guide 55 Chapter 4 Tutorials The following VLAN settings are used in this tutorial Table 16 Tutorial Topology Summary VLAN VLAN ID IP ADDRESS Management 99 10 10 99 10 24 Staff 101 10 1 101 254 24 Guest 102 10 1 102 254 24 Figure 19 Tutorial Guest VLA
227. erion only appears when you Show Filter Keyword Enter a keyword to display only the log messages that include it Note This criterion only appears when you Show Filter Protocol Select a protocol to display only the log messages that include it Note This criterion only appears when you Show Filter Search Click this to start the log query based on the selected criteria If no criteria have been selected then this displays all log messages for the specified AP regardless Email Log Now Click this open a new e mail in your default e mail program with the selected log attached Refresh Click this to refresh the log table Clear Log Click this to clear the log on the specified AP This field is a sequential value and it is not associated with a specific log message Time This indicates the time that the log messages was created or recorded on the AP Priority This indicates the selected log message s priority Category This indicates the selected log message s category Message This displays content of the selected log message NWA3000 N Series User s Guide Chapter 6 Monitor Table 32 Monitor gt Log gt View AP Log continued LABEL DESCRIPTION Source This displays the source IP address of the selected log message Destination This displays the source IP address of the selected log message Note This displays any notes associated with the selected log message
228. erivative Works shall mean any work whether in Source or Object form that is based on or derived from the Work and for which the editorial revisions annotations elaborations or other modifications represent as a whole an original work of authorship For the purposes of this License Derivative Works shall not include works that remain separable from or merely link or bind by name to the interfaces of the Work and Derivative Works thereof Contribution shall mean any work of authorship including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner For the purposes of this definition submitted means any form of electronic verbal or written communication sent to the Licensor or its representatives including but not limited to communication on electronic mailing lists source code control systems and issue tracking systems that are managed by or on behalf of the Licensor for the purpose of discussing and improving the Work but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as Not a Contribution Contributor shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subs
229. es in the Service Control table to access the NWA3000 N series AP Web Configurator using secure HTTPs connections Server Port The HTTPS server listens on port 443 by default If you change the HTTPS server port to a different number on the NWA3000 N series AP for example 8443 then you must notify people who need to access the NWA3000 N series AP Web Configurator to use https NWA3000 N series AP IP Address 8443 as the URL Authenticate Client Certificates Select Authenticate Client Certificates optional to require the SSL client to authenticate itself to the NWA3000 N series AP by sending the NWA3000 N series AP a certificate To do that the SSL client must have a CA signed certificate from a CA that has been imported as a trusted CA on the NWA3000 N series AP Server Certificate Select a certificate the HTTPS server the NWA3000 N series AP uses to authenticate itself to the HTTPS client You must have certificates already configured in the My Certificates screen Redirect HTTP to To allow only secure Web Configurator access select this to redirect HTTPS all HTTP connection requests to the HTTPS server HTTP Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address es in the Service Control table to access the NWA3000 N series AP Web Configurator using HTTP connections NWA3000 N Series User s Guide Chapter 15 System T
230. es to which the outgoing e mail is delivered SMTP Select this check box if it is necessary to provide a user name and Authentication password to the SMTP server User Name This box is effective when you select the SMTP Authentication check box Type the user name to provide to the SMTP server when the log is e mailed Password This box is effective when you select the SMTP Authentication check box Type the password to provide to the SMTP server when the log is e mailed Send Report Click this button to have the NWA3000 N series AP send the daily e mail Now report immediately Time for Select the time of day hours and minutes when the log is e mailed Use sending 24 hour notation report Report Items Select the information to include in the report Select Reset counters after sending report successfully if you only want to see statistics for a 24 hour period Reset All Click this to discard all report data and start all of the counters over at Counters zero Apply Click Apply to save your changes back to the NWA3000 N series AP Reset Click Reset to return the screen to its last saved settings 16 3 Log Setting These screens control log messages and alerts A log message stores the information for viewing for example in the View Log tab or regular e mailing later and an alert is e mailed immediately Usually alerts are used for events that require more serious attention such as system errors a
231. es User s Guide Chapter 5 Dashboard Table 17 Dashboard continued LABEL DESCRIPTION System Name This field displays the name used to identify the NWA3000 N series AP on any network Click the icon to open the screen where you can change it Model Name This field displays the model name of this NWA3000 N series AP Serial Number This field displays the serial number of this NWA3000 N series AP MAC Address This field displays the MAC addresses used by the NWA3000 N series Range AP Each physical port or wireless radio has one MAC address The first MAC address is assigned to the Ethernet LAN port the second MAC address is assigned to the first radio and so on Firmware This field displays the version number and date of the firmware the Version NWA3000 N series AP is currently running Click the icon to open the screen where you can upload firmware System Resources CPU Usage This field displays what percentage of the NWA3000 N series AP s processing capability is currently being used Hover your cursor over this field to display the Show CPU Usage icon that takes you to a chart of the NWA3000 N series AP s recent CPU usage Memory Usage This field displays what percentage of the NWA3000 N series AP s RAM is currently being used Hover your cursor over this field to display the Show Memory Usage icon that takes you to a chart of the NWA3000 N series AP s recent memory usage
232. es User s Guide Chapter 4 Tutorials 7 The Edit Radio Profile window opens 3 Edit Radio Profile default Show Advanced Settings Create new Object General Settings V Activate Profile Name 802 11 Band Channel MBSSID Settings Gd Edit SSID Profile r 1 staff disable 4 disable 7a Activate Select this to make the radio profile active 7b MBSSID Settings Select an entry to change it to a drop down list Set 1 to the staff SSID profile and 2 to the guest SSID profile These are the two profiles you created in steps 3 to 5 of this procedure 7c Click OK to save these settings 4 2 Rogue AP Detection Rogue APs are wireless access points interacting with the network managed by the NWA3000 N series AP but which are not under the control of the network administrator In short they are a security risk because they circumvent network security policy AP detection only works when at least 1 AP is configured for Monitor mode The following are some suggestions on monitor AP placement Neighboring companies that both support wireless network If you can detect your neighbor s APs and you know they are friendly you can add them to the friendly exception list Reception areas If a reception area has a high volume of visitor traffic it might be useful to see if anyone is setting up their wireless device as an AP High security areas An AP set to Monitor mode will let you see i
233. esignated place offer equivalent access to copy the above specified materials from the same place e Verify that the user has already received a copy of these materials or that you have already sent this user a copy For an executable the required form of the work that uses the Library must include any data and utility programs needed for reproducing the executable from it However as a special exception the materials to be distributed need not include anything that is normally distributed in either source or binary form with the major components compiler kernel and so on of the operating system on which the executable runs unless that component itself accompanies the executable It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system Such a contradiction means you cannot use both them and the Library together in an executable that you distribute 7 You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities not covered by this License and distribute such a combined library provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted and provided that you do these two things a Accompany the combined library with a copy of the same work based on the Library uncombined with any other librar
234. ess links with other APs Select MBSSI D to have the radio function as an access point with one or more BSSIDs 802 11 Band Select the wireless band which this radio profile should use 2 4 GHz is the frequency used by IEEE 802 11b g n wireless clients 5 GHz is the frequency used by IEEE 802 11a n wireless clients Channel Select the wireless channel which this radio profile should use It is recommended that you choose the channel least in use by other APs in the region where this profile will be implemented This will reduce the amount of interference between wireless clients and the AP to which this profile is assigned SSID Profile This displays if the operating mode is set to AP Bridge Select the SSID profile this radio profile uses Advanced Settings Channel Width Select the channel bandwidth you want to use for your wireless network Select Auto to allow the NWA3000 N series AP to adjust the channel bandwidth depending on network conditions Select 20 MHz if you want to lessen radio interference with other wireless devices in your neighborhood Guard Interval Set the guard interval for this radio profile to either short or long The guard interval is the gap introduced between data transmission from users in order to reduce interference Reducing the interval increases data transfer rates but also increases interference Increasing the interval reduces data transfer rates but also reduces interfere
235. eturn the screen to its last saved settings 18 3 1 Packet Capture Files Click Maintenance gt Diagnostics gt Packet Capture gt Files to open the packet capture files screen This screen lists the files of packet captures the NWA3000 N series AP has performed You can download the files to your NWA3000 N Series User s Guide Chapter 18 Diagnostics computer where you can study them using a packet analyzer also known as a network or protocol analyzer such as Wireshark Figure 119 Maintenance Diagnostics Packet Capture Files Packet Capture Wireless Frame Capture Capture Files Captured Packet Files e File Name Size Last Modified Page 1 ofi Show 50 gt items No data to display The following table describes the labels in this screen Table 93 Maintenance gt Diagnostics gt Packet Capture gt Files LABEL DESCRIPTION Remove Select files and click Remove to delete them from the NWA3000 N series AP Use the Shift and or Ctrl key to select multiple files A pop up window asks you to confirm that you want to delete Download Click a file to select it and click Download to save it to your computer This column displays the number for each packet capture file entry The total number of packet capture files that you can save depends on the file sizes and the available flash storage space File Name This column displays the label that identifies the file T
236. evail COPYRIGHT NOTICE DISCLAIMER and LICENSE If you modify libpng you may insert additional notices immediately following this sentence This code is released under the libpng license NWA3000 N Series User s Guide 367 Appendix D Open Software Announcements libpng versions 1 2 6 August 15 2004 through 1 4 1 February 25 2010 are Copyright c 2004 2006 2007 Glenn Randers Pehrson and are distributed according to the same disclaimer and license as libpng 1 2 5 with the following individual added to the list of Contributing Authors Cosmin Truta libpng versions 1 0 7 July 1 2000 through 1 2 5 October 3 2002 are Copyright c 2000 2002 Glenn Randers Pehrson and are distributed according to the same disclaimer and license as libpng 1 0 6 with the following individuals added to the list of Contributing Authors Simon Pierre Cadieux Eric S Raymond Gilles Vollant and with the following additions to the disclaimer There is no warranty against interference with your enjoyment of the library or against infringement There is no warranty that our efforts or the library will fulfill any of your particular purposes or needs This library is provided with all faults and the entire risk of satisfactory quality performance accuracy and effort is with the user libpng versions 0 97 January 1998 through 1 0 6 March 20 2000 are Copyright c 1998 1999 Glenn Randers Pehrson and are distributed a
237. evice HA before connecting the bridge interfaces or disable the bridge interfaces connect the bridge interfaces activate device HA and finally reactivate the bridge interfaces cannot get the Device HA synchronization to work Only NWA3000 N series APs of the same model and firmware version can synchronize NWA3000 N Series User s Guide 273 Chapter 21 Troubleshooting cannot get a certificate to import into the NWA3000 N series AP 1 For My Certificates you can import a certificate that matches a corresponding certification request that was generated by the NWA3000 N series AP You can also import a certificate in PKCS 12 format including the certificate s public and private keys 2 You must remove any spaces from the certificate s filename before you can import the certificate 3 Anycertificate that you want to import has to be in one of these file formats Binary X 509 This is an ITU T recommendation that defines the formats for X 509 certificates PEM Base 64 encoded X 509 This Privacy Enhanced Mail format uses lowercase letters uppercase letters and numerals to convert a binary X 509 certificate into a printable form Binary PKCS 7 This is a standard that defines the general syntax for data including digital signatures that may be encrypted A PKCS 7 file is used to transfer a public key certificate The private key is not included The NWA3000 N series AP currently allows the importation
238. f anyone sets up an unauthorized AP that could potentially compromise your security NWA3000 N Series User s Guide Chapter 4 Tutorials In this example an employee illicitly connects his own AP RG to the network that the NWA3000 N series AP manages While not necessarily a malicious act it can nonetheless have severe security consequences on the network Figure 20 Rogue AP Example A NWA3000 N Series User s Guide Chapter 4 Tutorials 1 Here an attacker sets up a rogue AP RG outside the network which he uses in an attempt to mimic an NWA3000 N series AP controlled SSID in order to capture passwords and other information when authorized wireless clients mistakenly connect to it Figure 21 Rogue AP Example B This tutorial shows you how to detect rogue APs on your network Click Configuration Object MON Profile to open the MON Profile screen and click the Add button MON Profile MON Mode Profile Summary Add 4 Status 1 Q default Profile Name Page 1 ofi Show 50 items Displaying 1 1of 1 NWA3000 N Series User s Guide Chapter 4 Tutorials 2 Click the Add button Q Add MON Profile General Settings V Activate Profile Name Monitor01 Channel dwell time 100 100ms 1000ms Scan Channel Mode auto M When the Add Mon Profile window opens configure the following Activate Select this to allow your monitor
239. f your time server Check with your ISP Address network administrator if you are unsure of this information Sync Now Click this button to have the NWA3000 N series AP get the time and date from a time server see the Time Server Address field This also saves your changes except the daylight saving settings Time Zone Setup Time Zone Choose the time zone of your location This will set the time difference between your time zone and Greenwich Mean Time GMT Enable Daylight Daylight saving is a period from late spring to fall when many Saving countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening Select this option if you use Daylight Saving Time Start Date Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving The at field uses the 24 hour format Here are a couple of examples Daylight Saving Time starts in most parts of the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States you would select Second Sunday March and type 2 in the at field Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would select Last Sunday March The time you t
240. ficate Store dialog box click Yes Root Certificate Store A Do you want to DELETE the following certificate from the Root Store Subject 172 20 37 202 ZyXEL Issuer Self Issued Time Validity Wednesday May 21 2008 through Saturday May 21 2011 Serial Number 00846BC7 4BBF7C2E CB Thumbprint sha1 DC44635D 10FE2DOD E76A72ED 002B9AF7 677EBOE9 Thumbprint md5 65F5E948 FOBC9598 50803387 C6A 18384 6 The next time you go to the web site that issued the public key certificate you just removed a certification error appears NWA3000 N Series User s Guide Appendix B Importing Certificates Firefox The following example uses Mozilla Firefox 2 on Windows XP Professional however the screens can also apply to Firefox 2 on all platforms 1 If your device s Web Configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error 2 Select Accept this certificate permanently and click OK Website Certified by an Unknown Authority Unable to verify the identity of 172 20 37 202 as a trusted site Possible reasons for this error Your browser does not recognize the Certificate Authority that issued the site s certificate The site s certificate is incomplete due to a server misconfiguration You are connected to a site pretending to be 172 20 37 202 possibly to obtain your confidential information Please notify the site s webmaster about this probl
241. form with such an offer in accord with Subsection b above The source code for a work means the preferred form of the work for making modifications to it For an executable work complete source code means all the source code for all modules it contains plus any associated interface definition files plus the scripts used to control compilation and installation of the executable However as a special exception the source code distributed need not include anything that is normally distributed in either source or binary form with the major components compiler kernel and so on of the operating system on which the executable runs unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated place then offering equivalent access to copy the source code from the same place counts as distribution of the source code even though third parties are not compelled to copy the source along with the object code 4 You may not copy modify sublicense or distribute the Program except as expressly provided under this License Any attempt otherwise to copy modify sublicense or distribute the Program is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so long as such parties remain in full compliance 5 You are not requir
242. g 281 maintenance 17 management 17 management access and device HA 128 Management Information Base MIB 217 218 Management Mode 103 CAPWAP and DHCP 104 CAPWAP and IP Subnets 104 managed AP 104 standalone mode 103 managing the device good habits 25 using FTP See FTP MBSSID 18 22 memory usage 77 81 message bar 38 Message Integrity Check MIC 329 messages CLI 40 warning 38 mobile access 17 mode 18 model name 77 monitored interfaces 136 device HA 134 My Certificates see also certificates 175 N Netscape Navigator 31 network 17 network bridge 18 Network Time Protocol NTP 197 O object based configuration 49 objects 49 51 certificates 171 for configuration 49 introduction to 49 users user groups 137 Online Certificate Status Protocol OCSP 191 vs CRL 191 operating mode 18 P packet statistics 86 89 Pairwise Master Key PMK 329 331 password 280 physical ports packet statistics 86 89 pop up windows 31 power off 29 power on 29 power specifications 279 preamble mode 323 product registration 377 PSK 329 Public Key Infrastructure PKI 172 public private key pairs 171 NWA3000 N Series User s Guide Index R radio 18 RADIUS 325 message types 325 messages 325 shared secret key 326 reboot 29 53 263 265 vs reset 263 265 registration product 377 related documentation 3 remote management configuration overview 52 FTP see FTP prerequisites 52 Telne
243. g a Certificate in Firefox This section shows you how to remove a public key certificate in Firefox 2 1 Open Firefox and click Tools gt Options Web Search Ctrl Downloads Ctri J Add ons Java Console Error Console Page Info Clear Private Data Ctrl Shift Del X Options 2 In the Options dialog box click Advanced gt Encryption gt View Certificates w O Ag amp i9 Main Tabs Content Feeds Privacy Security Advanced General Network Updale Encryption Protocols Use SSL 3 0 Use TLS 1 0 Certificates When a web site requires a certificate Select one automatically Ask me every time View Certificates J Revocation Lists a Cem C NWA3000 N Series User s Guide Appendix B Importing Certificates 3 Inthe Certificate Manager dialog box select the Web Sites tab select the certificate that you want to remove and then click Delete Certificate Manager IE Your Certificates Other Peopl s Web Sites A You have certificates on file that identify these web sites Cer ficateName Purposes ZyXEL 1 172 20 37 202 Client Server Status Responder Delete Web Site Certificates Are you sure you want to delete these web site certificates 172 20 37 202 If you delete a web site certificate you will be asked to accept it again the next ti 5 The next time you go to the web site that issued the public key certifi
244. g machine readable source code which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange If distribution of object code is made by offering access to copy from a designated place then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code even though third parties are not compelled to copy the source along with the object code 5 A program that contains no derivative of any portion of the Library but is designed to work with the Library by being compiled or linked with it is called a work that uses the Library Such a work in isolation is not a derivative work of the Library and therefore falls outside the scope of this License However linking a work that uses the Library with the Library creates an executable that is a derivative of the Library because it contains portions of the Library rather than a work that uses the library The executable is therefore covered by this License Section 6 states terms for distribution of such executables When a work that uses the Library uses material from a header file that is part of the Library the object code for the work may be a derivative work of the Library even though the source code is not Whether this is true is especially significant if the work can be linked without the Library or if the work is itself a library The threshold for this to be true
245. gerprint to verify that you have the actual certificate Browse to where you have the certificate saved on your computer 2 Make sure that the certificate has a cer or crt file name extension amp lLondon office cer La office crt Remote Host Certificates 3 Double click the certificate s icon to open the Certificate window Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields Certificate zz General Details Certification Path Value Glenn RSA 1024 Bits Digital Signature Certificate Signing 5 DNS Names Glenn P Basic Constraint Subject Type CA Path Length Cons 4 I Thumbprint algorithm shal x Thumbprint BOA7 2266 7960 FF92 52F4 6B4C A2 vw B 4 Usea secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields The secure method may very based on your situation Possible examples would be over the telephone or through an HTTPS connection 174 NWA3000 N Series User s Guide Chapter 14 Certificates 14 2 My Certificates Click Configuration gt Object gt Certificate gt My Certificates to open this screen This is the NWA3000 N series AP s summary list of certificates and certification requests Figure 77 Configuration Object Certificate My Certificates PKI Storage Space in Use 0 578 used My Certificates Setting A
246. gned the certificate Self signed means that the certificate s owner signed the certificate not a certification authority X 509 means that this certificate was created and signed according to the ITU T X 509 recommendation that defines the formats for public key certificates Version This field displays the X 509 version number Serial Number This field displays the certificate s identification number given by the certification authority or generated by the NWA3000 N series AP Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization O State ST and Country C Issuer This field displays identifying information about the certificate s issuing certification authority such as Common Name Organizational Unit Organization and Country With self signed certificates this is the same as the Subject Name field none displays for a certification request Signature Algorithm This field displays the type of algorithm that was used to sign the certificate The NWA3000 N series AP uses rsa pkcs1 shal RSA public private key encryption algorithm and the SHA1 hash algorithm Some certification authorities may use rsa pkcs1 md5 RSA public private key encryption algorithm and the MD5 hash algorithm Valid From This field displays the date that the certificate becomes applicable none displays fo
247. grants or denies network access accordingly A 256 bit Pairwise Master Key PMK is derived from the authentication process by the RADIUS server and the client NWA3000 N Series User s Guide Appendix C Wireless LANs 4 The RADIUS server distributes the PMK to the AP The AP then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys The keys are used to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients Figure 131 WPA 2 with RADIUS Application Example INTERNEJ WPA 2 PSK Application Example A WPA 2 PSK application looks as follows 1 First enter identical passwords into the AP and all wireless clients The Pre Shared Key PSK must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters including spaces and symbols 2 The AP checks each wireless client s password and allows it to join the network only if the password matches 3 The AP and wireless clients generate a common PMK Pairwise Master Key The key itself is not sent over the network but is derived from the PSK and the SSID NWA3000 N Series User s Guide 331 Appendix C Wireless LANs 4 The AP and wireless clients use the TKIP or AES encryption process the PMK and information exchanged in a handshake to create temporal encryption keys They use these keys to encrypt data exchanged between them Figure 132 WPA 2 P
248. gue Friendly AP List opens paste the MAC address copied from the other screen in the corresponding field set its Role as Rogue AP and then click OK to save your changes 3 The new rogue AP appears in the Rogue Friendly AP List Roavertrenaiy apist as Rogue Friendly AP List Add 4 Edit Tf Remove G Dis Containment Containment Role MAC Address Description Page 1 of i Show 50 v items Displaying 1 1 of 1 Rogue AP List Importing Exporting File Path Select a file path for Rogue AP List Browse Exporting Friendly AP List Importing Exporting File Path Select a file path for Friendly AP List Browse Exporting Select it then click the Containment button to quarantine it away from the rest of the network 4 3 Load Balancing When your AP becomes overloaded there are two basic responses it can take The first one is to delay a client connection by withholding the connection until the data transfer throughput is lowered or the client connection is picked up by another AP If the client isn t picked up after a set period of time the AP allows it to connect regardless The second response is to kick the connections until the AP is no longer considered overloaded Both of these tactics are known as load balancing This tutorial shows you how to configure the NWA3000 N series AP s load balancing feature NWA3000 N Series User s Guide Chapter 4 Tutorials 1 Cl
249. guration Wireless MON Mode screen Chapter 9 on page 111 NWA3000 N Series User s Guide Chapter 6 Monitor Table 28 Monitor gt Wireless gt Rogue AP continued LABEL DESCRIPTION Last Seen This indicates the last time the device was detected by the NWA3000 N series AP Refresh Click this to refresh the items displayed on this page 6 8 Legacy Device Info When the NWA3000 N series AP is in controller mode you can use this screen to configure and maintain a list of compatible legacy NWA 3000 series APs Use the list to link to their Web Configurators Click Monitor gt Wireless gt Rogue AP gt Legacy Device I nfo to access this screen Compatible legacy APs NWA 3160 NWA 3163 NWA 3500 NWA 3550 NWA 3166 Figure 34 Monitor gt Wireless gt Legacy Device Info Ss O00 m Legacy Device Add IP Description Page 1 ofi Show 50 items No data to display The following table describes the labels in this screen Table 29 Monitor Wireless Legacy Device Info LABEL DESCRIPTION Add Click this to add a device to the list of legacy APs the NWA3000 N series AP monitors Edit Double click an entry or select it and click Edit to open a screen where you can modify the entry s settings Remove Select an entry and click this button to delete it from the list Connect Select an entry and click this button to go to the legacy AP s W
250. h 96s Managed AP Model Name 8th 96s Managed AP Description anaged AP Disconnect IACAddr 02x 02x 02x 0 2x 02x 02x Model s Reason s ame s State s The specified Managed AP disconnected from the CAPWAP server 1st 02x 6th 02x Managed AP MAC Address 7th 96s Managed AP Model Name 8th 96s Managed AP Description 9th 96s Managed AP Disconnect Reason 10th 96s Managed AP State Add a Managed AP MACAddr 02x 02x 02x 0 2x 02x 02x Model s The specified AP from un managed list was added to managed list 1st 02x 6th 02x Managed AP MAC Address 7th 96s Managed AP Model Name NWA3000 N Series User s Guide Appendix A Log Descriptions Table 108 CAPWAP Server Logs LOG MESSAGE DESCRIPTION Delete a Managed AP MACAddr 02x 02x 02x 0 2x 02x 02x Model s The specified AP from managed list was deleted 1st 02x 6th 02x Managed AP MAC Address 7th 96s Managed AP Model Name Update a Managed AP MACAddr 02x 02x 02x 0 2x 02x 02x Model s Configuration settings were issued to the specified AP on the managed list 1st 02x 6th 02x Managed AP MAC Address 7th 96s Managed AP Model Name Update a Managed AP Fail MACAddr 02x 02x 02x 0 2x 02x 02x Model s Configuration settings were issued to the specified AP on the managed list but the AP sent back the apply fail response 1st 02x 6th 02x Managed AP MAC Addre
251. haracters and the underscore as well as punctuation marks 9 the period double quotes and brackets are not allowed Protocol This displays when you show the filter Select a service protocol whose log messages you would like to see Search This displays when you show the filter Click this button to update the log using the current filter settings Email Log Now Click this button to send log messages to the Active e mail addresses specified in the Send Log To field on the Log Settings page Refresh Click this to update the list of logs Clear Log Click this button to clear the whole log regardless of what is currently displayed on the screen This field is a sequential value and it is not associated with a specific log message Time This field displays the time the log message was recorded Priority This field displays the priority of the log message It has the same range of values as the Priority field above Category This field displays the log that generated the log message It is the same value used in the Display and other Category fields NWA3000 N Series User s Guide Chapter 6 Monitor Table 31 Monitor gt Log gt View Log continued LABEL DESCRIPTION Message This field displays the reason the log message was generated The text countzx where x is a number appears at the end of the Message field if log consolidation i
252. he NWA3000 N series AP s features Table 6 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION MGNT Mode Set whether the NWA3000 N series AP is controlling other NWA3000 N series APs working as a standalone AP or being managed by another NWA3000 N series AP LAN Setting Manage the LAN Ethernet interface including VLAN settings Wireless NWA3000 N Series User s Guide EJ Chapter 2 The Web Configurator Table 6 Configuration Menu Screens Summary continued FOLDER OR LINK TAB FUNCTION Controller Configure how the NWA3000 N series AP handles APs that newly connect to the network This is available when the NWA3000 N series AP is in controller mode AP Edit wireless AP information remove APs and Management reboot them MON Mode Configure how the NWA3000 N series AP monitors for rogue APs Load Configure load balancing for traffic moving to and Balancing from wireless clients DCS Configure dynamic wireless channel selection Device HA General Configure device HA global settings and see the status of each interface monitored by device HA Device HA is available when the NWA3000 N series AP is in controller mode Active Passive Configure active passive mode device HA Mode Object Users User Create and manage users Setting Manage default settings for all users general settings for user sessions and rules
253. he check box to allow or disallow the computer with the IP address that matches the IP address es in the Service Control table to access the NWA3000 N series AP CLI using this service Version 1 Select the check box to have the NWA3000 N series AP use both SSH version 1 and version 2 protocols If you clear the check box the NWA3000 N series AP uses only SSH version 2 protocol Server Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Server Select the certificate whose corresponding private key is to be used to Certificate identify the NWA3000 N series AP for SSH connections You must have certificates already configured in the My Certificates screen Apply Click Apply to save your changes back to the NWA3000 N series AP Reset Click Reset to return the screen to its last saved settings NWA3000 N Series User s Guide Chapter 15 System 15 6 5 Examples of Secure Telnet Using SSH This section shows two examples using a command interface and a graphical interface SSH client program to remotely access the NWA3000 N series AP The configuration and connection steps are similar for most SSH client programs Refer to your SSH client program user s guide 15 6 5 1 Example 1 Microsoft Windows This section describes how to access the NWA3000 N series AP using the Secure Shell Client program 1
254. he copy of this License Also you must do one of these things a Accompany the work with the complete corresponding machine readable source code for the Library including whatever changes were used in the work which must be distributed under Sections 1 and 2 above and if the work is an executable linked with the Library with the complete machine readable work that uses the Library as object code and or source code so that the user can modify the Library and then relink to produce a modified executable containing the modified Library It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions b Use a suitable shared library mechanism for linking with the Library A suitable mechanism is one that 1 uses at run time a copy of the library already present on the user s computer system rather than copying library functions into the executable and 2 will operate properly with a modified version of the library if the user installs one as long as the modified version is interface compatible with the version that the work was made with c Accompany the work with a written offer valid for at least three years to give the same user the materials specified in Subsection 6a above for a charge no more than the cost of performing this distribution d If distribution of the work is made by offering access to copy from a d
255. he file name format is interface name file suffix cap Size This column displays the size in bytes of a configuration file Last This column displays the date and time that the individual files were saved Modified 18 3 2 Example of Viewing a Packet Capture File Here is an example of a packet capture file viewed in the Wireshark packet analyzer Notice that the size of frame 15 on the wire is 1514 bytes while the captured size is only 1500 bytes The NWA3000 N series AP truncated the frame NWA3000 N Series User s Guide 257 Chapter 18 Diagnostics because the capture screen s Number Of Bytes To Capture Per Packet field was set to 1500 bytes Figure 120 Packet Capture File Example lan1 packet capture cap Wireshark File Edit View Go Capture Analyze Statistics Telephony Tools Help PASM SAXSS Ce F2 FSF QAQan amam ae Filter v Expression Clear Apply No Time Source Destination Protocol Info 000000 Tz25T671s 172 16 1 33 TLSV1 Application De 000744 De Gate 172 16 1 33 TLSvl Encrypted Aler 002680 172 16 1 Tz2 16 1 TCP nmsigport gt ht 002939 Tto el lo apa Encrypted Aler 0 003106 1 Anas EE EPOR E nmsigport it 4 il zen et i EE ttps nms1q o o 0 002448 172 16 1 SEES TCP nmsigport gt ht o o 066840 pepe le TETA rmlnk gt https 067182 SEDET CIS SSL Client Hello 067591 ZLO di5 d TCP https rmlnk 070900 16 15 SUS TLSv1 Server Hello 072055 sar GR
256. hentication Interface s Ss MAC A wireless client used an incorrect WPA or WPA2 user name or user password and failed authentication by the NWA3000 N series AP s local user database while trying to connect to the specified WLAN interface first s The MAC address of the wireless client is listed second s System internal error Ss STA s could not extract EAP Message from RADIUS message There was an error when attempting to extract the EAP Message from a RADIUS message The first 96s is the WLAN interface The second 96s is the MAC address of the wireless client Station accounting start RADIUS accounting started If you don t receive the success message it may have failed Station accounting success RADIUS accounting succeeded Table 104 Account Logs LOG MESSAGE DESCRIPTION Account s s has been A user deleted an ISP account profile deleted i lst 96s profile type 2nd se profile name Account s s has been A user changed an ISP account profile s options changed x lst 96s profile type 2nd 96s profile name Account s s has been A user added a new ISP account profile added lst 96s profile type 2nd 96s profile name Table 105 File Manager Logs LOG MESSAGE DESCRIPTION SS ERROR S Apply configuration failed this log will be what CLI command is and what error message is 1st 96s is CLI command
257. ic for which to capture packets Select any to capture packets for all types of traffic Host IP Select a host IP address object for which to capture packets Select any to capture packets for all hosts Select User Defined to be able to enter an IP address Host Port This field is configurable when you set the I P Type to any tcp or udp Specify the port number of traffic to capture NWA3000 N Series User s Guide 255 Chapter 18 Diagnostics Table 92 Maintenance Diagnostics Packet Capture continued LABEL DESCRIPTION File Size Specify a maximum size limit in kilobytes for the total combined size of all the capture files on the NWA3000 N series AP including any existing capture files and any new capture files you generate Note If you have existing capture files you may need to set this size larger or delete existing capture files The valid range is 1 to 10000 The NWA3000 N series AP stops the capture and generates the capture file when either the file reaches this size or the time period specified in the Duration field expires Duration Set a time limit in seconds for the capture The NWA3000 N series AP stops the capture and generates the capture file when either this period of time has passed or the file reaches the size specified in the File Size field 0 means there is no time limit File Suffix Specify text to add to the end of the file name before the dot and filename exte
258. icates dialog box click the Trusted Root Certificates Authorities tab select the certificate that you want to delete and then click Remove Certificates PR Intended purpose lt All gt vi Intermediate Certification Authoritit Trusted Root Certification Authorities Tglisted Publ Issued To Issued By Expiratio Friendly Name ES 172 20 37 202 172 20 37 202 5 21 2011 ABA ECOM RootCA X ABA ECOM Root CA 7 10 2009 DST ABA ECOM Autoridad Certifica Autoridad Certificador 6 29 2009 Autoridad Certifi EJautoridad Certifica Autoridad Certificador 6 30 2009 Autoridad Certifi Jaaltimore Ez byDST Baltimore EZ by DST 7 4 2009 DST Baltimore E belgacom E TrustP Belgacom E Trust Prim 1 21 2010 BelgacomE Trus E caw HKT SecureN C amp W HKT SecureNet 10 16 2009 CW HKT Secure EE Caw HKT SecureN C amp W HKT SecureNet 10 16 2009 CW HKT Secure Bcaw HKT SecureN C amp W HKT SecureNet 10 16 2010 CW HKT Secure ine Certificate intended purposes lt All gt 4 Inthe Certificates confirmation click Yes Certificates Deleting system root certificates might prevent some Windows components from working properly If Update Root Certificates is installed any deleted third party root certificates will be restored automatically but the system root certificates will not Do you want to delete the selected certificate s 5 In the Root Certi
259. ice if the power adaptor or cord is damaged as it might cause electrocution f the power adaptor or cord is damaged remove it from the power outlet Do NOT attempt to repair the power adaptor or cord Contact your local vendor to order a new one Do not use the device outside and make sure all the connections are indoors There is a remote risk of electric shock from lightning Not to remove the plug and plug into a wall outlet by itself always attach the plug to the power supply first before insert into the wall In other words do NOT remove the plug and connect it to a power outlet by itself always attach the plug to the power adaptor first before connecting it to a power outlet Antenna Warning This device meets ETSI and FCC certification requirements when using the included antenna s Only use the included antenna s f you wall mount your device make sure that no electrical lines gas or water pipes will be damaged The PoE Power over Ethernet devices that supply or receive power and their connected Ethernet cables must all be completely indoors The indoors versions of this product are for indoor use only utilisation int rieure exclusivement This product is recyclable Dispose of it properly NWA3000 N Series User s Guide Table of Contents Table of Contents About This Users cct 3 p i e ll 4 lk
260. ick Configuration Wireless Load Balancing p p Load Balancing Configuration E Enable Load Balancing Mode By Station Number Y Max Station Number 1 1127 7 Disassociate station when overloaded 2 Select Enable Load Balancing to turn on this feature 3 Set the Mode If you choose By Station Number then enter the Max Station Number in the available field This balances network traffic based on the number of specified stations downstream of the NWA3000 N series AP If you choose By Traffic Level then enter the traffic threshold at which the NWA3000 N series AP starts balancing connected stations 4 Select Disassociate station when overloaded to disconnect stations when the load balancing threshold is crossed The stations are first disconnected based on how long they have been idle then secondly based on the weakness of their connection signal strength 5 Click Apply to save your changes See also Chapter 9 on page 111 4 4 Dynamic Channel Selection Dynamic Channel Selection DCS is a feature that allows an AP to automatically select the radio channel upon which it broadcasts by scanning the area around it and determining what channels are currently being used by other devices When numerous APs broadcast within a given area they introduce the possibility of heightened radio interference especially if some or all of them are broadcasting on the same radio channel This can make accessing
261. ies AP with the screws on the wall Hang the NWA3000 N series AP on the screws Figure 125 Wall mounting Example NWA3000 N Series User s Guide Chapter 22 Product Specifications The following are dimensions of an M4 tap screw and masonry plug used for wall mounting All measurements are in millimeters mm Figure 126 Masonry Plug and M4 Tap Screw 4 22 0 1 6 0 1 0 30 0 2 0 y 30 0 2 0 d d d NWA3000 N Series User s Guide Chapter 22 Product Specifications NWA3000 N Series User s Guide Log Descriptions This appendix provides descriptions of example log messages The ZySH logs deal with internal system errors Table 98 ZySH Logs LOG MESSAGE DESCRIPTION Invalid message queue Maybe someone starts another zysh daemon ZySH daemon is 1st pid num instructed to reset by Sd System integrity error Group OPS cannot close property group cannot close group s cannot get size of 1st zysh group name group s cannot specify lst zysh group name 2st zysh entry name 9 properties for entry s s cannot join group lst zysh group name 2st zysh group name o s loop detected cannot create too many 1st max group num groups gt d s cannot find entry lst zysh group name 2st zysh entry name S oe oe S cannot remove entry 1st zysh group name 2st zysh entry name S oe oe List OPS can t alloc en
262. ify defend and hold each Contributor harmless for any liability incurred by or claims asserted against such Contributor by reason of your accepting any such warranty or additional liability END OF TERMS AND CONDITIONS Version 1 1 Copyright c 1999 2003 The Apache Software Foundation All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution The end user documentation included with the redistribution if any must include the following acknowledgment This product includes software developed by the Apache Software Foundation http www apache org Alternately this acknowledgment may appear in the software itself if and wherever such third party acknowledgments normally appear NWAJ3000 N Series User s Guide Appendix D Open Software Announcements The names Apache and Apache Software Foundation must not be used to endorse or promote products derived from this software without prior written permission For written permission please contact apache apache org Products derived from this softwar
263. ights and non disclosure shall survive the termination of this Software License Agreement 11 General This License Agreement shall be construed interpreted and governed by the laws of Republic of China without regard to conflicts of laws provisions thereof The exclusive forum for any disputes arising out of or relating to this License Agreement shall be an appropriate court or Commercial Arbitration Association sitting in ROC Taiwan if the parties agree to a binding arbitration This License Agreement shall constitute the entire Agreement between the parties hereto This License Agreement the rights granted hereunder the Software and Documentation shall not be assigned by you without the prior written consent of ZyXEL Any waiver or modification of this License Agreement shall only be effective if it is in writing and signed by both parties hereto If any part of this License Agreement is found invalid or unenforceable by a court of competent jurisdiction the remainder of this License Agreement shall be interpreted so as to reasonably effect the intention of the parties NOTE Some components of this product incorporate free software programs covered under the open source code licenses which allows you to freely copy modify and redistribute the software For at least three 3 years from the date of distribution of the applicable product or software we will give to anyone who contacts us at the ZyXEL Technical Support Support zyxel com tw for
264. ightweight Directory Access Protocol LDAP is a protocol over TCP that specifies how clients access directories of certificates and lists of revoked certificates Address Type the IP address in dotted decimal notation of the directory server Port Use this field to specify the LDAP server port number You must use the same server port number that the directory server uses 389 is the default server port number for LDAP The NWA3000 N series AP may need to authenticate itself in order to assess the CRL directory server Type the login name up to 31 ASCII characters from the entity maintaining the server usually a certification authority Password Type the password up to 31 ASCII characters from the entity maintaining the CRL directory server usually a certification authority Certificate Information These read only fields display detailed information about the certificate NWA3000 N Series User s Guide Chapter 14 Certificates Table 67 Configuration Object Certificate Trusted Certificates Edit LABEL DESCRIPTION Type This field displays general information about the certificate CA signed means that a Certification Authority signed the certificate Self signed means that the certificate s owner signed the certificate not a certification authority X 509 means that this certificate was created and signed according to the ITU T X 509 recommendation that
265. igure and manage up to 24 others This centralized management can greatly reduce the effort of setting up and maintaining multiple devices An NWA3000 N series AP in this group ZLD based models can manage other APs in this group NWA3160 N NWA3550 N NWA3560 N It can also use legacy device information hyper links to connect to the Web Configurators of the following ZyNOS based NWA 3000 series APs NWA 3160 NWA 3163 NWA 3500 NWA 3550 NWA 3166 1 Notall of these models were available at the time of writing NWA3000 N Series User s Guide 23 Chapter 1 Introduction The following figure illustrates a CAPWAP wireless network The user U configures the controller AP C which then automatically updates the configurations of the managed APs M1 M4 Figure 7 CAPWAP Network Example m 1 4 Ways to Manage the NWA3000 N series AP You can use the following ways to manage the NWA3000 N series AP Web Configurator The Web Configurator allows easy NWA3000 N series AP setup and management using an Internet browser This User s Guide provides information about the Web Configurator Command Line Interface CLI The CLI allows you to use text based commands to configure the NWA3000 N series AP You can access it using remote management for example SSH or Telnet or via the console port See the Command Reference Guide for more information NWA3000 N Series User s Guide Chapter 1
266. inds ihe Coltelled usu inskceccu deae kgab 14 Ran men 2L qutd yk aka eR a tp kA Fan 104 TAA CAPWAP Deliver rm 104 128 Noles On GAPVOSP Lesen ia For debo tbc xw bod een Coe oL p a La a dea 105 73 The Management Mode SOFBBIIaccediteHuicisrenc s bxod do eke Id don ee Va a Ere svn tdg n npa VU d due eiaa 105 Chapter 8 LAN SEHNG BR 107 SI LAN Seino COMBINE soos erbe no EAE on renee 107 9 1 1 What Your Can Do nie Chapel iosaid aiaa 107 8 1 2 Whal You Need To IUD uuuuscessessendxt retta une rete onu Ee rek iah aa 107 NIE uU c 108 8 5 1 Adu or Edita DNS SSH sacs ipexiept eer ti be ast edu tup e bet ada eR bordn n pee bet ER Rc CEDE De 110 Chapter 9 o O 111 NES U I mo UE 111 97 1 What Tou Can Do ih this Chatel i uucuuuaue et uaa eara daa ub as eu ex rid a Races 111 9 1 2 What You Neod fa KOON cuccesccconesesce tunes totom cec re puse c nme ee cmn E Eccc MEE put LEE ONDE 111 B2 Lol orco D anPOLER A PCOCRER CGU a ooa op aoa 112 So AP MSS 1 scccuasesetla tepida ee peer een baeo c er ente utem bs errr ree ree ere rere re 113 NWA3000 N Series User s Guide 9 Table of Contents BT EIE PP LISE so piede eror dv bea ad Pod cobra uar dps a pg Rcb ra Pa EA 115 SEA SIE eC RUP NM pd o 116 9 4 1 Add Edit Rogue Friendly LIU eo aetate atn Peta eo pes bPat en ome HEP Re aia 118 SE EE cti DRE E 119 9 5 1 Disassociating and Delaying Connections ener neni etian uo retra br tk xanh ped 120 cra e
267. informed that you can do these things To protect your rights we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it For example if you distribute copies of the library whether gratis or for a fee you must give the recipients all the rights that we gave you You must make sure that they too receive or can get the source code If you link other code with the library you must provide complete object files to the recipients so that they can relink them with the library after making changes to the library and recompiling it And you must show them these terms so they know their rights We protect your rights with a two step method 1 we copyright the library and 2 we offer you this license which gives you legal permission to copy distribute and or modify the library To protect each distributor we want to make it very clear that there is no warranty for the free library Also if the library is modified by someone else and passed on the recipients should know that what they have is not the original version so that the original author s reputation will not be affected by problems that might be introduced by others Finally software patents pose a constant threat to the existence of any free program We wish to make sure that a company cannot effecti
268. ing Wireless clients cannot connect to an AP There may be a configuration mismatch between the wireless clients and the AP or an incorrect VLAN topology See Chapter 4 on page 55 for a simple primer on basic network topology and management The wireless client s MAC address may be on the MAC filtering list See Section 12 3 3 on page 161 for details on managing the NWA3000 N series AP MAC Filter The wireless client may not be able to get an IP Check the wireless client s own network configuration settings to ensure that it is set up to receive its IP address automatically If the NWA3000 N series AP or a connected Internet access device are managing the network with static IPs make sure that the server settings for issuing those IPs are properly configured Check the wireless client s own network settings to ensure it is already set up with its static IP address Authentication of the wireless client with the authentication server may have failed Ensure the AP profile assigned to the AP uses a security profile that is properly configured and which is matches the security settings in use by the NWA3000 N series AP For example if the security mode on the AP is set to WPA WPA2 then make sure the authentication server is running and able to complete the 802 1x authentication sequence See Chapter 12 on page 147 and Section 15 10 on page 221 for more f you cannot solve the problem on your own before contacting
269. ing without limitation any warranties or conditions of TITLE NON INFRINGEMENT MERCHANTABILITY or FITNESS FOR A PARTI CULAR PURPOSE You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License 8 Limitation of Liability In no event and under no legal theory whether in tort including negligence contract or otherwise unless required by applicable law such as deliberate and grossly negligent acts or agreed to in writing shall any Contributor be liable to You for damages including any direct indirect special incidental or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work including but not limited to damages for loss of goodwill work stoppage computer failure or malfunction or any and all other commercial damages or losses even if such Contributor has been advised of the possibility of such damages 9 Accepting Warranty or Additional Liability While redistributing the Work or Derivative Works thereof You may choose to offer and charge a fee for acceptance of support warranty indemnity or other liability obligations and or rights consistent with this License However in accepting such obligations You may act only on Your own behalf and on Your sole responsibility not on behalf of any other Contributor and only if You agree to indemn
270. ion by a WLAN Controller Fail s Configuration upgrade by the WLAN Controller failed 1st 96s Wrong Configuration ReBoot by a WLAN Controller WLAN Controller s The managed AP was rebooteed WLAN Controller 1st 96s WLAN Controller IP Address Switch Managed AP to Standalone AP WLAN Controller s The WLAN controller set the managed AP to Standalone Mode 1st 96s WLAN Controller IP Address Firmware upgraded by WLAN Controller WLAN Controller s The CAPWAP client s firmware was upgraded by the WLAN controller 1st 96s WLAN Controller IP Address Apply configuration by a WLAN Controller Success s The WLAN controller successfully applied configuration 1st 96s Complete Updating Managed AP Configuration Flush SS The managed AP reset ZySH for flushing its running config amp reapplied the startup config 1st 96s Reset ZySH Daemon AC IP Change New Discovery Type s WLAN Controller IP s Changed the managed AP s AC IP 1st 96s Discovery type By DHCP Broadcast 2nd 96s WLAN Controller IP Address Managed AP Receiving Complete ZySH Configuration from AC The managed AP is receiving total configuration from the WLAN Controller during CAPWAP protocol handshaking Configuration Change State NWA3000 N Series User s Guide Appendix A Log Descriptions Table 109 CAPWAP Client Logs LOG MESSAGE DESCRIPTION Managed
271. ion or company and C Country It is recommended that each certificate have unique subject information Issuer This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or department organization or company and country With self signed certificates this is the same information as in the Subject field Valid From This field displays the date that the certificate becomes applicable Valid To This field displays the date that the certificate expires The text displays in red and includes an Expired message if the certificate has expired Import Click Import to open a screen where you can save the certificate of a certification authority that you trust from your computer to the NWA3000 N series AP Refresh Click this button to display the current validity status of the certificates NWA3000 N Series User s Guide Chapter 14 Certificates 14 3 1 Edit Trusted Certificates Click Configuration gt Object gt Certificate gt Trusted Certificates and then a certificate s Edit icon to open the Trusted Certificates Edit screen Use this screen to view in depth information about the certificate change the certificate s name and set whether or not you want the NWA3000 N series AP to check a certification authority s list of revoked certificates before trusting a certificate issued by the certification authority Figure 82 Configuration
272. is SSID Hidden SSID Select this if you want to hide your SSID from wireless clients This tells any wireless clients in the vicinity of the AP using this SSID profile not to display its SSID name as a potential connection Not all wireless clients respect this flag and display it anyway When an SSID is hidden and a wireless client cannot see it the only way you can connect to the SSID is by manually entering the SSID name in your wireless connection setup screen s these vary by client client connectivity software and operating system Enable Intra Select this option to prevent crossover traffic from within the same BSS Traffic SSID Blocking NWA3000 N Series User s Guide 1 57 Chapter 12 AP Profile Table 55 Configuration gt Object gt AP Profile gt Add Edit SSID Profile continued LABEL DESCRIPTION OK Click OK to save your changes back to the NWA3000 N series AP Cancel Click Cancel to exit this screen without saving your changes 12 3 2 Security List This screen allows you to manage wireless security configurations that can be used by your SSIDs Wireless security is implemented strictly between the AP broadcasting the SSID and the stations that are connected to it To access this screen click Configuration gt Object gt AP Profile gt SSID gt Security List Note You can have a maximum of 32 security profiles on the NWA3000 N series AP Figure 70 C
273. is list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution Neither the name of Sparta Inc nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAI MED IN NO EVENT SHALL THE COPYRI GHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Part 6 Cisco BUPTNIC copyright notice BSD Copyright c 2004 Cisco Inc and Information Network NWAJ3000 N Series User s Guide Appendix D Open Software Announcements Center of Beijing University of Posts and Telecommunications All
274. is section shows you how to configure the Access Point AP profiles that will be used by your APs once they are connected to the network You will first create a security profile and an SSID profile for staff access then you will create a second pair for guest access Finally you will associate them with a radio profile which is applied to your AP s radio transmitter 1 Open the Configuration gt Object gt AP Profile gt SSID gt Security List screen and then click the Add button Radio SSID SSID List Security List MAC Filter List Security Summary Add OMe Name Security Mode 1 default none Page 1 of 1 Show 50 tems Displaying 1 1 of 1 NWA3000 N Series User s Guide Chapter 4 Tutorials 2 The Add Security Profile window opens Q Add Security Profile x Profile Name wpa2 F Security Mode wpa2 v 802 1X Radius Server Type Internal E Primary Accounting Server Activate m Secondary Accounting Server Activate m Psk Cipher Type tkip v ReAuthentication Timer 0 30 30000 seconds 0 is unlimited Idle timeout 3000 30 30000 seconds Group Key Update Timer 1800 30 30000 seconds Pre Authentication Enable zu lt k 2a Profile Name Enter wap2 2b Security Mode Select wpa2 from the list of available wireless security encryption methods 2c Under Security Mode select 802 1X then set the Radius Server Type to Internal 2d Click OK 3 Next open the
275. isassociate station when overloaded Each field is described in the following table Table 42 Configuration gt Wireless gt Load Balancing LABEL DESCRIPTION Enable Load Select this to enable load balancing on the NWA3000 N series AP Balancing Mode Select a mode by which load balancing is carried out Select By Station Number to balance network traffic based on the number of specified stations connect to an AP Select By Traffic Level to balance network traffic based on the volume generated by the stations connected to an AP Once the threshold is crossed either the maximum station numbers or with network traffic then the AP delays association request and authentication request packets from any new station that attempts to make a connection This allows the station to automatically attempt to connect to another less burdened AP if one is available Max Station Enter the threshold number of stations at which an AP begins load Number balancing its connections Traffic Level Select the threshold traffic level at which the AP begins load balancing its connections low medium high NWA3000 N Series User s Guide Chapter 9 Wireless Table 42 Configuration gt Wireless gt Load Balancing continued LABEL DESCRIPTION Disassociate station when overloaded Select this option to kick wireless clients connected to the AP when it becomes overloaded If you do not enable
276. it appears to wireless clients Security Profile This field indicates which if any security profile is associated with the SSID profile QOS This field indicates the QoS type associated with the SSID profile MAC Filtering This field indicates which if any MAC Filter Profile is associated with the Profile SSID profile VLAN ID This field indicates the VLAN ID associated with the SSID profile NWA3000 N Series User s Guide 155 Chapter 12 AP Profile 12 3 1 1 Add Edit SSID Profile This screen allows you to create a new SSID profile or edit an existing one To access this screen click the Add button or select an SSID profile from the list and click the Edit button Figure 69 Configuration gt Object gt AP Profile gt Add Edit SSID Profile Add SSID Profile v Create new Object v Profile Name SSID Security Profile MAC Filtering Profile QoS VLAN ID Hidden SSID 7 Enable Intra BSS The following ta ZyXEL default MV disable N WMM M 1 1 4094 Traffic blocking Cancel ble describes the labels in this screen Table 55 Configuration gt Object gt AP Profile gt Add Edit SSID Profile LABEL DESCRIPTION Create new Select an object type from the list to create a new one associated with Object this SSID profile Profile Name Enter up to 31 alphanumeric characters for the profile name This name is only visible in the Web Configurat
277. it configuration files or shell scripts in a text editor and upload them to the NWA3000 N series AP Configuration files use a conf extension and shell scripts use a zysh extension What You Can Do in this Chapter The Configuration File screen Section 17 2 on page 243 stores and names configuration files You can also download and upload configuration files The Firmware Package screen Section 17 3 on page 248 checks your current firmware version and uploads firmware to the NWA3000 N series AP The Shell Script screen Section 17 4 on page 249 stores names downloads uploads and runs shell script files What you Need to Know The following terms and concepts may help as you read this chapter Configuration Files and Shell Scripts When you apply a configuration file the NWA3000 N series AP uses the factory default settings for any features that the configuration file does not include When you run a shell script the NWA3000 N series AP only applies the commands that it contains Other settings do not change NWA3000 N Series User s Guide Chapter 17 File Manager These files have the same syntax which is also identical to the way you run CLI commands manually An example is shown below enter configuration mode configure terminal change administrator password username admin password 4321 user type admin configure default radio profile change 2GHz channel to 11 amp Tx output power to 50 wlan radio
278. ith this distribution is covered by the same copyright terms except that the holder is Tim Hudson tjh cryptsoft com Copyright remains Eric Young s and as such any Copyright notices in the code are not to be removed If this package is used in a product Eric Young should be given attribution as the author of the parts of the library used This can be in the form of a textual message at program startup or in documentation online or textual provided with the package Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgement This product includes cryptographic software written by Eric Young eay cryptsoft com The word cryptographic can be left out if the rouines from the library NWA3000 N Series User s Guide Appendix D Open Software Announcements being used are not cryptographic related 4 If you include any Windows specific code or a derivative thereof from the apps dire
279. itions either of that version or of any later version published by the Free Software Foundation If the Library does not specify a license version number you may choose any version ever published by the Free Software Foundation 14 If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these write to the author to ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 15 BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE LI BRARY TO THE EXTENT PERMITTED BY APPLI CABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE LIBRARY AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTI ES OF MERCHANTABILITY AND FITNESS FOR A PARTI CULAR PURPOSE THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LI BRARY IS WITH YOU SHOULD THE LI BRARY PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAI R OR CORRECTION 16 IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER OR ANY OTHER PARTY WHO
280. ject to the following two conditions NWA3000 N Series User s Guide Appendix E Legal Information 1 this device may not cause interference and 2 this device must accept any interference including interference that may cause undesired operation of the device This device has been designed to operate with an antenna having a maximum gain of 2dBi Antenna having a higher gain is strictly prohibited per regulations of Industry Canada The required antenna impedance is 50 ohms To reduce potential radio interference to other users the antenna type and its gain should be so chosen that the EIRP is not more than required for successful communication IMPORTANT NOTE Device for the band 5150 5250 MHz is only for indoor usage to reduce potential for harmful interference to co channel mobile satellite systems users should also be cautioned to take note that high power radars are allocated as primary users meaning they have priority of the bands 5250 5350 MHz and 5650 5850 MHz and these radars could cause interference and or damage to LE LAN devices IC Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment End users must follow the specific operating instructions for satisfying RF exposure compliance TEE CA eR ERAS RT Ea RENE
281. l Server Mail Subject Mail From Mail To 7 SMTP Authentication Schedule Time for sending report 0 Report Items System Resource Usage V CPU Usage 9 Memory Usage V Port Usage Wireless Report Station Count 7 TX RX Statistics 7 Reset counters after sending report successfully Reset All Counters 7 Append system name 7 Append date time hours utgoing SMTP Server Name or IP Address Qmail Address Email Address Figure 108 Configuration Log amp Report Email Daily Report Standalone Mode Email Address Email Address Email Address Email Address 0 minutes NWA3000 N Series User s Guide Chapter 16 Log and Report The following table describes the labels in this screen Table 82 Configuration gt Log amp Report gt Email Daily Report LABEL DESCRIPTION Enable Email Select this to send reports by e mail every day Daily Report Mail Server Type the name or IP address of the outgoing SMTP server Mail Subject Type the subject line for the outgoing e mail Select Append system name to add the NWA3000 N series AP s system name to the subject Select Append date time to add the NWA3000 N series AP s system date and time to the subject Mail From Type the e mail address from which the outgoing e mail is delivered This address is used in replies Mail To Type the e mail address or address
282. l its users This General Public License applies to most of the Free Software Foundation s software and to any other program whose authors commit to using it Some other Free Software Foundation software is covered by the GNU Library General Public License instead You can apply it to your programs too When we speak of free software we are referring to freedom not price Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that you know you can do these things To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have You must make sure that they too receive or can get the source code And you must show them these terms so they know their rights We protect your rights with two steps 1 copyright the software and 2 offer you this license which gives you legal permission to copy distribute and or modify the software Also for each author s protection and
283. lank in a backup NWA3000 N series AP it cannot synchronize from the master NWA3000 N series AP Auto Synchronize Select this to get the updated configuration automatically from the specified NWA3000 N series AP according to the specified Interval The first synchronization begins after the specified Interval the NWA3000 N series AP does not synchronize immediately Interval When you select Auto Synchronize set how often the NWA3000 N series AP synchronizes with the master Apply This appears when the NWA3000 N series AP is currently using active passive mode device HA Click Apply to save your changes back to the NWA3000 N series AP Reset Click Reset to return the screen to its last saved settings 10 3 1 Edit Monitored Interface This screen lets you enable or disable monitoring of an interface and set the interface s management IP address and subnet mask To access this screen click Configuration gt Device HA gt Active Passive Mode gt Edit Figure 59 Device HA gt Active Passive Mode gt Edit Monitored Interface Edit Monitored Interface x Enable Monitored Interface Interface Name Virtual Router IP VRIP Subnet Mask 172 23 26 242 255 255 255 0 Manage IP Manage IP Subnet Mask 255 255 255 0 OK Cancel NWA3000 N Series User s Guide Chapter 10 Device HA The following table describes the labels in this screen Table 46 Device HA Active Passive
284. lays the date and time that the individual files were saved Modified NWA3000 N Series User s Guide Chapter 18 Diagnostics NWA3000 N Series User s Guide 19 1 19 1 1 19 2 Reboot Overview Use this to restart the device What You Need To Know If you applied changes in the Web configurator these were saved automatically and do not change when you reboot If you made changes in the CLI however you have to use the write command to save the configuration before you reboot Otherwise the changes are lost when you reboot Reboot is different to reset reset returns the device to its default configuration Reboot This screen allows remote users can restart the device To access this screen click Maintenance gt Reboot Figure 123 Maintenance Reboot Reboot Click the Reboot button to reboot the device Please wait a few minutes until the login screen appears If the login screen does not appear type the IP address of the device in your Web browser Click the Reboot button to restart the NWA3000 N series AP Wait a few minutes until the login screen appears If the login screen does not appear type the IP address of the device in your Web browser You can also use the CLI command reboot to restart the NWA3000 N series AP NWA3000 N Series User s Guide Chapter 19 Reboot NWA3000 N Series User s Guide Shutdown 20 1 Overview 20 1 1 Use this screen t
285. lculated using the MD5 algorithm SHA1 Fingerprint This is the certificate s message digest that the NWA3000 N series AP calculated using the SHA1 algorithm Certificate in PEM Base 64 Encoded Format This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses lowercase letters uppercase letters and numerals to convert a binary certificate into a printable form You can copy and paste a certification request into a certification authority s web page an e mail that you send to the certification authority or a text editor and save the file on a management computer for later manual enrollment You can copy and paste a certificate into an e mail to send to friends or colleagues or you can copy and paste a certificate into a text editor and save the file on a management computer for later distribution via floppy disk for example Export This button displays for a certification request Use this button to save a copy of the request without its private key Click this button and then Save in the File Download screen The Save As screen opens browse to the location that you want to use and click Save Export Certificate Only Use this button to save a copy of the certificate without its private key Click this button and then Save in the File Download screen The Save As screen opens browse to the location that you want to use and click Save Password
286. ld displays the VLAN ID to which the interface belongs HA Status This displays when the NWA3000 N series AP is in controller mode This field displays the status of the interface in the virtual router Active This interface is the master interface in the virtual router Stand By This interface is a backup interface in the virtual router Fault This VRRP group is not functioning in the virtual router right now For example this might happen if the interface is down n a Device HA is not active on the interface IP Addr Netmask This field displays the current IP address and subnet mask assigned to the interface If the IP address is 0 0 0 0 the interface is disabled or did not receive an IP address and subnet mask via DHCP If this interface is a member of an active virtual router this field displays the IP address it is currently using This is either the static IP address of the interface if it is the master or the management IP address if it is a backup IP Assignment This field displays how the interface gets its IP address Static This interface has a static IP address DHCP Client This interface gets its IP address from a DHCP server Action Use this field to get or to update the IP address for the interface Click Renew to send a new DHCP request to a DHCP server Top 5 Station When the NWA3000 N series AP is in controller mode this displays the top 5 Access Points AP with th
287. ll the cables from your device and follow the directions in the Quick Start Guide again 5 If the problem continues contact your ISP cannot access the Internet anymore had access to the Internet with the NWA3000 N series AP but my Internet connection is not available anymore 1 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 1 7 on page 27 2 Reboot the NWA3000 N series AP 3 Ifthe problem continues contact your ISP The Internet connection is slow or intermittent 1 There might be a lot of traffic on the network Look at the LEDs and check Section 1 7 on page 27 If the NWA3000 N series AP is sending or receiving a lot of information try closing some programs that use the Internet especially peer to peer applications 2 Check the signal strength If the signal is weak try moving the NWA3000 N series AP closer to the AP if possible and look around to see if there are any devices that might be interfering with the wireless network microwaves other wireless networks and so on 3 Reboot the NWA3000 N series AP 4 Ifthe problem continues contact the network administrator or vendor or try one of the advanced suggestions Advanced Suggestions NWA3000 N Series User s Guide 271 Chapter 21 Troubleshooting Check the settings for QoS If it is disabled you might consider activating it If it is enabled you might conside
288. lt 1234 4 Click Login If you logged in using the default user name and password the Update Admin I nfo screen appears Otherwise the dashboard appears This screen appears every time you log in using the default user name and default password If you change the password for the default user account this screen does not appear anymore 32 NWA3000 N Series User s Guide Chapter 2 The Web Configurator 2 3 The Main Screen The Web Configurator s main screen is divided into these parts Figure 9 The Web Configurator s Main Screen ZyXEL nwaz3ico n DASHBOARD amp nwa3160 n 00 42 49 NWA3160 N Current Date Time 1970 01 01 00 44 42 GMT 00 00 admin unlimited 00 30 00 OK 100D42007113 40 4A 03 42 70 12 40 4A 03 42 70 13 Current Login User Boot Status 2 23 UJA 0 bat2 1 13 2010 10 25 03 48 20 Management Mode CPU Usage Memory Usage LA WLAN Interface Status Summary aje Flash Usage 9 40 4A 03 42 7 1 24G AP MBSSD 6 0 EIL amp AP Information All Sensed Device Un Classified AP Rogue AP Friendly AP WDS Link Status Radio LinkID Peer MAC Address Securit Status A Title Bar B Navigation Panel C Main Window NWA3000 N Series User s Guide Chapter 2 The Web Configurator 2 3 1 Title Bar The title bar provides some useful links that always appear over the screens below regardless of how deep into the Web Co
289. ly in the table For those types of tables small red triangles display for table entries with changes that you have not yet applied Remove To remove an entry select it and click Remove The NWA3000 N series AP confirms you want to remove it before doing so Activate To turn on an entry select it and click Activate Inactivate To turn off an entry select it and click Inactivate Object Reference Select an entry and click Object Reference to open a screen that shows which settings use the entry Move To change an entry s position in a numbered list select it and click Move to display a field to type a number for where you want to put that entry and press ENTER to move the entry to the number that you typed For example if you type 6 the entry you are moving becomes number 6 and the previous entry 6 if there is one gets pushed up or down one NWA3000 N Series User s Guide Chapter 2 The Web Configurator 2 3 6 3 Working with Lists When a list of available entries displays next to a list of selected entries you can often just double click an entry to move it from one list to the other In some lists you can also use the Shift or Ctrl key to select multiple entries and then use the arrow button to move them to the other list Figure 17 Working with Lists Set Scan Channel List 2 4 G Available channels Channels selected 1 2 3 E z e 7 8 9 10 NWA30
290. mful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this device does cause harmful interference to radio television reception which can be determined by turning the device off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and the receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment fa FCC Radiation Exposure Statement This transmitter must not be co located or operating in conjunction with any other antenna or transmitter For operation within 5 15 5 25GHz frequency range it is restricted to indoor environment EEE 802 11b or 802 11g operation of this product in the U S A is firmware limited to channels 1 through 11 To comply with FCC RF exposure compliance requirements a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons Industry Canada Statement This device complies with RSS 210 of the Industry Canada Rules Operation is sub
291. mote syslog servers 2 3 2 4 Maintenance Menu Use the maintenance menu screens to manage configuration and firmware files run diagnostics and reboot or shut down the NWA3000 N series AP Table 7 Maintenance Menu Screens Summary FOLDER OR LINK TAB FUNCTION File Manager Configuration File Manage and upload configuration files for the NWA3000 N series AP Firmware View the current firmware version and to upload Package firmware Shell Script Manage and run shell script files for the NWA3000 N series AP Diagnostics Diagnostic Collect diagnostic information Packet Capture Capture packets for analysis Wireless Frame Capture wireless frames from APs for analysis Capture Reboot Restart the NWA3000 N series AP Shutdown Turn off the NWA3000 N series AP NWA3000 N Series User s Guide Chapter 2 The Web Configurator 2 3 3 Warning Messages Warning messages such as those resulting from misconfiguration display in a popup window Figure 12 Warning Message Error Message x sr errno 48001 errmsg Invalid network netrnask 2 3 4 Site Map Click Site MAP to see an overview of links to the Web Configurator screens Click a screen s link to go to that screen Figure 13 Site Map Site Map lx E Monitor LAN Status Configuration d Maintenance 2 3 5 Object Reference Click Object Reference to open the
292. mple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication Access Request Sent by an access point requesting authentication e Access Reject Sent by a RADIUS server rejecting access Access Accept Sent by a RADIUS server allowing access NWAJ3000 N Series User s Guide 325 Appendix C Wireless LANs Access Challenge Sent by a RADIUS server requesting more information in order to allow access The access point sends a proper response from the user and then sends another Access Request message The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting Accounting Request Sent by the access point requesting accounting Accounting Response Sent by the RADIUS server to indicate that it has started or stopped accounting In order to ensure network security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the network from unauthorized access Types of EAP Authentication This section discusses some popular authentication types EAP MD5 EAP TLS EAP TTLS PEAP
293. n SNMP request comes from non authenticated hosts NWA3000 N Series User s Guide Chapter 15 System 15 9 3 Configuring SNMP To change your NWA3000 N series AP s SNMP settings click Configuration gt System SNMP tab The screen appears as shown Use this screen to configure your SNMP settings You can also configure profiles that define allowed SNMPv3 access Figure 103 Configuration System SNMP General Settings V Enable Server Port 161 Trap Community Optional Destination Optional E Trap Wireless Event E Trap CAPWAP Event V SNMPv2c Get Community public Set Community private C SNMPv3 Q Add User Name Authentication Privacy Privilege 1 usertest none none Read Write Page 1 ofi Show 50 v items Displaying 1 1 of 1 tom Greet The following table describes the labels in this screen Table 78 Configuration System SNMP LABEL DESCRIPTION Enable Select the check box to allow or disallow users to access the NWA3000 N series AP using SNMP Server Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Trap Community Type the trap community which is the password sent with each trap to the SNMP manager The default is public and allows all requests Destination Type the IP address of the station to send your
294. nal E mail Server 2 Mail Server Mail Subject Send From Send Log to Send Alert to w y Remote Server 1 VRPT Syslog Server Address Log Facility Local 1 4 y Remote Server 2 VRPT Syslog Server Address Log Facility Local 1 cen y Remote Server VRPT Syslog Server Address Log Facility Local 1 6 y Remote Server VRPT Syslog Server Address Log Facility Local 1 Page 1 ofi Show 50 v items Active Log Summary Apply Schedule Send log when full Schedule Send log when full Displaying 1 6 of 6 NWA3000 N Series User s Guide Chapter 16 Log and Report The following table describes the labels in this screen Table 83 Configuration Log amp Report Log Setting LABEL DESCRIPTION Edit Double click an entry or select it and click Edit to open a screen where you can modify the entry s settings Activate To turn on an entry select it and click Activate Inactivate To turn off an entry select it and click Inactivate This field is a sequential value and it is not associated with a specific log Name This field displays the name of the log system log or one of the remote servers Log Format This field displays the format of the log Internal system log you can view the log on the View Log tab VRPT Syslog ZyXEL s Vantage Report syslog compatible format CEF Syslog Common Event Format syslog compatible format Summary This field is
295. nce NWA3000 N Series User s Guide 151 Chapter 12 AP Profile Table 53 Configuration Object AP Profile Add Edit Profile continued LABEL DESCRIPTION Enable A MPDU Select this to enable A MPDU aggregation Aggregation Message Protocol Data Unit MPDU aggregation collects Ethernet frames along with their 802 11n headers and wraps them in a 802 11n MAC header This method is useful for increasing bandwidth throughput in environments that are prone to high error rates A MPDU Limit Enter the maximum frame size to be aggregated A MPDU Enter the maximum number of frames to be aggregated each time Subframe Enable A Select this to enable A MSDU aggregation MSDU Aggregation Mac Service Data Unit MSDU aggregation collects Ethernet frames without any of their 802 11n headers and wraps the header less payload in a single 802 11n MAC header This method is useful for increasing bandwidth throughput It is also more efficient than A MPDU except in environments that are prone to high error rates A MSDU Limit Enter the maximum frame size to be aggregated RTS CTS Use RTS CTS to reduce data collisions on the wireless network if you Threshold have wireless clients that are associated with the same AP but out of range of one another When enabled a wireless client sends an RTS Request To Send and then waits for a CTS Clear To Send before it transmits This stops wireless clie
296. nd attacks The NWA3000 N series AP provides a system log and supports e mail profiles and remote syslog servers The system log is available on the View Log tab the e NWAJ3000 N Series User s Guide Chapter 16 Log and Report 16 3 1 mail profiles are used to mail log messages to the specified destinations and the other four logs are stored on specified syslog servers The Log Setting tab also controls what information is saved in each log For the system log you can also specify which log messages are e mailed where they are e mailed and how often they are e mailed For alerts the Log Settings tab controls which events generate alerts and where alerts are e mailed The Log Settings Summary screen provides a summary of all the settings You can use the Log Settings Edit screen to maintain the detailed settings such as log categories e mail addresses server names etc for any log Alternatively if you want to edit what events is included in each log you can also use the Active Log Summary screen to edit this information for all logs at the same time Log Setting Summary To access this screen click Configuration gt Log amp Report gt Log Setting Figure 109 Configuration Log amp Report Log Setting Log Setting Log Setting Status Name Log Format Summary 1 a System Log Internal E mail Server 1 Mail Server Mail Subject Send From Send Log to Send Alert to N y System Log Inter
297. nd debug logs yellow check mark send the remote server log messages alerts and debugging information for all log categories This field is a sequential value and it is not associated with a specific NWAJ3000 N Series User s Guide address Chapter 16 Log and Report Table 86 Configuration Log amp Report Log Setting Active Log Summary LABEL DESCRIPTION Log Category This field displays each category of messages It is the same value used in the Display and Category fields in the View Log tab The Default category includes debugging messages generated by open source software System log Select which events you want to log by Log Category There are three choices disable all logs red X do not log any information from this category enable normal logs green checkmark create log messages and alerts from this category enable normal logs and debug logs yellow check mark create log messages alerts and debugging information from this category the NWA3000 N series AP does not e mail debugging information however even if this setting is selected E mail Server 1 E mail Select whether each category of events should be included in the log messages when it is e mailed green check mark and or in alerts red exclamation point for the e mail settings specified in E Mail Server 1 The NWA3000 N series AP does not e mail debugging information even if it is recorded
298. ndently configurable wireless and security settings Use up to 8 simultaneous BSSIDs and configure up to 64 SSID profiles SSID based RADIUS server selection Secure AP control amp management over GRE CAPWAP standard based solution Simultaneous centralized amp distributed WLAN support e Internal RADIUS server supporting PEAP TTLS MD5 with a 32 entry trusted AP list and 512 entry local user list MAC address filtering through WLAN support 512 MAC address entries in each profile Blocking Intra BSS Traffic Support Primary and Backup RADIUS server SSH HTTPS NWA3000 N Series User s Guide Chapter 22 Product Specifications Table 97 Firmware Specifications Quality of Service WMM certified prioritizes wireless traffic Pre authentication WPA2 only PMK caching for fast roaming WPA2 only DiffServ marking AP Load Balancing The NWA3000 N series AP can balance wireless network traffic between the APs on your network by station quantity or by traffic volume Wireless Intrusion Rogue AP detection classification and suppression Prevention VLAN 802 1Q VLAN tagging STP Spanning Tree R STP detects and breaks network loops and provides backup Protocol RSTP Rapid links between switches bridges or routers It allows a bridge to STP interact with other R STP compliant bridges in your network to ensure that only one path exists between any two stations on
299. next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements of a table from an agent it initiates a Get operation followed by a series of GetNext operations Set Allows the manager to set values for object variables within an agent Trap Used by the agent to inform the manager of some events Supported MIBs The NWA3000 N series AP supports MIB II that is defined in RFC 1213 and RFC 1215 The NWA3000 N series AP also supports private MIBs ZYXEL ES CAPWAP MI B ZYXEL ES COMMON MI B ZYXEL ES HYBRIDAP MI B ZYXEL ES PROWLAN MIB ZYXEL ES REMGMT MIB ZYXEL ES SMI MIB and ZYXEL ES WIRELESS MIB to collect information about CPU and memory usage and VPN total throughput The focus of the MIBs is to let administrators collect statistical data and monitor status and performance You can download the NWA3000 N series AP s MIBs from www zyxel com SNMP Traps The NWA3000 N series AP will send traps to the SNMP manager when any one of the following events occurs Table 77 SNMP Traps OBJECT LABEL OBJECT ID DESCRIPTION Cold Start 1 3 6 1 6 3 1 1 5 1 This trap is sent when the NWA3000 N series AP is turned on or an agent restarts linkDown 1 3 6 1 6 3 1 1 5 3 This trap is sent when the Ethernet link is down linkUp 1 3 6 1 6 3 1 1 5 4 This trap is sent when the Ethernet link is up authenticationFailure 1 3 6 1 6 3 1 1 5 5 This trap is sent when a
300. nfigurator you navigate Figure 10 Title Bar DIT A7 9 Sie Map object Reference Gi Console cm CLI The icons provide the following functions Table4 Title Bar Web Configurator Icons LABEL DESCRIPTION Logout Click this to log out of the Web Configurator Help Click this to open the help page for the current screen About Click this to display basic information about the NWA3000 N series AP Site Map Click this to see an overview of links to the Web Configurator screens Object Click this to open a screen where you can check which configuration Reference items reference an object Console Click this to open the console in which you can use the command line interface CLI See the NWA3000 N series AP CLI Reference Guide for details CLI Click this to open a popup window that displays the CLI commands sent by the Web Configurator 2 3 2 Navigation Panel Use the menu items on the navigation panel to open screens to configure NWA3000 N series AP features Click the arrow in the middle of the right edge of the navigation panel to hide the navigation panel menus or drag it to resize them The following sections introduce the NWA3000 N series AP s navigation panel menus and their screens Figure 11 Navigation Panel CONFIGURATION WLAN Setting MGNT Mode LAN Setting General Settings Wireless a Model NWA3160 N 39 MI AP Management MON Mode V Radio 1 Activate Load Balan
301. ng a public key certificate when prompted you can install a stand alone certificate file if one has been issued to you 1 Open Firefox and click Tools Options Tools Web Search Ctrl Downloads CtrlJ Add ons Java Console Error Console Page Info Clear Private Data Ctrl Shift Del Options 2 Inthe Options dialog box click Advanced gt Encryption gt View Certificates 0 E amp i9 Main Tabs Content Feeds Privacy Security Advanced General Network Updafe Encryption Protocols Use SSL 3 0 Use TLS 1 0 Certificates When a web site requires a certificate Select one automatically Ask me every time NWA3000 N Series User s Guide Appendix B Importing Certificates 3 In the Certificate Manager dialog box click Web Sites gt Import Certificate Manager anny Your Certificates Other Peopldis Web Sites Alithorities You have certificates on file that identify these web sites i Purposes Certificate Name in B Desktop 3 My Computer Q My Documents my Network Places My Network Places File name CA cer Files of type Certificate Files 5 The next time you visit the web site click the padlock in the address bar to open the Page Info gt Security window to see the web page s security information 315 NWA3000 N Series User s Guide Appendix B Importing Certificates Removin
302. ng fields display if the NNWA3000 N series AP is in controller mode Table 37 Configuration Wireless AP Management Controller Mode LABEL DESCRIPTION Edit Select an AP and click this button to edit its properties Remove Select an AP and click this button to remove it from the list Note If in the Configuration Wireless Controller screen you set the Registration Type to Always Accept then as Soon as you remove an AP from this list it reconnects Reboot Select an AP and click this button to force it to restart This field is a sequential value and it is not associated with any interface P Address This field displays the IP address of the AP MAC This field displays the MAC address of the AP Model This field displays the AP s hardware model information It displays N A not applicable only when the AP disconnects from the NWA3000 N series AP and the information is unavailable as a result R1 Mode Profile This field displays the AP or MON profile for Radio 1 R2 Mode Profile If the NWA3000 N series AP has a second radio this field displays the AP or MON profile for Radio 2 Mgnt VLAN ID This field displays the ID of the AP s management VLAN Description This field displays the AP s description which you can configure by selecting the AP and clicking the Edit button NWA3000 N Series User s Guide EJ Chapter 9 Wireless Figure 45 Configuration gt
303. not trust the source do not open this software What s the risk NWA3000 N Series User s Guide Appendix B Importing Certificates 3 Refer to steps 4 12 in the Internet Explorer procedure beginning on page 306 to complete the installation process Removing a Certificate in Internet Explorer This section shows you how to remove a public key certificate in Internet Explorer 7 on Windows XP 1 Open Internet Explorer and click Tools gt Internet Options R aele Delete Browsing History Pop up Blocker L Phishing Filter gt Manage Add ons gt Work Offline Windows Update Full Screen Fil Menu Bar Toolbars gt Windows Messenger Diagnose Connection Problems Sun Java Console Internet Options X 2 Inthe Internet Options dialog box click Content gt Certificates Internet Options General Security Priva Content gbnnections Programs Advanced Content Advisor Ratings help you control the Internet content that can be viewed on this computer Certificates Use certificates for encrypted connections and identification Clear SSL state V Certificates Publishers AutoComplete AutoComplete stores previous entries on webpages and suggests matches for you Feeds provide updated content from websites that can be read in Internet Explorer and other programs a JC em NWA3000 N Series User s Guide Appendix B Importing Certificates 3 Inthe Certif
304. nsion to help you identify the packet capture files Modifying the file suffix also avoids making new capture files that overwrite existing files of the same name The file name format is interface name file suffix cap for example lan packet capture cap Number Of Bytes To Specify the maximum number of bytes to capture per packet The Capture Per Packet NWA3000 N series AP automatically truncates packets that exceed this size As a result when you view the packet capture files in a packet analyzer the actual size of the packets may be larger than the size of captured packets Capture Click this button to have the NWA3000 N series AP capture packets according to the settings configured in this screen You can configure the NWA3000 N series AP while a packet capture is in progress although you cannot modify the packet capture settings The NWA3000 N series AP s throughput or performance may be affected while a packet capture is in progress After the NWA3000 N series AP finishes the capture it saves a separate capture file for each selected interface The total number of packet capture files that you can save depends on the file sizes and the available flash storage space Once the flash storage space is full adding more packet captures will fail Stop Click this button to stop a currently running packet capture and generate a separate capture file for each selected interface Reset Click this button to r
305. nt This field indicates the selected AP s containment status Role This field indicates whether the selected AP is a rogue ap or a friendly ap To change the AP s role click the Edit button MAC Address This field indicates the AP s radio MAC address NWA3000 N Series User s Guide 11 7 Chapter 9 Wireless Table 40 Configuration gt Wireless gt MON Mode continued LABEL DESCRIPTION Description This field displays the AP s description You can modify this by clicking the Edit button Importing Exporting These controls allow you to export the current list of rogue and friendly APs or import existing lists Importing File Path Browse Enter the file name and path of the list you want to import or click the Browse button to locate it Once the File Path field has been populated click I mporting to bring the list into the NWA3000 N series AP You need to wait a while for the importing process to finish Exporting Click this button to export the current list of either rogue APs or friendly APS Apply Click Apply to save your changes back to the NWA3000 N series AP Reset Click Reset to return the screen to its last saved settings 9 4 1 Add Edit Rogue Friendly List Select an AP and click the Edit button in the Configuration Wireless MON Mode table to display this screen Figure 48 Configuration gt Wireless gt MON Mode gt Add Edit
306. nts from transmitting packets at the same time and causing data collisions A wireless client sends an RTS for all packets larger than the number of bytes that you enter here Set the RTS CTS equal to or higher than the fragmentation threshold to turn RTS CTS off Fragmentation Threshold The threshold number of bytes for the fragmentation boundary for directed messages It is the maximum data fragment size that can be sent Enter an even number between 256 and 2346 Beacon Interval When a wirelessly networked device sends a beacon it includes with it a beacon interval This specifies the time period before the device sends the beacon again The interval tells receiving devices on the network how long they can wait in low power mode before waking up to handle the beacon A high value helps save current consumption of the access point DTIM Delivery Traffic Indication Message DTIM is the time period after which broadcast and multicast packets are transmitted to mobile clients in the Active Power Management mode A high DTIM value can cause clients to lose connectivity with the network This value can be set from 1 to 255 Output Power Set the output power of the AP in this field If there is a high density of APs in an area decrease the output power of the NWA5160N to reduce interference with other APs Select one of the following 100 Full Power 5096 25 or 12 5 See the product specifications for
307. nvalid old new index 1st zysh table name Unable to move entry ded lst zysh entry num s apply failed at initial stage 1st zysh table name s apply failed at main stage 1st zysh table name s apply failed at closing stage 1st zysh table name NWA3000 N Series User s Guide Appendix A Log Descriptions Table 99 User Logs LOG MESSAGE DESCRIPTION s s from s has logged in EnterpriseWLAN A user logged into the NWA3000 N series AP lst 96s The type of user account 2nd 96s The user s user name 3rd 96s The name of the service the user is using HTTP HTTPS FTP Telnet SSH or console s s from s has logged out EnterpriseWLAN A user logged out of the NWA3000 N series AP 1st 96s The type of user account 2nd 96s The user s user name 3rd 96s The name of the service the user is using HTTP HTTPS FTP Telnet SSH or console Ss Ss from s has been logged out EnterpriseWLAN re auth timeout The NWA3000 N series AP is signing the specified user out due to a re authentication timeout lst 96s The type of user account 2nd 96s The user s user name 3rd 96s The name of the service the user is using HTTP HTTPS FTP Telnet SSH or console s s from s has been logged out EnterpriseWLAN timeout lease The NWA3000 N series AP is signing the specified user out due to a lease timeout lst 96s The
308. o Information MBSSID Detail SSID Name 1 ZyXEL BSSID 40 44 03 42 70 17 Page 1 ofi Show 50 v items Traffic Statistics 1 bps 0 9 0 8 0 7 0 6 0 5 0 4 0 3 HHHH 21x Security Mode NONE VLAN Displaying 1 1of1 HHHH HHHHHHHH 19 a 5 19 09 Station Count 100 Stations 13 19 HHHH TE T ETE T Y 19 17 21 19 Last Update 1970 01 01 01 19 33 90 80 70 60 50 40 30 20 10 05 19 09 19 13 19 17 19 21 19 NWA3000 N Series User s Guide Chapter 6 Monitor The following table describes the labels in this screen Table 26 Monitor gt Wireless gt AP Information gt Radio List gt More Information LABEL DESCRIPTION MBSSID Detail This list shows information about all the wireless clients that have connected to the specified radio over the preceding 24 hours This is the items sequential number in the list It has no bearing on the actual data in this list SSID Name This displays an SSID associated with this radio There can be up to eight maximum BSSID This displays a BSSID associated with this radio The BSSID is tied to the SSID Fam This displays the security mode in which the SSID is operating Mode VLAN This displays the VLAN ID associated with the SSID WDS Link When the NWA3000 N series AP is in standalone mode and you set the Detail wireless operating mode to AP B
309. o shutdown the device Always use Maintenance Shutdown Shutdown or the shut down command before you turn off the NWA3000 N series AP or remove the power Not doing so can cause the firmware to become corrupt What You Need To Know Shutdown writes all cached data to the local storage and stops the system processes Shutdown is different to reset reset returns the device to its default configuration 20 2 Shutdown To access this screen click Maintenance gt Shutdown Figure 124 Maintenance Shutdown Shutdown Click the Shutdown button to shutdown the device Shutdown Click the Shutdown button to shut down the NWA3000 N series AP Wait for the device to shut down before you manually turn off or remove the power It does not turn off the power You can also use the CLI command shutdown to shutdown the NWA3000 N series AP NWA3000 N Series User s Guide Chapter 20 Shutdown NWA3000 N Series User s Guide Troubleshooting 21 1 Overview This chapter offers some suggestions to solve problems you might encounter The potential problems are divided into the following categories Power Hardware Connections and LEDs NWA3000 N series AP Access and Login Internet Access Wireless AP Troubleshooting Resetting the NWA3000 N series AP 21 2 Power Hardware Connections and LEDs The NWA3000 N series AP does not turn on None of the LEDs turn on Make sure you are using the
310. o use SSL certification then the first time you browse to it you are presented with a certification error Certificate Error Navigation Blocked Microsoft Internet Explorer provided by ZyXEL G J htto 172 20 37 202 v 44 X we k Certificate Error Navigation Blocked 9 There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Click here to close this webpage Continue to this website not recommended More information 2 Click Continue to this website not recommended 3 Inthe Address Bar click Certificate Error gt View certificates v C Certificate Error Q Certificate Invalid The security certificate presented by this website has errors This problem may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage About certificate errors View certificates ij NWA3000 N Series User s Guide Appendix B Importing Certificates 4 In the Certificate dialog box click Install Certificate Certificate
311. oS a Frases s Es TLSVL 072077 Tr TER TLSV1 Ignored unknow 072944 Eren eias TCP httos gt rmlnk gt amp Internet Protocol Src 172 16 1 33 172 16 1 33 Dst 172 16 1 1 172 16 1 1 amp Transmission control Protocol src Port rmlnk 2818 Dst Port https 443 seq 173 Ack 139 Len Secure socket Layer a 00 O1 01 Packets 1794 Displayed 1794 Marked O Profile Default 18 4 Wireless Frame Capture Use this screen to capture wireless network traffic going through the AP interfaces connected to your NWA3000 N series AP Studying these frame captures may help you identify network problems Click Maintenance gt Diagnostics gt Wireless Frame Capture to display this screen NWA3000 N Series User s Guide Chapter 18 Diagnostics Note New capture files overwrite existing files of the same name Change the File Suffix field s setting to avoid this Wireless Frame Capture Capture Capture Files MON Mode APs Figure 121 Maintenance gt Diagnostics gt Available MON Mode APs Misc Setting File Size File Prefix Capture MON Mode APs e 1000 Kbytes monitor The following table describes the labels in this screen Table 94 Maintenance Diagnostics Wireless Frame Capture Capture LABEL DESCRIPTION AP Operating Mode This section appears when the NWA3000 N series AP is set to the standalone AP mode Wireless R
312. odel of the AP to which the radio belongs MAC Address This displays the MAC address of the radio Radio This indicates the radio number on the AP to which it belongs OP Mode This indicates the radio s operating mode Operating modes are AP access point or MON monitor Profile This indicates the profile name to which the radio belongs Frequency This indicates the wireless frequency band currently being used by the Band radio Channel ID This indicates the radio s channel ID Station When the NWA3000 N series AP is in standalone mode this displays the number of wireless clients connected to the NWA3000 N series AP Rx PKT This displays the total number of packets received by the radio Tx PKT This displays the total number of packets transmitted by the radio Rx FCS Error Count This indicates the number of received packet errors accrued by the radio Tx Retry Count This indicates the number of times the radio has attempted to re transmit packets NWA3000 N Series User s Guide Chapter 6 Monitor 6 5 1 AP Mode Radio Information This screen allows you to view a selected radio s MBSSID details wireless traffic statistics and station count for the preceding 24 hours To access this window click the More I nformation button in the Radio List Statistics screen Figure 31 Monitor Wireless AP Information Radio List More Information AP Mode Radi
313. of a PKS 7 file that contains a single certificate PEM Base 64 encoded PKCS Z7 This Privacy Enhanced Mail PEM format uses lowercase letters uppercase letters and numerals to convert a binary PKCS 7 certificate into a printable form Binary PKCS 12 This is a format for transferring public key and private key certificates The private key in a PKCS 12 file is within a password encrypted envelope The file s password is not connected to your certificate s public or private passwords Exporting a PKCS 12 file creates this and you must provide it to decrypt the contents when you import the file into the NWA3000 N series AP Note Be careful not to convert a binary file to text during the transfer process It is easy for this to occur since many programs use text files by default can only see newer logs Older logs are missing When a log reaches the maximum number of log messages new log messages automatically overwrite existing log messages starting with the oldest existing log message first 274 NWA3000 N Series User s Guide Chapter 21 Troubleshooting The commands in my configuration file or shell script are not working properly n a configuration file or shell script use or as the first character of a command line to have the NWA3000 N series AP treat the line as a comment Your configuration files or shell scripts can use exit or a command line consisting of a single to have
314. ogs and debug logs yellow check mark create log messages alerts and debugging information for all categories The NWA3000 N series AP does not e mail debugging information even if this setting is selected E mail Server 1 Use the E Mail Server 1 drop down list to change the settings for e mailing logs to e mail server 1 for all log categories Using the System Log drop down list to disable all logs overrides your e mail server 1 settings enable normal logs green check mark e mail log messages for all categories to e mail server 1 enable alert logs red exclamation point e mail alerts for all categories to e mail server 1 E mail Server 2 Use the E Mail Server 2 drop down list to change the settings for e mailing logs to e mail server 2 for all log categories Using the System Log drop down list to disable all logs overrides your e mail server 2 settings enable normal logs green check mark e mail log messages for all categories to e mail server 2 enable alert logs red exclamation point e mail alerts for all categories to e mail server 2 Remote Server 1 4 For each remote server use the Selection drop down list to change the log settings for all of the log categories disable all logs red X do not send the remote server logs for any log category enable normal logs green check mark send the remote server log messages and alerts for all log categories enable normal logs a
315. on Each licensee is addressed as you Activities other than copying distribution and modification are not covered by this License they are outside its scope The act of running the Program is not restricted and the output from the Program is covered only if its contents constitute a work based on the Program independent of having been made by running the Program Whether that is true depends on what the Program does 1 You may copy and distribute verbatim copies of the Program s source code as you receive it in any medium provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty keep intact all the notices that refer to this License and to the absence of any warranty and give any other recipients of the Program a copy of this License along with the Program You may charge a fee for the physical act of transferring a copy and you may at your option offer warranty protection in exchange for a fee 2 You may modify your copy or copies of the Program or any portion of it thus forming a work based on the Program and copy and distribute such modifications or work under the terms of Section 1 above provided that you also meet all of these conditions a You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change b You must cause any work that you distribute or publish that in whole or in part contains o
316. on as in the Subject field Valid From This field displays the date that the certificate becomes applicable Valid To This field displays the date that the certificate expires The text displays in red and includes an Expired message if the certificate has expired Import Click Import to open a screen where you can save a certificate to the NWA3000 N series AP Refresh Click Refresh to display the current validity status of the certificates NWA3000 N Series User s Guide Chapter 14 Certificates 14 2 1 Add My Certificates Click Configuration Object Certificate My Certificates and then the Add icon to open the My Certificates Add screen Use this screen to have the NWA3000 N series AP create a self signed certificate enroll a certificate with a certification authority or generate a certification request Figure 78 Configuration gt Object gt Certificate gt My Certificates gt Add Q Add My Certificates Configuration Name Subject Information Host IP Address Host Domain Name E Mail Organizational Unit Organization Town City State Province Country Key Type RSA Key Length 512 O Create a self signed certificate Request Authentication Reference Number Key Optional Optional Optional Optional Optional Y bits Create a certification request and save it locally For later manual enrollment 9 Creat
317. on to claim rights or contest your rights to work written entirely by you rather the intent is to exercise the right to control the distribution of derivative or collective works based on the Library In addition mere aggregation of another work not based on the Library with the Library or with a work based on the Library on a volume of a storage or distribution medium does not bring the other work under the scope of this License 3 You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library To do this you must alter all the notices that refer to this License so that they refer to the ordinary GNU General Public License version 2 instead of to this License If a newer version than version 2 of the ordinary GNU General Public License has appeared then you can specify that version instead if you wish Do not make any other change in these notices Once this change is made in a given copy it is irreversible for that copy so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy This option is useful when you wish to copy part of the code of the Library into a program that is not a library 4 You may copy and distribute the Library or a portion or derivative of it under Section 2 in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete correspondin
318. onfiguration gt Object gt AP Profile gt SSID gt Security List SSID List Security Summary Add Profile Name 1 default Page 1 Security List ofi MAC Filter List Security Mode none Show 50 v items Displaying 1 1of 1 The following table describes the labels in this screen Table 56 Configuration gt Object gt AP Profile gt SSID gt Security List LABEL DESCRIPTION Add Click this to add a new security profile Edit Click this to edit the selected security profile Remove Click this to remove the selected security profile Object Click this to view which other objects are linked to the selected security Reference profile for example SSID profile This field is a sequential value and it is not associated with a specific user Profile Name This field indicates the name assigned to the security profile Security Mode This field indicates this profile s security mode if any NWA3000 N Series User s Guide Chapter 12 AP Profile 12 3 2 1 Add Edit Security Profile This screen allows you to create a new security profile or edit an existing one To access this screen click the Add button or select a security profile from the list and click the Edit button Note This screen s options change based on the Security Mode selected Only the default screen is displayed here Figure 71 SSID gt Security Profile gt Add Edit Sec
319. oot module current version 77 248 getting updated 248 uploading 248 uploading with FTP 215 flash usage 77 fragmentation threshold 323 FTP 25 215 and certificates 216 with Transport Layer Security TLS 216 H HA status see device HA 130 hidden node 321 HTTP over SSL see HTTPS redirect to HTTPS 202 vs HTTPS 201 HTTPS 200 and certificates 201 authenticating clients 201 avoiding warning messages 204 example 203 vs HTTP 201 with Internet Explorer 203 humidity 280 HyperText Transfer Protocol over Secure Socket Layer see HTTPS IBSS 319 IEEE 802 11g 323 IEEE 802 1x 148 Independent Basic Service Set See IBSS 319 initialization vector IV 329 installation 17 interface status 78 interfaces 107 as DHCP servers 194 configuration overview 50 prerequisites 51 interference 18 Internal RADIUS Server Setting Screen 222 224 Internet Explorer 31 Internet security gateway 17 IP address 280 IPSec VPN capability 281 J Java permissions 31 JavaScripts 31 K key pairs 171 L lastgood conf 244 247 LEDs 27 log messages NWA3000 N Series User s Guide Index categories 234 237 238 240 debugging 96 regular 96 types of 96 logout Web Configurator 34 logs configuration overview 53 descriptions 285 e mail profiles 229 e mailing log messages 98 233 formats 231 log consolidation 234 settings 229 syslog servers 229 system 229 types of 229 MAC address range 77 MAC filterin
320. opagates the change through the features that use the object Select an object such as a user and then click Object Reference at the top of the list box where the object appears in order to display basic information about it The following table introduces the objects You can also use this table when you want to delete an object because you have to delete references to the object first Table 12 Objects Overview OBJECT WHERE USED user See the User section on page 51 for details ap profile See the AP Profile section on page 52 for details mon profile See the MON Profile section on page 52 for details certificates WWW SSH FTP controller 3 4 1 User Use these screens to configure the NWA3000 N series AP s administrator and user accounts The NWA3000 N series AP provides the following user types Table 13 User Types TYPE ABILITIES admin Change NWA3000 N series AP configuration web CLI limited admin Look at NWA3000 N series AP configuration web CLI Perform basic diagnostics CLI user Access network services Browse user mode commands CLI NWA3000 N Series User s Guide st Chapter 3 Configuration Basics 3 4 2 AP Profile Use these screens to configure preset profiles for the Access Points APs connected to your NWA3000 N series AP s wireless network Table 14 AP Profile Types TYPE ABILITIES Radio Create radio profiles for the
321. ope The act of running a program using the Library is not restricted and output from such a program is covered only if its contents constitute a work based on the Library independent of the use of the Library in a tool for writing it Whether that is true depends on what the Library does and what the program that uses the Library does 1 You may copy and distribute verbatim copies of the Library s complete source code as you receive it in any medium provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty keep intact all the notices that refer to this License and to the absence of any warranty and distribute a copy of this License along with the Library You may charge a fee for the physical act of transferring a copy and you may at your option offer warranty protection in exchange for a fee 2 You may modify your copy or copies of the Library or any portion of it thus forming a work based on the Library and copy and distribute such modifications or work under the terms of Section 1 above provided that you also meet all of these conditions a The modified work must itself be a software library b You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change c You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License d If a facility in the modified
322. or and is only for management purposes Spaces and underscores are allowed SSID Enter the SSID name for this profile This is the name visible on the network to wireless clients Enter up to 32 characters spaces and underscores are allowed Security Profile Select a security profile from this list to associate with this SSID If none exist you can use the Create new Object menu to create one Note It is highly recommended that you create security profiles for all of your SSIDs to enhance your network security NWA3000 N Series User s Guide Chapter 12 AP Profile Table 55 Configuration gt Object gt AP Profile gt Add Edit SSID Profile continued LABEL DESCRIPTION MAC Filtering Select a MAC filtering profile from the list to associate with this SSID If Profile none exist you can sue the Create new Object menu to create one MAC filtering allows you to limit the wireless clients connecting to your network through a particular SSID by wireless client MAC addresses Any clients that have MAC addresses not in the MAC filtering profile of allowed addresses are denied connections The disable setting means no MAC filtering is used Qos Select a Quality of Service QoS access category to associate with this SSID Access categories minimize the delay of data packets across a wireless network Certain categories such as video or voice are given a higher priority due to the time sensitive natu
323. orage Temperature 30 702 C NWA3000 N Series User s Guide 279 Chapter 22 Product Specifications Table 96 Hardware S pecifications Operating Humidity 10 90 96 non condensing Storage Humidity 10 90 96 non condensing Dimensions 198 5 mm L x 138 5mm W x 47 5mm H Weight 450 g Distance between the 140 mm centers of wall mounting holes on the device s back Screw size for wall mounting M4 Tap Screw See Figure 126 on page 283 for details Plenum Rating The NWA3000 N series AP s housing is treated with fire retardant chemicals In the event of fire plenum rated materials burn more slowly and produce less smoke than non plenum rated materials decreasing the quantity of toxic or asphyxiating material produced Table 97 Firmware Specifications Default IP Address 192 168 1 2 Default Subnet Mask 255 255 255 0 24 bits Default Password 1234 Wireless LAN Standards IEEE 802 11a IEEE 802 11b IEEE 802 11g IEEE 802 11n Security and Control WPA and WPA2 Wi Fi Protected Access support Mixed WPA and WPA2 support 64 and 128 bit WEP Mixed 802 1x WEP and WPA support e 802 1x authentication EAP TLS EAP TTLS PEAP SIM FAST AKA support AES TKIP amp WEP encryption support MBSSID mode allows the NWA3000 N series AP to operate up to 8 different wireless networks BSSs simultaneously each with indepe
324. ord file In addition it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication Finally MD5 authentication method does not support data encryption with dynamic session key You must configure WEP encryption keys for data encryption EAP TLS Transport Layer Security With EAP TLS digital certifications are needed by both the server and the wireless clients for mutual authentication The server presents a certificate to the client After validating the identity of the server the client sends a different certificate to the server The exchange of certificates is done in the open before a secured tunnel is created This makes user identity vulnerable to passive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which imposes a management overhead EAP TTLS Tunneled Transport Layer Service EAP TTLS is an extension of the EAP TLS authentication that uses certificates for only the server side authentications to establish a secure connection Client authentication is then done by sending username and password through the secure connection thus client identity is protected For client authentication EAP TTLS supports EAP methods and legacy authentication methods such as PAP CHAP MS CHAP and MS CHAP v2 PEAP Protected EAP LEAP Like E
325. orithm This field displays the type of algorithm that was used to generate the certificate s key pair the NWA3000 N series AP uses RSA encryption and the length of the key set in bits 1024 bits for example Subject Alternative Name This field displays the certificate s owner s IP address IP domain name DNS or e mail address EMAIL Key Usage This field displays for what functions the certificate s key can be used For example DigitalSignature means that the key can be used to sign certificates and KeyEncipherment means that the key can be used to encrypt text Basic Constraint This field displays general information about the certificate For example Subject Tyoe CA means that this is a certification authority s certificate and Path Length Constraint 1 means that there can only be one certification authority in the certificate s path MD5 Fingerprint This is the certificate s message digest that the NWA3000 N series AP calculated using the MD5 algorithm You can use this value to verify with the certification authority over the phone for example that this is actually their certificate NWA3000 N Series User s Guide Chapter 14 Certificates Table 67 Configuration Object Certificate Trusted Certificates Edit LABEL DESCRIPTION SHA1 Fingerprint This is the certificate s message digest that the NWA3000 N series AP calculated using the SHA1 algorithm You can use
326. ork devices Certificates ensure that the clients supply their login details to the correct device Information matching the certificate is held on the wireless client s utility A password and user name on the utility must match an entry in the Object gt Users screen s list so that the RADIUS server can be authenticated Note The NWA3000 N series AP can function as an AP and as a RADIUS server at the same time 15 10 1 Configuring the Internal RADIUS Server Use this screen to turn the NWA3000 N series AP s internal RADIUS server off or on select the certificate it uses and maintain a list of trusted client APs A trusted AP is an AP that uses the NWA3000 N series AP s internal RADIUS server to authenticate its wireless clients Each wireless client must have a user name and password configured in the Object gt Users screen 222 NWA3000 N Series User s Guide Chapter 15 System Click Configuration gt System gt Auth Server The following screen displays Figure 106 Configuration System Auth Server General Settings Trusted Client Add 1 9 7 Enable Authentication Server Authentication Server Certificate Status Profile Name example Page 1 ofi Show 50 default M IP Address Mask 192 168 1 126 255 255 255 0 v items Displaying 1 1of 1 Amy Reset The following table describes the labels in this screen Table 80 Configuration gt System gt Auth Server
327. oston MA 02111 1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed This is the first released version of the Lesser GPL It also counts as the successor of the GNU Library Public License version 2 hence the version number 2 1 Preamble NWA3000 N Series User s Guide Appendix D Open Software Announcements The licenses for most software are designed to take away your freedom to share and change it By contrast the GNU General Public Licenses are intended to guarantee your freedom to share and change free software to make sure the software is free for all its users This license the Lesser General Public License applies to some specially designated software packages typically libraries of the Free Software Foundation and other authors who decide to use it You can use it too but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case based on the explanations below When we speak of free software we are referring to freedom of use not price Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software and use pieces of it in new free programs and that you are
328. other servers Type This displays whether the DNS server IP address is assigned by a DHCP server dynamically From DHCP is configured manually User Defined or is the default entry the NWA3000 N series AP uses if it cannot get a reply for any of the other servers NWAJ3000 N Series User s Guide Chapter 8 LAN Setting Table 34 Configuration LAN Setting continued LABEL DESCRIPTION DNS Server This is the IP address of a DNS server This field displays N A if you have the NWA3000 N series AP get a DNS server IP address from the ISP dynamically but the LAN interface is using a static IP address VLAN Settings Management Enter a VLAN ID for the NWA3000 N series AP VLAN ID As Native VLAN Select this option to treat this VLAN ID as a VLAN created on the NWA3000 N series AP and not one assigned to it from outside the network Apply Click Apply to save your changes back to the NWA3000 N series AP Reset Click Reset to return the screen to its last saved settings 8 2 1 Add or Edit a DNS Setting Use this screen to configure a DNS server entry for the LAN Click Configuration gt LAN Setting and then click the Add button or select a DNS server entry from the list and click the Edit button to access this screen Figure 42 Configuration gt LAN Setting gt Add Q Add DNS Setting 2x DNS Server Setting Type User Defined M DNS Server IP Address Jem
329. our e mail server 1 settings enable normal logs green check mark e mail log messages for all categories to e mail server 1 enable alert logs red exclamation point e mail alerts for all categories to e mail server 1 E mail Server 2 Use the E Mail Server 2 drop down list to change the settings for e mailing logs to e mail server 2 for all log categories Using the System Log drop down list to disable all logs overrides your e mail server 2 settings enable normal logs green check mark e mail log messages for all categories to e mail server 2 enable alert logs red exclamation point e mail alerts for all categories to e mail server 2 This field is a sequential value and it is not associated with a specific address Log Category This field displays each category of messages It is the same value used in the Display and Category fields in the View Log tab The Default category includes debugging messages generated by open source software System log Select which events you want to log by Log Category There are three choices disable all logs red X do not log any information from this category enable normal logs green checkmark create log messages and alerts from this category enable normal logs and debug logs yellow check mark create log messages alerts and debugging information from this category the NWA3000 N series AP does not e mail debugging information however
330. port number for TELNET 96s is port number assigned by user TELNET port has been changed to default port An administrator changed the port number for TELNET back to the default 23 FTP certificate s does not exist An administrator assigned a nonexistent certificate to FTP 96s is certificate name assigned by user FTP port has been changed to port s An administrator changed the port number for FTP 96s is port number assigned by user P port has been hanged to default ort An administrator changed the port number for FTP back to the default 21 MP port has been hanged to port s Qa n tt a YI An administrator changed the port number for SNMP 96s is port number assigned by user MP port has been hanged to default An administrator changed the port number for SNMP back to the default 161 onsole baud has been hanged to s S c port G c An administrator changed the console port baud rate 96s is baud rate assigned by user Console baud has been reset to d An administrator changed the console port baud rate back to the default 115200 96d is default baud rate s Set timezone to An administrator changed the time zone 96s is time zone value Set timezone to default An administrator changed the time zone back to the default NWA3000 N Series User s Guide 0 Appendix A Log
331. power adaptor included with the NWA3000 N series AP or a PoE power injector Make sure the power adaptor or PoE power injector is connected to the NWA3000 N series AP and plugged in to an appropriate power source Make sure the power source is turned on Disconnect and re connect the power adaptor or PoE power injector Inspect your cables for damage Contact the vendor to replace any damaged cables If none of these steps work you may have faulty hardware and should contact your NWA3000 N series AP vendor NWA3000 N Series User s Guide 267 Chapter 21 Troubleshooting One of the LEDs does not behave as expected 1 Make sure you understand the normal behavior of the LED See Section 1 7 on page 27 2 Check the hardware connections See the Quick Start Guide 3 Inspect your cables for damage Contact the vendor to replace any damaged cables 4 Disconnect and re connect the power adaptor or PoE power injector to the NWA3000 N series AP 5 Ifthe problem continues contact the vendor 21 3 NWA3000 N series AP Access and Login forgot the IP address for the NWA3000 N series AP 1 The default IP address is 192 168 1 2 2 Use the commands through the console port to check the IP address Connect your computer to the CONSOLE port using a console cable Your computer should have a terminal emulation communications program such as HyperTerminal set to VT100 terminal emulation no parity 8 data bits 1 s
332. pply Click Apply to save your changes back to the NWA3000 N series AP Reset Click Reset to return the screen to its last saved settings 15 3 1 Pre defined NTP Time Servers List When you turn on the NWA3000 N series AP for the first time the date and time start at 2003 01 01 00 00 00 The NWA3000 N series AP then attempts to synchronize with one of the following pre defined list of Network Time Protocol NTP time servers The NWA3000 N series AP continues to use the following pre defined list of NTP time servers if you do not specify a time server or it cannot synchronize with the time server you specified Table 71 Default Time Servers 0 pool ntp org 1 pool ntp org 2 pool ntp org When the NWA3000 N series AP uses the pre defined list of NTP time servers it randomly selects one server and tries to synchronize with it If the synchronization fails then the NWA3000 N series AP goes through the rest of the list in order from the first one tried until either it is successful or all the pre defined NTP time servers have been tried NWAJ3000 N Series User s Guide 1 97 Chapter 15 System 15 3 2 Time Server Synchronization Click the Synchronize Now button to get the time and date from the time server you specified in the Time Server Address field When the Loading message appears you may have to wait up to one minute Figure 86 Loading pnm Losding 20104 The Current Time and
333. properly if you want the NWA3000 N series AP to enroll a certificate online NWA3000 N Series User s Guide Chapter 14 Certificates 14 2 2 Edit My Certificates Click Configuration Object Certificate My Certificates and then the Edit icon to open the My Certificate Edit screen You can use this screen to view in depth certificate information and change the certificate s name Figure 79 Configuration gt Object gt Certificate gt My Certificates gt Edit Edit My Certificates Configuration Name example Certification Path CN example example com Certificate Information Self signed x 509 Certificate Type Version Serial Number 1 0745 Subject CN example example com Issuer CN example example com Signature Algorithm rsa pkes1 shal Valid From 2009 11 13 0 05 GMT Valid To 2012 11 12 05 39 05 GMT Key Algorithm rsaEncryption 512 bits Subject Alternative Name example example com Key Usage DigitalSignature KeyEncipherment KeyCertSign Basic Constraint MDS Fingerprint SHA1 Fingerprint a5 f3 d4 f0 b2 Certificate in PEM Base 64 Encoded Format MIIBdiCCASCQAWwIBAQIESvzw TANBgkghkiG9wOBAQUFADAeMRwwGgYDYQQDDENI eGFtcaxloGv4YW1wbGLUuY29EMB4XDTASMTExMzA1MzkwNVoXDTEyMTExMjA 1Mzkw N owHjEcMBoGA1UEAwwTZxhhbxBsZUBleGFtcGxILmNvbTBcMAQGCSqGSIb3DQEB Password Subject Type CA Path Length Constraint 1 e c4 b9 1b 1c 8d 53 b1 45 41 9e ff Export Cer
334. protecting the integrity of the free software distribution system which is implemented by public license practices Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system it is up to the author donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License 12 If the distribution and or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries so that distribution is permitted only in or among countries not thus excluded In such case this License incorporates the limitation as if written in the body of this License 13 The Free Software Foundation may publish revised and or new versions of the Lesser General Public License from time to time Such new versions will be similar in spirit to the present version but may differ in detail to address new problems or concerns Each version is given a distinguishing version number If the Library specifies a version number of this License which applies to it and any later version you have the option of following the terms and cond
335. pture and generates the capture file when either the file reaches this size or the time period specified in the Duration field expires File Prefix Specify text to add to the front of the file name in order to help you identify frame capture files You can modify the prefix to also create new frame capture files each time you perform a frame capture operation Doing this does no overwrite existing frame capture files The file format is file prefix dump For example monitor dump Capture Click this button to have the NWA3000 N series AP capture frames according to the settings configured in this screen You can configure the NWA3000 N series AP while a frame capture is in progress although you cannot modify the frame capture settings The NWA3000 N series AP s throughput or performance may be affected while a frame capture is in progress After the NWA3000 N series AP finishes the capture it saves a combined capture file for all APs The total number of frame capture files that you can save depends on the file sizes and the available flash storage space Once the flash storage space is full adding more frame captures will fail Stop Click this button to stop a currently running frame capture and generate a combined capture file for all APs Reset Click this button to return the screen to its last saved settings NWA3000 N Series User s Guide Chapter 18 Diagnostics 18 4 1 Wir
336. r To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6 or 11 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not within range of each other The following figure illustrates a NWA3000 N Series User s Guide 321 Appendix C Wireless LANs hidden node Both stations STA are within range of the access point AP or wireless gateway but out of range of each other so they cannot hear each other that is they do not know if the channel is currently being used Therefore they are considered hidden from each other Figure 130 RTS CTS RTS Rang CTS Range Wireless AP Station s Put B E v Stations cannot ACK m 77 hear each other They can hear the AP When station A sends data to the AP it might not know that the station B is already using the channel If these two stations send data at the same time collisions may occur when both sets of data arrive at the AP at the same time resulting in a loss of messages for both stations RTS CTS is designed to prevent collisions due to hidden nodes An RTS CTS defines the biggest size data frame you can send before an RTS Request To Send CTS Clear to Send handshake is invoked
337. r a certification request Valid To This field displays the date that the certificate expires The text displays in red and includes an Expired message if the certificate has expired none displays for a certification request NWA3000 N Series User s Guide Chapter 14 Certificates Table 64 Configuration Object Certificate My Certificates Edit LABEL DESCRIPTION Key Algorithm This field displays the type of algorithm that was used to generate the certificate s key pair the NWA3000 N series AP uses RSA encryption and the length of the key set in bits 1024 bits for example Subject Alternative Name This field displays the certificate owner s IP address IP domain name DNS or e mail address EMAIL Key Usage This field displays for what functions the certificate s key can be used For example DigitalSignature means that the key can be used to sign certificates and KeyEncipherment means that the key can be used to encrypt text Basic Constraint This field displays general information about the certificate For example Subject Tyoe CA means that this is a certification authority s certificate and Path Length Constraint 1 means that there can only be one certification authority in the certificate s path This field does not display for a certification request MD5 Fingerprint This is the certificate s message digest that the NWA3000 N series AP ca
338. r can look at the configuration of the NWA3000 N series AP but not to change it user this is used for embedded RADIUS server and SNMPv3 user access Password This field is not available if you select the ext user or ext group user type Enter the password of this user account It can consist of 4 31 alphanumeric characters Retype Re enter the password to make sure you have entered it correctly Description Enter the description of each user if any You can use up to 60 printable ASCII characters Default descriptions are provided Authentication Timeout Settings If you want to set authentication timeout to a value other than the default settings select Use Manual Settings then fill your preferred values in the fields that follow NWA3000 N Series User s Guide Chapter 11 User Table 49 Configuration gt User gt User gt Add Edit A User continued LABEL DESCRIPTION Lease Time Enter the number of minutes this user has to renew the current session before the user is logged out You can specify 1 to 1440 minutes You can enter 0 to make the number of minutes unlimited Admin users renew the session every time the main screen refreshes in the Web Configurator Reauthentication Type the number of minutes this user can be logged into the Time NWA3000 N series AP in one session before the user has to log in again You can specify 1 to 1440 minutes
339. r denotes a secure connection Figure 92 Login Screen Internet Explorer Internet 15 5 5 4 Enrolling and Importing SSL Client Certificates The SSL client needs a certificate if Authenticate Client Certificates is selected on the NWA3000 N series AP You must have imported at least one trusted CA to the NWA3000 N series AP in order for the Authenticate Client Certificates to be active see the Certificates chapter for details NWA3000 N Series User s Guide Chapter 15 System Apply for a certificate from a Certification Authority CA that is trusted by the NWA3000 N series AP see the NWA3000 N series AP s Trusted CA Web Configurator screen Figure 93 Trusted Certificates My Certificate Trusted Certificates PKI Storage Space in Use i 1 426 used Trusted Certificates Setting Name Subject Issuer Valid From Valid To 1 MyCertificate CN mydevice example CN mydevice example 2009 03 17 07 11 25 Gh 2012 03 16 07 11 25 Gh Page 1 lofi Show 50 v items Displaying 1 1 of 1 Import Refresh The CA sends you a package containing the CA s trusted certificate s your personal certificate s and a password to install the personal certificate s 15 5 5 5 Installing the CA s Certificate 1 Double click the CA s trusted certificate to produce a screen similar to the one shown next SI 2x General Details Certification Path Certificate Information This certificate is intended to
340. r is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this License C If the modified program normally reads commands interactively when run you must cause it when started running for such interactive use in the most ordinary way to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty or else saying that you provide a warranty and that users may redistribute the program under these conditions and telling the user how to view a copy of this License Exception if the Program itself is interactive but does not normally print such an announcement your work based on the Program is not required to print an announcement These requirements apply to the modified work as a whole If identifiable sections of that work are not derived from the Program and can be reasonably considered independent and separate works in themselves then this License and its terms do not apply to those sections when you distribute them as separate works But when you distribute the same sections as part of a whole which is a work based on the Program the distribution of the whole must be on the terms of this License whose permissions for other licensees extend to the entire whole and thus to each and every part regardless of who wrote it Thus it is not the intent of this section to claim rights or contest your rights to work written
341. r raising or lowering the priority for some applications 21 5 Wireless AP Troubleshooting cannot access the NWA3000 N series AP or ping any computer from the WLAN 1 Make sure the wireless LAN is enabled on the NWA3000 N series AP 2 Make sure the wireless adapter on the wireless station is working properly 3 Make sure the wireless adapter installed on your computer is IEEE 802 11 compatible and supports the same wireless standard as the NWA3000 N series AP 4 Make sure your computer with a wireless adapter installed is within the transmission range of the NWA3000 N series AP 5 Check that both the NWA3000 N series AP and your wireless station are using the same wireless and wireless security settings 6 Make sure traffic between the WLAN and the LAN is not blocked by the firewall on the NWA3000 N series AP 7 Make sure you allow the NWA3000 N series AP to be remotely accessed through the WLAN interface Check your remote management settings Hackers have accessed my WEP encrypted wireless LAN WEP is extremely insecure Its encryption can be broken by an attacker using widely available software It is strongly recommended that you use a more effective security mechanism Use the strongest security mechanism that all the wireless devices in your network support WPA2 or WPA2 PSK is recommended The wireless security is not following the re authentication timer setting specified 272 NWA3000 N Series
342. r s Guide Chapter 16 Log and Report The following table describes the labels in this screen Table 84 Configuration Log amp Report Log Setting Edit LABEL DESCRIPTION E Mail Server 1 2 Active Select this to send log messages and alerts according to the information in this section You specify what kinds of log messages are included in log information and what kinds of log messages are included in alerts in the Active Log and Alert section Mail Server Type the name or IP address of the outgoing SMTP server Mail Subject Type the subject line for the outgoing e mail Send From Type the e mail address from which the outgoing e mail is delivered This address is used in replies Send Log To Type the e mail address to which the outgoing e mail is delivered Send Alerts To Type the e mail address to which alerts are delivered Sending Log Select how often log information is e mailed Choices are When Full Hourly and When Full Daily and When Full and Weekly and When Full Day for Sending Log This field is available if the log is e mailed weekly Select the day of the week the log is e mailed Time for Sending Log This field is available if the log is e mailed weekly or daily Select the time of day hours and minutes when the log is e mailed Use 24 hour notation SMTP Authentication Select this check box if it is necessary to provide a user name and password
343. r support information for your model at www zyxel com for more troubleshooting suggestions 278 NWA3000 N Series User s Guide Product Specifications The following tables summarize the NWA3000 N series AP s hardware and firmware features Table 96 Hardware Specifications Power Specification 12 V DC 1 5 A Reset button Returns all settings to their factory defaults Ethernet Port Gigabit Ethernet full duplex RJ 45 connectors auto negotiating auto MDI MDI X auto crossover uses either crossover or straight through Ethernet cables Power over Ethernet PoE IEEE 802 3at compliant backwards compatible to 802 3af Console Port One PS 2 console port Antenna 2 reverse SMA antenna connectors 2 external dipole antennas Gain 2 dBi Output Power IEEE 802 11a 5150 5250 Using single antenna 12dBm IEEE 802 11a 5250 5850 Using single antenna 18dbm IEEE 802 11b Using single antenna 17dBm IEEE 802 11g Using single antenna 14dBm IEEE 802 11gn HT20 Using single antenna 12 5dBm Using three antennas 17dBm IEEE 802 11gn HT40 Using single antenna 8 5 dBm Using three antennas 13 dBm IEEE 802 11an HT20 HT40 5150 5250 Using single antenna 7 5 dBm Using three antennas 12 dBm IEEE 802 11an HT20 HT40 5250 5850 Using single antenna 13 5 dBm Using three antennas 18 dBm Theft Prevention Kengsinton slot Operating 0 402C Temperature St
344. r3 jjj Remote Server 4 System Log E mail Server 1 E mail Server 2 Remote Server 1 Remote Server 2 Remote Server 3 Remote Server 4 E Mail E Mail Syslog Syslog Syslog Syslog Log Category eoo eo eo eoo eo e eoQ eo 1 Built in Service e Iv E v 9 2 CAPWAP 9 v 7 ME 9 9 Connectivity Check 9 ME ME 9 9 2 4 Daily Report I E vi g 3 Default P o v v e 9 e 6 Device HA e vi 7 v 9 J 9 7 DHCP e wo v J 9 e File Manager e Moe wo e c 9 g 9 Interface 9 v v 9 9 10 Interface Statistics ec J e 11 PK 9 v o 9 9 12 System 9 v y 9 9 e 2 13 System Monitoring ec 9 9 14 TrafficLog e e 15 User e v 7 v 9 e e 16 Wireless LAN MI v e e e 9 g 17 WLAN Dynamic Chan e we v g 9 o 18 WLAN Frame Capture e E E v e e 3 o 19 AP Load Balancing 9 we ME g e 9 2 20 WLAN Monitor Mode vi v 9 e 21 WLAN Rogue AP Dete e MI vj e Q 22 ZySH we ME e 9 9 Page 1 ofi Show 50 items Displaying 1 22 of 22 Active Log Summary AP 5 System Log ll E maiServeri B E mail Server2 fj Remote Serveri fj Remote Server2 fj Remote Server 3 fj Remote Server 4 System Log E mail Server 1 E mail Server 2 Remote Server 1 Remote Server 2 Remote Server 3 Remote Server 4 E Mail E Mail Syslog Syslog Syslog Syslog Log Category eoo eo eo eoo eoo eoo eoo 1 Built in Service 9 vi 7 v g g CAPWAP 9 Mo v e 9 e Daily Report e
345. ration file Click a configuration file s row to select it and click Apply to have the NWA3000 N series AP use that configuration file The NWA3000 N series AP does not have to restart in order to use a different configuration file although you will need to wait for a few minutes while the system reconfigures The following screen gives you options for what the NWA3000 N series AP is to do if it encounters an error in the configuration file gt Apply Configuration File lx Apply Configuration File File Name system default conf If applying the configuration File encounters an error Immediately stop applying the configuration file 9 Immediately stop applying the configuration file and roll back to the previous configuration Ignore errors and finish applying the configuration file Ignore errors and finish applying the configuration file and then roll back to the previous configuration b OK Cancel Immediately stop applying the configuration file this is not recommended because it would leave the rest of the configuration blank If the interfaces were not configured before the first error the console port may be the only way to access the device Immediately stop applying the configuration file and roll back to the previous configuration this gets the NWA3000 N series AP started with a fully valid configuration file as quickly as possible Ignore errors and finish applying the configuration file
346. rd This field only applies when you import a binary PKCS 12 format file Type the file s password that was created when the PKCS 12 file was exported OK Click OK to save the certificate on the NWA3000 N series AP Cancel Click Cancel to quit and return to the My Certificates screen 14 3 Trusted Certificates Click Configuration gt Object gt Certificate gt Trusted Certificates to open the Trusted Certificates screen This screen displays a summary list of certificates that you have set the NWA3000 N series AP to accept as trusted The NWA3000 N series AP also accepts any valid certificate signed by a certificate on this list as being trustworthy thus you do not need to import any certificate that is signed by one of these certificates Figure 81 Configuration gt Object gt Certificate gt Trusted Certificates My Certificate Trusted Certificates PKI Storage Space in Use 1 426 used Trusted Certificates Setting Name Subject Issuer Valid From Valid To 1 MyCertificate CN mydevice example CN mydevice example 2009 03 17 07 11 25 Gh 2012 03 16 07 11 25 Gh Page 1 of 1 Show 50 v items Displaying 1 1 of 1 Import Refresh The following table describes the labels in this screen Table 66 Configuration Object Certificate Trusted Certificates LABEL DESCRIPTION PKI Storage This bar displays the percentage of the NWA3000 N series AP s PKI Space in U
347. re of their data packets QoS access categories are as follows disable Turns off QoS for this SSID All data packets are treated equally and not tagged with access categories WMM Enables automatic tagging of data packets The NWA3000 N series AP assigns access categories to the SSID by examining data as it passes through it and making a best guess effort If something looks like video traffic for instance it is tagged as such WMM_VOICE All wireless traffic to the SSID is tagged as voice data This is recommended if an SSID is used for activities like placing and receiving VoIP phone calls WMM_VIDEO All wireless traffic to the SSID is tagged as video data This is recommended for activities like video conferencing WMM_BEST_EFFORT All wireless traffic to the SSID is tagged as best effort meaning the data travels the best route it can without displacing higher priority traffic This is good for activities that do not require the best bandwidth throughput such as surfing the Internet WMM BACKGROUND All wireless traffic to the SSID is tagged as low priority or background traffic meaning all other access categories take precedence over this one If traffic from an SSID does not have strict throughput requirements then this access category is recommended For example an SSID that only has network printers connected to it VLAN ID Enter a VLAN ID for the NWA3000 N series AP to use to tag traffic originating from th
348. re x is the number of original log messages appended at the end of the Message field OK Click this to save your changes and return to the previous screen Cancel Click this to return to the previous screen without saving your changes NWA3000 N Series User s Guide 235 Chapter 16 Log and Report 16 3 3 Edit Remote Server This screen controls the settings for each log in the remote server syslog Go to the Log Settings Summary screen and click a remote server Edit icon Figure 111 Configuration Log amp Report Log Setting Edit Remote Server 4 Edit Remote Server 1 Log Settings for Remote Server 7 Active Log Format Server Address Log Fadlity Active Log 5 Selection Log Category 1 Built in Service 2 CAPWAP Connectivity Check E Daily Report Default n un e Device HA DHCP ml File Manager 9 Interface 10 Interface Statistics 11 PKI 12 System 13 System Monitoring 14 TrafficLog 15 User 16 Wireless LAN 17 WLAN Dynamic Channel Selection 18 WLAN Frame Capture 19 AP Load Balancing 20 WLAN Monitor Mode 21 WLAN Rogue AP Detection 22 ZySH Page 1 ofi Show 50 Server Name or IP Address o e o 6 o 6 o6 6 o o 0 o o o o o o o o o o o C 95 Displaying 1 22 of 22 e Jl cme NWA3000 N Series User s Guide Chapter 16 Log and Report The following table describes the labels in this screen Table 85 Configuration Log amp Repo
349. red key PSK from 8 to 63 case sensitive ASCII characters including spaces and symbols You must also set the peer device to use the same pre shared key Each peer device can use a different pre shared key Support Non 11n Legacy Link Select this to be able to include compatible legacy NWA series APs NWA 3160 NWA 3163 NWA 3500 NWA 3550 as WDS links MBSSID Settings This section displays if you set the Operating Mode to MBSSID It allows you to associate an SSID profile with the radio profile Edit Select an SSID and click this button to reassign it The selected SSID becomes editable immediately upon clicking SSID Profile Indicates which SSID profile is associated with this radio profile OK Click OK to save your changes back to the NWA3000 N series AP Cancel Click Cancel to exit this screen without saving your changes 12 3 SSID The SSID screens allow you to configure three different types of profiles for your networked APs an SSID list which can assign specific SSID configurations to your APs a security list which can assign specific encryption methods to the APs when allowing wireless clients to connect to them and a MAC filter list which can limit connections to an AP based on wireless clients MAC addresses 12 3 1 SSID List This screen allows you to create and manage SSID configurations that can be used by the APs An SSID or Service Set IDentifier is basically the name of the wireles
350. report 228 status 76 status bar 38 warning message popup 38 stopping the device 29 STP Spanning Tree Protocol 281 subnet mask 280 supported browsers 31 synchronization 128 password 134 port number 133 syntax conventions 4 syslog 231 237 syslog servers see also logs system log see logs system name 77 194 system uptime 78 system default conf 247 T Telnet 214 with SSH 213 temperature 279 Temporal Key Integrity Protocol TKIP 329 time 194 time servers default 197 trademarks 373 Transport Layer Security TLS 216 troubleshooting 253 Trusted Certificates see also certificates 185 U upgrading firmware 248 uploading firmware 248 shell scripts 249 usage CPU 77 80 flash 77 memory 77 81 onboard flash 77 use 17 user authentication 137 user group objects 137 user groups 137 configuration overview 51 user name rules 139 user objects 137 users 137 access see also access users admin type 137 admin see also admin users and service control 200 configuration overview 51 currently logged in 78 default lease time 143 144 default reauthentication time 143 145 lease time 141 limited admin type 51 138 lockout 143 reauthentication time 141 types of 137 user type 51 138 user names 139 V Vantage Report VRPT 231 237 virtual router 135 VRPT Vantage Report 231 237 W warm start 29 warning message popup 38 warranty 376 note 376 WDS 18 20 22 configuration files 24
351. ridge or Bridge Repeater this displays information about the Wireless Distribution System WDS connections Link ID This field displays the name of the bridge connection Peer MAC This field displays the hardware address of the peer device Address Status This field displays the status of the connection to the peer device Security This field displays which type of security the NWA3000 N series AP is Mode using for WDS with this radio Link Up This field shows how long the connection to the peer device has been up Time Traffic This graph displays the overall traffic information the radio over the Statistics preceding 24 hours bps This axis represents the amount of data moved across this radio in megabytes per second time This axis represents the amount of time over which the data moved across this radio Station Count The y axis represents the number of connected stations Time The x axis shows the time over which a station was connected Last Update This field displays the date and time the information in the window was last updated OK Click this to close this window Cancel Click this to close this window NWA3000 N Series User s Guide Chapter 6 Monitor 6 6 Station List Use this screen to view statistics pertaining to the associated stations or wireless clients Click Monitor gt Wireless gt Station I nfo to access this screen Figure 32 Monitor gt Wireless gt
352. ries AP s firmware and configuration files using FTP Please also see Chapter 17 on page 241 for more information about firmware and configuration files The SNMP screens Section 15 9 on page 217 configure the device s SNMP settings including profiles that define allowed SNMPv3 access The Auth Server screens Section 15 10 on page 221 configure settings for the NWA3000 N series AP s built in authentication server NWA3000 N Series User s Guide Chapter 15 System 15 2 Host Name A host name is the unique name by which a device is known on a network Click Configuration gt System gt Host Name to open this screen Figure 84 Configuration gt System gt Host Name Host Name General Settings System Mame Domain Name Optional Optional Apply Reset The following table describes the labels in this screen Table 69 Configuration System Host Name LABEL DESCRIPTION System Name Choose a descriptive name to identify your NWA3000 N series AP device This name can be up to 64 alphanumeric characters long Spaces are not allowed but dashes underscores and periods are accepted Domain Name Enter the domain name if you know it here This name is propagated to DHCP clients connected to interfaces with the DHCP server enabled This name can be up to 254 alphanumeric characters long Spaces are not allowed but dashes are accepted Apply
353. rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution Neither the name of Cisco Inc Beijing University of Posts and Telecommunications nor the names of their contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAI MED IN NO EVENT SHALL THE COPYRI GHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF TH
354. rnings tell you about things that could harm you or your device Note Notes tell you other important information for example other things you may need to configure or helpful tips or recommendations Syntax Conventions The product in this book may be referred to as the NWA3000 N series AP the device the AP or the system in this User s Guide Product labels screen names field labels and field choices are all in bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket gt within a screen name denotes a mouse click For example Maintenance gt Status gt Show Statistics means you first click Maintenance in the navigation panel then the Status sub menu and finally the Show Statistics button to get to that screen Units of measurement may denote the metric value or the scientific value For example k for kilo may denote 1000 or 1024 M for mega may denote 1000000 or 1048576 and so on e g is a Shorthand for for instance and i e means that is or in other words Screens reproduced here for demonstration purposes may not exactly match the screens on your device 4 NWA3000 N Series User s Guide
355. roadcast radius it can react in one of two ways If the rogue AP is connected directly to the network such as plugged into a switch downstream of the NWA3000 N series AP then the network administrator must manually disconnect it The NWA3000 N series AP does not allow the isolation of a rogue AP connected directly to the network However if a rogue AP independent of the NWA3000 N series AP mimics a legitimate one then the NWA3000 N series AP can interfere with it by NWA3000 N Series User s Guide Chapter 4 Tutorials broadcasting dummy packets so that it cannot makes connections with employee clients and capture data from them Figure 22 Containing a Rogue AP This tutorial shows you how to quarantine a rogue AP on your network Click Configuration Wireless MON Mode Rogue Friendly AP List General Settings Enable Rogue AP Containment Roque Friendly AP List QO Adi Cortainmen Role MAC Address Desorption Page ofl Show 50 v Rees No data to display Rogue AP List Importing Exporting Fle Path f A owe Exporting Friendly AP List Importing Exporting Fie Path lo c MP List Browse NWA3000 N Series User s Guide Chapter 4 Tutorials 2 Click the Add button Edit Rogue Friendly AP List X MAC Address 00 13 49 00 00 01 Description Jeffs Airport Optional Role Rogue AP Friendly AP Le jJ ewe When the Edit Ro
356. rsion 2 This is just like a Simple Permissive license but it requires that a copyright notice be maintained Permission is hereby granted free of charge to any person obtaining a copy of this software and associated documentation files the Software to deal in the Software without restriction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software This Product includes openssl software under the OpenSSL License OpenSSL LICENSE ISSUES The OpenSSL toolkit stays under a dual license i e both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit See below for the actual license texts Actually both licenses are BSD style Open Source licenses In case of any license issues related to OpenSSL please contact openssl core openssl org OpenSSL License NWA3000 N Series User s Guide 337 Appendix D Open Software Announcements Copyright c 1998 2008 The OpenSSL Project All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source
357. rt Log Setting Edit Remote Server LABEL DESCRIPTION Log Settings for Remote Server Active Select this check box to send log information according to the information in this section You specify what kinds of messages are included in log information in the Active Log section Log Format This field displays the format of the log information It is read only VRPT Syslog ZyXEL s Vantage Report syslog compatible format CEF Syslog Common Event Format syslog compatible format Server Address Type the server name or the IP address of the syslog server to which to send log information Log Facility Select a log facility The log facility allows you to log the messages to different files in the syslog server Please see the documentation for your syslog program for more information Active Log Selection Use the Selection drop down list to change the log settings for all of the log categories disable all logs red X do not send the remote server logs for any log category enable normal logs green check mark send the remote server log messages and alerts for all log categories enable normal logs and debug logs yellow check mark send the remote server log messages alerts and debugging information for all log categories This field is a sequential value and it is not associated with a specific address Log Category This field displays each catego
358. rtificates Please specify the location of the certificate file to be imported The certificate File must be in one of the following Formats Binary X 509 PEM Base 64 encoded x 509 Binary PKCS 7 PEM Base 64 encoded PKCS 7 File Path elect a file path OK lI Cancel NWA3000 N Series User s Guide Chapter 14 Certificates The following table describes the labels in this screen Table 68 Configuration Object Certificate Trusted Certificates Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it You cannot import a certificate with the same name as a certificate that is already in the NWA3000 N series AP Browse Click Browse to find the certificate file you want to upload OK Click OK to save the certificate on the NWA3000 N series AP Cancel Click Cancel to quit and return to the previous screen 14 4 Technical Reference The following section contains additional technical information about the features described in this chapter OCSP OCSP Online Certificate Status Protocol allows an application or device to check whether a certificate is valid With OCSP the NWA3000 N series AP checks the status of individual certificates instead of downloading a Certificate Revocation List CRL OCSP has two main advantages over a CRL The first is real time status information The secon
359. rvice has reach the max number already been reached of user 96s service name Failed login attempt to The NWA3000 N series AP blocked a login because the EnterpriseWLAN from s maximum simultaneous login capacity for the administrator reach the max number or access account has already been reached of simultaneous logon 96s service name User s has been denied The NWA3000 N series AP blocked a login according to the access from s access control configuration 96s service name User s has been denied The NWA3000 N series AP blocked a login attempt by the access from s specified user name because of an invalid user name or password 2nd 96s service name LDAP AD Wrong IP or LDAP AD Wrong IP or Port Please check the AAA server Port IP s Port d setting Domain auth fail Domain auth fail Please check the domain auth related setting Failed to join domain Failed to join domain Access denied Please check the AD Access denied server Table 100 Built in Services Logs LOG MESSAGE DESCRIPTION User on u u u u HTTP HTTPS TELNET SSH FTP SNMP access to the device has been denied access was denied from s 96 u 96u 96u 96u is IP address 96s is HTTP HTTPS SSH SNMP FTP TELNET HTTPS certificate s An administrator assigned a nonexistent certificate to HTTPS does not exist HTTPS service will not work 96s is certificate name assigned by
360. rview This section provides information about configuring the main features in the NWA3000 N series AP The features are listed in the same sequence as the menu item s in the Web Configurator Each feature description is organized as shown NWA3000 N Series User s Guide below Chapter 3 Configuration Basics 3 3 1 Feature This provides a brief description See the appropriate chapter s in this User s Guide for more information about any feature MENU ITEM S This shows you the sequence of menu items and tabs you should click to find the main screen s for this feature See the web help or the related User s Guide chapter for information about each screen PREREQUISITES These are other features you should configure before you configure the main screen s for this feature If you did not configure one of the prerequisites first you can often select an option to create a new object After you create the object you return to the main screen to finish configuring the feature You may not have to configure everything in the list of prerequisites For example you do not have to create a schedule for a policy route unless time is one of the criterion WHERE USED There are two uses for this These are other features you should usually configure or check right after you configure the main screen s for this feature You have to delete the references to this feature before you can delete any settings
361. ry of messages It is the same value used in the Display and Category fields in the View Log tab The Default category includes debugging messages generated by open source software Selection Select what information you want to log from each Log Category except All Logs see below Choices are disable all logs red X do not log any information from this category enable normal logs green checkmark log regular information and alerts from this category enable normal logs and debug logs yellow check mark log regular information alerts and debugging information from this category OK Click this to save your changes and return to the previous screen Cancel Click this to return to the previous screen without saving your changes NWAJ3000 N Series User s Guide 237 Chapter 16 Log and Report 16 3 4 Active Log Summary This screen allows you to view and to edit what information is included in the system log e mail profiles and remote servers at the same time It does not let you change other log settings for example where and how often log information is e mailed or remote server names To access this screen go to the Log Settings Summary screen and click the Active Log Summary button Figure 112 Active Log Summary Active Log Summary Active Log Summary AC or System Log GJ E maiServeri M E maiServer2 fj Remote Serveri fj Remote Server 2 j Remote Serve
362. s An update failed Retrying to update the failed object again original state for s has failed for s Retry d lst 96s The object to be synchronized 2ed 96s The feature name for the object to be synchronized 96d the retry count Recovring to Backup An update failed The device will try to recover the failed update feature to the original state before Device HA synchronizes the specified object Recovering to Backup original state for s has succeeded Recovery succeeded when an update for the specified object failed One of VRRP groups has became avtive Devic HA Sync has aborted from Master s 96s IP or FQDN of Master Master configuration file does not exist Skip updating ZySH Startup Configuration System internal error Skip updating s Ss 1st 96s error string 2ed 96s the syncing object Master configuration file is empty Skip updating ZySH Startup Configuration Device HA Sync has failed when syncing s for s due to transmission timeout 1st 96s the syncing object 2ed 96s the feature name for the syncing object VRRP interface s has been shutdown 96s The name of the VRRP interface NWA3000 N Series User s Guide Appendix A Log Descriptions Table 102 Device HA Logs continued LOG MESSAGE DESCRIPTION VRRP interface s has s The name of the VRRP interface been brought up same Version for
363. s Additionally innovations in roaming technology and QoS features eliminate voice call disruptions It can serve as an AP Bridge Repeater or even as an RF monitor to search for rouge APs to help eliminate network threats The NWA3000 N series AP controls network access with Media Access Control MAC address filtering rogue Access Point AP detection and containment and an internal authentication server It also provides a high level of network traffic security supporting IEEE 802 1x Wi Fi Protected Access WPA WPA2 and Wired Equivalent Privacy WEP data encryption A NWA3000 N series AP can manage up to 24 other NWA3000 N series APs on your network Configuration profiles let you easily use different WLAN and security settings for various virtual and managed APs Your NWA3000 N series AP is easy to install configure and use The embedded Web based configurator enables simple straightforward management and maintenance See the Quick Start Guide for how to make hardware connections NWA3000 N Series User s Guide Chapter 1 Introduction 1 2 Applications for the NWA3000 N series AP The NWA3000 N series AP can be configured to use the following operating modes Bridge Repeater AP Bridge MBSSID Applications for each operating mode are shown below Note A different channel should be configured for each WLAN interface to reduce the effects of radio interference 1 2 1 Bridge Repeater The NWA3000 N serie
364. s AP can act as a wireless network bridge and establish wireless links with other APs In the figure below the two NWA3000 N series APs A and B are connected to independent wired networks and have a bridge connection A can communicate with B at the same time A NWA3000 N series AP in repeater mode C has no Ethernet connection When the NWA3000 N series AP is in bridge mode you should enable Spanning Tree Protocol STP to prevent bridge loops When the NWA3000 N series AP is in Bridge Repeater mode security between APs the Wireless Distribution System or WDS is independent of the security between the wireless stations and the AP If you do not enable WDS security traffic between APs is not encrypted When WDS security is enabled both APs must use the same pre shared key Once the security settings of peer sides match one another the connection between devices is made NWA3000 N Series User s Guide Chapter 1 Introduction At the time of writing WDS security is compatible with other ZyXEL access points only Refer to your other access point s documentation for details Figure 1 Bridge Application Figure 2 NWA3000 N Series User s Guide Chapter 1 Introduction 1 2 1 1 Bridge Repeater Mode Example In the example below when both NWA3000 N series APs are in Bridge Repeater mode they form a WDS Wireless Distribution System allowing the computers in LAN 1 to connect to the computers in LAN 2 Figure
365. s AP provides a system log offers two e mail profiles to which to send log messages and sends information to four syslog servers It can also e mail you statistical reports on a daily basis MENU ITEM S Configuration gt Log amp Report 3 5 3 File Manager Use these screens to upload download delete or run scripts of CLI commands You can manage Configuration files Use configuration files to back up and restore the complete configuration of the NWA3000 N series AP You can store multiple configuration files in the NWA3000 N series AP and switch between them without restarting Shell scripts Use shell scripts to run a series of CLI commands These are useful for large repetitive configuration changes and for troubleshooting You can edit configuration files and shell scripts in any text editor MENU ITEM S Maintenance gt File Manager 3 5 4 Diagnostics The NWA3000 N series AP can generate a file containing the NWA3000 N series AP s configuration and diagnostic information It can also capture packets going through the NWA3000 N series AP s interfaces so you can analyze them to identify network problems MENU ITEM S Maintenance gt Diagnostics 3 5 5 Shutdown Use this to shutdown the device in preparation for disconnecting the power Always use Maintenance gt Shutdown gt Shutdown or the shutdown command before you turn off the NWA3000 N series AP or remove the pow
366. s in the following store Certificate store Browse 8 Inthe Select Certificate Store dialog box choose a location in which to save the certificate and then click OK Ir Select Certificate Store Select the certificate store you want to use ae H Trusted Root Certification Authorities H Enterprise Trust amp 2 Intermediate Certification Authorities H Active Directory User Object PA Triieted Pi ihliehere lt Show physical stores Ca Coma NWA3000 N Series User s Guide Appendix B Importing Certificates 9 Inthe Completing the Certificate mport Wizard screen click Finish Certificate Import Wizard Completing the Certificate Import Wizard You have successfully completed the Certificate Import wizard You have specified the following settings Certificate Store Selected Automatically determined by 1 Content Certificate 10 If you are presented with another Security Warning click Yes Security Warning N You are about to install a certificate from a certification authority CA daiming to represent nsa2401 Windows cannot validate that the certificate is actually from nsa2401 You should confirm its origin by contacting nsa2401 The following number will assist you in this process Thumbprint sha1 35D1C9AC DBCOE654 FE327C71 464D154B 242E5893 Warning If you install this root certificate Windows will automatically trust any certificate issued
367. s is the Skip update CODE DESCRIPTION Algorithm mismatch between the certificate and the search constraints Key usage mismatch between the certificate and the search constraints Certificate was not valid in the time interval Not used Certificate is not valid Certificate signature was not verified correctly Certificate was revoked by a CRL Certificate was not added to the cache olol u Aol aj AJ ooj N FR Certificate decoding failed Certificate was not found anywhere Certificate chain looped did not find trusted root Certificate contains critical extension that was not handled Certificate issuer was not valid CA specific information missing Not used CRL is too old CRL is not valid CRL signature was not verified correctly ojl u a a eI WwW N eo CRL was not found anywhere CRL was not added to the cache 20 CRL decoding failed 21 CRL is not currently valid but in the future 22 CRL contains duplicate serial numbers 23 Time interval is not continuous 24 Time information not available 25 Database method failed due to timeout 26 Database method failed 27 Path was not verified 28 Maximum path length reached NWA3000 N Series User s Guide Appendix A Log Descriptions Table 103 WLAN Logs LOG M
368. s network to which a wireless client can connect The SSID appears as readable text to any device capable of scanning for wireless frequencies such as the WiFi adapter in a laptop and is displayed as the wireless network name when a person makes a connection to it To access this screen click Configuration gt Object gt AP Profile gt SSID NWA3000 N Series User s Guide Chapter 12 AP Profile Note You can have a maximum of 32 SSID profiles on the NWA3000 N series AP Figure 68 Configuration gt Object gt AP Profile gt SSID List Radio SSID SSID List Security List MAC Filter List SSID Summary Add Profile Name ssD Security Profile QoS MAC Filtering Profile VLAN ID 1 default ZyXEL default WMM disable 1 Page 1 ofi Show 50 v items Displaying 1 1 of 1 The following table describes the labels in this screen Table 54 Configuration gt Object gt AP Profile gt SSID List LABEL DESCRIPTION Add Click this to add a new SSID profile Edit Click this to edit the selected SSID profile Remove Click this to remove the selected SSID profile Object Click this to view which other objects are linked to the selected SSID Reference profile for example radio profile This field is a sequential value and it is not associated with a specific user Profile Name This field indicates the name assigned to the SSID profile SSID This field indicates the SSID name as
369. s reserved Disclaimers ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners Certifications Federal Communications Commission FCC Interference Statement The device complies with Part 15 of FCC rules Operation is subject to the following two conditions This device may not cause harmful interference NWA3000 N Series User s Guide 373 Appendix E Legal Information 374 This device must accept any interference received including interference that may cause undesired operations This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This device generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause har
370. s turned on and multiple entries were aggregated to generate into this one Source This field displays the source IP address and the port number in the event that generated the log message Destination This field displays the destination IP address and the port number of the event that generated the log message Note This field displays any additional information about the log message The Web Configurator saves the filter settings if you leave the View Log screen and return to it later NWA3000 N Series User s Guide Chapter 6 Monitor 6 10 View AP Log Use this screen to view a managed AP s log Click Monitor gt Log gt View AP Log to access this screen Figure 37 Monitor Log View AP Log View AP Log AP Selection Select an AP Log Query Status Log Query Information AP Information Log File Status Last Log Query Time Logs Display Priority Source Address Destination Address Source Interface Destination Interface Service Keyword Protocol GB EmalLog Now Refresh 4 Clear Log Time Prio Cate Message Destination Note Page 1 of 1 Show 50 items No data to display The following table describes the labels in this screen Table 32 Monitor gt Log gt View AP Log LABEL DESCRIPTION Show Hide Click this to show or hide the AP log filter Filter Select an AP Select an AP from the list to view its log messages Log Query This indicates the current log q
371. sclaimer in the documentation and or other materials provided with the distribution Neither the name of the Sun Microsystems Inc nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAI MED IN NO EVENT SHALL THE COPYRI GHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Part 5 Sparta Inc copyright notice BSD Copyright c 2003 2009 Sparta Inc NWA3000 N Series User s Guide Appendix D Open Software Announcements All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice th
372. se storage space that is currently in use When the storage space is almost full you should consider deleting expired or unnecessary certificates before adding more certificates Edit Double click an entry or select it and click Edit to open a screen with an in depth list of information about the certificate Remove The NWA3000 N series AP keeps all of your certificates unless you specifically delete them Uploading a new firmware or default configuration file does not delete your certificates To remove an entry select it and click Remove The NWA3000 N series AP confirms you want to remove it before doing so Subsequent certificates move up by one when you take this action NWA3000 N Series User s Guide Chapter 14 Certificates Table 66 Configuration Object Certificate Trusted Certificates continued LABEL DESCRIPTION Object You cannot delete certificates that any of the NWA3000 N series AP s Reference features are configured to use Select an entry and click Object References to open a screen that shows which settings use the entry This field displays the certificate index number The certificates are listed in alphabetical order Name This field displays the name used to identify this certificate Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organizat
373. select WEP 64 Enter 10 hexadecimal digits in the range of A F a f and 0 9 for example 0x11AA22BB33 for each Key used or Enter 5 ASCII characters case sensitive ranging from a z A Z and 0 9 for example MyKey for each Key used If you select WEP 128 Enter 26 hexadecimal digits in the range of A F a f and 0 9 MU EQ s 0x00112233445566778899AABBCC for each Key used or Enter 13 ASCII characters case sensitive ranging from a z A Z and 0 9 for example MyKey12345678 for each Key used Key 1 4 Based on your Key Length selection enter the appropriate length hexadecimal or ASCII key PSK Select this option to use a Pre Shared Key with WPA encryption Pre Shared Key Enter a pre shared key of between 8 and 63 case sensitive ASCII characters including spaces and symbols or 64 hexadecimal characters NWA3000 N Series User s Guide Chapter 12 AP Profile Table 57 SSID gt Security Profile gt Add Edit Security Profile continued LABEL DESCRIPTION Cipher Type Select an encryption cipher type from the list auto This automatically chooses the best available cipher based on the cipher in use by the wireless client that is attempting to make a connection tkip This is the Temporal Key Integrity Protocol encryption method added later to the WEP encryption protocol to further secure Not all wireless clients may support this e aes
374. selected list 2 4 GHz Channel This is available when the 2 4 GHz Channel Selection Method is Deployment set to auto Select Three Channel Deployment to limit channel switching to channels 1 6 and 11 the three channels that are sufficiently attenuated to have almost no impact on one another In other words this allows you to minimize channel interference by limiting channel hopping to these three safe channels Select Four Channel Deployment to limit channel switching to four channels Depending on the country domain if the only allowable channels are 1 11 then the NWA3000 N series AP uses channels 1 4 7 11 in this configuration otherwise the NWA3000 N series AP uses channels 1 5 9 13 in this configuration Four channel deployment expands your pool of possible channels while keeping the channel interference to a minimum NWA3000 N Series User s Guide 123 Chapter 9 Wireless Table 43 Configuration gt Wireless gt DCS continued LABEL DESCRIPTION Enable 5 GHz Select this if your APs are operating in an area known to have RADAR DFS Aware devices This allows the device to downgrade its frequency to below 5 GHz in the event a RADAR signal is detected thus preventing it from interfering with that signal Enabling this forces the AP to select a non DFS channel 5 GHz Channel Select how you want to specify the channels the NWA3000 N series Selection Method AP switches between for 5
375. ser s Guide 1 07 Chapter 8 LAN Setting 8 2 LAN Setting This screen lists every Ethernet interface To access this screen click Configuration gt LAN Setting Figure 41 Configuration LAN Setting LAN Setting IP Address Assignment Get Automatically 9 Use Fixed IP Address IP Address Subnet Mask Gateway DNS Server Settings Qu zc og Type 1 FromDHCP 2 User Defined Default VLAN Settings Management VLAN ID V As Native VLAN 255 255 255 0 Optional oh DNS Server N A i N A 1 174094 Amy Ree NWA3000 N Series User s Guide Chapter 8 LAN Setting Each field is described in the following table Table 34 Configuration LAN Setting LABEL DESCRIPTION IP Address Assignment Get This option appears when the MGNT Mode is set to Stand Alone AP Automatically Select this to make the interface a DHCP client and automatically get the IP address subnet mask and gateway address from a DHCP server Use Fixed IP Select this if you want to specify the IP address subnet mask and Address gateway manually You can only configure a fixed IP address when the MGNT Mode is set to Stand Alone AP P Address Enter the IP address for this interface Subnet Mask Enter the subnet mask of this interface in dot decimal notation The subnet mask indicates what part of the IP address is the same for all computers in the network Gateway Enter th
376. set up monitor mode configurations that allow your connected APs to scan for other wireless devices in the vicinity Once detected you can use the MON Mode screen Chapter 9 on page 111 to classify them as either rogue or friendly and then manage them accordingly 13 1 1 What You Can Do in this Chapter The MON Profile screen Section 13 2 on page 166 creates preset monitor mode configurations that can be used by the APs 13 1 2 What You Need To Know The following terms and concepts may help as you read this chapter Active Scan An active scan is performed when an 802 11 compatible wireless monitoring device is explicitly triggered to scan a specified channel or number of channels for other wireless devices broadcasting on the 802 11 frequencies by sending probe request frames Passive Scan A passive scan is performed when an 802 11 compatible monitoring device is set to periodically listen to a specified channel or number of channels for other wireless devices broadcasting on the 802 11 frequencies NWA3000 N Series User s Guide Chapter 13 MON Profile 13 2 MON Profile This screen allows you to create monitor mode configurations that can be used by the APs To access this screen login to the Web Configurator and click Configuration gt Object gt MON Profile Figure 74 Configuration gt Object gt MON Profile MON Profile MON Mode Profile Summary Q Add Status 1 9 Page 1 Profile Name defa
377. settings are shown the Display Priority Source Address Destination Address Service Keyword and Search fields are available Display Select the category of log message s you want to view You can also view All Logs at one time or you can view the Debug Log Priority This displays when you show the filter Select the priority of log messages to display The log displays the log messages with this priority or higher Choices are any emerg alert crit error warn notice and info from highest priority to lowest priority This field is read only if the Category is Debug Log Source This displays when you show the filter Type the source IP address of the Address incoming packet that generated the log message Do not include the port in this filter Destination This displays when you show the filter Type the IP address of the Address destination of the incoming packet when the log message was generated Do not include the port in this filter Source This displays when you show the filter Select the source interface of the Interface packet that generated the log message Destination This displays when you show the filter Select the destination interface of Interface the packet that generated the log message Keyword This displays when you show the filter Type a keyword to look for in the Message Source Destination and Note fields If a match is found in any field the log message is displayed You can use up to 63 alphanumeric c
378. sion one SNMPv1 version two SNMPv2c and version three SNMPv3 The next figure illustrates an SNMP management operation Figure 102 SNMP Management Model Managed Device Managed Device Managed Device MANAGER An SNMP managed network consists of two main types of component agents and a manager An agent is a management software module that resides in a managed device the NWA3000 N series AP An agent translates the local management information from the managed device into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and monitor managed devices The managed devices contain object variables managed objects that define each piece of information to be collected about a device Examples of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects NWA3000 N Series User s Guide 21 7 Chapter 15 System 15 9 1 15 9 2 SNMP itself is a simple request response protocol based on the manager agent model The manager issues a request and the agent returns responses using the following protocol operations Get Allows the manager to retrieve an object variable from the agent GetNext Allows the manager to retrieve the
379. ss 7th 96s Managed AP Model Name ReBoot Managed AP MACAddr 02x 02x 02x 0 2x 02x 02x Model s Name s Rebooted the specified AP on the managed list 1st 02x 6th 02x Managed AP MAC Address 7th s Managed AP Model Name 8th s Managed AP Description Switch Managed AP to Standalone AP IACAddr 502x 02x 02x 0 2x 02x 02x Model s ame s Rollback the AP to Standalone Mode 1st 02x 6th 02x Managed AP MAC Address 7th 96s Managed AP Model Name 8th 96s Managed AP Description Upgrade Managed AP s Firmware ACAddr 02x 02x 02x 0 2x 02x 02x Model s ame s Indicates that the AP on the Managed List had its firmware upgraded 1st 02x 6th 02x Managed AP MAC Address 7th 96s Managed AP Model Name 8th 96s Managed AP Description Start Send Configuration to Managed AP MACAddr 02x 02x 02x 0 2x 02x 02x Model s Name s Indicates that a Send Configuration request was sent to an AP on the Managed List 1st 02x 6th 02x Managed AP MAC Address 7th s Managed AP Model Name 8th s Managed AP Description Sucess Send Configuration to Managed AP MACAddr 02x 02x 02x 0 2x 02x 2 02x Model s Name s Indicates that a Send Configuration Response was received from an AP on the Managed List 1st 02x 6th 02x Managed AP MAC Address 7th 96s Managed AP Model Name 8th 96s Managed AP Description NWA3000 N Series User s Guide
380. ssociated with the AP Refresh Click this to refresh the items displayed on this page The following table describes the icons in this screen Table 23 Monitor gt Wireless gt AP List Icons LABEL DESCRIPTION This is an AP that is not on the management list This is an AP that is on the management list and which is online This is an AP that is in the process of having its firmware updated LI This is an AP that is both on the management list and which is offline NWA3000 N Series User s Guide Chapter 6 Monitor 6 4 1 Station Count of AP Use this screen to look at station statistics for the connected AP To access this screen click the More I nformation button in the AP List screen Figure 29 Monitor gt System Status gt AP List gt More Information Station Count of AP 2X Station Count 100 Stations Last Update 2009 12 23 08 21 27 90 80 70 60 50 40 30 20 10 12 21 16 21 20 21 00 21 04 21 OK Cancel The following table describes the labels in this screen Table 24 Monitor System Status AP List More Information LABEL DESCRIPTION Station Count The y axis represents the number of connected stations Time The x axis shows the time over which a station was connected Last Update This field displays the date and time the information in the window was last updated 6 5 Radio List Use this screen to view sta
381. startup config conf it will replace the current configuration and immediately apply the new settings File Path Type in the location of the file you want to upload in this field or click Browse to find it Browse Click Browse to find the conf file you want to upload The configuration file must use a conf filename extension You will receive an error message if you try to upload a fie of a different format Remember that you must decompress compressed zip files before you can upload them Upload Click Upload to begin the upload process This process may take up to two minutes NWA3000 N Series User s Guide 247 Chapter 17 File Manager 17 3 Firmware Package Click Maintenance File Manager Firmware Package to open this screen Use the Firmware Package screen to check your current firmware version and upload firmware to the NWA3000 N series AP Note The Web Configurator is the recommended method for uploading firmware You only need to use the command line interface if you need to recover the firmware See the CLI Reference Guide for how to determine if you need to recover the firmware and how to recover it Find the firmware package at www zyxel com in a file that usually uses a bin extension The firmware update can take up to five minutes Do not turn off or reset the NWA3000 N series AP while the firmware update is in progress Figure 114 Maintenance File Manager Firmware Packag
382. t 214 WWW see WWW repeater 18 reports configuration overview 53 daily 228 daily e mail 228 reset 277 vs reboot 263 265 RESET button 29 277 reset button 279 RF interference 18 RFC 2510 Certificate Management Protocol or CMP 179 Rivest Shamir and Adleman public key algorithm RSA 178 RSA 178 182 189 RTS Request To Send 322 threshold 321 322 S safety warnings 6 SCEP Simple Certificate Enrollment Protocol 179 screen resolution 31 screws 282 Secure Socket Layer see SSL security 18 serial number 77 service control and users 200 limitations 200 timeouts 200 Service Set 148 Service Set Identifier see SSID shell scripts 241 downloading 250 editing 249 how applied 242 managing 249 syntax 242 uploading 251 shutdown 29 Simple Certificate Enrollment Protocol SCEP 179 Simple Network Management Protocol see SNMP SNMP 217 218 281 agents 217 Get 218 GetNext 218 Manager 217 managers 217 MIB 217 218 network components 217 Set 218 Trap 218 traps 218 versions 217 SSH 209 and certificates 212 client requirements 211 encryption methods 211 for secure Telnet 213 how connection is established 210 versions 211 with Linux 213 with Microsoft Windows 213 SSID 22 SSL 200 starting the device 29 startup config conf 247 if errors 244 missing at restart 243 NWA3000 N Series User s Guide Index present at restart 244 startup config bad conf 244 statistics daily e mail
383. t Diagnostic Information has failed Server did not respond There was an error and the diagnostics were not completed Collect Diagnostic Infomation has succeeded The diagnostics scripts were executed successfully Table 102 Device HA Logs LOG MESSAGE DESCRIPTION Device HA VRRP Group s has been added An VRRP group has been created 96s the name of VRRP group Device HA VRRP group s has been modified An VRRP group has been modified 96s the name of VRRP group Device HA VRRP group s has been deleted An VRRP group has been deleted 96s the name of VRRP group Device HA VRRP interface s for VRRP Group s has changed Configuration of an interface that belonged to a VRRP group has been changed 1st 96s VRRP interface name 2ed 96s 96s the name of VRRP group Device HA syncing from s starts Device HA Syncing from Master starts when user click Sync Now using Auto Sync 96s The IP of FQDN of Master s has no file to sync Skip syncing it for s There is no file to be synchronized from the Master when syncing a object AV AS IDP Certificate System Configuration But in fact there should be something in the Master for the device to synchronize with 1st 96s The syncing object 2ed 96s The feature name for the syncing object NWA3000 N Series User s Guide Appendix A Log Descriptions Table 102 Device HA Logs
384. t menu Radio 2 OP Mode This displays if the NWA3000 N series AP has a second radio Select the operating mode for radio 2 AP Mode means the AP can receive connections from wireless clients and pass their data traffic through to the NWA3000 N series AP to be managed or subsequently passed on to an upstream gateway for managing MON Mode means the AP monitors the broadcast area for other APs then passes their information on to the NWA3000 N series AP where it can be determined if those APs are friendly or rogue If an AP is set to this mode it cannot receive connections from wireless clients Radio 2 Profile This displays if the NWA3000 N series AP has a second radio Select the profile the radio uses If no profile exists you can create a new one through the Create new Object menu Management VLAN ID Enter a VLAN ID for this AP As Native VLAN Select this option to treat this VLAN ID as a VLAN created on the NWA3000 N series AP and not one assigned to it from outside the network OK Click OK to save your changes back to the NWA3000 N series AP Cancel Click Cancel to close the window with changes unsaved Use this screen to assign APs either to the rogue AP list or the friendly AP list A rogue AP is a wireless access point operating in a network s coverage area that is not under the control of the network administrator and which can potentially open up holes in a network s securit
385. tatus LABEL DESCRIPTION Poll Interval Enter how often you want this window to be updated automatically and click Set Interval Set Interval Click this to set the Poll Interval the screen uses Stop Click this to stop the window from updating automatically You can start it again by setting the Poll Interval and clicking Set Interval Interface Summary NWA3000 N Series User s Guide Chapter 6 Monitor Table 20 Monitor gt LAN Status continued LABEL DESCRIPTION Name This field displays the name of the interface Status This field displays the current status of the interface I nactive The Ethernet interface is disabled Down The Ethernet interface is enabled but not connected Speed Duplex The Ethernet interface is enabled and connected This field displays the port speed and duplex setting Full or Half HA Status This is available when the NWA3000 N series AP is in controller mode This field displays the status of the interface in the virtual router Active This interface is the master interface in the virtual router Stand By This interface is a backup interface in the virtual router Fault This VRRP group is not functioning in the virtual router right now For example this might happen if the interface is down n a Device HA is not active on the interface VID This field displays the VLAN ID to which the interface belongs IP A
386. ted IP address Receive an ARP response from the client issuing the DHCP request The device received an ARP response from the client issuing the DHCP request Receive an ARP response from an unknown client The device received an ARP response from an unknown client In total received sd arp response packets for the requested IP address The device received the specified total number of ARP response packets for the requested IP address Clear arp cache successfully The ARP cache was cleared successfully AC address is Ethernet Client not an address A client MAC address is not an Ethernet address NWA3000 N Series User s Guide Appendix A Log Descriptions Table 101 System Logs continued LOG MESSAGE DESCRIPTION DHCP request received via interface s 8 8 src mac s with requested IP SS The device received a DHCP request through the specified interface IP confliction is detected Send back DHCP NAK IP conflict was detected Send back DHCP NAK Clear ARP cache done Clear ARP cache done NTP update successful current time is s The device successfully synchronized with a NTP time server 96s is the date and time NTP update failed The device was not able to synchronize with the NTP time server successfully Device is rebooted by administrator An administrator restarted the device Collec
387. ter configure terminal Router config Enter commands for the device that you are currently logged into here If you are logged into the NWA3000 N series AP see the CLI Reference Guide for details on using the command line to configure it Device IP Address 192 168 1 1 22 This is the IP address of the device that you are currently logged into Logged In User 99 admin This displays the username of the account currently logged into the NWA3000 N series AP through the Console Window Note You can log into the Web Configurator with a different account than used to log into the NWA3000 N series AP through the Console NWA3000 N Series User s Guide Chapter 2 The Web Configurator Table 9 Console continued LABEL DESCRIPTION Connection Status Connected This displays the connection status of the account currently logged in If you are logged in and connected then this displays Connected If you lose the connection get disconnected or logout then this displays Not Connected Tx RX Activity Monitor e This displays the current upload download activity The faster and more frequently an LED flashes the faster the data connection Before you use the Console ensure that Your web browser of choice allows pop up windows from the IP address assigned to your NWA3000 N series AP Your web browser allows Java programs You are using th
388. tes to the NWA3000 N series AP The NWA3000 N series AP trusts any valid certificate that you have imported as a trusted certificate It also trusts any valid certificate signed by any of the certificates that you have imported as a trusted certificate What You Need to Know The following terms and concepts may help as you read this chapter When using public key cryptology for authentication each host has two keys One key is public and can be made openly available The other key is private and must be kept secure These keys work like a handwritten signature in fact certificates are often referred to as digital signatures Only you can write your signature exactly as it should look When people know what your signature looks like they can verify whether something was signed by you or by someone else In the same way your private key writes your digital signature and your public key allows people to verify whether data was signed by you or by someone else NWA3000 N Series User s Guide 171 Chapter 14 Certificates 172 This process works as follows Tim wants to send a message to Jenny He needs her to be sure that it comes from him and that the message content has not been altered by anyone else along the way Tim generates a public key pair one public key and one private key Tim keeps the private key and makes the public key openly available This means that anyone who receives a message seeming to come from
389. that is easily broken by an attacker X running readily available encryption cracking software In this example the attacker now has access to the company network including sensitive data stored on the file server C Friendly APs If you have more than one AP in your wireless network you should also configure a list of friendly APs Friendly APs are other wireless access points that are detected in your network as well as any others that you know are not a threat those from recognized networks for example It is recommended that you export save your list of friendly APs often especially if you have a network with a large number of access points NWA3000 N Series User s Guide Chapter 13 MON Profile 170 NWA3000 N Series User s Guide 14 1 14 1 1 14 1 2 Certificates Overview The NWA3000 N series AP can use certificates also called digital IDs to authenticate users Certificates are based on public private key pairs A certificate contains the certificate owner s identity and public key Certificates provide a way to exchange public keys for use in authentication What You Can Do in this Chapter The My Certificate screens Section 14 2 on page 175 generate and export self signed certificates or certification requests and import the NWA3000 N series AP s CA signed certificates The Trusted Certificates screens Section 14 3 on page 185 save CA certificates and trusted remote host certifica
390. the network Certificates The NWA3000 N series AP can use certificates also called digital IDs to authenticate users Certificates are based on public private key pairs Certificates provide a way to exchange public keys for use in authentication SSL Passthrough SSL Secure Sockets Layer uses a public key to encrypt data that s transmitted over an SSL connection Both Netscape Navigator and Internet Explorer support SSL and many Web sites use the protocol to obtain confidential user information such as credit card numbers By convention URLs that require an SSL connection start with https instead of http The NWA3000 N series AP allows SSL connections to take place through the NWA3000 N series AP MAC Address Filter Your NWA3000 N series AP checks the MAC address of the wireless station against a list of allowed or denied MAC addresses Wireless Association List With the wireless association list you can see the list of the wireless stations that are currently using the NWA3000 N series AP to access your wired network Logging and Tracing Built in message logging and packet tracing The NWA3000 N series AP stores up to 512 event logs or 1024 debug logs Embedded FTP Server The embedded FTP server enables fast firmware upgrades as well as configuration file backups and restoration SNMP SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devi
391. the network potentially rather difficult for the stations connected to them If the interference becomes too great then the network administrator must open his AP configuration options and manually change the channel to one that no other AP is using or at least a channel that has a lower level of interference in order to give the connected stations a minimum degree of channel interference NWA3000 N Series User s Guide Chapter 4 Tutorials 1 Click Configuration gt Wireless gt DCS o Em ll General Settings E Enable Dynamic Channel Selection DCS Time Interval 720 107 1440 minutes DCS Sensitivity Level High Y V Enable DCS Client Aware 2 4 GHz Settings 2 4 GHz Channel Selection Method manual Y Available channels Channels selected 1 2 3 5 6 7 5 GHz Settings V Enable 5 GHz DFS Aware 5 GHz Channel Selection Method auto Y Apply Reset 2 Select Enable Dynamic Channel Selection to turn on this feature 3 Setthe DCS Time Interval This is how often the NWA3000 N series AP surveys the other APs within its broadcast radius If you place your APs in an area with a large number of competing APs set this number lower to ensure that your device can adjust quickly changing conditions 4 Select DCS Sensitivity Level This is how sensitive the APs on your network are to other channels Generally as long as the area in which your AP is located has minimal interference from other devices you c
392. this to save the most recent diagnostic file to a computer 18 3 Packet Capture Use this screen to capture network traffic going through the NWA3000 N series AP s interfaces Studying these packet captures may help you identify network problems Click Maintenance Diagnostics Packet Capture to open the packet capture screen NWA3000 N Series User s Guide Chapter 18 Diagnostics Note New capture files overwrite existing files of the same name Change the File Suffix field s setting to avoid this Figure 118 Maintenance gt Diagnostics gt Packet Capture gt Capture Packet Capture Wireless Frame Capture Capture Files Interfaces Available Interfaces Capture Interfaces lan e Filter IP Version any v Protocol Type any v Host IP any M Host Port 0 0 any Misc setting File Size 1000 Kbytes Duration 0 0 unlimited File Suffix packet capture Number Of Bytes To Capture Per Packet 1500 Bytes Capture Reset The following table describes the labels in this screen Table 92 Maintenance gt Diagnostics gt Packet Capture LABEL DESCRIPTION Interfaces Enabled interfaces except for virtual interfaces appear under Available I nterfaces Select interfaces for which to capture packets and click the right arrow button to move them to the Capture I nterfaces list Use the Shift and or Ctrl key to select multiple objects IP Type Select the protocol of traff
393. tices cannot be construed as modifying the License You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use reproduction or distribution of Your modifications or for any such Derivative Works as a whole NWA3000 N Series User s Guide Appendix D Open Software Announcements provided Your use reproduction and distribution of the Work otherwise complies with the conditions stated in this License 5 Submission of Contributions Unless You explicitly state otherwise any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License without any additional terms or conditions Notwithstanding the above nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions 6 Trademarks This License does not grant permission to use the trade names trademarks service marks or product names of the Licensor except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file 7 Disclaimer of Warranty Unless required by applicable law or agreed to in writing Licensor provides the Work and each Contributor provides its Contributions on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied includ
394. tificate Only Export Certificate with Private Key x OK Cancel NWA3000 N Series User s Guide Chapter 14 Certificates The following table describes the labels in this screen Table 64 Configuration Object Certificate My Certificates Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate You can use up to 31 alphanumeric and amp _ characters Certification Path This field displays for a certificate not a certification request Click the Refresh button to have this read only text box display the hierarchy of certification authorities that validate the certificate and the certificate itself If the issuing certification authority is one that you have imported as a trusted certification authority it may be the only certification authority in the list along with the certificate itself If the certificate is a self signed certificate the certificate itself is the only one in the list The NWA3000 N series AP does not trust the certificate and displays Not trusted in this field if any certificate on the path has expired or been revoked Refresh Click Refresh to display the certification path Certificate These read only fields display detailed information about the Information certificate Type This field displays general information about the certificate CA signed means that a Certification Authority si
395. tificates that shows the hierarchy of certification authorities that validate the end entity s certificate If the issuing certification authority is one that you have imported as a trusted certificate it may be the only certification authority in the list along with the end entity s own certificate The NWA3000 N series AP does not trust the end entity s certificate and displays Not trusted in this field if any certificate on the path has expired or been revoked Refresh Click Refresh to display the certification path Enable X 509v3 CRL Distribution Points and OCSP checking Select this check box to have the NWA3000 N series AP check incoming certificates that are signed by this certificate against a Certificate Revocation List CRL or an OCSP server You also need to configure the OSCP or LDAP server details OCSP Server Select this check box if the directory server uses OCSP Online Certificate Status Protocol URL Type the protocol IP address and pathname of the OCSP server ID The NWA3000 N series AP may need to authenticate itself in order to assess the OCSP server Type the login name up to 31 ASCII characters from the entity maintaining the server usually a certification authority Password Type the password up to 31 ASCII characters from the entity maintaining the OCSP server usually a certification authority LDAP Server Select this check box if the directory server uses LDAP L
396. tion NWA3160 N 1 AP 404A03427016 0 IP Address Show 50 v items Displaying 1 1 of 1 NWA3000 N Series User s Guide Chapter 6 Monitor The following table describes the labels in this screen Table 22 Monitor gt Wireless gt AP Information gt AP List LABEL DESCRIPTION Add to Mgnt AP When the NWA3000 N series AP is in controller mode it lists the List compatible NWA3000 N series APs it detects in this screen Select an entry where the Status displays an AP icon with a question mark and click this button to have the NWA3000 N series AP manage it More Click this to view a daily station count about the selected AP The count Information records station activity on the AP over a consecutive 24 hour period This is the AP s index number in this list Status This visually displays the AP s connection status with icons For details on the different Status states see the next table Registration This indicates whether the AP is registered with the managed AP list P Address This displays the AP s IP address MAC Address This displays the AP s MAC address Model This displays the AP s model number Mgmt VLAN This displays the number of the AP s management VLAN ID Description This displays the AP s associated description The default description is AP the AP s MAC Address Station This displays the number of stations aka wireless clients a
397. tion and distribution as defined by Sections 1 through 9 of this document Licensor shall mean the copyright owner or entity authorized by the copyright owner that is granting the License Legal Entity shall mean the union of the acting entity and all other entities that control are controlled by or are under common control with that entity For the purposes of this definition control means i the power direct or indirect to cause the direction or management of such entity whether by contract or otherwise or ii ownership of fifty percent 5096 or more of the outstanding shares or iii beneficial ownership of such entity You or Your shall mean an individual or Legal Entity exercising permissions granted by this License Source form shall mean the preferred form for making modifications including but not limited to software source code documentation source and configuration files Object form shall mean any form resulting from mechanical transformation or translation of a Source form including but not limited to compiled object code generated documentation and conversions to other media types Work shall mean the work of authorship whether in Source or Object form made available under the License as indicated by a copyright notice that is included in or attached to the work an example is provided in the Appendix below NWAJ3000 N Series User s Guide Appendix D Open Software Announcements D
398. tistics for the NWA3000 N series AP s wireless radio transmitters when it is in standalone mode or the radios in each of the APs NWA3000 N Series User s Guide Chapter 6 Monitor connected to the NWA3000 N series AP when it is in controller mode To access this screen click Monitor gt Wireless gt AP Information gt Radio List Figure 30 Monitor gt Wireless gt AP Information Radio List Controller Mode Radio List Page 1 ofi Loading AP Description Model MAC Addre Radio OP Mode Profile 1 AP 404A03427 NWA31 40 4A 03 42 7 1 AP Frequency Band Channel Station Rx PKT Tx PKT RxFCS Error Count Tx Retry Count defaut 2 4GHz 6 0 0 0 38968 37349 Show 50 v items Displaying 1 1of 1 The following table describes the labels in this screen Table 25 Monitor gt Wireless gt AP Information gt Radio List LABEL DESCRIPTION More Click this to view additional information about the selected radio s Information wireless traffic and station count Information spans a 24 hour period When the NWA3000 N series AP is in controller mode this is the radio s index number in this list Status When the NWA3000 N series AP is in standalone mode this displays whether or not the WLAN interface is activated Loading This indicates the AP s load balance status AP Description This displays the description of the AP to which the radio belongs Model This displays the m
399. to have the NWA3000 N series AP use that shell script file You may need to wait awhile for the NWA3000 N series AP to finish applying the commands This column displays the number for each shell script file entry File Name This column displays the label that identifies a shell script file Size This column displays the size in KB of a shell script file Last This column displays the date and time that the individual shell script files Modified were last changed or saved Upload The bottom part of the screen allows you to upload a new or previously saved Shell shell script file from your computer to your NWA3000 N series AP Script File Path Type in the location of the file you want to upload in this field or click Browse to find it NWA3000 N Series User s Guide Chapter 17 File Manager Table 90 Maintenance File Manager Shell Script continued LABEL DESCRIPTION Browse Click Browse to find the zysh file you want to upload Upload Click Upload to begin the upload process This process may take up to several minutes NWA3000 N Series User s Guide 251 Chapter 17 File Manager 252 NWA3000 N Series User s Guide Diagnostics 18 1 Overview Use the diagnostics screens for troubleshooting 18 1 1 What You Can Do in this Chapter The Diagnostics screen Section 18 2 on page 253 generates a file containing the NWA3000 N series AP s configur
400. to the SMTP server User Name This box is effective when you select the SMTP Authentication check box Type the user name to provide to the SMTP server when the log is e mailed Password This box is effective when you select the SMTP Authentication check box Type the password to provide to the SMTP server when the log is e mailed Active Log and Alert System log Use the System Log drop down list to change the log settings for all of the log categories disable all logs red X do not log any information for any category for the system log or e mail any logs to e mail server 1 or 2 enable normal logs green check mark create log messages and alerts for all categories for the system log If e mail server 1 or 2 also has normal logs enabled the NWA3000 N series AP will e mail logs to them enable normal logs and debug logs yellow check mark create log messages alerts and debugging information for all categories The NWA3000 N series AP does not e mail debugging information even if this setting is selected NWA3000 N Series User s Guide EJ Chapter 16 Log and Report Table 84 Configuration Log amp Report Log Setting Edit continued LABEL DESCRIPTION E mail Server 1 Use the E Mail Server 1 drop down list to change the settings for e mailing logs to e mail server 1 for all log categories Using the System Log drop down list to disable all logs overrides y
401. tom of the table to navigate to different pages of entries and control how many entries display at a time Configuration Add P User Name Description 4 ad users External AD Users 1 admin Administration account 5 guest Local User 2 Idap users External LDAP Users 3 radius users Page 1 ofi Show 50 v items Displaying 1 5 oF 5 NWA3000 N Series User s Guide Chapter 2 The Web Configurator 2 3 6 2 Working with Table Entries The tables have icons for working with table entries A sample is shown next You can often use the Shift or Ctrl key to select multiple entries to remove activate or deactivate Table 10 Common Table Icons Radio Summary Add Status Profile Name Frequency Band Channel ID 1 Q default 2 4G 6 2 Q default2 5G 36 Page 1 ofi Show 50 items Displaying 1 2 of 2 Here are descriptions for the most common table icons Table 11 Common Table Icons LABEL DESCRIPTION Add Click this to create a new entry For features where the entry s position in the numbered list is important features where the NWA3000 N series AP applies the table s entries in order like the firewall for example you can select an entry and click Add to create a new entry after the selected entry Edit Double click an entry or select it and click Edit to open a screen where you can modify the entry s settings In some tables you can just click a table entry and edit it direct
402. top bit no flow control and 115200 bps port speed 3 If this does not work you have to reset the device to its factory defaults See Section 21 6 on page 277 cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 2 f you changed the IP address use the new IP address NWA3000 N Series User s Guide Chapter 21 Troubleshooting f you changed the IP address and have forgotten it see the troubleshooting suggestions for forgot the IP address for the NWA3000 N series AP 2 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 1 7 on page 27 3 Make sure your Internet browser does not block pop up windows and has JavaScripts and Java enabled 4 Make sure your computer is in the same subnet as the NWA3000 N series AP If you know that there are routers between your computer and the NWA3000 N series AP skip this step f there is no DHCP server on your network make sure your computer s IP address is in the same subnet as the NWA3000 N series AP 5 Reset the device to its factory defaults and try to access the NWA3000 N series AP with the default IP address See your Quick Start Guide 6 If the problem continues contact the network administrator or vendor or try one of the advanced suggestions Advanced Suggestions Try to access the NW
403. torials 1 Open the Configuration System Auth Server screen Turn on the authentication server and select the certificate to use Click Apply c MEEEEEEEEENENEEMEMEAKA R General Settings V Enable Authentication Server Authentication Server Certificate default Y Trusted Client Q Add 4 Edt M Re Q Stati ProfieName IPAddress Mask Description 4 4 Page 1 ofi j Show 50 v items No data to display 2 Open the Configuration gt Object gt User gt User screen and click Add User Setting Configuration Edit J Remove ig Object Reference UserName User Type Description 1 admin admin Administration account 4 admin test admin Local User 2 usertest user Local User i4 4 Page 1 ofi j Show 50 v items Displaying 1 4of 4 3 The Add A User window opens Add A User 2x User Configuration User Name questi sss D User Type user Y FERRE LITER Retype Description Authentication Timeout Settings Use Default Settings Use Manual Settings Lease Time 1440 minutes Reauthentication Time 1440 minutes Cancel NWA3000 N Series User s Guide Chapter 4 Tutorials 3a User Name Enter guestl 3b User Type User 3c Password Enter guest1 and re enter it in the Retype field to confirm 3d Click OK to save these settings 4 Repeat steps 2 and 3 to create accounts for the staff members 4 1 4 Create the AP Profiles staff guest Th
404. try s 1st zysh entry name can t retrieve entry lst zysh entry name Ss can t get entry s lst zysh entry name can t print entry s lst zysh entry name s cannot retrieve lst zysh list name entries from list NWA3000 N Series User s Guide Appendix A Log Descriptions Table 98 ZySH Logs continued LOG MESSAGE DESCRIPTION can t get name for entry d 1st zysh entry index can t get reference count s 1st zysh list name can t print entry name Ss 1st zysh entry name o Can t append entry s lst zysh entry name 9 Can t set entry s lst zysh entry name Can t define entry s lst zysh entry name s list is full lst zysh list name Can t undefine s lst zysh list name Can t remove s lst zysh list name Table OPS s cannot retrieve entries from table 1st zysh table name o s index is out of range 1st zysh table name s cannot set entry 1st zysh table name 2st zysh entry num s table is full lst zysh table name s invalid old new index 1st zysh table name Unable to move entry ded lst zysh entry num s invalid index 1st zysh table name Unable to delete entry ded lst zysh entry num Unable to change entry ded lst zysh entry num S cannot retrieve entries from table 1st zysh table name s i
405. type of user account 2nd s The user s user name 3rd s The name of the service the user is using HTTP HTTPS FTP Telnet SSH or console Ss Ss from s has been logged out EnterpriseWLAN timeout idle The NWA3000 N series AP is signing the specified user out due to an idle timeout lst 96s The type of user account 2nd s The user s user name 3rd s The name of the service the user is using HTTP HTTPS FTP Telnet SSH or console Console has been put into lockout state Too many failed login attempts were made on the console port so the NWA3000 N series AP is blocking login attempts on the console port Address u u u u has been put into lockout state Too many failed login attempts were made from an IP address so the NWA3000 N series AP is blocking login attempts from that IP address 96 u 96 u 96u 96u the source address of the user s login attempt NWA3000 N Series User s Guide 287 Appendix A Log Descriptions Table 99 User Logs continued LOG MESSAGE DESCRIPTION Failed login attempt to A login attempt came from an IP address that the EnterpriseWLAN from s NWA3000 N series AP has locked out login on a lockout address 96 u 96 u 96u 96u the source address of the user s login attempt Failed login attempt to The NWA3000 N series AP blocked a login because the EnterpriseWLAN from s maximum login capacity for the particular se
406. uery status Status init Indicates the query has not been initialized querying Indicates the query is in process fail Indicates the query failed success Indicates the query succeeded AP Information This displays the MAC address for the selected AP 100 NWA3000 N Series User s Guide Chapter 6 Monitor Table 32 Monitor gt Log gt View AP Log continued LABEL DESCRIPTION Log File Status This indicates the status of the AP s log messages Last Log Query Time This indicates the last time the AP was queried for its log messages Display Select the log file from the specified AP that you want displayed Note This criterion only appears when you Show Filter Priority Select a priority level to use for filtering displayed log messages Note This criterion only appears when you Show Filter Source Enter a source IP address to display only the log messages that include Address it Note This criterion only appears when you Show Filter Destination Enter a destination IP address to display only the log messages that Address include it Note This criterion only appears when you Show Filter Source Enter a source interface to display only the log messages that include it Interface Note This criterion only appears when you Show Filter Destination Enter a destination interface to display only the log messages that Interface include it Note This crit
407. ult Show 50 items Displaying 1 1 of 1 The following table describes the labels in this screen Table 60 Configuration gt Object gt MON Profile LABEL DESCRIPTION Add Click this to add a new monitor mode profile Edit Click this to edit the selected monitor mode profile Remove Click this to remove the selected monitor mode profile Activate To turn on an entry select it and click Activate Inactivate To turn off an entry select it and click Inactivate Object Reference Click this to view which other objects are linked to the selected monitor mode profile for example an AP management profile This field is a sequential value and it is not associated with a specific profile Status This field shows whether or not the entry is activated Profile Name This field indicates the name assigned to the monitor profile NWA3000 N Series User s Guide Chapter 13 MON Profile 13 2 1 Add Edit MON Profile This screen allows you to create a new monitor mode profile or edit an existing one To access this screen click the Add button or select and existing monitor mode profile and click the Edit button Figure 75 Configuration gt Object gt MON Profile gt Add Edit MON Profile Edit MON Profile default x General Settings V Activate Profile Name default Channel dwell time 100 100ms 1000ms Scan Channel
408. um with or without modifications and in Source or Object form provided that You meet the following conditions a You must give any other recipients of the Work or Derivative Works a copy of this License and b You must cause any modified files to carry prominent notices stating that You changed the files and C You must retain in the Source form of any Derivative Works that You distribute all copyright patent trademark and attribution notices from the Source form of the Work excluding those notices that do not pertain to any part of the Derivative Works and d If the Work includes a NOTICE text file as part of its distribution then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file excluding those notices that do not pertain to any part of the Derivative Works in at least one of the following places within a NOTICE text file distributed as part of the Derivative Works within the Source form or documentation if provided along with the Derivative Works or within a display generated by the Derivative Works if and wherever such third party notices normally appear The contents of the NOTICE file are for informational purposes only and do not modify the License You may add Your own attribution notices within Derivative Works that You distribute alongside or as an addendum to the NOTICE text from the Work provided that such additional attribution no
409. uration The NWA3000 N series AP was unable to apply the startup config conf configuration file and fell back to the lastgood conf configuration file Fallback to system default configuration The NWA3000 N series AP was unable to apply the lastgood conf configuration file and fell back to the system default configuration file system default conf Booting in progress The NWA3000 N series AP is still applying the system configuration Management Mode This shows whether the NWA3000 N series AP is set to control other NWA3000 N series APs work as a stand alone AP or be controlled by another NWA3000 N series AP Interface Status Summary If an Ethernet interface does not have any physical ports associated with it its entry is displayed in light gray text Click the Detail icon to go to a more detailed summary screen of interface statistics NWA3000 N Series User s Guide Chapter 5 Dashboard Table 17 Dashboard continued LABEL DESCRIPTION Name This field displays the name of each interface Status This field displays the current status of each interface The possible values depend on what type of interface it is Inactive The Ethernet interface is disabled Down The Ethernet interface is enabled but not connected Speed Duplex The Ethernet interface is enabled and connected This field displays the port speed and duplex setting Full or Half VID This fie
410. urity Profile 13 Add Security Profile JE Profile Name Security Mode wpa NA 9 802 1X Radius Server Type External M Primary Radius Server Activate Secondary Radius Server Activate PS Cipher Type tkip MV ReAuthentication Timer 30 30000 seconds 0 is unlimited v L0 conceal The following table describes the labels in this screen Table 57 SSID gt Security Profile gt Add Edit Security Profile LABEL DESCRIPTION Profile Name Enter up to 31 alphanumeric characters for the profile name This name is only visible in the Web Configurator and is only for management purposes Spaces and underscores are allowed Security Mode Select a security mode from the list wep wpa wpa2 or wpa2 mix 802 1X Select this to enable 802 1x secure authentication Radius Server Select internal to use the NWA3000 N series AP s internal Type authentication database or external to use an external RADIUS server for authentication Primary Select this to have the NWA3000 N series AP use the specified Secondary Radius RADIUS server Server Activate Radius Server Enter the IP address of the RADIUS server to be used for IP Address authentication Radius Server Enter the port number of the RADIUS server to be used for Port authentication Radius Server Enter the shared secret password of the RADIUS server to be used for Secret authentication NWA3000 N Series User
411. urity but do not have an AES option Note Check your other AP s documentation to make sure it supports WDS security Select AES to enable Advanced Encryption System AES security on your WDS AES provides superior security to TKIP Use AES if the other access points on your network support it for the WDS Note At the time of writing this option is compatible with other ZyXEL NWA access points only When you enable WDS security for each access point in your WDS enter the AP s MAC address and a pre shared key Each access point can use a different pre shared key Configure WDS security and the relevant PSK in each of your other access point s Note Other APs must use the same encryption method to enable WDS security Edit Click this to edit the selected entry Activate To turn on an entry select it and click Activate Inactivate To turn off an entry select it and click Inactivate This field is a sequential value and it is not associated with a specific user Status This field shows whether or not the entry is activated NWA3000 N Series User s Guide 153 Chapter 12 AP Profile Table 53 Configuration gt Object gt AP Profile gt Add Edit Profile continued LABEL DESCRIPTION Remote Bridge MAC Type the MAC address of the peer device in a valid MAC address format that is six hexadecimal character pairs for example 12 34 56 78 9a bc PSK Type a pre sha
412. user HTTPS port has been An administrator changed the port number for HTTPS changed to port s 96s is port number HTTPS port has been An administrator changed the port number for HTTPS back to changed to default the default 443 port 288 NWA3000 N Series User s Guide Appendix A Log Descriptions Table 100 Built in Services Logs continued LOG MESSAGE DESCRIPTION HTTP port has changed to port s An administrator changed the port number for HTTP 96s is port number assigned by user HTTP port has changed to default port An administrator changed the port number for HTTP back to the default 80 SSH port has been changed to port s An administrator changed the port number for SSH 96s is port number assigned by user SSH port has been changed to default port An administrator changed the port number for SSH back to the default 22 SSH does not exist certificate s SSH service will not work An administrator assigned a nonexistent certificate to SSH 96s is certificate name assigned by user SSH format is wrong certificate s SSH service will not work After an administrator assigns a certificate for SSH the device needs to convert it to a key used for SSH 96s is certificate name assigned by user TELNET port has been changed to port s An administrator changed the
413. uthority s server address You also need to fill in the Reference Number and Key if the certification authority requires them Enrollment Protocol This field applies when you select Create a certification request and enroll for a certificate immediately online Select the certification authority s enrollment protocol from the drop down list box Simple Certificate Enrollment Protocol SCEP is a TCP based enrollment protocol that was developed by VeriSign and Cisco Certificate Management Protocol CMP is a TCP based enrollment protocol that was developed by the Public Key Infrastructure X 509 working group of the Internet Engineering Task Force IETF and is specified in RFC 2510 CA Server Address This field applies when you select Create a certification request and enroll for a certificate immediately online Enter the IP address or URL of the certification authority server For a URL you can use up to 511 of the following characters a zA ZO 9 _ CA Certificate This field applies when you select Create a certification request and enroll for a certificate immediately online Select the certification authority s certificate from the CA Certificate drop down list box You must have the certification authority s certificate already imported in the Trusted Certificates screen Click Trusted CAs to go to the Trusted Certificates screen where you can view and manage the NWA3000 N series A
414. vely restrict the users of a free program by obtaining a restrictive license from a patent holder Therefore we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license Most GNU software including some libraries is covered by the ordinary GNU General Public License This license the GNU Lesser General Public License applies to certain designated libraries and is quite different from the ordinary General Public License We use this license for certain libraries in order to permit linking those libraries into non free programs When a program is linked with a library whether statically or using a shared library the combination of the two is legally speaking a combined work a derivative of the original library The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom The Lesser General Public License permits more lax criteria for linking other code with the library We call this license the Lesser General Public License because it does Less to protect the user s freedom than the ordinary General Public License It also provides other free software developers Less of an advantage over competing non free programs These disadvantages are the reason we use the ordinary General Public License for many libraries However the Lesser license provides advantages in certain special circumstances
415. ven number Beacon Interval 100 40ms 1000ms DTIM 1 1255 Output Power 10095 v Rate Configuration Fast Select 7 802 11b 802 11g 7 802 11b g 7 802 11n g Basic Rate Mbps 1 V 2 y 5 5 J 11 16 7 9 12 7 18 F 24 7 36 48 E 54 Support Rate Mbps M1 M2 V 5 5 v 11 V 6 v 9 12 v 18 v 24 v 36 V 48 Wi 54 MCS Rate V o Mi M2 gs gi 4 gs Ws gz J 8 7 9 V 10 J 11 v 12 v 13 V 14 V 15 lx m NWA3000 N Series User s Guide Chapter 12 AP Profile The following table describes the labels in this screen Table 53 Configuration Object AP Profile Add Edit Profile LABEL DESCRIPTION Hide Show Click this to hide or show the Advanced Settings in this window Advanced Settings Create New Select an item from this menu to create a new object of that type Object Any objects created in this way are automatically linked to this radio profile General Settings Activate Select this option to make this profile active Profile Name Enter up to 31 alphanumeric characters to be used as this profile s name Spaces and underscores are allowed Ripe Lang This displays if the NWA3000 N series AP is set to standalone mode Mode Select AP Bridge to have the radio function as an access point and bridge simultaneously Select Bridge Repeater to have the radio function as a wireless network bridge repeater and establish wirel
416. view which other objects are linked to the selected radio Reference profile This field is a sequential value and it is not associated with a specific user Status This field shows whether or not the entry is activated Profile Name This field indicates the name assigned to the radio profile Frequency This field indicates the frequency band which this radio profile is Band configured to use Channel ID This field indicates the broadcast channel which this radio profile is configured to use NWA3000 N Series User s Guide Chapter 12 AP Profile 12 2 1 Add Edit Radio Profile This screen allows you to create a new radio profile or edit an existing one To access this screen click the Add button or select a radio profile from the list and Click the Edit button Figure 67 Configuration gt Object gt AP Profile gt Add Edit Profile Standalone Mode Add Radio Profile General Settings 7 Activate Profile Name Operating Mode AP Bridge 802 11 Band 2 4G Channel 6 SSID Profile default Advanced Settings Guard Interval 9 V Enable A MPDU Aggregation A MPDU Limit 50000 A MPDU Subframe 32 V Enable A MSDU Aggregation A MSDU Limit 4096 RTS CTS Threshold 2347 Fragmentation Threshold 2346 Channel Width Auto Hide Advanced Settings Create new Object 9 20MHz 100465535 2764 2290 4096 07 2347 256 2346 Fragmentation Threshold shall be an e
417. way NWA3000 N Series User s Guide Chapter 5 Dashboard NWA3000 N Series User s Guide Monitor 6 1 Overview Use the Monitor screens to check status and statistics information 6 1 1 What You Can Do in this Chapter The LAN Status screen Section 6 3 on page 84 displays general LAN interface information and packet statistics The LAN Status Graph screen Section 6 3 1 on page 86 displays a line graph of packet statistics for the NWA3000 N series AP s physical LAN port The AP List screen Section 6 4 on page 87 displays which APs are currently connected to the NWA3000 N series AP This is available when the NWA3000 N series AP is in controller mode The Radio List screen Section 6 5 on page 89 displays statistics about the wireless radio transmitters in each of the APs connected to the NWA3000 N series AP The Station Info screen Section 6 6 on page 93 displays information about suspected rogue APs The Rogue AP screen Section 6 7 on page 94 displays information about suspected rogue APs Use the Legacy Device screens Section 6 8 on page 95 to connect to legacy NWA3000 N series AP 3000 APs This is available when the NWA3000 N series AP is in controller mode The View Log screen Section 6 9 on page 96 displays the NWA3000 N series AP s current log messages You can change the way the log is displayed you can e mail the log and you can also clear the log in this screen The
418. wn stops the system processes Wait for the device to shut down and Shutdown or then manually turn off or remove the power It does not turn off the using the shutdown power command Disconnecting the Power off occurs when you turn off the power to the NWA3000 N power series AP The NWA3000 N series AP simply turns off It does not stop the system processes or write cached data to local storage The NWA3000 N series AP does not stop or start the system processes when you apply configuration files or run shell scripts although you may temporarily lose access to network resources NWA3000 N Series User s Guide Chapter 1 Introduction NWA3000 N Series User s Guide 2 1 The Web Configurator Overview The NWA3000 N series AP Web Configurator allows easy management using an Internet browser In order to use the Web Configurator you must Use Internet Explorer 7 0 and later or Firefox 1 5 and later Allow pop up windows Enable JavaScript enabled by default Enable Java permissions enabled by default Enable cookies The recommended screen resolution is 1024 x 768 pixels and higher NWA3000 N Series User s Guide Chapter 2 The Web Configurator 2 2 Access 1 Make sure your NWA3000 N series AP hardware is properly connected See the Quick Start Guide 2 Browse to https 192 168 1 2 The Login screen appears 3 Enter the user name default admin and password defau
419. wser 15 6 SSH You can use SSH Secure SHell to securely access the NWA3000 N series AP s command line interface SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network In the following figure computer B on the Internet uses SSH NWA3000 N Series User s Guide Chapter 15 System 15 6 1 1 to securely connect to the WAN port of the NWA3000 N series AP A for a management session Figure 94 SSH Communication Over the WAN Example How SSH Works The following figure is an example of how a secure connection is established between two remote hosts using SSH v1 Figure 95 How SSH v1 Works Example Encryption method to use Password User name Host Identification The SSH client sends a connection request to the SSH server The server identifies itself with a host key The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server The client automatically saves any new server public keys In subsequent connections the server public key is checked against the saved version on the client computer NWA3000 N Series User s Guide Chapter 15 System 2 Encryption Method Once the identification is verified both the client and server must agree on the typ
420. xits sub command mode this is from Joe on 2010 12 05 wlan ssid profile default ssid Joe AP qos wmm security default 1 Errors in Configuration Files or Shell Scripts When you apply a configuration file or run a shell script the NWA3000 N series AP processes the file line by line The NWA3000 N series AP checks the first line and applies the line if no errors are detected Then it continues with the next line If the NWA3000 N series AP finds an error it stops applying the configuration file or shell script and generates a log You can change the way a configuration file or shell script is applied Include setenv stop on error off in the configuration file or shell script The NWA3000 N series AP ignores any errors in the configuration file or shell script and applies all of the valid commands The NWA3000 N series AP still generates a log for any errors 17 2 Configuration File Click Maintenance gt File Manager gt Configuration File to open this screen Use the Configuration File screen to store run and name configuration files You can also download configuration files from the NWA3000 N series AP to your computer and upload configuration files from your computer to the NWA3000 N series AP Once your NWA3000 N series AP is configured and functioning properly it is highly recommended that you back up your configuration file before making further configuration changes The backup configuration file will be useful in
421. y Click Configuration Wireless MON Mode to access this screen NWA3000 N Series User s Guide Chapter 9 Wireless Figure 47 Configuration gt Wireless gt MON Mode Deesesee 0 0 0 DNE General Settings Enable Rogue AP Cont ynment Roque Friendly AP List VW Add Li Contermen Role MAC Address Descripoon Page 1 ofi Show SO v koms No data to display Rogue AP List Importing Exporting Fle Path Browse _ Exporting Friendly AP List Importing Exporting Fle Path Browse Expecting j Ay Reset Each field is described in the following table Table 40 Configuration gt Wireless gt MON Mode LABEL DESCRIPTION General Settings Enable Rogue AP Select this to enable rogue AP containment Containment Rogue Friendly AP List Add Click this button to add an AP to the list and assign it either friendly or rogue status Edit Select an AP in the list to edit and reassign its status Remove Select an AP in the list to remove Containment Click this button to quarantine the selected AP A quarantined AP cannot grant access to any network services Any stations that attempt to connect to a quarantined AP are disconnected automatically Dis Containment Click this button to stop the quarantine of the selected AP so it has normal access to the network This field is a sequential value and it is not associated with any interface Containme
422. y facilities This must be distributed under the terms of the Sections above b Give prominent notice with the combined library of the fact that part of it is a work based on the Library and explaining where to find the accompanying uncombined form of the same work 8 You may not copy modify sublicense link with or distribute the Library except as expressly provided under this License Any attempt otherwise to copy modify sublicense link with or distribute the Library is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so long as such parties remain in full compliance 9 You are not required to accept this License since you have not signed it However nothing else grants you permission to modify or distribute the Library or its derivative works These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Library or any work based on the Library you indicate your acceptance of this License to do so and all its terms and conditions for copying distributing or modifying the Library or works based on it 10 Each time you redistribute the Library or any work based on the Library the recipient automatically receives a license from the original licensor to copy distribute link with or modify the Library subject to these terms and conditions
423. y limit is enabled and the maximum retry count is reached This number must be between 1 and 65 535 about 45 5 days Apply Click Apply to save the changes Reset Click Reset to return the screen to its last saved settings NWASO000 N Series User s Guide Chapter 11 User 11 3 1 Edit User Authentication Timeout Settings This screen allows you to set the default authentication timeout settings for the selected type of user account These default authentication timeout settings also control the settings for any existing user accounts that are set to use the default settings You can still manually configure any user account s authentication timeout settings To access this screen go to the Configuration gt Object gt User gt Setting screen and click one of the Default Authentication Timeout Settings section s Edit icons Figure 65 User gt Setting gt Edit User Authentication Timeout Settings Edit User Authentication Timeout Settings X User Type admin Lease Time 1440 0 1440 minutes 0 is unlimited Reauthentication Time 1440 0 1440 minutes 0 is unlimited The following table describes the labels in this screen Table 51 User Setting Edit User Authentication Timeout Settings LABEL DESCRIPTION User Type This read only field identifies the type of user account for which you are configuring the default settings admin this user can look at and change
424. y selecting All Logs or you can select a specific category of log messages for example user You can also look at the debugging log by selecting Debug Log All debugging messages have the same priority To access this screen click Monitor gt Log The log is displayed in the following screen NWA3000 N Series User s Guide Chapter 6 Monitor Note When a log reaches the maximum number of log messages new log messages automatically overwrite existing log messages starting with the oldest existing log message first For individual log descriptions see Appendix A on page 285 For the maximum number of log messages in the NWA3000 N series AP see Chapter 22 on page 279 Events that generate an alert as well as a log message display in red Regular logs display in black Click a column s heading cell to sort the table entries by that column s criteria Click the heading cell again to reverse the sort order Figure 36 Monitor Log View Log 5 Hide Filter Logs Display All Logs M Priority any Y Source Address Destination Address Source Interface any Y Destination Interface any Y Protocol any Y Keyword e a Time Prio Cate Message Source Destination Note 1970 01 01 03 1 noti Use Administrator admin from http https has logged 172 23 26 1 172 23 26 24 Account a 1970 01 01 01 5 info CAF STA DisassociationMACAddr 0025d392faa9 Af 1970 01 01 01 4 info CAF STA AssociationMACAddr 0025d392faa9
425. ynamit Channel SUG I Mem Lm 70 Part Il Technical Reference csssessscrssesesssersensscsccesensscnscorecsscnsconss 73 Chapter 5 Dashboard 75 CAES D E A AE I E A EN A dan aoe 75 514 What You Gan Do inthis Chapter serores isinna a AGS 75 SR BR ILI cair 76 Py Be IRE o qup TM ER TEES 80 cyan Nr vq E 81 NWA3000 N Series User s Guide Table of Contents Chapter 6 83 SARE LU NC TT TT E TT PRETI URN 83 BAL Whal Vou Cai Doim this OMA PIED AE TREES 83 02 Whar rou Necd Te dorso ene 83 CALAN SIENE n erm 84 Ga LAN Aawe AR ara a d Rd TEN dS 86 Nor us c IEEE E TD I T 87 AT rii rei si a t 89 Ie Pee WISE T 89 Go AP Mode Hago Moma psu aid sin detcincd dined plane bead done dee Mivd e bos Ure Robes TITO dee bo DI sea bap cIdS 91 A SA me T 93 e p emm m TT 94 GRE IuCU i ppc t EIS 95 Bu T Legacy Device Ina Add or EIE ouucasosessaipeninapentaea adu a Pre apa a oci bcn a etd 96 oi Ru q s TT TT PREIS 96 C10 Viw AF LOG C 100 Chapter 7 Management 1 O A 103 VhES 0 s e X 103 7e as nal em Pm 103 7 2 1 CAPWAP Discovery and Management nsicinissisirniisissnniiniinna enne 104 122 Managed AP F
426. yntax for data including digital signatures that may be encrypted A PKCS 7 file is used to transfer a public key certificate The private key is not included The NWA3000 N series AP currently allows the importation of a PKS 7 file that contains a single certificate PEM Base 64 encoded PKCS 77 This Privacy Enhanced Mail PEM format uses lowercase letters uppercase letters and numerals to convert a binary PKCS 7 certificate into a printable form Binary PKCS 12 This is a format for transferring public key and private key certificates The private key in a PKCS 12 file is within a password encrypted envelope The file s password is not connected to your certificate s public or private passwords Exporting a PKCS 12 file creates this and you must provide it to decrypt the contents when you import the file into the NWA3000 N series AP Note Be careful not to convert a binary file to text during the transfer process It is easy for this to occur since many programs use text files by default 14 1 3 Verifying a Certificate Before you import a trusted certificate into the NWA3000 N series AP you should verify that you have the correct certificate You can do this using the certificate s fingerprint A certificate s fingerprint is a message digest calculated using the NWAJ3000 N Series User s Guide 1 T3 Chapter 14 Certificates 1 MD5 or SHA1 algorithm The following procedure describes how to check a certificate s fin
427. ype in the at field depends on your time zone In Germany for instance you would type 2 because Germany s time zone is one hour ahead of GMT or UTC GMT 1 NWA3000 N Series User s Guide Chapter 15 System Table 70 Configuration System Date Time continued LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving The at field uses the 24 hour format Here are a couple of examples Daylight Saving Time ends in the United States on the first Sunday of November Each time zone in the United States stops using Daylight Saving Time at 2 A M local time So in the United States you would select First Sunday November and type 2 in the at field Daylight Saving Time ends in the European Union on the last Sunday of October All of the time zones in the European Union stop using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would select Last Sunday October The time you type in the at field depends on your time zone In Germany for instance you would type 2 because Germany s time zone is one hour ahead of GMT or UTC GMT 1 Offset Specify how much the clock changes when daylight saving begins and ends Enter a number from 1 to 5 5 by 0 5 increments For example if you set this field to 3 5 a log occurred at 6 P M in local official time will appear as if it had occurred at 10 30 P M A
428. ys general device information system status system resource usage and interface status in widgets that you can re arrange to suit your needs You can also collapse refresh and close individual widgets Figure 23 Dashboard DASHBOARD IT Device Information System Name Model Name Serial Number MAC Address Range 40 5A 03 42 70 12 40 4A 03 42 70 13 nwa3160 n NWA3160 N 100D42007113 Firmware Version 2 23 UJA 0 bat2 1 13 2010 10 25 03 48 20 CJ System Resources CPU Usage Memory Usage Flash Usage amp AP Information All AP Online Management AP Offline Management AP Un Management AP All Station Station All Sensed Device Un Classified AP Rogue AP Friendly AP Interface Status Summary Name Status VID HA Statu IP Addr Netmask lan 100M Full 1 n a ij Top 5 Station APMAC The following table describes the labels in this screen Table 17 Dashboard LABEL DESCRIPTION Widget Settings Use this link to re open closed widgets Widgets that are already open A appear grayed out Up Arrow B Click this to collapse a widget Refresh Time Setting C Set the interval for refreshing the information displayed in the widget Refresh Now D Click this to update the widget s information immediately Close Widget E Click this to close the widget Use Widget Setting to re open it Device Information NWA3000 N Seri
429. ys the present date of your NWA3000 N series AP Time and Date Setup Manual Select this radio button to enter the time and date manually If you configure a new time and date time zone and daylight saving at the same time the time zone and daylight saving will affect the new time and date you entered When you enter the time settings manually the NWA3000 N series AP uses the new setting once you click Apply New Time hh This field displays the last updated time from the time server or the mm ss last time configured manually When you set Time and Date Setup to Manual enter the new time in this field and then click Apply NWA3000 N Series User s Guide Chapter 15 System Table 70 Configuration System Date Time continued LABEL DESCRIPTION New Date This field displays the last updated date from the time server or the yyyy mm dd last date configured manually When you set Time and Date Setup to Manual enter the new date in this field and then click Apply Get from Time Select this radio button to have the NWA3000 N series AP get the time Server and date from the time server you specify below The NWA3000 N series AP requests time and date settings from the time server under the following circumstances When the NWA3000 N series AP starts up When you click Apply or Synchronize Now in this screen e 24 hour intervals after starting up Time Server Enter the IP address or URL o
430. z et 2483 5 MHz This Class B digital apparatus complies with Canadian I CES 003 Cet appareil num rique de la classe B est conforme la norme NMB 003 du Canada Viewing Certifications Go to http www zyxel com 2 Select your product on the ZyXEL home page to go to that product s page 3 Select the certification you wish to view from this page ZyXEL Limited Warranty 376 ZyXEL warrants to the original end user purchaser that this product is free from any defects in material or workmanship for a specific period the Warranty Period from the date of purchase The Warranty Period varies by region Check with your vendor and or the authorized ZyXEL local distributor for details about the Warranty Period of this product During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials ZyXEL will at its discretion repair or replace the defective products or components without charge for either parts or labor and to whatever extent it shall deem necessary to restore the product or components to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product has been modified misused tampered with damaged by an act of God or subjected to abnormal working conditions Note R

Download Pdf Manuals

Related Search

Related Contents

USER`S MANUAL - Codem Music srl  BT51-3-1-2000F - Publications du gouvernement du Canada  ディスプレイスタンド カタログ  TRANSCRIÇÃO GRAFEMÁTICA - Repositório Institucional UFC  User Manual  ANLEITUNG / MANUAL  Polaroid Pinhole Photo Kit User's Guide  Brookstone 796246p User's Manual  user manual - Silver Pines Sound & Light  Erstellung einer Benutzerober äche zur Exploration und Analyse  

Copyright © All rights reserved. Failed to retrieve file