ZyXEL B-500 User's Manual
Contents
1. FIELD DESCRIPTION EXMAPLE Default Key Enter the key number 1 to 4 in this field Only one key can be enabled at any 1 one time This key must be the same on the ZyAIR and the wireless stations to communicate Key 1 to Key 4 The WEP keys are used to encrypt data Both the ZyAIR and the wireless 0x12345abc stations must use the same WEP key for data transmission de If you chose 64 bit WEP in the WEP Encryption field then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP in the WEP Encryption field then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F Enter 0x before the key to denote a hexadecimal key Don t enter 0x before the key to denote an ASCII key Authen Press SPACE BAR to select Auto Open System Only or Shared Key Only Auto Method and press ENTER This field is N A if WEP is not activated If WEP encryption is activated the default setting is Auto Edit MAC Press SPACE BAR to select Yes and press ENTER to display menu 3 5 1 No Address Filter See the section on MAC address filter for more information Edit Roaming Press SPACE BAR to select Yes and press ENTER to display menu 3 5 2 No Configuration See the section on roaming configuration for more information Block Intra Press SPACE BAR to select Yes or No and press ENTER No BSS Traffic Number of Enter the number of association stations The numbe2. ZyAIR B 500 Wireless Access Point User s Guide Chapter 17 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files using the SMT screens 17 1 Filename Conventions The configuration file often called the romfile or rom 0 contains the factory default settings in the menus such as password and TCP IP Setup etc It arrives from ZyXEL with a rom filename extension Once you have customized the ZyAIR s settings they can be saved back to your computer under a filename of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename extension With many FTP and TFTP clients the filenames are similar to those seen next ftp gt put firmware bin ras This is a sample FTP session showing the transfer of the computer file firmware bin to the ZyAIR ftp gt get rom 0 config cfg This is a sample FTP session saving the current configuration to the computer file config cfg If your T FTP client does not allow you to have a destination filename different than the source you will need to rename them as the ZyAIR only recognizes rom 0 and ras Be sure you keep unaltered copies of both files for later use The following table is a summary Please note that the internal filename refers to the filename on the ZyAIR and the ex
3. Scan Click this button to have the ZyAIR automatically scan for and select a channel with the least interference RTS CTS Enter a value between 0 and 2432 The default is 2432 Threshold Fragmentation Enter a value between 256 and 2432 The default is 2432 It is the maximum data Threshold fragment size that can be sent Security Refer to the chapter about Wireless security for detailed information Enable Intra Intra BSS traffic is traffic between wireless stations in the same BSS Select this check BSS Traffic box to enable Intra BSS traffic Number of Use this field to set a maximum number of wireless stations that may connect to the Wireless ZyAIR Stations Allowed Enter the number from 1 to 32 of wireless stations allowed Output Power Set the output power of the ZyAIR in this field If there is a high density of APs within an area decrease the output power of the ZyAIR to reduce interference with other APs The options are 17dBm 50mW 14dBm 25mW or 11dBm 12 6mW Preamble Select a preamble type from the drop down list menu Choices are Long and Dynamic See the section on preamble for more information Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to begin configuring this screen afresh See the chapter on wireless security for information on the other labels in this screen Wireless Configuration and Roaming 5 7 ZyAIR B 500 Wireles
4. splay All Logs y Email Log Now Clear Log Time A Message Source Destination Note Figure 8 1 View Log Logs Screens 8 1 ZyAIR B 500 Wireless Access Point User s Guide The following table describes the labels in this screen Table 8 1 View Log LABEL DESCRIPTION Display Select a log category from the drop down list box to display logs within the selected category To view all logs select All Logs The number of categories shown in the drop down list box depends on the selection in the Log Settings page Time This field displays the time the log was recorded Message This field states the reason for the log Source This field lists the source IP address and the port number of the incoming packet Destination This field lists the destination IP address and the port number of the incoming packet Note This field displays additional information about the log entry Email Log Now Click Email Log Now to send the log screen to the e mail address specified in the Log Settings page Refresh Click Refresh to renew the log screen Clear Log Click Clear Log to clear all the logs 8 2 Configuring Log Settings To change your ZyAIR s log settings click LOGS and then the Log Settings tab The screen appears as shown Use the Log Settings screen to configure to where the ZyAIR is to send the logs the schedule for when the ZyAIR is to send the logs and which logs
5. Table 16 1 Menu 24 1 System Maintenance Status FIELD DESCRIPTION System Up Time This is the time the ZyAIR is up and running from the last reboot 16 3 System Information To get to the System Information Step 1 Enter 24 to display Menu 24 System Maintenance Step 2 Enter 2 to display Menu 24 2 System Information and Console Port Speed Step 3 From this menu you have two choices as shown in the next figure Menu 24 2 System Information and Console Port Speed 1 System Information 2 Console Port Speed Please enter selection Figure 16 3 Menu 24 2 System Information and Console Port Speed The ZyAIR has an internal console port for support personnel only Do not open the ZyAIR as it will void your warranty 16 3 1 System Information Enter 1 in menu 24 2 to display the screen shown next Menu 24 2 1 System Maintenance Information Name B 500 Routing BRIDGE ZyNOS F W Version V3 50 HL 3 b1 03 29 2004 Country Code 255 LAN Ethernet Address 00 A0 C5 00 00 04 IP Address 192 168 1 2 EP Mask 255 255 2550 DHCP None Press ESC or RETURN to Exit Figure 16 4 Menu 24 2 1 System Information Information System Information and Diagnosis 16 3 ZyAIR B 500 Wireless Access Point User s Guide The following table describes the fields in this menu Table 16 2 Menu 24 2 1 System Maintenance Information FIELD D
6. a C 4 ES pro _ o ACK E ton ASS O A and B do not gt a p Station A sss rene hear each other eer Se ey Station can hear the AP Figure 5 4 RTS CTS When station A sends data to the AP it might not know that the station B is already using the channel If these two stations send data at the same time collisions may occur when both sets of data arrive at the AP at the same time resulting in a loss of messages for both stations RTS CTS is designed to prevent collisions due to hidden nodes An RTS CTS defines the biggest size data frame you can send before an RTS Request To Send CTS Clear to Send handshake is invoked When a data frame exceeds the RTS CTS value you set between 0 to 2432 bytes the station that wants to transmit this frame must first send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer their transmission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhead involved in the RTS Request To Send CTS Clear t
7. If this feature is enabled it is not necessary to configure a default WEP encryption key in the Wireless screen You may still configure and store keys here but they will not be used while Dynamic WEP is enabled To use Dynamic WEP enable and configure the RADIUS server see section 6 20 and enable Dynamic WEP Key Exchange in the 802 1x screen Ensure that the wireless station s EAP type is configured to one of the following e EAP TLS 6 14 Wireless Security ZyAIR B 500 Wireless Access Point User s Guide e EAP TTLS e PEAP EAP MD5 cannot be used with Dynamic WEP Key Exchange 6 13 Configuring 802 1x and Dynamic WEP Key Exchange In order to configure and enable 802 1x and Dynamic WEP Key Exchange click the WIRELESS link under ADVANCED to display the Wireless screen Select 802 1x Dynamic WEP from the Security list Wireless MACFilter Roaming ocal User RADIUS ESSID Wireless Hide ESSID Choose Channel ID Channel 06 2437MHz y or Scan RTS CTS Threshold 2432 0 2432 Fragmentation Threshold 2432 256 2432 Security 802 1x Dynamic WEP gt ReAuthentication Timer fi 800 In Seconds Idle Timeout 3600 In Seconds Dynamic WEP Key Exchange 64 bit WEP y M Enable Intra BSS Traffic Number of Wireless Stations Allowed 32 1 32 Output Power 17d8m 50m Preamble Long y Apply Reset Figure 6 9 Wireless 802 1x and Dynamic WEP The following table describe
8. Port unreachable el wy nyo Fr oO A packet that needed fragmentation was dropped because it was set to Don t Fragment DF Source route failed Source Quench A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network Redirect Redirect datagrams for the Network Redirect datagrams for the Host Redirect datagrams for the Type of Service and Network wl D o Redirect datagrams for the Type of Service and Host Echo Echo message 11 Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded 12 Parameter Problem Pointer indicates the error Log Descriptions ZyAIR B 500 Wireless Access Point User s Guide Chart l 2 ICMP Notes TYPE CODE DESCRIPTION 13 Timestamp 0 Timestamp request message 14 Timestamp Reply 0 Timestamp reply message 15 Information Request 0 Information request message 16 Information Reply 0 Information reply message Chart l 3 Sys log LOG MESSAGE DESCRIPTION Mon dd hr mm ss hostname This message is sent by the RAS when this syslog is src lt srclIP srcPort gt generated The messages and notes are defined in this dst lt dstIP dstPort gt appendix s other charts msg lt msg gt note lt note gt
9. RADIUS Access Request gt RADIUS Access Challenge RADIUS Access Request lt gt Client computer RADIUS Access Accept access authorized RADIUS Access Deny Client computer Q_ _ o q access not authorized Diagram E 1 Sequences for EAP MD5 Challenge Authentication E 2 Wireless LAN with IEEE 802 1x ZyAIR B 500 Wireless Access Point User s Guide Appendix F Types of EAP Authentication This appendix discusses the five popular EAP authentication types EAP MD5 EAP TLS EAP TTLS PEAP and LEAP The type of authentication you use depends on the RADIUS server Consult your network administrator for more information EAP MD5 Message Digest Algorithm 5 MDS authentication is the simplest one way authentication method The authentication server sends a challenge to the wireless station The wireless station proves that it knows the password by encrypting the password with the challenge and sends back the information Password is not sent in plain text However MDS authentication has some weaknesses Since the authentication server needs to get the plaintext passwords the passwords must be stored Thus someone other than the authentication server may access the password file In addition it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication Finally MDS5 authentication method does not support data encryption w
10. click the Apple icon Control Panels and then Modem means first click the Apple icon then point your mouse pointer to Control Panels and then click Modem e For brevity s sake we will use e g as a shorthand for for instance and 1 e for that is or in other words throughout this manual e The ZyAIR B 500 Wireless Access Point may be referred to simply as the ZyAIR in the user s guide User Guide Feedback Help us help you E mail all User Guide related comments questions or suggestions for improvement to techwriters zyxel com tw or send regular mail to The Technical Writing Team ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park Hsinchu 300 Taiwan Thank you xviii Preface Overview Part I OVERVIEW ZyAIR B 500 Wireless Access Point User s Guide Chapter 1 Getting to Know Your ZyAIR This chapter introduces the main features and applications of the ZyAIR 1 1 Introducing the ZyAIR Wireless Access Point The ZyAIR extends the range of your existing wired network without any additional wiring efforts The ZyAIR provides easy network access to mobile users The ZyAIR offers highly secured wireless connectivity to your wired network with IEEE 802 1x Wi Fi Protected Access WEP data encryption and MAC address filtering The ZyAIR is easy to install and configure The embedded web based configurator and SNMP network management en
11. 10 255 255 255 192 1024 62 126 11 255 255 255 224 2048 30 127 12 255 255 255 240 4096 14 128 13 255 255 255 248 8192 6 129 14 255 255 255 252 16384 2 130 15 255 255 255 254 32768 1 G 8 IP Subnetting ZyAIR B 500 Wireless Access Point User s Guide Appendix H Command Interpreter The following describes how to use the command interpreter Enter 24 in the main menu to bring up the system maintenance menu Enter 8 to go to Menu 24 8 Command Interpreter Mode See the included disk or www zyxel com for more detailed information on these commands Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable Command Syntax The command keywords are in courier new font Enter the command keywords exactly as shown do not abbreviate The required fields in a command are enclosed in angle brackets lt gt The optional fields in a command are enclosed in square brackets The symbol means or For example sys filter netbios config lt type gt lt on off gt means that you must specify the type of netbios filter and whether to turn it on or off Command Usage A list of valid commands can be found by typing help or at the command prompt Always type the full command Type exit to return to the SMT main menu when finished Command Interpreter H 1 ZyAIR B 500 Wireless Access Point User s Guide Appendix I Log Descriptions Cha
12. Status TxPkts RxPkts Tx B s Rx B s Up Time 100M Full 422 558 273 128 0 11 52 16 5M 123 0 0 0 0 15 54 Ethernet Address IP Address IP Mask 00 A0 C5 00 00 04 192 168 1 2 255 255 3255 30 00 A0 C5 00 00 04 System up Time Name B 500 ZyNOS F W Version V3 50 HL 3 b1 03 29 2004 Press Command COMMANDS 9 Reset Counters ESC Exit Figure 16 2 Menu 24 1 System Maintenance Status The following table describes the fields present in this menu Table 16 1 Menu 24 1 System Maintenance Status FIELD DESCRIPTION Port This is the port type Port types are Ethernet and Wireless Status This shows the status of the remote node TxPkts This is the number of transmitted packets to this remote node RxPkts This is the number of received packets from this remote node Cols This is the number of collisions on this connection Tx B s This shows the transmission rate in bytes per second Rx B s This shows the receiving rate in bytes per second Up Time This is the time this channel has been connected to the current remote node Ethernet Address This shows the MAC address of the port IP Address This shows the IP address of the network device connected to the port IP Mask This shows the subnet mask of the network device connected to the port DHCP This shows the DHCP setting None or Client for the port 16 2 System Information and Diagnosis ZyAIR B 500 Wireless Access Point User s Guide
13. Use the drop down list box to select which day of the week to send the logs Time for Sending Log Enter the time of the day in 24 hour format for example 23 00 equals 11 00 pm to send the logs Logs Screens ZyAIR B 500 Wireless Access Point User s Guide Table 8 2 Log Settings LABEL DESCRIPTION Clear log after sanding mail Select the check box to clear all logs after logs and alert messages are sent via e mail Log Select the categories of logs that you want to record Send Immediate Alert Select the categories of alerts for which you want the ZyAIR to immediately send e mail alerts Apply Click Apply to save your customized settings and exit this screen Reset Click Reset to reconfigure all the fields in this screen Logs Screens 8 5 Maintenance Part IV MAINTENANCE ZyAIR B 500 Wireless Access Point User s Guide Chapter 9 Maintenance This chapter describes the Maintenance screens that display system information such as ZyNOS firmware port IP addresses and port traffic statistics 9 1 Maintenance Overview The maintenance screens can help you view system information upload new firmware manage configuration and restart your ZyAIR 9 2 System Status Screen Click MAINTENANCE to display the screen where you can use to monitor your ZyAIR Note that these labels are READ ONLY and are meant to be us
14. to exit the FTP prompt 331 Enter PASS command Password 230 Logged in ftp gt bin 200 Type 1 OK ftp gt get rom 0 zyxel rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK tp 327680 bytes sent in 1 10Seconds 297 89Kbytes sec ftp gt quit Figure 17 2 FTP Session Example The following table describes some of the commands that you may see in third party FTP clients Table 17 2 General Commands for Third Party FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server Login Type Anonymous This is when a user D and password is automatically supplied to the server for anonymous access Anonymous logins will work only if your ISP or service administrator has enabled this option Normal The server requires a unique User ID and Password to login Transfer Type Transfer files in either ASCII plain text format or in binary mode Configuration and firmware files should be transferred in binary mode Firmware and Configuraiton File Maintenance 17 3 ZyAIR B 500 Wireless Access Point User s Guide Table 17 2 General Commands for Third Party FTP Clients COMMAND DESCRIPTION Initial Remote Specify the default remote directory path Directory Initial Local Specify the default local directory path Directory 17 2 3 Backup Configuration Using TFTP The ZyAIR supports the up
15. Log Commands Go to the command interpreter interface the Command Interpreter Appendix explains how to access and use the commands Configuring What You Want the ZyAIR to Log Use the sys logs load command to load the log setting buffer that allows you to configure which logs the ZyAIR is to record Use sys logs category followed by a log category and a parameter to decide what to record Log Description l 3 ZyAIR B 500 Wireless Access Point User s Guide Chart l 4 Log Categories and Available Settings LOG CATEGORIES AVAILABLE PARAMETERS 8021x Oy Al access Oy ES error Dep Wy 25 3 icmp O 1 mten 0 1 packetfilter 0 1 remote 0 1 tcpreset 0 1 Use 0 to not record logs for that category 1 to record only logs for that category 2 to record only alerts for that category and 3 to record both logs and alerts for that category Use the sys logs save command to store the settings in the ZyAIR you must do this in order to record logs Q ategories log category Log Command Example Displaying Logs Use the sys logs display command to show all of the logs in the ZyAIR s log Use the sys logs category display command to show the log settings for all of the log Use the sys logs display log category command to show the logs in an individual ZyAIR Use the sys logs clear command to erase all of the ZyAIR s logs This example shows how to set the ZyAIR to reco
16. Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 12 6 LAN Setup ZyAIR B 500 Wireless Access Point User s Guide 12 3 2 Configuring Roaming Enable the roaming feature if you have two or more ZyAIRs on the same subnet Follow the steps below to allow roaming on your ZyAIR Step 1 From the main menu enter 3 to display Menu 3 LAN Setup Step 2 Enter 5 to display Menu 3 5 Wireless LAN Setup Menu 3 5 Wireless LAN Setup ESSID Wireless Hide ESSID No Edit MAC Address Filter No Channel ID CH06 2437MHz Edit Roaming Configuration Yes RTS Threshold 2432 Block Intra BSS Traffic No Frag Threshold 2432 Number of Associated Stations 32 WEP Encryption 64 bit WEP Output Power 17dBm Default Key 1 Preamble Long Keyl KKKKKKKK Key2 KKKKKKKK Key3 KKKKKKKK Key4 KKKKKKKK Authen Method Auto Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Figure 12 6 Menu 3 5 Wireless LAN Setup Step 3 Move the cursor to the Edit Roaming Configuration field Press SPACE BAR to select Yes and then press ENTER Menu 3 5 2 Roaming Configuration displays as shown next Menu 3 5 2 Roaming Configuration Active Yes Port 16290 Press ENTER to Confirm or ESC to Cancel Figure 12 7 Menu 3 5 2 Roaming Configuration The following table describes the fields in this menu LAN Setup 12 7
17. Select Static WEP from the Security list Wireless Security 6 5 ZyAIR B 500 Wireless Access Point User s Guide Local User MAC Filter Database Wireless Roaming l Hide ESSID Choose Channel ID RTS CTS Threshold Fragmentation Threshold 2432 MN 2432 256 2492 Security WEP Encryption 64 bit WEP Authentication Method Auto 64 bit WEP Enter 5 characters or 10 digit 0 9 AF for each Key 1 4 128 bit WEP Enter 13 characters or 26 digit 0 9 A F for each Key 1 4 Select one WEP key as an active key to encrypt wireless data transmission ASCH C Hex SC C Key2 zyxel C Key3 ayer ES C Key4 M Enable Intra BSS Traffic Number of Wireless Stations Allowed Output Power Preamble ESSID Wireless Channel 06 2437MHz or Static WEP faz a 17dBm 50mW y Long Apply Reset Figure 6 4 Wireless Static WEP The following table describes the wireless LAN security labels in this screen Wireless Security ZyAIR B 500 Wireless Access Point User s Guide Table 6 3 Wireless Static WEP LABEL DESCRIPTION Security Select Static WEP from the drop down list WEP Select 64 bit WEP or 128 bit WEP to enable data encryption Encryption Authentication Select Auto Open System or Shared Key from the drop down list box Method If WEP encryption is activated the default setting is Auto ASCII Select this optio
18. click Network Connections For Windows 2000 NT click Network and Dial up Connections amp Control Panel File Edit View Favorites Q Bach O X y Search I Folders E Address ea Control Panel Tools Help zg Vg Control Panel 2 Add Hardware B Switch to Category View o E See Also l Fonts Game Controllers Windows Update Internet Explorer Outlook Express Y Paint Files and Settings Transfer W BM Command Prompt B Acrobat Reader 4 0 Tour Windows xP QB Windows Movie Maker All Programs gt y My Documents fe My Recent Documents My Pictures 2 My Music 43 My Computer 14 Control Panel Es Printers and Faxes Y Help and Support untitled Paint 3 Right click Local Area Connection and then click Properties 3 Network Connections File Edit View Favorites Tools Advanced Help Q ra eal gt y yo Search E Folders EJ e Network Connections Network Tasks E Create a new connection Set up a home or small office network Disable this network device DN Repair this connection Rename this connection View status of this connection 2 Change settings of this connection A _ LAN or High Speed Internet Cala EE onnection CI Fast Ethernet Adapter Disable Status Repair Bridge Connections Create Shortcut Rename Setting Up Your Computer s IP
19. 1 Getting to Know Your ZyAIR ccsscssssscssscsssseccsscescesscscescesssescesceessesecsceesssssescesssessesossseeees 1 1 1 1 Introducing the ZyAIR Wireless Access Point c ooooonoocnccnccnnoccoonconoconccnnconncon nono nonn nono nonn rra nonnnrn nro 1 1 1 2 Ly AIR Feature Sien oeeie A side 1 1 3 Applications for the ZyAIR cuse a o ia 1 4 1 3 1 Internet Access Application scianie e eid sods a eee es ees 1 4 1 3 2 Corporation Network Application ccccesccesecseeseeeseesseeseceeceseceseceecesecesecnsecaeceeeaeeeneeaes 1 4 Chapter 2 Introducing the Web Configurator ccsscsssssccsscesssscssscessescssscescessssscescessscseescessscseesceseeees 2 1 2 1 Accessing the ZyAIR Web Configurator ccccecceessessceesceesceeeceeceseceaecseecaeecaeeeseeeeeeeeeeereeten 2 1 22 Resetting the Zy ATRes tect acsat ued cerned E 2 2 2 2 1 Method of Restoring Factory Defaults ccecccesccececsseesseeseeeeeeeseeeceseceseceaeceseeneeeeeeneeees 2 2 2 3 Navigating the ZyAIR Web Configurator ccccecccecscessceseceseceseceecaeecaeeeneeeeeeeeeeseeneeeneeeerenrens 2 3 Chapter 3 Wizard Setup scsccsscssscssscssscsssssscsssccssessessssssssesenessssesecessesssesssssscsscnsesnsesssessscnsesnsssseseessoeee 3 1 Sell EVA SI aa eedecesd A a ENE E valve exchetes 3 1 3 1 1 Channel streets ad es hoi do e ll a do eee ark NS el eee ath 3 1 3 1 2 ESS ID asia meee oh de 10 E Loh Seca la Ga ee E T sate tee 8 ht 3 1
20. 29 ZyAIR B 500 Wireless Access Point User s Guide Table 6 11 RADIUS LABEL DESCRIPTION Port Number Enter the port number of the external authentication server The default port number is 1812 You need not change this value unless your network administrator instructs you to do so with additional information Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the ZyAIR The key must be the same on the external authentication server and your ZyAIR The key is not sent over the network Accounting Server Active Select Yes from the drop down list box to enable user accounting through an external authentication server Server IP Address Enter the IP address of the external accounting server in dotted decimal notation Port Number Enter the port number of the external accounting server The default port number is 1813 You need not change this value unless your network administrator instructs you to do so with additional information Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the ZyAIR The key must be the same on the external authentication server and your ZyAIR The key is not sent over the network Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to begin con
21. 2Valid Cli Commands iio 18 1 Figure 18 3 Menu 24 10 System Maintenance Time and Date Setting ee cieecseeeceseeeceseeeeeeeeeeerenee 18 2 List of Figures xiii ZyAIR B 500 Wireless Access Point User s Guide List of Tables Table IU Wizard General Setir oe Rats o 3 2 Table 3 2 Wizard 2 lt Wireless LAN Setup is 3 3 Table 3 3 Private IP Address Ran G68 25 2 sas 3 5 Table 3 4 Wizard 3 IP Address Assignment ccccesscesscesseesecesecseecseeeaeeeseeneeeseeeseeeseensecaeceesaeenaeecseeeneeaas 3 6 Table 4 System General ess 4 2 Tal ADA less 4 3 A cocactece Sectieduaadecentesnecudyeckccusdesceedseane castes A ETEO A ii 4 4 Table S2 1s Wat les O NN 5 6 Table S22 Roaming tao e o a ET 5 9 Table G Wireless t a 6 4 Tabl 6 2 MAC Address Filter cta ias ia ti 6 6 Tabl 6 3 502 1x Authentication lea iE 6 10 Table 64 Local User DatabaSCiunic o losas 6 13 Table 6 RADIOS EREE EEE AEAN E ER AERA EAEE AE E 6 14 Table 7 HP UP a a ad ld 7 2 ER A ER OTEA E AE E A R E E A E dBi saseies 8 2 Pable 8 2 EE A ES S A A E A 8 4 Table Ost Status E E A E E cusses adie E A EA 9 1 Table 9 2 System Status Show Statistics c cecccesccssccsseessecssecseeeseeesecaeecseeseeeseeeeeeseeeseeeeseceseeeaecaeceeeeeeneeess 9 2 Table 923 Association AST Aida 9 4 Table A Chantel Usage A A E E E 9 5 Table 9 5 Firmware Upload MEE A E E E nn nr nor ron nr nn ran rinnninss 9 7 Table 9 6 Restore Configuration cccccceessesscesse
22. Address C 5 ZyAIR B 500 Wireless Access Point User s Guide 4 Select Internet Protocol TCP IP under the JE Local Area Connection Properties General tab in Win XP and click Properties ET General Authentication Advanced Connect using E9 Accton EN1207D TX PCI Fast Ethemet Adapter This connection uses the following items M 8 Client for Microsoft Networks v 8 File and Printer Sharing for Microsoft Networks M 23005 Packet Scheduler M Internet Protocol TCP IP Description Transmission Control Protocol Intemet Protocol The default wide area network protocol that provides communication across diverse interconnected networks C Show icon in notification area when connected 5 The Internet Protocol TCP IP Properties Internet Protocol TCP IP Properties window opens the General tab in Windows XP a General Altemate Configuration If you have a dynamic IP address click Obtain You can get IP settings assigned automatically if your network supports an IP a d dre ss aut om ati cal ly ie pia ao need to ask your network administrator for If you have a static IP address click Use the Obtain an IP address automatically following IP Address and fill in the IP address Use the following IP address Subnet mask and Default gateway fields Click Advanced gt oo Obtain DNS server address automatically Use the following DNS server addresses C 6 Setting Up Your Computer s IP Addr
23. LABEL DESCRIPTION ESSID Extended Service Set IDentity The ESSID identifies the Service Set with which a wireless station is associated Wireless stations associating to the access point AP must have the same ESSID Enter a descriptive name up to 32 printable 7 bit ASCII characters for the wireless LAN If you are configuring the ZyAIR from a computer connected to the wireless LAN and you change the ZyAIR s ESSID or WEP settings you will lose your wireless connection when you press Apply to confirm You must then change the wireless settings of your computer to match the ZyAlR s new settings 5 6 Wireless Configuration and Roaming ZyAIR B 500 Wireless Access Point User s Guide Table 5 1 Wireless LABEL DESCRIPTION Hide ESSID Select this check box to hide the ESSID in the outgoing beacon frame so a station cannot obtain the ESSID through passive scanning using a site survey tool Choose Set the operating frequency channel depending on your particular region Channel ID To manually set the ZyAIR to use a channel select a channel from the drop down list box Click MAINTENANCE and then the Channel Usage tab to open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer to peer wireless network To have the ZyAIR automatically select a channel click Scan instead Refer to the chapter on wizard setup for more information about channels
24. P0A 3226 245 70 00 A0 C5 7A 85 9A 3 28 Infra WEP CPE_5235_G3000_8 00 A0 C5 7D 26 28 6 38 Infra WEP Refresh Figure 9 4 Channel Usage The following table describes the labels in this screen Table 9 4 Channel Usage LABEL DESCRIPTION SSID This is the Service Set IDentification name of the AP in an Infrastructure wireless network or wireless station in an Ad Hoc wireless network For our purposes we define an Infrastructure network as a wireless network that uses an AP and an Ad Hoc network also known as Independent Basic Service Set IBSS as one that doesn t See the Wireless Configuration and Roaming chapter for more information on basic service sets BSS and extended service sets ESS MAC Address This field displays the MAC address of the AP in an Infrastructure wireless network It is randomly generated so ignore it in an Ad Hoc wireless network Channel This is the index number of the channel currently used by the associated AP in an Infrastructure wireless network or wireless stations in an Ad Hoc wireless network Maintenance 9 5 ZyAIR B 500 Wireless Access Point User s Guide Table 9 4 Channel Usage LABEL DESCRIPTION Signal This field displays the strength of the AP s signal If you must choose a channel that s currently in use choose one with low signal strength for minimum interference Network Mode Network mode in this screen refers to your wireless LAN infrastructur
25. System Security This chapter describes how to configure the system security on the ZyAIR 15 1 System Security You can configure the system password an external RADIUS server and 802 1x in this menu 15 1 1 System Password Menu 23 System Security 1 Change Password 2 RADIUS Server IEEE802 1x Figure 15 1 Menu 23 System Security You should change the default password If you forget your password you have to restore the default configuration file Refer to the section on changing the system password in the Introducing the SMT chapter and the section on resetting the ZyAIR in the Introducing the Web Configurator chapter 15 1 2 Configuring External RADIUS Server Enter 23 in the main menu to display Menu 23 System Security Menu 23 System Security Change Password RADIUS Server IEEE802 1x Figure 15 2 Menu 23 System Security From Menu 23 System Security enter 2 to display Menu 23 2 System Security RADIUS Server as shown next System Security 15 1 ZyAIR B 500 Wireless Access Point User s Guide Menu 23 2 System Security RADIUS Server Authentication Server Active No Server Address 10 11 12 13 Port 1812 Shared Secret Accounting Server Active No Server Address 10 11 12 13 Port 1813 Shared Secret Press ENTER to Confirm or ESC to Cancel Figure 15 3 Menu 23 2 System Security RADIUS Server The following table describes the fields in this me
26. ZyAIR B 500 Wireless Access Point User s Guide Table 12 4 Menu 3 5 2 Roaming Configuration FIELD DESCRIPTION Active Press SPACE BAR and then ENTER to select Yes to enable roaming on the ZyAIR if you have two or more ZyAlRs on the same subnet Port Type the port number to communicate roaming information between access points The port number must be the same on all access points The default is 16290 Make sure this port is not used by other services When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 12 8 LAN Setup ZyAIR B 500 Wireless Access Point User s Guide Chapter 13 Dial in User Setup This chapter shows you how to create user accounts on the ZyAIR 13 1 Dial in User Setup By storing user profiles locally your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server Follow the steps below to set up user profiles on your ZyAIR Step 1 From the main menu enter 14 to display Menu 14 Dial in User Setup Menu 14 Dial in User Setup 9 Tels 10 18 11 Lij 12 20 13 21 14 yel TBs 23 16 24 Ty Ra 34 4 De 6 Ta 8 Enter Menu Selection Number Figure 13 1 Menu 14 Dial in User Setup Step 2 Type a number and press ENTER to edit the user profile Menu 14 1 Edit D
27. ZyAIR and the computer The file name for the firmware is ras and the configuration file is rom 0 rom zero not capital o Note that the telnet connection must be active and the SMT in CI mode before and during the TFTP transfer For details on TFTP commands see following example please consult the documentation of your TFTP client program For UNIX use get to transfer from the ZyAIR to the computer put the other way around and binary to set binary transfer mode Firmware and Configuraiton File Maintenance 17 9 ZyAIR B 500 Wireless Access Point User s Guide 17 4 5 Example TFTP Command The following is an example TFTP command TFTP i host put firmware bin ras 66599 where i specifies binary image transfer mode use this mode when transferring binary files host is the ZyAIR s IP address put transfers the file source on the computer firmware bin name of the firmware on the computer to the file destination on the remote host ras name of the firmware on the ZyAIR Commands that you may see in third party TFTP clients are listed earlier in this chapter 17 10 Firmware and Configuraiton File Maintenance ZyAIR B 500 Wireless Access Point User s Guide Chapter 18 System Maintenance and Information This chapter leads you through SMT menus 24 8 and 24 10 18 1 Command Interpreter Mode The Command Interpreter CI is a part of the main system fir
28. and corresponding modulation techniques are as follows The modulation technique defines how bits are encoded onto radio waves 802 11b Data Rate Mbps Modulation 1 DBPSK Differential Binary Phase Shift Keyed 2 DQPSK Differential Quadrature Phase Shift Keying 5 5 11 CCK Complementary Code Keying The ZyAIR may be prone to RF Radio Frequency interference from other 2 4 GHz devices such as microwave ovens wireless phones Bluetooth enabled devices and other wireless LANs Output Power Management Output Power Management is the ability to set the level of output power There may be interference or difficulty with channel assignment when there is a high density of APs within a coverage area In this case you can lower the output power of each access point thus enabling you to place access points closer together Limit the number of Client Connections You may set a maximum number of wireless stations that may connect to the ZyAIR This may be necessary if for example there is interference or difficulty with channel assignment due to a high density of APs within a coverage area SSL Passthrough SSL Secure Sockets Layer uses a public key to encrypt data that s transmitted over an SSL connection Both Netscape Navigator and Internet Explorer support SSL and many Web sites use the protocol to obtain confidential user information such as credit card numbers By convention URLs that require an SSL
29. are The natural masks for class A B and C IP addresses are as follows Chart G 3 Natural Masks CLASS NATURAL MASK A 255 0 0 0 B 255 255 0 0 C 255 255 255 0 Subnetting With subnetting the class arrangement of an IP address is ignored For example a class C address no longer has to have 24 bits of network number and 8 bits of host ID With subnetting some of the host ID bits are converted into network number bits By convention subnet masks always consist of a continuous G 2 IP Subnetting ZyAIR B 500 Wireless Access Point User s Guide sequence of ones beginning from the left most bit of the mask followed by a continuous sequence of zeros for a total number of 32 bits Since the mask is always a continuous number of ones beginning from the left followed by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed by the number of bits in the mask after the address For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with mask 255 255 255 128 The following table shows all possible subnet masks for a class C address using both notations Chart G 4 Alternative Subnet Mask Notation SUBNET MASK IP ADDRESS SUBNET MASK 1 BITS LAST OCTET BIT VALUE 255 255 255 0 124 0000 0000 255 255 255 128 12
30. firewall logs Step 1 Step 2 Select menu 24 in the main menu to open Menu 24 System Maintenance Then enter 10 to go to Menu 24 10 System Maintenance Time and Date Setting to update the time and date settings of your ZyAIR as shown in the following screen Menu 24 10 System Maintenance Time and Date Setting Time Protocol NTP RFC 1305 Time Server Address 128 105 39 21 Current Time New Time hh mm ss Current Date New Date yyyy mm dd Time Zone GMT Daylight Saving No Start Date mm dd End Date mm dd Press ENTER to Confirm or ESC to Cancel Figure 18 3 Menu 24 10 System Maintenance Time and Date Setting The following table describes the fields in this menu 18 2 System Maintenance and Information ZyAIR B 500 Wireless Access Point User s Guide Table 18 1 Menu 24 10 System Maintenance Time and Date Setting FIELD DESCRIPTION Time Protocol Enter the time service protocol that your time server sends when you turn on the ZyAIR Not all time servers support all protocols so you may have to check with your ISP network administrator or use trial and error to find a protocol that works The main differences between them are the format Daytime RFC 867 format is day month year time zone of the server Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 is similar to Time RFC 868
31. is made up of four octets eight bits written in dotted decimal notation for example 192 168 1 1 IP addresses are categorized into different classes The class of an address depends on the value of its first octet gt Class A addresses have a 0 in the left most bit In a class A address the first octet is the network number and the remaining three octets make up the host ID gt Class B addresses have a 1 in the left most bit and a 0 in the next left most bit In a class B address the first two octets make up the network number and the two remaining octets make up the host ID gt Class C addresses begin starting from the left with 1 1 0 In a class C address the first three octets make up the network number and the last octet is the host ID gt Class D addresses begin with 1 1 1 0 Class D addresses are used for multicasting There is also a class E address It is reserved for future use Chart G 1 Classes of IP Addresses IP ADDRESS OCTET 1 OCTET 2 OCTET 3 OCTET 4 Class A 0 Network number Host ID Host ID Host ID Class B 10 Network number Network number Host ID Host ID Class C 110 Network number Network number Network number Host ID Host IDs of all zeros or all ones are not allowed Therefore gt A class C network 8 host bits can have 2 2 or 254 hosts gt A class B address 16 host bits can have 2 2 or 6553
32. not used by other services Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to begin configuring this screen afresh 5 10 Wireless Configuration and Roaming ZyAIR B 500 Wireless Access Point User s Guide Chapter 6 Wireless Security This chapter describes how to use the MAC Filter 802 1x Local User Database and RADIUS to configure wireless security on your ZyAIR 6 1 Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless stations access points and the wired network The figure below shows the possible wireless security levels on your ZyAIR EAP Extensible Authentication Protocol is used for authentication and utilizes dynamic WEP key exchange It requires interaction with a RADIUS Remote Authentication Dial In User Service server either on the WAN or your LAN to provide authentication service for wireless stations Unique IEEE802 1x ESSID os WA Unique with Hide MAC Server Protected ESSID ESSID Address WEP Authen Access Default Enabled Filtering Encryption tification WPA eeeeeeee ___ _ __ _ _ Least Secure Most Secure Figure 6 1 ZyAIR Wireless Security Levels If you do not enable any wireless security on your ZyAIR your network is accessible to any wireless networking device that is within range Select No Security to allow wireless stations to comm
33. obtain your IP address from the IANA from an ISP or have it assigned by a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space 3 5 2 IP Address and Subnet Mask Similar to the way houses on a street share a common street name so too do computers on a LAN share one common network number Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in selecting the IP addresses and the subnet mask If the ISP did not explicitly give you an IP network number then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established The Internet Assigned Number Authority ANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise Let s say y
34. of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS An ESSID ESS IDentification uniquely identifies each ESS All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate 5 2 Wireless Configuration and Roaming ZyAIR B 500 Wireless Access Point User s Guide l 2 M Wir eless StationA na _ la us N 4 4 AA Y e Fi s BSS 1 Wireless Station B Wireless Station C gt a a a geet a A Figure 5 3 Extended Service Set 5 2 Wireless LAN Basics Refer also to the chapter on wizard setup for more background information on Wireless LAN features such as channels 5 2 1 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not within range of each other The following figure illustrates a hidden node Both stations STA are within range of the access point AP or wireless gateway but out of range of each other so they cannot hear each other that is they do not know if the channel is currently being used Therefore they are considered hidden from each other Wireless Configuration and Roaming 5 3 ZyAIR B 500 Wireless Access Point User s Guide RTS Range CTS Range Station AP Pe _ Pa w or i a E
35. order to configure and enable 802 1x click the WIRELESS link under ADVANCED to display the Wireless screen Select 802 1x No WEP from the Security list Wireless Security 6 19 ZyAIR B 500 Wireless Access Point User s Guide Wireless MAC Filter Roaming ESSID Hide ESSID Choose Channel ID RTS CTS Threshold Fragmentation Threshold Security ReAuthentication Timer Idle Timeout Authentication Databases M Enable Intra BSS Traffic Number of Wireless Stations Allowed 32 1 32 Output Power Preamble Apply Local User Database RAMIS Wireless Channel 06 2437MHz y or p32 MN 2432 256 2432 8021x NoWEP gt h 800 fin Seconds 3600 In Seconds 17d8m 50m Long Reset Figure 6 11 Wireless 802 1x No WEP The following table describes the wireless LAN security labels in this screen Table 6 8 Wireless 802 1x No WEP LABEL DESCRIPTION Security Select 802 1x from the drop down list 6 20 Wireless Security ZyAIR B 500 Wireless Access Point User s Guide Table 6 8 Wireless 802 1x No WEP LABEL DESCRIPTION ReAuthentication Specify how often wireless stations have to reenter usernames and passwords in Timer in order to stay connected This field is activated only when you select Authentication Seconds Required in the Wireless Port Control field Enter a time interval between 10 and 9999 seconds The default t
36. reboots automatically sometimes The supplied power to the ZyAIR is too low Check that the ZyAIR is receiving enough power Make sure the power source is working properly Problems with the Ethernet Interface Chart A 2 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION Cannot access the ZyAIR from the LAN If the ETHN LED on the front panel is off check the Ethernet cable connection between your ZyAIR and the Ethernet device connected to the ETHERNET port Check for faulty Ethernet cables Make sure your computer s Ethernet adapter is installed and working properly Check the IP address of the Ethernet device Verify that the IP address and the subnet mask of the ZyAIR the Ethernet device and your computer are on the same subnet Troubleshooting ZyAIR B 500 Wireless Access Point User s Guide Chart A 2 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION cannot ping any computer on the LAN If the ETHN LED on the front panel is off check the Ethernet cable connections between your ZyAIR and the Ethernet device Check the Ethernet cable connections between the Ethernet device and the LAN computers Check for faulty Ethernet cables Make sure the LAN computer s Ethernet adapter is installed and working properly Verify that the IP address and the subnet mask of the ZyAIR the Ethernet device and the LAN computers are on t
37. rules Operation is subject to the following two conditions e This device may not cause harmful interference e This device must accept any interference received including interference that may cause undesired operations This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and the receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio TV technician for help Caution 1 To comply with FCC RF exposure compliance requirements a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons 2 This transmitter must not be co located or operating in conjunction with any oth
38. the RADIUS server has priority Idle Timeout The ZyAIR automatically disconnects a wireless station from the wired network after a period of inactivity The wireless station needs to enter the username and password again before access to the wired network is allowed The default time interval is 3600 seconds or 1 hour WPA Group Key The WPA Group Key Update Timer is the rate at which the AP if using WPA PSK Update Timer key management or RADIUS server if using WPA key management sends a new group key out to all clients The re keying process is the WPA equivalent of automatically changing the WEP key for an AP and all stations ina WLAN ona periodic basis Setting of the WPA Group Key Update Timer is also supported in WPA PSK mode The ZyAIR default is 1800 seconds 30 minutes 6 11 802 1x Overview The IEEE 802 1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management Authentication can be done using the local user database internal to the ZyAIR authenticate up to 32 users or an external RADIUS server for an unlimited number of users See also the section on RADIUS in this User s Guide 6 12 Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server This key expires when the wireless connection times out disconnects or reauthentication times out A new WEP key is generated each time reauthentication is performed
39. the ZyAIR in these address fields Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to begin configuring this screen afresh 6 17 Introduction to RADIUS RADIUS is based on a client sever model that supports authentication and accounting where access point is the client and the server is the RADIUS server The RADIUS server handles the following tasks among others e Authentication Determines the identity of the users e Accounting Keeps track of the client s network activity RADIUS user is a simple package exchange in which your ZyAIR acts as a message relay between the wireless station and the network RADIUS server Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication e Access Request Sent by an access point requesting authentication e Access Reject Sent by a RADIUS server rejecting access 6 24 Wireless Security ZyAIR B 500 Wireless Access Point User s Guide e Access Accept Sent by a RADIUS server allowing access e Access Challenge Sent by a RADIUS server requesting more information in order to allow access The access point sends a proper response from the user and then sends another Access Request message The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting e Accounting Request Sent by the acce
40. using the same ESSID channel and WEP keys if WEP encryption is activated Troubleshooting A 3 ZyAIR B 500 Wireless Access Point User s Guide Appendix B Brute Force Password Guessing Protection The following describes the commands for enabling disabling and configuring the brute force password guessing protection mechanism for the password See the Command Interpreter appendix for information on the command structure Chart B 1 Brute Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the brute force guessing password protection settings sys pwderrtm This command turns off the password s protection from brute force guessing sys pwderrtm This command sets the password protection to block all access attempts for N a number from 1 to 60 minutes after the third time an incorrect password is entered Example sys pwderrtm This command sets the password protection to block all access attempts for five minutes after the third time an incorrect password is entered By default the brute force password guessing protection is turned ON with a 3 minute wait time Brute Force Password Guessing Protection B 1 ZyAIR B 500 Wireless Access Point User s Guide Appendix C Setting up Your Computer s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP IP installed Windows 95 98 Me NT 2000 XP Mac
41. 0 Wireless Access Point User s Guide Figure 9 3 Association List The following table describes the labels in this screen Table 9 3 Association List LABEL DESCRIPTION This is the index number of an associated wireless station MAC Address This field displays the MAC address of an associated wireless station Association Time This field displays the time a wireless station first associated with the ZyAIR Refresh Click Refresh to reload the screen 9 4 Channel Usage The Channel Usage screen shows whether a channel is used by another wireless network or not If a channel is being used you should select a channel removed from it by five channels to completely avoid overlap Click MAINTENANCE and then the Channel Usage tab to display the screen as shown next Wait a moment while the ZyAIR compiles the information 9 4 Maintenance ZyAIR B 500 Wireless Access Point User s Guide Status Association List Channel Usage SSID MAC Address Network Mode FAW Upload Configuration PQA 3232 G3006_1 00 A0 C5 81 7A D0 60 Infra WEP CPE PM2 A 00 40 C5 69 30 B5 1 41 Infra WEP PQA 3232 G3005_1 00 A0 C5 7D 26 20 1 45 Infra WEP PQA3232 G3002_1 D0 A0 C5 81 7A A4 1 42 Infra WEP CPE_5243 ycchang 00 A0 C5 79 2E 46 3 50 Infra PQA 3232 G3004_1 00 A0 C5 81 7A C4 1 55 Infra WEP v 100sw3 00 30 13 65 23 89 4 31 Infra PQA 733 00 A0 C5 F5 15 29 2 21 Infra WEP
42. 1130 N Miller St Anaheim CA 92806 2001 U S A ZyXEL Deutschland GmbH Adenauerstr 20 A2 D 52146 Wuerselen Germany ZyXEL France 1 rue des Vergers Bat 1 C 69760 Limonest France ZyXEL Communications Alejandro Villegas 33 1 28043 Madrid Spain ZyXEL Communications A S Columbusvej 5 2860 Soeborg Denmark ZyXEL Communications A S Nils Hansens vei 13 0667 Oslo Norway ZyXEL Communications A S Sj porten 4 41764 G teborg Sweden Customer Support ZyAIR B 500 Wireless Access Point User s Guide SUPPORT E MAIL TELEPHONE SALES E MAIL FAX FINLAND support zyxel fi 358 9 4780 8411 sales zyxel fi 358 9 4780 8448 WEB SITE FTP SITE www zyxel fi REGULAR MAIL ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland vi ZyXEL Warranty ZyAIR B 500 Wireless Access Point User s Guide Table of Contents A sovvcsdssesuvedsecevcnaseswnghesecsuscussuieessedeshessnssesacseesss sodusousasenecssucs ii Federal Communications Commission FCC Interference Statement sccssscscssssscscssseecessseesess iii ZyXEL Limited War ranty ccccccssccscsssssscssecssssssscsssssssssscsssesssesssssssesesssssssssssssssssssssssssssesssssssesssssssees iv CUSLOMEH SUPDOT E ssssssesisevdscccssevssdsescssucduadessoanssucssssestenessssesvesse doestesesedbessosesssssaebaceg sosssetesd uchosuads sopsseusnspsbeseans v A O xi E CA O xv A NO xvii OVERVIEW A O I Chapter
43. 3 1 3 WEP Encryption lia dal ollo dad 3 1 3 2 Wizard Setup General Setup 20d ds 3 2 3 3 Wizard Setup Wireless LAN cccccsceescessceseceseceseceneceeecseeeseenaeeeneeecseessecaeenseceaeeaecseeeseeeneeses 3 3 3 4 Wizard Setup IP Address 2 0 eececcceesceesceesceeecesecsecsaecseecseeeseeeaeeeeeseeseeeesesesecnseeaeetecneeeeeeneenss 3 4 3 4 1 IP Address Assignment cccccsccessesssessceeseeseceeceseceseceeecsaecsaecsaecaeecaeeeaeseneseeeseeesereeeseneeas 3 5 3 4 2 IP Address and Subnet Mask eeceeecsssecsseeeeesecseeseceeeeceaecaeesecaeeecesecaeeeeenaeeeeeaeeeeeaeeas 3 5 3 5 gt Basic Setup 0 aa a lA i E EE to doit 3 7 SYSTEM WIRELESS AND TP icscsssdssecssctesssnssovssssaesessseoctvsssnsensssdusebesoossesessonoebssdosdedvssduacdeseondesessoseesinsensecoues Il Chapters System SCrEENS AAA O 4 1 Asli O 4 1 4 2 Configuring General Setups iii taaan 4 1 43 Configuring Password een 4 2 44 Configuring Time Seti tdi 4 3 Chapter 5 Wireless Configuration and Roaming oooooonoonnosnnonnnonnnonnconncnnncanocanocanoonnconnoon nooo noon non connconnonos 5 1 5 1 Wireless LAN Over Vi Wisin ii a hateesdeeses 5 1 5 1 1 Bs A A dao 5 1 Table of Contents vii ZyAIR B 500 Wireless Access Point User s Guide 5 1 2 Basie tor eee 5 1 5 1 3 O A ON 5 2 3 2 Wateless LAN Basi ui dad hand de dan 5 3 5 2 1 RTS GUS side acia 5 3 32 2 Fragmentation Threshold ccccccssesssessceesceseceseceecesecscesecaecaecaaecaeec
44. 4 hosts IP Subnetting G 1 ZyAIR B 500 Wireless Access Point User s Guide A class A address 24 host bits can have 2 2 hosts approximately 16 million hosts Since the first octet of a class A IP address must contain a 0 the first octet of a class A address can have a value of 0 to 127 Similarly the first octet of a class B must begin with 10 therefore the first octet of a class B address has a valid range of 128 to 191 The first octet of a class C address begins with 110 and therefore has a range of 192 to 223 Chart G 2 Allowed IP Address Range By Class CLASS ALLOWED RANGE OF FIRST OCTET ALLOWED RANGE OF FIRST OCTET BINARY DECIMAL Class A 00000000 to 01111111 0 to 127 Class B 10000000 to 10111111 128 to 191 Class C 11000000 to 11011111 192 to 223 Class D 11100000 to 11101111 224 to 239 Subnet Masks A subnet mask is used to determine which bits are part of the network number and which bits are part of the host ID using a logical AND operation A subnet mask has 32 bits each bit of the mask corresponds to a bit of the IP address If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID Subnet masks are expressed in dotted decimal notation just as IP addresses
45. 5 1000 0000 255 255 255 192 126 1100 0000 255 255 255 224 127 1110 0000 255 255 255 240 128 1111 0000 255 255 255 248 129 1111 1000 255 255 255 252 30 1111 1100 The first mask shown is the class C natural mask Normally if no mask is specified it is understood that the natural mask is being used Example Two Subnets As an example you have a class C address 192 168 1 0 with subnet mask of 255 255 255 0 NETWORK NUMBER HOST ID IP Address 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask 255 255 255 0 Subnet Mask Binary 11111111 11111111 11111111 00000000 The first three octets of the address make up the network number class C You want to have two separate networks IP Subnetting G 3 ZyAIR B 500 Wireless Access Point User s Guide Divide the network 192 168 1 0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit The borrowed host ID bit can be either 0 or 1 thus giving two subnets 192 168 1 0 with mask 255 255 255 128 and 192 168 1 128 with mask 255 255 255 128 In the following charts shaded bolded last octet bit values indicate host ID bits borrowed to form network ID bits The number of borrowed host ID bits determines the number of subnets you can have The remaining number of host ID bits after borrowing determines the number o
46. 5 4 Table 16 1 Menu 24 1 System Maintenance Status ceceeessecesecsseceeeeseeeseeeeeeeeceneeeeeeeeeeeeeeeeneeeteenaees 16 2 Table 16 2 Menu 24 2 1 System Maintenance Information ces eeeseeeceeeceeeeeceseceeeseceeesecneeeecaeeeeeneens 16 4 Table 16 3 Menu 24 4 System Maintenance Menu Diagnostic ccccceseesseesseeeceeeceeseeeeeeeceeeeeeeneeneeeaees 16 6 List of Tables XV ZyAIR B 500 Wireless Access Point User s Guide Table 17 1 Filename Convention tetonas telar 17 2 Table 17 2 General Commands for Third Party FTP ClientS oooconnccnncnnncnnonnocnnonononcnnncnnoco noc nocn nro ncnnnnnnnnnno 17 3 Table 17 3 General Commands for Third Party TFTP Clients oooonccnncciccnnonnnonconnconcconono nooo nccn non nro ncnnnonnnnnno 17 5 Table 18 1 Menu 24 10 System Maintenance Time and Date Setting conccconncnnnnccconnnnonanononnnnnconcnnonnco nens 18 3 xvi List of Tables ZyAIR B 500 Wireless Access Point User s Guide Preface Congratulations on your purchase from the ZyAIR B 500 Wireless Access Point An access point AP acts as a bridge between the wireless and wired networks extending your existing wired network without any additional wiring This User s Guide is designed to guide you through the configuration of your ZyAIR using the web configurator or the SMT Use the web configurator System Management Terminal SMT or command interpreter interface to configure your ZyAIR Not all fea
47. 500 Wireless Access Point User s Guide Warranty Information SUPPORT E MAIL SALES E MAIL WORLDWIDE support zyxel com tw sales zyxel com tw NORTH support zyxel com AMERICA sales zyxel com GERMANY support zyxel de sales zyxel de info zyxel fr FRANCE SPAIN support zyxel es sales zyxel es DENMARK support zyxel dk sales zyxel dk NORWAY support zyxel no sales zyxel no SWEDEN support zyxel se sales zyxel se Product model and serial number Date that you received your device Brief description of the problem and the steps you took to solve it TELEPHONE FAX 886 3 578 3942 886 3 578 2439 1 800 255 4101 1 714 632 0882 1 714 632 0858 49 2405 6909 0 49 2405 6909 99 33 0 4 72 52 97 97 33 0 4 72 52 19 20 34 902 195 420 34 913 005 345 45 39 55 07 00 45 39 55 07 07 47 22 80 61 80 47 22 80 61 81 46 31 744 7700 46 31 744 7701 Customer Support Please have the following information ready when you contact customer support WEB SITE FTP SITE www zyxel com www europe zyxel com ftp zyxel com ftp europe zyxel com www us zyxel com ftp us zyxel com www zyxel de de www zyxel fr www zyxel es www zyxel dk e www zyxel no www zyxel s 4 is the prefix number you enter to make an international telephone call REGULAR MAIL ZyXEL Communications Corp 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Communications Inc
48. 802 1x Static WEP LABEL DESCRIPTION Authentication The authentication database contains wireless station login information The local user Databases database is the built in database on the ZyAIR The RADIUS is an external server Use this drop down list box to select which database the ZyAIR should use first to authenticate a wireless station Before you specify the priority make sure you have set up the corresponding database correctly first Select Local User Database Only to have the ZyAIR just check the built in user database on the ZyAIR for a wireless station s username and password Select RADIUS Only to have the ZyAIR just check the user database on the specified RADIUS server for a wireless station s username and password Select Local first then RADIUS to have the ZyAIR first check the user database on the ZyAIR for a wireless station s username and password If the user name is not found the ZyAIR then checks the user database on the specified RADIUS server Select RADIUS first then Local to have the ZyAIR first check the user database on the specified RADIUS server for a wireless station s username and password If the ZyAIR cannot reach the RADIUS server the ZyAIR then checks the local user database on the ZyAIR When the user name is not found or password does not match in the RADIUS server the ZyAIR will not check the local user database and the authentication fails 6 15 Configuring 802 1x In
49. Applications 14 Dial in User Setup Enter Menu Selection Number Figure 10 4 ZyAIR B 500 SMT Main Menu 10 4 1 System Management Terminal Interface Summary Table 10 2 Main Menu Summary MENU TITLE DESCRIPTION 1 General Setup Use this menu to set up your general information 3 LAN Setup Use this menu to set up your LAN and WLAN connection 14 Dial in User Setup Use this menu to set up local user profiles on the ZyAIR 22 SNMP Configuration Use this menu to set up SNMP related parameters 23 System Security Use this menu to change your password and enable network user authentication 24 System Maintenance This menu provides system status diagnostics software upload etc 99 Exit Use this to exit from SMT and return to a blank screen Introducing the SMT 10 5 ZyAIR B 500 Wireless Access Point User s Guide 11 1 General Setup Chapter 11 General Setup The chapter shows you the information on general setup Menu 1 General Setup contains administrative and system related information shown next The System Name field is for identification purposes It is recommended you type your computer s Computer name The Domain Name entry is what is propagated to the DHCP clients on the LAN This is not a required field Leave this field blank or enter the domain name here if you know it 11 1 1 Procedure To Configure Menu 1 Step 1 Enter 1 in the Main Menu System Domain to op
50. Associated Stations 32 Output Power 17dBm Preamble Long Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Figure 12 3 Menu 3 5 Wireless LAN Setup The following table describes the fields in this menu Table 12 2 Menu 3 5 Wireless LAN Setup FIELD DESCRIPTION EXMAPLE ESSID The ESSID Extended Service Set Dentity identifies the AP to which the Wireless wireless stations associate Wireless stations associating to the AP must have the same ESSID Enter a descriptive name of up to 32 printable 7 bit ASCII characters Hide ESSID Press SPACE BAR and select Yes to hide the ESSID in the outgoing data No frame so an intruder cannot obtain the ESSID through passive scanning Chamnel ID Press SPACE BAR to select a channel This allows you to set the operating CHO01 frequency channel depending on your particular region 2412MHz RTS Setting this attribute to zero turns on the RTS CTS handshake Enter a value 2432 Threshold between 0 and 2432 Frag This is the maximum data fragment size that can be sent Enter a value 2432 Threshold between 256 and 2432 WEP Select Disable to allow wireless stations to communicate with the access Disable Encryption points without any data encryption Select 64 bit WEP or 128 bit WEP to enable data encryption LAN Setup 12 3 ZyAIR B 500 Wireless Access Point User s Guide Table 12 2 Menu 3 5 Wireless LAN Setup
51. CP ir DA QOS soc cavecs sossnses severest eadeecedse covessieseneed cosevveotes Diagnostic Tools Direct Sequence Spread Spectrum ceeeeeeeeeee D 2 Distribution System oooooconccnoccnononononnnonccnnonnonncnnncnnos D 3 ps Acuna ena ats See Distribution System See Direct Sequence Spread Spectrum Dynamic WEP Key Exchange oooooiciccicncccincononnnns 6 14 E BAP inanan inane ina 1 3 EAP Authentication F 1 6 25 MDI aa lt lA F 1 TLS F 1 TTLS F 1 ETC pts cli a aaae Ea a r Seas 6 8 Errr LOR toi 16 5 Error Information Messages Sample ii a E AAS 16 5 ESS See Extended Service Set See Extended Service Set ESS Die tots 3 1 Extended Service Set ccccccecsssscceesecesseeees D 3 5 2 Extended Service Set IDentification 5 6 F Pai 111 FHSS See Frequency Hopping Spread Spectrum Filename Conventions ooooococononicnconccononnnonncononnnonos 17 1 Firmware File Maintenance ii Gaede ees Fragment Threshold ceeecesesseeseeeeceteeneeeeees Fragmentation Threshold cceeeeeeeseeseeeeeeeeee Frequency Hopping Spread Spectrum FTP File Transfer ccceeeecceseeseeeeeeeeceeeneeeeees Index J 1 ZyAIR B 500 Wireless Access Point User s Guide General Setup coooonncnicncoconononnnonccononononnnno 3 2 4 1 11 1 Network Manage cooconoonccnononononnconocononnnonncnnonnnos 1 3 Network Topology With RADIUS Server ExampleE 2 Hidden Menus Hst
52. Change Password csccsssscssseceseceeeeecseeecceeeeceaeeaesaeeaeeeeeneees 10 2 Figure 10 3 ZyAIR B 500 SMT Menu Overview Example csccssssccsseeeceseseeesecseeecceeeeceaeeeeeaeeaeeeeeneens 10 3 Figure 10 4 ZyAIR B 500 SMT Main Menu ccc cseesessescrensessseeececsenseasscececaesassescsesasasseeesecnesasassaeeees 10 5 Figure 11 1 Menu 1 General SetUp oooooocincinonionononononconnconoconocnnonn nooo nono nonn ron nr nono nn rr nn rra n rra n ran ran r ran n nn nn narran nrnnss 11 1 Figure 12 1 Menu3 LAN SUD a ds 12 1 Figure 12 2 Menu 3 2 TCP IP Setup cccccceccsessssecessceseceeceseceneceaecseecseeeaeeeneeeeeseeesseenseseaeeseceaeceesaeenaeenaes 12 1 Figure 12 3 Menu 3 5 Wireless LAN Setup ccsesscsesscssesscsseeeeesecseeeecnececeaeceesecseesecnaeseesaeeeeaecaeeeseneeas 12 3 Figure 12 4 Menu 3 5 Wireless LAN Setup 0 eeceesecsesscsseseceseceeesecseesccneeseceaeceessecseeeecnaeseeeaeeeesaecaeeaeaeeas 12 5 Figure 12 5 Menu 3 5 1 WLAN MAC Address Filter cceecsecssscsseescesesseeeceseceeesecaeeeccnasecesaeeeeeaeeaeeaeeneees 12 6 Figure 12 6 Menu 3 5 Wireless LAN Setup cccceccceeseesscesseeseceseccecseecseeeaeeseeeseceeeseenseceaecesecaecesecaeeaeenaes 12 7 Figure 12 7 Menu 3 5 2 Roaming Configuration 0 cccccsccesccsseceseeeeeeseeeseeeseeseeeeeeeecneeceseeereneseeeneesaeenaes 12 7 Figure 13 1 Menu 14 Dial in User Setup oo ee ceeececssccssessesseeseceeesecseeeecnaeeeceaeceessecseveecnaseeeaeceesaeeaeeae
53. Chart G 12 Class C Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 Subnetting With Class A and Class B Networks For class A and class B addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID A class B address has two host ID octets available for subnetting and a class A address has three host ID octets see Chart J 1 available for subnetting The following table is a summary for class B subnet planning Chart G 13 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0 18 4 16382 3 255 255 224 0 19 8 8190 4 255 255 240 0 20 16 4094 5 255 255 248 0 21 32 2046 6 255 255 252 0 22 64 1022 7 255 255 254 0 23 128 510 8 255 255 255 0 24 256 254 IP Subnetting G 7 ZyAIR B 500 Wireless Access Point User s Guide Chart G 13 Class B Subnet Planning 31 NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 9 255 255 255 128 512 126 125
54. ESCRIPTION Name Displays the system name of your ZyAIR This information can be changed in Menu 1 General Setup Routing Refers to the routing protocol used ZyNOS F W Refers to the ZyNOS ZyXEL Network Operating System system firmware version Version ZyNOS is a registered trademark of ZyXEL Communications Corporation Country Code Refers to the country code of the firmware LAN Ethernet Address Refers to the Ethernet MAC Media Access Control of your ZyAIR IP Address This is the IP address of the ZyAIR in dotted decimal notation IP Mask This shows the subnet mask of the ZyAIR DHCP This field shows the DHCP setting of the ZyAIR When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 16 3 2 Console Port Speed You can set up different port speeds for the console port through Menu 24 2 2 System Maintenance Console Port Speed Your ZyAIR supports 9600 default 19200 38400 57600 and 115200 bps console port speeds Press SPACE BAR and then ENTER to select the desired speed in menu 24 2 2 as shown in the following figure Menu 24 2 2 System Maintenance Change Console Port Speed Console Port Speed 9600 Press ENTER to Confirm or ESC to Cancel Figure 16 5 Menu 24 2 2 System Maintenance Change Console Port Speed After you changed the console port speed o
55. FIRM or ESC to CANCEL Figure 10 2 Menu 23 1 System Security Change Password Step 4 Type your new system password in the New Password field up to 30 characters and press ENTER Step 5 Re type your new system password in the Retype to confirm field for confirmation and press ENTER 662899 Note that as you type a password the screen displays an asterisk for each character you type 10 3 ZyAIR SMT Menu Overview Example The following figure gives you an example overview of the various SMT menu screens for your ZyAIR 10 2 Introducing the SMT ZyAIR B 500 Wireless Access Point User s Guide ZyAIR B 500 Main Menu Menu 22 Menu 1 Menu 3 Sial Menu es i SNMP Menu 23 General Setup LAN Setup tal in User Setup Configuration System Security Menu 3 2 Menu14 1 Meon aa a it Dial i ystem Security TCP IP Setup Edit Dial in User Chango Passwofd Menu 3 5 1 Menu 3 5 Menu 3 5 2 Menu 23 2 WLAN MAC Wireless LAN gt Roaming System Security Address Filter Setup Configuration RADIUS Server Menu 23 4 System Security IEEE802 1x Menu 24 5 Menu 24 4 Menu 24 3 Menu 24 2 Menu 24 Backup System Maintenance System Maintenance System Information and System Configuration Diagnostic Log and Trace Console Port Speed Maintenance Menu 24 6 Menu 24 3 1 Menu 24 2 1 Menu 24 1 Restore System Ma
56. Host IDS m re n a a with E e IBS Senenin See Independent Basic Service Set TEEE 802 A iiaii Deployment Issues Security Flaws TREE 802 liura ca ts AdVantages coococcconccononnnonnconocnnonnnnnncn nooo nonnnnnncn nono R Independent Basic Service Set we Infrastructure Configuration oo seeetereeeeeees Internet decessi anr EAEn Internet Access Rate Internet Security Gateway eee RECOIL VIM E ra 2 Sia seat ie EE E E IP Address c eee 3 6 3 7 7 1 12 2 16 4 16 6 Transmission IP Addressing eeseeseeeee ronca noria G 1 Related Documentation cceccseseeeceteeneeeeeeees xvii A E G 1 Remote Authentication Dial In User Service See RADIUS L Remote Node seansi iter 16 2 Required fields iii as 10 4 Link Pura a 16 2 Restore Local User Database ooooonocnocniccnccnononoconnnoncconocnconos 6 26 Restore Configuration oooooonccncnncnconocononnnnnnconocnnonos 17 5 Log anid Trace ss csccccsccvcssssscscsccsevecsssserdeseeasessnsed ooes A sodcesedeasvucestesensedcesede D 1 Log Descriptions Roaming OU Example coococncnnconoconoconnnoncnaccononnnonnnonnconoonnonncnnncnnos 5 9 Requirements cti 5 9 M RTS Threshold coooooonicnccicocicononcnnonononncnconinonon 5 3 12 3 MAC Address Filter Acti0M oooooncoinc 6 24 12 6 S MAC Address Filtering ooooonconncnocnnononcnncncnncononnos 12 5 MAC Filtrar 6 22 Main Menu Management Information Base MIB MDI cdo dd on SNMP J 2 Index
57. IR first check the user database on the ZyAIR for a wireless station s username and password If the user name is not found the ZyAIR then checks the user database on the specified RADIUS server Select RADIUS first then Local to have the ZyAIR first check the user database on the specified RADIUS server for a wireless station s username and password If the ZyAIR cannot reach the RADIUS server the ZyAIR then checks the local user database on the ZyAIR When the user name is not found or password does not match in the RADIUS server the ZyAIR will not check the local user database and the authentication fails Wireless Security 6 21 ZyAIR B 500 Wireless Access Point User s Guide Once you enable user authentication you need to specify an external RADIUS server or create local user accounts on the ZyAIR for authentication 6 16 MAC Filter The MAC filter screen allows you to configure the ZyAIR to give exclusive access to up to 32 devices Allow Association or exclude up to 32 devices from accessing the ZyAIR Deny Association Every Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to know the MAC address of the devices to configure this screen To change your ZyAIR s MAC Filter settings click the WIRELESS link under ADVANCED and then the MAC Filter tab The scree
58. If they do not match it is assumed that the data has been tampered with and the packet is dropped By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism MIC TKIP makes it much more difficult to decode data on a Wi Fi network than WEP making it difficult for an intruder to break into the network The encryption mechanisms used for WPA and WPA PSK are the same The only difference between the two is that WPA PSK uses a simple common password instead of user specific credentials The common password approach makes WPA PSK susceptible to brute force password guessing attacks but it s still an improvement over WEP as it employs an easier to use consistent single alphanumeric password 6 6 WPA PSK Application Example A WPA PSK application looks as follows Step 1 First enter identical passwords into the AP and all wireless clients The Pre Shared Key PSK must consist of between 8 and 63 ASCII characters including spaces and symbols Step 2 The AP checks each client s password and only allows it to join the network if it matches its password Step 3 The AP derives and distributes keys to the wireless clients Step 4 The AP and wireless clients use the TKIP encryption process to encrypt data exchanged between them 6 8 Wireless Security ZyAIR B 500 Wireless Access Point User s Guide Internet A Figure 6 5 WPA PSK Authentication 6 7 Configuri
59. KKK Key3 KKKKKKKK Key4 KKKKKKKK Authen Method Auto Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Figure 12 4 Menu 3 5 Wireless LAN Setup Step 3 In the Edit MAC Address Filter field press SPACE BAR to select Yes and press ENTER Menu 3 5 1 WLAN MAC Address Filter displays as shown next LAN Setup 12 5 ZyAIR B 500 Wireless Access Point User s Guide Menu 3 5 1 WLAN MAC Address Filter Active No Filter Action Allowed Association Enter here to CONFIRM ESC to CANCEL Figure 12 5 Menu 3 5 1 WLAN MAC Address Filter The following table describes the fields in this menu Table 12 3 Menu 3 5 1 WLAN MAC Address Filter FIELD DESCRIPTION Active To enable MAC address filtering press SPACE BAR to select Yes and press ENTER Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table To deny access to the ZyAIR press SPACE BAR to select Deny Association and press ENTER MAC addresses not listed will be allowed to access the ZyAIR The default action Allowed Association permits association with the ZyAIR MAC addresses not listed will be denied access to the ZyAIR MAC Address Filter 1 32 Enter the MAC addresses in XX XX XX XX XX XX format of the client computers that are allowed or denied access to the ZyAIR in these address fields When you have completed this menu press ENTER at the prompt
60. Select Manual to enter the new time and new date manually Time Server Address Enter the IP address or domain name of your time server Check with your ISP network administrator if you are unsure of this information Current Time This field displays an updated time only when you reenter this menu New Time Enter the new time in hour minute and second format This field is available when you select Manual in the Time Protocol field Current Date This field displays an updated date only when you re enter this menu New Date Enter the new date in year month and day format This field is available when you select Manual in the Time Protocol field Time Zone Press SPACE BAR and then ENTER to set the time difference between your time zone and Greenwich Mean Time GMT Daylight Saving Daylight Saving Time is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daylight time in the evenings If you use daylight savings time then choose Yes Start Date Enter the month and day that your daylight savings time starts on if you selected Yes in the Daylight Saving field End Date Enter the month and day that your daylight savings time ends on if you selected Yes in the Daylight Saving field Once you have filled in this menu press ENTER at the message Press ENTER to Confirm or ESC to Cancel to save your configu
61. System Maintenance Change Console Port Speed 16 4 Figure 16 6 Menu 24 3 System Maintenance Log and Trace 0 e ee ecseseesseeceseeeeeecseesceneeeeceaeceeeseeaeeeeeneees 16 5 Figure 16 7 Sample Error and Information Messages ccsccssssssesecseeeseeseeeceaeceeesecseesecnaeeeceaeceesaeeaeeaeeneeas 16 5 Figure 16 8 Menu 24 4 System Maintenance Diagnostic ee ceescseescsseeeceseceeesecseecesecaeeseceeeeecaeeaseneeas 16 6 Figure 17 1 Menu 24 5 Backup Configuration cccccccccesccesecsseceseesceeseeeseeeseeseesseessecesecnseeaeeaeenaeeeeeaeenaes 17 2 Figure 7 2 FTP Session Example ooo can 17 3 Figure 17 3 Menu 24 6 Restore Configuration oooncooocnonocononooncnncnncononononan nono nono no conc on non n on non coronan nara nannancnn cines 17 6 Figure 17 4 Menu 24 7 System Maintenance Upload Firmware oooonconncccnconoconononnnnnonncnnonnconononona noc nn nonernnnos 17 6 Figure 17 5 Menu 24 7 1 System Maintenance Upload System Firmware ooooocccocncccnncnnnononononanononncnncnnonos 17 7 Figure 17 6 Menu 24 7 2 System Maintenance Upload System Configuration File oooooonccnionnccinommmm 17 8 Figure 17 7 ETP Session Example si iusence ien ist pectin a e e a eaa iera isa b io pe Die touts 17 9 Figure 18 1 Menu 24 System Maintenance ccseesccssssscssesecesecseesecseesecneecceaeceessecaeeeccnaeeeeaeceseeseaeeaeeaeeas 18 1 xii List of Figures ZyAIR B 500 Wireless Access Point User s Guide Figu re 18
62. Type your subnet mask in the Subnet mask box Type the IP address of your ZyAIR in the Router address box Click Apply Now and close the window 6 Turn on your ZyAIR and restart your computer if prompted Verifying Your Computer s IP Address Check your TCP IP properties in the Network window Setting Up Your Computer s IP Address C 11 ZyAIR B 500 Wireless Access Point User s Guide Appendix D Wireless LAN and IEEE 802 11 A wireless LAN WLAN provides a flexible data communications system that you can use to access various services navigating the Internet email printer services etc without the use of a cabled connection In effect a wireless LAN environment provides you the freedom to stay connected to the network while roaming around in the coverage area WLAN is not available on all models Benefits of a Wireless LAN Wireless LAN offers the following benefits 1 It provides you with access to network services in areas otherwise hard or expensive to wire such as historical buildings buildings with asbestos materials and classrooms 2 It provides healthcare workers like doctors and nurses access to a complete patient s profile on a handheld or notebook computer upon entering a patient s room 3 It allows flexible workgroups a lower total cost of ownership for workspaces that are frequently reconfigured 4 It allows conference room users access to the network as they move from meeting
63. User Database Only Press ENTER to Confirm or ESC to Cancel Figure 15 5 Menu 23 4 System Security IEEE802 1x The following table describes the fields in this menu Table 15 2 Menu 23 4 System Security IEEE802 1x FIELD DESCRIPTION Wireless Port Press SPACE BAR and select a security mode for the wireless LAN access trol r Contro Select No Authentication Required to allow any wireless stations access to your wired network without entering usernames and passwords This is the default setting Selecting Authentication Required means wireless stations have to enter usernames and passwords before access to the wired network is allowed Select No Access Allowed to block all wireless stations access to the wired network The following fields are not available when you select No Authentication Required or No Access Allowed ReAuthentica tion Specify how often a wireless station has to re enter username and password to stay Timer connected to the wired network seconds This field is activated only when you select Authentication Required in the Wireless Port Control field Enter a time interval between 10 and 9999 in seconds The default time interval is 1800 seconds or 30 minutes 15 4 System Security ZyAIR B 500 Wireless Access Point User s Guide Table 15 2 Menu 23 4 System Security IEEE802 1x FIELD DESCRIPTION Idle Timeout The ZyAIR automatically disconnects a wir
64. Wireless LAN Setup The following table describes the labels in this screen Table 3 2 Wizard 2 Wireless LAN Setup LABEL DESCRIPTION Wireless LAN Setup ESSID Enter a descriptive name up to 32 printable 7 bit ASCII characters for the wireless LAN If you change this field on the ZyAIR make sure all wireless stations use the same ESSID in order to access the network Wizard Setup 3 3 ZyAIR B 500 Wireless Access Point User s Guide Table 3 2 Wizard 2 Wireless LAN Setup LABEL DESCRIPTION Choose Channel To manually set the ZyAIR to use a channel select a channel from the drop down list ID box Open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer to peer wireless network To have the ZyAIR automatically select a channel click Scan instead Scan Click this button to have the ZyAIR automatically scan for and select a channel with the least interference Security The level of Security can be selected as none basic or extended Choose No security to have no wireless LAN security configured and proceed to the ISP Parameters for Internet Access screen Choose Basic security if you want to configure WEP Encryption parameters Choose Extend security to configure a Pre Shared Key The third screen varies depending on which security level you select Back Click Back to return to the previous screen Next Click Next to conti
65. ZyAIR B 500 Wireless Access Point User s Guide Version 3 50 June 2004 ZyXEL Unleash Networking Power ZyAIR B 500 Wireless Access Point User s Guide Copyright Copyright 2004 by ZyXEL Communications Corporation The contents of this publication may not be reproduced in any part or as a whole transcribed stored in a retrieval system translated into any language or transmitted in any form or by any means electronic mechanical magnetic optical chemical photocopying manual or otherwise without the prior written permission of ZyXEL Communications Corporation Published by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners ii Copyright ZyAIR B 500 Wireless Access Point User s Guide Federal Communications Commission FCC Interference Statement This device complies with Part 15 of FCC
66. ZyAIR B 500 Wireless Access Point User s Guide Community inoue hati Suachadiedhe ches 14 3 Configuration 14 2 Gotas we 14 2 GetNext 14 2 Manager MIBs Elliot talado EST O desde Traps Trusted Host cti dialogo Leeds 14 3 Subnet Mask cocccnnnnninnonccncononnnss Subnet Masks Subnetting sccccc cevccesecerennsesddvsedscedecetectecensecenectaveses Supporting Disk cccccceececesecseeeeeeeeceeeneeeeeeeees xvil System Console Port Speed 16 4 Diagnostic 08 16 5 Log and Trace 16 5 System Information w 16 3 System Status au 16 1 Time and Date we 18 2 System Information ooonocinnincninncnc 16 3 System Information amp Diagnosis ooconocninninnnn 16 1 System Maintenance 16 1 16 3 17 2 17 4 17 5 17 6 17 9 18 1 18 2 18 3 System Management Terminal eee eee 10 4 ANA NE A 4 2 T TCP IP nianna Nish 16 6 TFTP File Transfer cee cceeeecreeeeseeeseneneeeees 17 9 Time and Date Setting z II A oiie A NN Trace Records Transport Layer Security ocoooonocnoccnonocnconanononns See TLS Troubleshooting Accessing ZyAIR cccecescseeseeseeseceeeeees A 2 A 3 Ethernet Port U Upload Firmware ccccccecscsescesecseeeeceseeeeceseeneees User Authentication User Profile mucosas dirias vV Valid CI Commands cooconocccnoncconcconononnnocnnocononinnco 18 1 WEP Encryption Wi Fi Pro
67. a ME Setting cias at dales ss 4 4 Figure 5 IBSS Ad h t Wireless LAN ains E a E A ae 5 1 Figure 5 2 Basie Service Setan na a a a a a a a aa aa obs 5 2 Fig re5 3 Extended Service el socio a a a a ata Meee Maver N 5 3 tenita kele A eA S CLS ER EE E hes N EET SN PE EET E 5 4 Figure Ss Wireless ii n a os aa o a a A a 5 5 Figure 5 6 Roaming Example 0 ccccccsscesseessessceescesecesecesccaecuaecsaecseecaeecaeeeaeseeesseeseeeseeeeaeceaecnaeeaseceeeeeeneeens 5 7 Fi te AROMA iii da 5 8 Figure 6 1 ZyAIR Wireless Security Levels ececcesssssesecseeeeceeeeecaeeecesecseesecneseceaeeeesaecaeesecneseenaeeeeeaeeates 6 1 Figure 6 2 WEP Authentication Steps ceccesecsseccesesseesecseesecseeeecsaeeeeesecaeeeecneesessecneeseceaeeeeaecatenaeeneaesates 6 2 Figure 623 WAT ClESS gt ita E EA a E laden at tesserae 6 3 Figure 6 4 MAC Address Filter seiceanna siantan aeaaaee airian aaaeaii aiaiaaeo ated 6 5 Figure 6 5 EAP Authentication A Ae 6 8 Fig re 6 6 802 1x Authentication A AA A aaa aa Ai 6 9 Figure 6 7 Local User Database iii asias 6 12 Figure 628 RADIUS ienien renin e RnR EE EC E N EARR ER A RE EE 6 13 Figure 7 1 Md A ao 7 2 EISUTES VI LI A a 8 1 Figure 8 2 Log Si at 8 3 Fig te DEl Syd iia 9 1 Figure 9 2 System Status Show Statistics cccsscssessssscseseeceseeeeesecseeeeesecaeseeceeeeeceaeeeessecaeeseseeseesaeeeesaeeaees 9 2 Fistire 9 3 Association List ai A A aia 9 4 Figure 9 4 Chatinel Us alii is eh Rise te a ade E 9 5 Fig
68. ables remote configuration and management of your ZyAIR 1 2 ZyAIR Features The following sections describe the features of the ZyAIR 10 100M Auto negotiating Ethernet Fast Ethernet Interface This auto negotiating feature allows the ZyAIR to detect the speed of incoming transmissions and adjust appropriately without manual intervention It allows data transfer of either 10 Mbps or 100 Mbps in either half duplex or full duplex mode depending on your Ethernet network 10 100M Auto crossover Ethernet Fast Ethernet Interface The LAN interface automatically adjusts to either a crossover or straight through Ethernet cable Reset Button The ZyAIR reset button is built into the top panel Use this button to restore the factory default password to 1234 IP address to 192 168 1 2 subnet mask to 255 255 255 0 Brute Force Password Guessing Protection The ZyAIR has a special protection mechanism to discourage brute force password guessing attacks on the ZyAIR s management interfaces You can specify a wait time that must expire before entering a fourth password after three incorrect passwords have been entered Please see the appendix for details about this feature Getting to Know Your ZyAIR 1 1 ZyAIR B 500 Wireless Access Point User s Guide 802 11b Wireless LAN Standard ZyAIR products containing the letter B in the model name such as ZyAIR B 1000 ZyAIR B 500 comply with the 802 11b wireless standard The 802 11b data rate
69. aeecaeseneeeeeeneeensenaeens 5 4 3 3 Configuring Wireless Leas devas aasa ea ase eias andana 5 5 5 4 Configuring Roaming ceeccesccesecesecsseceeeseecseeeneeeeeseceseceseceaecsaeseeceeesaeesaeceaeceecaeeeaeeeneenetees 5 6 5 4 1 Requirements for Roaming ccecceesseescesseeseeeeceeccesecesecesecsaecsaecseecseeeseeeseeeeeseeesereeeesereees 5 8 Chapter 6 Wireless AA O ANO 6 1 6 1 Wireless Security OVervieW ccccesccesecesecscecseeseesseeseceeceseeseeeeeeseensecesecsaecsaecnaecaeecaeecaeeeneenneees 6 1 O22 WEP OVERVICW E scenes da dd Rs 6 1 6 2 1 Data Encryption 52 42 4 dabas dete ida 6 1 6 2 2 ANECA OA ti A a aii 6 2 6 3 Configuring WEP EncryptiOM oocccocociocnoninononnnnnncnnncnoncn nono noco nono n ron n ron nr on nr nn rr rra nn rr rra raras 6 3 64 MAC Bilter ii ie ad atada tie 6 4 II LI NN 6 6 6 6 Introduction to RADIUS ii tie 6 6 6 6 1 EAP Authentication OVerview ccscccscesssesseessceesceeceseceseceecsecsaeceaecaaecaeecaeeeseeneeseeeeerenatens 6 7 6 7 Dynamic WEP Key Exchange ccccessssssesseessesssesseessesseessesscesnssonecossensesnsesnsensessseensesssssseess 6 8 6 8 Introduction to Local User Database cceccecccesseessesscesseeeseeseceseceaecaeceaecaeecaeeeaeeeaeeeeeseeeeerenarees 6 9 6 9 Configtiring 802 1K AAA A dst E E 6 9 6 10 Configuring Local User Database cceccecccsscesseesseesseseceeceeseeeeeeeeescessecnseenseceaeenaecaeseeeaeeenes 6 11 6 11 Configuri
70. age areas Wireless stations can still associate with other APs even if you disable roaming Enabling roaming ensures correct traffic forwarding bridge tables are updated and maximum AP efficiency The AP deletes records of wireless stations that associate with other APs Non ZyXEL APs may not be able to perform this 802 1x authentication information is not exchanged at the time of writing 5 8 Wireless Configuration and Roaming ZyAIR B 500 Wireless Access Point User s Guide Pa Ve oi e N g pa FA m N y gt G AP 1 A AP 2 H H pl H p i ry Mn A i H 3 Coverage 1 1 Wireless Station X y H Area of AP 2 4 U Coverage A X 7 Area of AP 1 TOTT on J Pas Wireless Station Y e Wireless Station Y ae Tag ae Se ae gt a Gag san a oo A a Figure 5 6 Roaming Example The steps below describe the roaming process Step 1 As wireless station Y moves from the coverage area of access point AP 1 to that of access point AP 2 it scans and uses the signal of access point AP 2 Step 2 Access point AP 2 acknowledges the presence of wireless station Y and relays this information to access point AP 1 through the wired LAN Step 3 Access point AP 1 updates the new position of wireless station Step 4 Wireless station Y sends a request to access point AP 2 for reauthentication 5 5 1 Requirements for Roaming The following
71. also use the UP DOWN arrow keys to move to the previous keys and the next field respectively Entering Type in or press You need to fill in two types of fields The first requires you to type information SPACE BAR then in the appropriate information The second allows you to cycle press ENTER through the available choices by pressing SPACE BAR Required fields lt gt or ChangeMe All fields with the symbol lt gt must be filled in order to be able to save the new configuration All fields with ChangeMe must not be left blank in order to be able to save the new configuration N A fields lt N A gt Some of the fields in the SMT will show a lt N A gt This symbol refers to an option that is Not Applicable Save your ENTER Save your configuration by pressing ENTER at the message configuration Press ENTER to confirm or ESC to cancel Saving the data on the screen will take you in most cases to the previous menu Exit the SMT Type 99 then press Type 99 at the main menu prompt and press ENTER to exit the SMT interface After you enter the password the SMT displays the main menu as shown next 10 4 Introducing the SMT ZyAIR B 500 Wireless Access Point User s Guide Copyright c 1994 2004 ZyXEL Communications Corp ZyAIR B 500 Main Menu Getting Started Advanced Management 1 General Setup 22 SNMP Configuration 3 LAN Setup 23 System Security 24 System Maintenance Advanced
72. ame up to 31 characters for this user profile Password Type a password up to 31 characters for this user profile Note that as you type a password the screen displays a for each character you type Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to begin configuring this screen afresh 6 20 Configuring RADIUS Configure the RADIUS screen if you want to authenticate wireless users using an external server To set up your ZyAIR s RADIUS server settings click the WIRELESS link under ADVANCED and then the RADIUS tab The screen appears as shown 6 28 Wireless Security ZyAIR B 500 Wireless Access Point User s Guide Wireless MAC Filter Roaming ocal User RADIUS Authentication Server Active No Server IP Address 0 0 0 0 Port Number h812 Shared Secret Accounting Server Active No y Server IP Address 0 0 0 0 Port Number 1813 Shared Secret Apply Reset Figure 6 15 RADIUS The following table describes the labels in this screen Table 6 11 RADIUS LABEL DESCRIPTION Authentication Server Active Select Yes from the drop down list box to enable user authentication through an external authentication server Select No to enable user authentication using the local user profile on the ZyAIR Server IP Address Enter the IP address of the external authentication server in dotted decimal notation Wireless Security 6
73. and or immediate alerts the ZyAIR is to send An alert is a type of log that warrants more serious attention Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts are displayed in red and logs are displayed in black 8 2 Logs Screens ZyAIR B 500 Wireless Access Point User s Guide View Log Log Settings Address Info Outgoing SMTP Mail Server Server NAME or IP Address Mail Subject Send log to Evil Address Send alerts to E Mail Address Syslog Logging Active Syslog IP Address 0 0 0 0 ae or IP Log Facility Local 1 Send Log Log Schedule When Log is Full gt Day for Sending Log Sunday y Time for Sending Log lo hour fi minute Clear log after sending mail Log Send immediate alert l System Maintenance l System Errors System Errors 802 1x Wireless Reset Figure 8 2 Log Settings The following table describes the labels in this screen Logs Screens 8 3 ZyAIR B 500 Wireless Access Point User s Guide Table 8 2 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e mail addresses specified below If this field is left blank logs and alert messages will not be sent via e mail Mail Subject Type a title that you want to be in the subject l
74. as 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp 327680 bytes sent in 1 10Seconds 297 89Kbytes sec ftp gt quit Figure 17 7 FTP Session Example More commands that you may find in third party FTP clients are listed earlier in this chapter 17 4 4 TFTP File Upload The ZyAIR also supports the up downloading of the firmware and the configuration file using TFTP Trivial File Transfer Protocol over LAN Although TFTP should work over WAN as well it is not recommended To use TFTP your computer must have both telnet and TFTP clients To transfer the firmware and the configuration file follow the procedure shown next Step 1 Use telnet from your computer to connect to the ZyAIR and log in Because TFTP does not have any security checks the ZyAIR records the IP address of the telnet client and accepts TFTP requests only from this address Step 2 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance Step 3 Enter the command sys stdio 0 to disable the SMT timeout so the TFTP transfer will not be interrupted Enter command sys stdio 5 to restore the five minute SMT timeout default when the file transfer is complete Step 4 Launch the TFTP client on your computer and connect to the ZyAIR Set the transfer mode to binary before starting data transfer Step 5 Use the TFTP client see the example below to transfer files between the
75. configuration via FTP or TFTP to your ZyAIR The preferred method is FTP Note that this function erases the current configuration before restoring the previous backup configuration please do not attempt to restore unless you have a backup configuration stored on disk To restore configuration using FTP or TFTP is the same as uploading the configuration file please refer to the following sections on FTP and TFTP file transfer for more details The ZyAIR restarts automatically after the file transfer is complete Firmware and Configuraiton File Maintenance 17 5 ZyAIR B 500 Wireless Access Point User s Guide Menu 24 6 Restore Configuration To transfer the firmware and the configuration file follow the procedure below Launch the FTP client on your workstation Type open and the IP address of your router Then type root and SMT password as requested Type put backupfilename rom 0 where backupfilename is the name of your backup configuration file on your workstation and rom spt is the Remote file name on the router This restores the configuration to your router 4 The system reboots automatically after a successful file transfer For details on FTP commands please consult the documentation of your FTP client program For details on restoring using TFTP note that you must remain in the menu to back up using TFTP please see your router manual Press ENTER to Exit Figure 17 3 Menu 24 6 Restore Confi
76. connection start with https instead of http The ZyAIR allows SSL connections to take place through the ZyAIR Wireless LAN MAC Address Filtering Your ZyAIR checks the MAC address of the wireless station against a list of allowed or denied MAC addresses 1 2 Getting to Know Your ZyAIR ZyAIR B 500 Wireless Access Point User s Guide WEP Encryption WEP Wired Equivalent Privacy encrypts data frames before transmitting over the wireless network to help keep network communications private Wi Fi Protected Access Wi Fi Protected Access WPA is a subset of the IEEE 802 111 security specification draft Key differences between WPA and WEP are user authentication and improved data encryption IEEE 802 1x Network Security The ZyAIR supports the IEEE 802 1x standard to enhance user authentication Use the built in user profile database to authenticate up to 32 users using MDS encryption Use an EAP compatible RADIUS RFC2138 2139 Remote Authentication Dial In User Service server to authenticate a limitless number of users using EAP Extensible Authentication Protocol EAP is an authentication protocol that supports multiple types of authentication SNMP SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices SNMP is a member of the TCP IP protocol suite Your ZyAIR supports SNMP agent functionality which allows a manger station to manage and monit
77. d upgrades for the system software This chapter describes how to use these tools in detail Type 24 in the main menu and press ENTER to open Menu 24 System Maintenance as shown in the following figure Menu 24 System Maintenance System Status System Information and Console Port Speed Log and Trace Diagnostic Backup Configuration Restore Configuration Upload Firmware Command Interpreter Mode ie Lo Se 4 De 6 Ta 8 m o Time and Date Setting Enter Menu Selection Number Figure 16 1 Menu 24 System Maintenance 16 2 System Status The first selection System Status gives you information on the status and statistics of the ports as shown next System Status is a tool that can be used to monitor your ZyAIR Specifically it gives you information on your Ethernet and Wireless LAN status number of packets sent and received To get to System Status type 24 to go to Menu 24 System Maintenance From this menu type 1 System Status There are two commands in Menu 24 1 System Maintenance Status Entering 9 resets the counters pressing ESC takes you back to the previous screen System Information and Diagnosis 16 1 ZyAIR B 500 Wireless Access Point User s Guide The following table describes the fields present in Menu 24 1 System Maintenance Status which are read only and meant for diagnostic purposes Menu 24 1 System Maintenance Status 00 15 56 Sat Jan 01 2000
78. dditional information Shared Secret Specify a password up to 31 alphanumeric characters as the key to be shared between the external accounting server and the access points The key is not sent over the network This key must be the same on the external accounting server and ZyAIR When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 15 1 3 IEEE 802 1x The IEEE 802 1x standards outline enhanced security methods for both the authentication of wireless stations and encryption key management Follow the steps below to enable EAP authentication on your ZyAIR Step 1 From the main menu enter 23 to display Menu23 System Security Menu 23 System Security 1 Change Password 2 RADIUS Server 4 IEEE802 1X Figure 15 4 Menu 23 System Security Step 2 Enter 4 to display Menu 23 4 System Security IEEE802 1x System Security 15 3 ZyAIR B 500 Wireless Access Point User s Guide Menu 23 4 System Security IEEE802 1x Wireless Port Control Authentication Required ReAuthentication Timer in second 1800 Idle Timeout in second 3600 Key Management Protocol 802 1x Dynamic WEP Key Exchange Disable PSK N A Data Privacy for Broadcast Multicast packets N A WPA Broadcast Multicast Key Update Timer N A Authentication Databases Local
79. downloading of the firmware and the configuration file using TFTP Trivial File Transfer Protocol over LAN Although TFTP should work over WAN as well it is not recommended To use TFTP your computer must have both telnet and TFTP clients To backup the configuration file follow the procedure shown next Step 1 Use telnet from your computer to connect to the ZyAIR and log in Because TFTP does not have any security checks the ZyAIR records the IP address of the telnet client and accepts TFTP requests only from this address Step 2 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance Step 3 Enter command sys stdio 0 to disable the SMT timeout so the TFTP transfer will not be interrupted Enter command sys stdio 5 to restore the five minute SMT timeout default when the file transfer is complete Step 4 Launch the TFTP client on your computer and connect to the ZyAIR Set the transfer mode to binary before starting data transfer Step 5 Use the TFTP client see the example below to transfer files between the ZyAIR and the computer The file name for the configuration file is rom 0 rom zero not capital o Note that the telnet connection must be active and the SMT in CI mode before and during the TFTP transfer For details on TFTP commands see following example please consult the documentation of your TFTP client program For UNIX use get to transfer from the ZyAIR to the co
80. e refer to the Wireless LAN chapter and WEP setup Network modes are Infra infrastructure Infra WEP Infrastructure with WEP encryption is enabled Ad Hoc or Ad Hoc WEP Refresh Click Refresh to reload the screen 9 5 F W Upload Screen Find firmware at www zyxel com in a file that usually uses the system model name with a bin extension e g zyair bin The upload process uses HTTP Hypertext Transfer Protocol and may take up to two minutes After a successful upload the system will reboot See the Firmware and Configuration File Maintenance chapter for upgrading firmware using FTP TFTP commands Click MAINTENANCE and then F W Upload to display the screen as shown Follow the instructions in this screen to upload firmware to your ZyAIR Status Association List Channel Usage ad Configuration Restart Figure 9 5 Firmware Upload The following table describes the labels in this screen 9 6 Maintenance ZyAIR B 500 Wireless Access Point User s Guide Table 9 5 Firmware Upload LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it Browse Click Browse to find the bin file you want to upload Remember that you must decompress compressed zip files before you can upload them Upload Click Upload to begin the upload process This process may take up to two minutes Do not
81. e Shared Key that only requires a single identical password entered into each access point wireless gateway and wireless client As long as the passwords match a client will be granted access to a WLAN Wireless Security 6 7 ZyAIR B 500 Wireless Access Point User s Guide 6 5 2 Encryption WPA improves data encryption by using Temporal Key Integrity Protocol TKIP Message Integrity Check MIC and IEEE 802 1x Temporal Key Integrity Protocol TKIP uses 128 bit keys that are dynamically generated and distributed by the authentication server It includes a per packet key mixing function a Message Integrity Check MIC named Michael an extended initialization vector IV with sequencing rules and a re keying mechanism TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice The RADIUS server distributes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the pair wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients This all happens in the background automatically The Message Integrity Check MIC is designed to prevent an attacker from capturing data packets altering them and resending them The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC
82. e TCP IP protocol and Client for Microsoft Networks Setting Up Your Computer s IP Address C 1 ZyAIR B 500 Wireless Access Point User s Guide If you need the adapter a In the Network window click Add b Select Adapter and then click Add Cc Select the manufacturer and model of your network adapter and then click OK If you need TCP IP a In the Network window click Add b Select Protocol and then click Add c Select Microsoft from the list of manufacturers d Select TCP IP from the list of network protocols and then click OK If you need Client for Microsoft Networks a Click Add b Select Client and then click Add c Select Microsoft from the list of manufacturers d Select Client for Microsoft Networks from the list of network clients and then click OK e Restart your computer so the changes you made take effect In the Network window Configuration tab select your network adapter s TCP IP entry and click Properties C 2 Setting Up Your Computer s IP Address ZyAIR B 500 Wireless Access Point User s Guide 1 Click the IP Address tab TCP IP Properties If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields 2 Click the DNS Configuration tab If you do not know your DNS information select Disable DNS If you know your DNS i
83. e ras where firmwarefilename is the name of your firmware upgrade file on your workstation and ras is the remote file name on the system The system reboots automatically after a successful firmware upload For details on FTP commands please consult the documentation of your FTP client program For details on uploading system firmware using TFTP note that you must remain on this menu to upload system firmware using TFTP please see your manual Press ENTER to Exit Figure 17 5 Menu 24 7 1 System Maintenance Upload System Firmware 17 4 2 Configuration File Upload You see the following screen when you telnet into menu 24 7 2 Firmware and Configuraiton File Maintenance 17 7 ZyAIR B 500 Wireless Access Point User s Guide Menu 24 7 2 System Maintenance Upload System Configuration File To upload the system configuration file follow the procedure below Launch the FTP client on your workstation Type open and the IP address of your system Then type root and SMT password as requested Type put configurationfilename rom 0 where configurationfilename is the name of your system configuration file on your workstation which will be transferred to the rom 0 file on the system The system reboots automatically after the upload system configuration file process is complete For details on FTP commands please consult the documentation of your FTP client program For details on uploading syste
84. e router will now reboot As there will be no indication of when the process is complete please wait for one minute before attempting to access the router again Figure 9 13 Reset Warning Message You can also press the RESET button on the top panel to reset the factory defaults of your ZyAIR Refer to the section on resetting the ZyAIR for more information on the RESET button 9 7 Restart Screen System restart allows you to reboot the ZyAIR without turning the power off Click MAINTENANCE and then Restart Click Restart to have the ZyAIR reboot This does not affect the ZyAIR s configuration Status Association List Channel Usage FAW Upload Configuration Restart System Restart Click Restart to have the device perform a software restart The SYS or PWR LED blinks as the device restarts and then stays steady on if the restart is successful Wait a minute before logging into the device again Restart Figure 9 14 Restart Screen 9 12 Maintenance SMT Configuration Part V SMT CONFIGURATION This part contains SMT System Management Terminal configuration and background information for features only configurable by SMT See the web configurator parts of this guide for background information on features configurable by web configurator and SMT ZyAIR B 500 Wireless Access Point User s Guide Chapter 10 Introducing the SMT This chapter describes how to access t
85. e the ZyAIR just check the user database on the specified RADIUS server for a wireless station s username and password Select Local first then RADIUS to have the ZyAIR first check the user database on the ZyAIR for a wireless station s username and password If the user name is not found the ZyAIR then checks the user database on the specified RADIUS server Select RADIUS first then Local to have the ZyAIR first check the user database on the specified RADIUS server for a wireless station s username and password If the ZyAIR cannot reach the RADIUS server the ZyAIR then checks the local user database on the ZyAIR When the user name is not found or password does not match in the RADIUS server the ZyAIR will not check the local user database and the authentication fails When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen Once you enable user authentication you need to specify an external RADIUS server or create local user accounts on the ZyAIR for authentication 15 6 System Security ZyAIR B 500 Wireless Access Point User s Guide Chapter 16 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24 1 to 24 4 16 1 Overview These tools include updates on system status port status log and trace capabilities an
86. eaeeas 13 1 Figure 13 2 Menu 14 1 Edit Dial in User ceceeeccscsscsescssseeceseceeesecseescceaeeeceaeceessecseeeeenaeeceeaeeeseecaseaeeaeeas 13 1 Figure 14 1 SNMP Management Model cccecccesccesecesecsseceecseeeneeseecseeeaeeeeeeseeeecseeeseceaecaeeaeenseceeeaeenses 14 1 Figure 14 2 Menu 22 SNMP Configuration 0 cccssssssscssesecesecseesecseesecneeeceaeceessecsevecceaeeeeaeeeesaeeneeeeeaeeas 14 3 Figure 15 1 Mentr 23 System Sec Yiunianicia ae 15 1 Figure 15 2 Menu 23 System Security 0 2scsceccevsseeoiesscoceves bisbvaedhes E E EE E es 15 1 Figure 15 3 Menu 23 2 System Security RADIUS Server eeceeecessesceseeeceseceeesecseeseesecaeeeecnaeeeceaeeneeneens 15 2 Figure 5 4 Menu 23 System Security s ci icccccccesdisnsetecectecksnecbiebvsedaosseudsesdnseech ashe e a a e i 15 3 Figure 15 5 Menu 23 4 System Security IEEE802 1X 0 ec eceesseesecseeseceeeeeceaececeeceaecaeesecaeeeeceaeeeeaeeaeeaeeas 15 4 Figure 16 1 Menu 24 System Maintenance 0 0 0 cc ceesccssescssesecesecstesecseeeccneeseceaeceeesecaesecenaeeceaeeeseeceaeeaeeaeeas 16 1 Figure 16 2 Menu 24 1 System Maintenance Status 00 ec eceseeseesecseeesceseeeceseceeesecseseeceaeeceaeceesseeaeeeeenaeas 16 2 Figure 16 3 Menu 24 2 System Information and Console Port Speed ceecesessecseeeeceeeeeceseeeeeseeneeeeeneees 16 3 Figure 16 4 Menu 24 2 1 System Information Information ec cceseeseseceseeeeeeceeeecneeeecaeeeeeaeeaeeeeeneees 16 3 Figure 16 5 Menu 24 2 2
87. eatures Table 6 2 Wireless Security Relational Matrix AUTHENTICATION ENCRYPTION ENTER IEEE 802 1X METHOD KEY METHOD MANUAL KEY MANAGEMENT PROTOCOL Open None No Disable Open WEP No Enable with Dynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable Shared WEP No Enable with Dynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable WPA WEP No Enable WPA TKIP No Enable WPA PSK WEP Yes Enable WPA PSK TKIP Yes Enable 6 3 WEP Overview WEP Wired Equivalent Privacy as specified in the IEEE 802 11 standard provides methods for both data encryption and wireless station authentication 6 3 1 Data Encryption WEP provides a mechanism for encrypting data using encryption keys Both the AP and the wireless stations must use the same WEP key to encrypt and decrypt data Your ZyAIR allows you to configure up to four 64 bit or 128 bit WEP keys but only one key can be enabled at any one time Wireless Security 6 3 ZyAIR B 500 Wireless Access Point User s Guide 6 3 2 Authentication Three different methods can be used to authenticate wireless stations to the network Open System Shared Key and Auto The following figure illustrates the steps involved na Wireless Station Authentication Access Point Authentication Acceptance Challenge Text Authentication Acceptance Figure 6 3 WEP Authentication Steps Open system authentication invol
88. ecesesescedssci ents cosoasessesadevetebeds oceeassntes Vv Chapter 10 Introducing the SMT ccsscssssccccessssccsccesscsesccesscssesccesscssesceesssssesceesscsssseesssseesesssssssoees 10 1 10 1 Connect to your ZyAIR Using Telnet oooooncnincnnncnonnnononononononnnonncnononn nono co nnconnnnnnnnnnnnnrnn conan 10 1 10 2 Changing the System Password ccccsccessesssessceesceeecesecesecaecseecseecaeeeaeeeaeeeeeseeneenseenseenseenaes 10 1 10 3 ZyAIR SMT Menu Overview Example cccccccssesssesseeesceescesecesecnseceaecaeceecseecaeeeneeeneeneeenes 10 2 10 4 Navigating the SMT InterfaCE oooooonoconocinoninonoonnonncnoncnnoco nono noonn ron nrnn nono ron ron rra n rar ran rro nr rn rra nn 10 4 10 4 1 System Management Terminal Interface Summary cooconononicnononononanononncnnonncnnonononannnonnonos 10 5 Chapter dl General Setup iia Acne sebusccanssuvesecasdsbasecniesssvecees 11 1 Tae Gr UN A Sco deca ds loe Do edo Lets etese ee 11 1 11 1 1 Procedure To Configure Menu 1 ccccecccececsseessessceeseeeeceeeeesecnsecesecaecaecaeecaeeeaeenaeeaeeenes 11 1 Chapter IZ LAN Setup vesccssscccucsisscdsccvencsvetucesdscssseussetucseceeSvocscsesssnsiseeceseeSoctadsotvossoteduesddcasysessvsoaseetveseeseduee 12 1 12 TAN St A ee sd ee ann eae 12 1 12 2 TCP IP Ethernet Setup e abe advewsiseies 12 1 12 3 Wireless LAN Setup iii attoiidas 12 2 12 3 1 Configuring MAC Address Filter cccccceccsseesseeeeseceeeceeseesecesecesecesces
89. ed Host If you enter a trusted host your ZyAIR will only respond to SNMP 0 0 0 0 messages from this address A blank default field means your ZyAIR will respond to all SNMP messages it receives regardless of source Trap Community Type the trap community which is the password sent with each trap public to the SNMP manager Destination Type the IP address of the station to send your SNMP traps to 0 0 0 0 When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 14 4 SNMP Traps The ZyAIR will send traps to the SNMP manager when any one of the following events occurs SNMP Configuration 14 3 ZyAIR B 500 Wireless Access Point User s Guide Table 14 2 SNMP Traps TRAP TRAP NAME DESCRIPTION coldStart defined in RFC 1215 A trap is sent after booting power on 2 warmsStart defined in RFC 1215 A trap is sent after booting software reboot 3 linkUp defined in RFC 1215 A trap is sent when the port is up 4 authenticationFailure defined in A trap is sent to the manager when receiving any SNMP RFC 1215 get or set requirements with wrong community password 6 linkDown defined in RFC 1215 A trap is sent when the port is down 14 4 SNMP Configuration ZyAIR B 500 Wireless Access Point User s Guide Chapter 15
90. ed for diagnostic purposes Association List Channel Usage Configuration Show Statistics Figure 9 1 System Status The following table describes the labels in this screen Table 9 1 System Status LABEL DESCRIPTION System Name This is the System Name you enter in the first Internet Access Wizard screen It is for identification purposes Maintenance 9 1 ZyAIR B 500 Wireless Access Point User s Guide Table 9 1 System Status LABEL DESCRIPTION ZyNOS Firmware This is the ZyNOS Firmware version and the date created ZyNOS is ZyXEL s Version proprietary Network Operating System design IP Address This is the Ethernet port IP address IP Subnet Mask This is the Ethernet port subnet mask DHCP This is the Ethernet port DHCP role Client or None Show Statistics Click Show Statistics to see performance statistics such as number of packets sent and number of packets received for each port 9 2 1 System Statistics Read only information here includes port status and packet specific statistics Also provided are system up time and poll interval s The Poll Interval field is configurable ro states meri T Reis ootsons Txe rss ue Tme MAY omru 2505 3020 0 0 40 00 WLAN e 738 o f o o o 0 40 00 System Up Time 0 40 06 Poll Interval s 5 sec Set Interval Stop Figure 9 2 System Status Show Statist
91. eensecsaeenseeaeeaeeenes 12 5 12 3 2 Configuring Roa datos 12 7 Chapter 13 Dial i User AAA A 13 1 132 Dial m User A ao 13 1 Chapter 14 SNMP Configuration ccssssscssssssssccsscesssscsccesscssesccesscssesccesssssecceesssssssceesssssesesesssssoees 14 1 14 1 About SNMPiii ete site kaise ia ies 14 1 14 2 Supported MIBS 42 5 2 ceevieen A Baie AR Miah a ees BALA Wie Resets 14 2 14 3 SNMP Configuration rrenan A Ate eens 14 2 DASA SNMP TAN iia ii a E N Tela Ata iaa tata laico cuss 14 3 Chapter 15 System Security o ooonooononnnonnnnancnnnonanonnconnoonnconaconcconnoon nono cononononnnoan nono connconncnncn roca nooo roca ccon coca vess 15 1 SAS E ees 15 1 1d Tel System PassWord ini A ass 15 1 15 1 2 Configuring External RADIUS SerVeT oooconcnnnninonincnoonnoononnnonnonnncnn nc nono nono nronn ron rrnn rra nan 15 1 LBS O A de 15 3 Chapter 16 System Information and Diagnosis occooooonosssoosossinconnoanconncanacanocanocanoonncnnocnoonnconaconcoonnoss 16 1 LOL OI e en S 16 1 16 2 System STATUS aa ia o besan ruda 16 1 16 37 System Information A GR E ASA 16 3 16 3 1 System Information mba as Rate wha E wees Aan Awan 16 3 16 32 Console Port perdi de eek WAM uo edo 16 4 16 4 Log and Trac IA acess 16 5 16 4 1 Viewing Error Log eecceeceescessceseeeseeeseessecseecseeeseeeneeseecaeceneseneeeenseseseeeseenaeeaecnaeseeeaeeeaes 16 5 10 31 Dian e de es a e 16 5 Table of Contents ix ZyAIR B 500 Wire
92. eless MACFilter Roaming pa User RADIUS ESSID wireless Hide ESSID Choose Channel ID Channel 06 2437 MHz y or Scan RTS CTS Threshold 2432 D 2432 Fragmentation Threshold 2432 256 2432 Security 802 1x Static WEP gt WEP Encryption 64 bit WEP Authentication Method Auto gt 64 bit WEP Enter 5 characters or 10 digit 0 9 AF for each Key 1 4 128 bit WEP Enter 13 characters or 26 digit 0 9 AF for each Key 1 4 Select one WEP key as an active key to encrypt wireless data transmission ASCII C Hex Key1 E C Key 2 zyxel C Key 3 zyxel C Key 4 fyel ReAuthentication Timer h 800 In Seconds Idle Timeout 3600 In Seconds Authentication Databases Local User Database Only y V Enable Intra BSS Traffic Number of Wireless Stations Allowed 32 1 32 Output Power 17dBm 50m Preamble Long Apply Reset Figure 6 10 Wireless 802 1x Static WEP The following table describes the wireless LAN security labels in this screen Wireless Security 6 17 ZyAIR B 500 Wireless Access Point User s Guide Table 6 7 Wireless 802 1x Static WEP LABEL DESCRIPTION Security Select 802 1x Static WEP from the drop down list WEP Encryption Select 64 bit WEP or 128 bit WEP to enable data encryption Authentication Select Auto Open System or Shared Key from the drop down list box Method If WEP enc
93. eless station from the wired network after a period of inactivity The wireless station needs to enter the username and password again before access to the wired network is allowed This field is activated only when you select Authentication Required in the Wireless Port Control field The default time interval is 3600 seconds or 1 hour Key Management Protocol Press SPACE BAR to select 802 1x WPA or WPA PSK and press ENTER Dynamic WEP Key This field is activated only when you select Authentication Required in the Exchange Wireless Port Control field and set the Key Management Protocol to 802 1x Also set the Authentication Databases field to RADIUS Only Local user database may not be used Select Disable to allow wireless stations to communicate with the access points without using Dynamic WEP Key Exchange Select 64 bit WEP or 128 bit WEP to enable data encryption Up to 32 stations can access the ZyAIR when you configure Dynamic WEP Key Exchange PSK Type a pre shared key from 8 to 63 case sensitive ASCII characters including spaces and symbols when you select WPA PSK in the Key Management Protocol field Data Privacy for Broadcast Multicast packets This field allows you to choose TKIP recommended or WEP for broadcast and multicast group traffic if the Key Management Protocol is WPA or WPA PSK All unicast traffic is automatically encrypted by TKIP when WPA or WPA PSK Key Management Protocol i
94. en Menu 1 General Setup as shown next Menu 1 General Setup ame B 500 ame First System DNS Server From DHCP IP Add Second S IP Add ress N A ystem DNS Server None ress N A Third System DNS Server None IP Add Press E ress N A TER to Confirm or ESC to Cancel Figure 11 1 Menu 1 General Setup Step 2 Fill in the required fields Refer to the following table for more information about these fields General Setup ZyAIR B 500 Wireless Access Point User s Guide Table 11 1 Menu 1 General Setup FIELD DESCRIPTION EXAMPLE System Name Choose a descriptive name for identification purposes This name can B 500 be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores _ are accepted Domain Name This is not a required field Leave this field blank or enter the domain name here if you know it First Second Third Press SPACE BAR to select From DHCP User Defined or None and From DHCP System DNS press ENTER eave These fields are not available on all models IP Address Enter the IP addresses of the DNS servers This field is available when N A you select User Defined in the field above When you have completed this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time to cancel General Setup ZyAIR B 500 Wireless Access Point User s G
95. ensitive ASCII characters including spaces and symbols ReAuthentication Specify how often wireless stations have to reenter usernames and passwords in order Timer in to stay connected Enter a time interval between 10 and 9999 seconds The default seconds time interval is 1800 seconds 30 minutes If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Idle Timeout The ZyAIR automatically disconnects a wireless station from the wired network after a period of inactivity The wireless station needs to enter the username and password again before access to the wired network is allowed The default time interval is 3600 seconds or 1 hour WPA Group Key Update Timer The WPA Group Key Update Timer is the rate at which the AP if using WPA PSK key management or RADIUS server if using WPA key management sends a new group key out to all clients The re keying process is the WPA equivalent of automatically changing the WEP key for an AP and all stations ina WLAN ona periodic basis Setting of the WPA Group Key Update Timer is also supported in WPA PSK mode The ZyAIR default is 1800 seconds 30 minutes Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to begin configuring this screen afresh 6 8 Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating
96. ent AP access point to reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6 or 11 The ZyAIR s Scan function is especially designed to automatically scan for a channel with the least interference 3 1 2 ESS ID An Extended Service Set ESS is a group of access points connected to a wired LAN on the same subnet An ESS ID uniquely identifies each set All access points and their associated wireless stations in the same set must have the same ESSID 3 1 3 WEP Encryption WEP Wired Equivalent Privacy encrypts data frames before transmitting over the wireless network WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private It encrypts unicast and multicast communications in a network Both the wireless stations and the access points must use the same WEP key for data encryption and decryption Wizard Setup 3 1 ZyAIR B 500 Wireless Access Point User s Guide 3 2 Wizard Setup General Setup General Setup contains administrative and system related
97. er antenna or transmitter Notice 1 Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This product has been designed for the WLAN 2 4 GHz network throughout the EC region and Switzerland with restrictions in France Certifications 1 Go to www zyxel com Tested To Comply 2 Select your product from the drop down list box on the FC With FCC Standards ZyXEL home page to go to that product s page FOR HOME OR OFFICE USE 3 Select the certification you wish to view from this page FCC Statement iii ZyAIR B 500 Wireless Access Point User s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user purchaser that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials ZyXEL will at its discretion repair or replace the defective products or components without charge for either parts or labor and to whatever extent it shall deem necessary to restore the product or components to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product is modified m
98. escessceeeceseceseceaeceaecsaecsaecaeeeaeeeseceeeseeseseseseneeeseeereneeeeeaees 9 10 Table 10 1 Main Menu Commmannds cccccccecssessesssceseceseeeseeecesecaecaecaaecaeeeaeeeaeeeeeseeeeeeseeeeaeeeaeeeaeeneeneenaees 10 4 Table 10 2 Main Menu Summary cecccecccsseessesscessceesceeceeceaecaecnsecsaecaeeeseeeaeceeeeneeeeeeeeneeenaeeeseeeeeeeenaees 10 5 Table 11 1 Men 1 General Set bis 11 2 Table 12 1 Men 3 2 TCP IP Setup ii sec duececcuetcedcaddiegudadncesinsdiescesetesddvsevdacteceds 12 2 Table 12 2 Menu 3 5 Wireless LAN Setup ccceeccesccssecesecsseeeceseceaecaeecseecaeeeaeeeeeenecseesaeeeaeeeaeenseenseeeeaees 12 3 Table 12 3 Menu 3 5 1 WLAN MAC Address Filter ccccccesccscceseeeseeesecseecseeeneeeseesecearesseenseeeseeeseenaeenaes 12 6 Table 12 4 Menu 3 5 2 Roaming Configuration ooooccocnnonononcnoncnnncnnnonn nono nonnnnnn cnn ronn ron n naar non nro n nc nnonn ran n ran rear 12 8 Table 13 1 Menu 14 1 Edit Dial in User ccc eececccecesccssecesecesecesecaaecaeesaeeeaeeneeseeeeesaeeeseeneereneeeeenaees 13 2 Table 14 1 Menu 22 SNMP Configuration asore n e a E a i 14 3 Table 14 2 SNMP Traps ia a ae a 14 4 Table 14 3 Ports and Interface Type Sinsen e ai e wie edad id 14 4 Table 15 1 Menu 23 2 System Security RADIUS Server ssssesesssesessesseesesseseessesersresesseserseseenessreressesees 15 2 Table 15 2 Menu 23 4 System Security TEEE802 1 x eceecesccesecseecceeseeeseeeeeeaeeeaeeeeceeeeeereseeneeneenaees 1
99. eseesoeseeeoeseeoenseeoesoesereorseseorseeoeseseseseeeee 18 1 18 1 Command Interpreter Mod oooooccccnconoocnonoconnconcnnnconncon nono nono nonnronnnnn rro n rra a i i i Ees 18 1 18 2 Time and Dat Setting td 18 2 18 2 1 Resetting the Time misngi dede 18 3 APPENDICES ouine iendris tira ri iod ITa SAU i A NAS i ESTN ATETEA S S SN VI Appendix A Troubleshooting scsscssssssssscsssessscsscsssessssesssssenssssesscsssesssssssssesssnsesnsessssessssesseescessoess A 1 Problems Starting Up the ZyAlR naneco iien i iieii riii A 1 Problems with the Ethernet Interface 0 0 eeceeseceeeeessecseesecseeseceaeecceaeceeesecaeesecnaseceaeeeeeaecaeeeeeaeeeres A 1 Problems with the Password inci aaa seda A 2 Problems with Pelnetyec2 iseasi teninin diie en oh niin atebiera AM esi ee A 2 Problems with the WLAN Interface ooooooncoccnonocnnononncnncnnnononnnoncnnnonnonnonnco nono nono nnnannona canon non nannan crac cn nennno A 3 Appendix B Brute Force Password Guessing Protection ocooomommmsmssssss 9ss9s B 1 Appendix C Setting up Your Computer s IP AddresSS oocooonooooonncnnnonncnancnnncnnocanoonnconnconnononononono nono conocanos C 1 Appendix D Wireless LAN and IEEE 802 11 scsssssssscscecsssscccccessecessccesscescsccesssessscesscessseseeseseoees D 1 Appendix E Wireless LAN With IEEE 802 1 cssssssscsscecssseccccessscsesescesessssscescesssssesscessseseesereees E 1 Appendix F Types of EAP Authentication sc
100. ess ZyAIR B 500 Wireless Access Point User s Guide 6 If you do not know your gateway s IP address Advanced TCP IP Settings remove any previously installed gateways in the IP Settings tab and click OK IP Settings DNS WINS Options IP addresses Do one or more of the following if you want to Pedder Subnet mask configure additional IP addresses DHCP Enabled In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP Dafa galones address and a subnet mask in Subnet mask EERE EELS and then click Add Repeat the above two steps for each IP address you want to add Automatic metric Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default metric the number of transmission hops clear the Automatic metric check box and type a metric in Metric Click Add Repeat the previous three steps for each default gateway you want to add Click OK when finished Setting Up Your Computer s IP Address C 7 ZyAIR B 500 Wireless Access Point User s Guide 7 inthe Internet Protocol TCP IP Properties Internet Protocol TCP IP Properties window the General tab in Windows XP General Altemate Configuration Click Obtain DNS server address You can get IP settings assigned automatically if
101. ess Access Point User s Guide Extend Security If you choose Extend security in the Wireless LAN Setup screen you can set up a Pre Shared Key The following table describes the labels in this screen Table 3 4 Wizard 2 Wireless LAN Setup LABEL DESCRIPTION Wireless LAN Setup Pre Shared Key Type from 8 to 31 case sensitive ASCII characters or from 16 to 62 hexadecimal 0 9 A F characters You must precede a hexadecimal key with a Ox zero x which is not counted as part of the 16 to 62 character range for the key Back Click Back to return to the previous screen Next Click Next to continue Refer to the chapter on wireless LAN for more information 3 5 Wizard Setup IP Address The third wizard screen allows you to configure IP address assignment 3 5 1 IP Address Assignment Every computer on the Internet must have a unique IP address If your networks are isolated from the Internet for instance only between your two branch offices you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved the following three blocks of IP addresses specifically for private networks 3 6 Wizard Setup ZyAIR B 500 Wireless Access Point User s Guide Table 3 5 Private IP Address Ranges 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can
102. f hosts you can have on each subnet Chart G 5 Subnet 1 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask 255 255 255 128 Subnet Mask Binary 11111111 11111111 11111111 10000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 127 Highest Host ID 192 168 1 126 Chart G 6 Subnet 2 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask 255 255 255 128 Subnet Mask Binary 11111111 11111111 11111111 10000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 The remaining 7 bits determine the number of hosts each subnet can have Host IDs of all zeros represent the subnet itself and host IDs of all ones are the broadcast address for that subnet so the actual number of hosts available on each subnet in the example above is 2 2 or 126 hosts for each subnet 192 168 1 0 with mask 255 255 255 128 is the subnet itself and 192 168 1 127 with mask 255 255 255 128 is the directed broadcast address for the first subnet Therefore the lowest IP address that can be assigned G 4 IP Subnetting ZyAIR B 500 Wireless Access Point User s Guide to an actual host for the first subnet is 192 168 1 1 a
103. figure and enable WPA Authentication click the WIRELESS link under ADVANCED to display the Wireless screen Select WPA from the Security list 6 12 Wireless Security ZyAIR B 500 Wireless Access Point User s Guide Wireless Local User MAC Filter Roaming Database RADIUS ESSID Wireless l Hide ESSID Choose Channel ID Channel 06 2437 MHz y or Scan RTS CTS Threshold 2432 0 2432 Fragmentation Threshold 2432 256 2432 Security WPA ReAuthentication Timer fi 800 In Seconds Idle Timeout 3600 In Seconds WPA Group Key Update Timer fi 800 kin Seconds M Enable Intra BSS Traffic Number of Wireless Stations Allowed l32 1 32 Output Power 1 dBm 50m v Preamble Long Apply Reset Figure 6 8 Wireless WPA The following table describes the wireless LAN security labels in this screen Table 6 5 Wireless WPA LABEL DESCRIPTION Security Select WPA from the drop down list Wireless Security 6 13 ZyAIR B 500 Wireless Access Point User s Guide Table 6 5 Wireless WPA LABEL DESCRIPTION ReAuthentication Specify how often wireless stations have to reenter usernames and passwords in Timer in seconds order to stay connected Enter a time interval between 10 and 9999 seconds The default time interval is 1800 seconds 30 minutes If wireless station authentication is done using a RADIUS server the reauthentication timer on
104. figuring this screen afresh 6 30 Wireless Security ZyAIR B 500 Wireless Access Point User s Guide Chapter 7 IP Screen This chapter discusses how to configure IP on the ZyAIR 7 1 Factory Ethernet Defaults The Ethernet parameters of the ZyAIR are preset in the factory with the following values e IP address of 192 168 1 2 e Subnet mask of 255 255 255 0 24 bits These parameters should work for the majority of installations 7 2 TCP IP Parameters 7 2 1 IP Address and Subnet Mask Refer to the section on IP address and subnet mask in the Wizard Setup chapter for this information 7 3 Configuring IP Click IP to display the screen shown next 192 168 1 2 255 255 255 0 0 0 0 0 Figure 7 1 IP Setup ZyAIR B 500 Wireless Access Point User s Guide The following table describes the labels in this screen Table 7 1 IP Setup LABEL DESCRIPTION IP Address Assignment Get automatically from DHCP Select this option if your ZyAIR is using a dynamically assigned IP address from a DHCP server each time You must know the IP address assigned to the ZyAIR by the DHCP server to access the ZyAIR again Use fixed IP address Select this option if your ZyAIR is using a static IP address When you select this option fill in the fields below IP Address Enter the IP address of your ZyAIR in dotted decimal notation If you change the ZyAIR s IP address you mus
105. guration 17 4 Uploading Firmware and Configuration Files Menu 24 7 System Maintenance Upload Firmware allows you to upgrade the firmware and the configuration file WARNING PLEASE WAIT A FEW MINUTES FOR THE ZYAIR TO RESTART AFTER FIRMWARE OR CONFIGURATION FILE UPLOAD INTERRUPTING THE UPLOAD PROCESS MAY PERMANENTLY DAMAGE YOUR ZYAIR Menu 24 7 System Maintenance Upload Firmware 1 Upload System Firmware 2 Upload System Configuration File Enter Menu Selection Number Figure 17 4 Menu 24 7 System Maintenance Upload Firmware The configuration data system related data the error log and the trace log are all stored in the configuration file Please be aware that uploading the configuration file replaces everything contained within 17 6 Firmware and Configuraiton File Maintenance ZyAIR B 500 Wireless Access Point User s Guide 17 4 1 Firmware Upload FTP is the preferred method for uploading the firmware and configuration To use this feature your computer must have an FTP client When you telnet into the ZyAIR you will see the following screens for uploading firmware and the configuration file using FTP Menu 24 7 1 System Maintenance Upload System Firmware To upload the system firmware follow the procedure below Launch the FTP client on your workstation Type open and the IP address of your system Then type root and SMT password as requested Type put firmwarefilenam
106. he SMT and provides an overview of its menus 10 1 Connect to your ZyAIR Using Telnet The following procedure details how to telnet into your ZyAIR Step 1 In Windows click Start usually in the bottom left corner Run and then type telnet 192 168 1 2 the default IP address and click OK Step 2 For your first login enter the default password 1234 As you type the password the screen displays an asterisk for each character you type Password i Figure 10 1 Login Screen Step 3 After entering the password you will see the main menu Please note that if there is no activity for longer than five minutes default timeout period after you log in your ZyAIR will automatically log you out You will then have to telnet into the ZyAIR again You can use the web configurator or the CI commands to change the inactivity time out period 10 2 Changing the System Password Change the ZyAIR default password by following the steps shown next Step 1 From the main menu enter 23 to display Menu 23 System Security Step 2 Enter 1 to display Menu 23 1 System Security Change Password as shown next Step 3 Type your existing system password in the Old Password field and press ENTER Introducing the SMT 10 1 ZyAIR B 500 Wireless Access Point User s Guide Menu 23 1 System Security Change Password Old Password New Password Retype to confirm Enter here to CON
107. he same subnet Problems with the Password Chart A 3 Troubleshooting the Password PROBLEM CORRECTIVE ACTION cannot access the ZyAIR The Password and Username fields are case sensitive Make sure that you enter the correct password and username using the proper casing Use the RESET button on the top panel of the ZyAIR to restore the factory default configuration file hold this button in for about 10 seconds or until the link LED turns red This will restore all of the factory defaults including the password Problems with Telnet Chart A 4 Troubleshooting Telnet PROBLEM CORRECTIVE ACTION cannot access the ZyAIR through Telnet Refer to the Problems with the Ethernet Interface section for instructions on checking your Ethernet connection A 2 Troubleshooting ZyAIR B 500 Wireless Access Point User s Guide Problems with the WLAN Interface Chart A 5 Troubleshooting the WLAN Interface PROBLEM CORRECTIVE ACTION Cannot access the ZyAIR from the WLAN Make sure the wireless adapter on the wireless station is working properly Check that both the ZyAIR and your wireless station are using the same ESSID channel and WEP keys if WEP encryption is activated cannot ping any computer on the WLAN Make sure the wireless adapter on the wireless station s is working properly Check that both the ZyAIR and wireless station s are
108. ial in User User Name test Active Yes Password KKKKKK KK Press ENTER to Confirm or ESC to Cancel Figure 13 2 Menu 14 1 Edit Dial in User The following table describes the fields in this screen Dial in User Setup 13 1 ZyAIR B 500 Wireless Access Point User s Guide Table 13 1 Menu 14 1 Edit Dial in User FIELD DESCRIPTION User Name Enter a username up to 31 alphanumeric characters long for this user profile This field is case sensitive Active Press SPACE BAR to select Yes and press ENTER to enable the user profile Password Enter a password up to 31 characters long for this user profile When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 13 2 Dial in User Setup ZyAIR B 500 Wireless Access Point User s Guide Chapter 14 SNMP Configuration This chapter explains SNMP Configuration menu 22 14 1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices SNMP is a member of the TCP IP protocol suite Your ZyAIR supports SNMP agent functionality which allows a manager station to manage and monitor the ZyAIR through the network The ZyAIR supports SNMP version one SNMPv1 and version two c SNMPv2c The next figure illustrates an SNMP management operati
109. ics The following table describes the labels in this screen Table 9 2 System Status Show Statistics LABEL DESCRIPTION Port This is the Ethernet or wireless port 9 2 Maintenance ZyAIR B 500 Wireless Access Point User s Guide Table 9 2 System Status Show Statistics LABEL DESCRIPTION Status This shows the port speed and duplex setting if you are using Ethernet encapsulation for the Ethernet port This shows the transmission speed only for wireless port TxPkts This is the number of transmitted packets on this port RxPkts This is the number of received packets on this port Collisions This is the number of collisions on this port Tx B s This shows the transmission speed in bytes per second on this port Rx B s This shows the reception speed in bytes per second on this port Up Time This is total amount of time the line has been up System Up Time This is the total time the ZyAIR has been on Poll Interval s Enter the time interval for refreshing statistics Set Interval Click this button to apply the new poll interval you entered above Stop Click this button to stop refreshing statistics 9 3 Association List View the wireless stations that are currently associated to the ZyAIR in the Association List screen Click MAINTENANCE and then the Association List tab to display the screen as shown next Maintenance 9 3 ZyAIR B 50
110. ill in the fields below IP Address Enter the IP address of your ZyAIR in dotted decimal notation If you change the ZyAIR s IP address you must use the new IP address if you want to access the web configurator again IP Subnet Mask Enter the subnet mask 3 8 Wizard Setup ZyAIR B 500 Wireless Access Point User s Guide Table 3 6 Wizard 3 IP Address Assignment LABEL DESCRIPTION Gateway IP Address Enter the IP address of a gateway The gateway is an immediate neighbor of your ZyAIR that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your ZyAIR over the WAN the gateway must be the IP address of one of the remote node Back Click Back to return to the previous screen Finish Click Finish to proceed to complete the Wizard setup 3 6 Basic Setup Complete When you click Finish in the Wizard 3 IP Address Assignment screen a warning window display as shown Click OK to close the window and log in to the web configurator again using the new IP address if you change the default IP address 192 168 1 2 Microsoft Internet Explorer x A If the IP address in TCPAP is changed please close the window You have successfully set up the ZyAIR A screen displays prompting you to close the web browser Click Yes Otherwise click No and the congratulations screen shows next Microsoft Internet Expl
111. ime interval is 1800 seconds 30 minutes If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Idle Timeout in The ZyAIR automatically disconnects a wireless station from the wired network after Seconds a period of inactivity The wireless station needs to enter the username and password again before access to the wired network is allowed This field is activated only when you select Authentication Required in the Wireless Port Control field The default time interval is 3600 seconds 1 hour Authentication This field is activated only when you select Authentication Required in the Wireless Databases Port Control field The authentication database contains wireless station login information The local user database is the built in database on the ZyAIR The RADIUS is an external server Use this drop down list box to select which database the ZyAIR should use first to authenticate a wireless station Before you specify the priority make sure you have set up the corresponding database correctly first Select Local User Database Only to have the ZyAIR just check the built in user database on the ZyAIR for a wireless station s username and password Select RADIUS Only to have the ZyAIR just check the user database on the specified RADIUS server for a wireless station s username and password Select Local first then RADIUS to have the ZyA
112. ine of the log e mail message that the ZyAIR sends Send log to Logs are sent to the e mail address specified in this field If this field is left blank logs will not be sent via e mail Send alerts to Enter the e mail address where the alert messages will be sent If this field is left blank alert messages will not be sent via e mail Syslog Logging Syslog logging sends a log to an external syslog server used to store logs Active Click Active to enable syslog logging Syslog IP Address Enter the server name or IP address of the syslog server that will log the selected categories of logs Log Facility Select a location from the drop down list box The log facility allows you to log the messages to different files in the syslog server Refer to the documentation of your syslog program for more details Send Log Log Schedule This drop down menu is used to configure the frequency of log messages being sent as E mail Daily Weekly Hourly When Log is Full None If the Weekly or the Daily option is selected specify a time of day when the E mail should be sent If the Weekly option is selected then also specify which day of the week the E mail should be sent If the When Log is Full option is selected an alert is sent when the log fills up If you select None no log messages are sent Day for Sending Log This field is only available when you select Weekly in the Log Schedule field
113. information Figure 3 1 Wizard 1 General Setup The following table describes the labels in this screen Table 3 1 Wizard 1 General Setup LABEL DESCRIPTION System Name lt is recommended you type your computer s Computer name gt In Windows 95 98 click Start Settings Control Panel Network Click the Identification tab note the entry for the Computer Name field and enter it as the System Name gt In Windows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the System Name gt In Windows XP click Start My Computer View system information and then click the Computer Name tab Note the entry in the Full computer name field and enter it as the ZyAIR System Name This name can be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores _ are accepted 3 2 Wizard Setup ZyAIR B 500 Wireless Access Point User s Guide Table 3 1 Wizard 1 General Setup LABEL DESCRIPTION Domain Name This is not a required field Leave this field blank or enter the domain name here if you know it Next Click Next to proceed to the next screen 3 3 Wizard Setup Wireless LAN Use the second wizard screen to set up the wireless LAN No Figure 3 2 Wizard 2
114. intenance System Maintenance System Maintenance Configuration View Error Log Information Status Menu 24 2 2 Menu 24 7 Men Menu 24 7 2 System Maintenance Upload Firmware Upload System Upload System Change Console Port Firmware Configuration File Speed Menu 24 8 Menu 24 10 Command Time and Date Interpreter Mode Setting Figure 10 3 ZyAIR B 500 SMT Menu Overview Example Introducing the SMT 10 3 ZyAIR B 500 Wireless Access Point User s Guide 10 4 Navigating the SMT Interface The SMT System Management Terminal is the interface that you use to configure your ZyAIR Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below Table 10 1 Main Menu Commands previous menu OPERATION KEYSTROKE DESCRIPTION Move down to ENTER To move forward to a submenu type in the number of the desired another menu submenu and press ENTER Move up toa ESC Press ESC to move back to the previous menu menu Move to a hidden Press SPACE BAR to change No to Yes then press ENTER Fields beginning with Edit lead to hidden menus and have a default setting of No Press SPACE BAR once to change No to Yes then press ENTER to go to the hidden menu ENTER Move the cursor ENTER or Within a menu press ENTER to move to the next field You can UP DOWN arrow
115. intosh OS 7 and later operating systems and all versions of UNIX LINUX include the software components you need to install and use TCP IP on your computer Windows 3 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dynamic assignment make sure that your computers have IP addresses that place them in the same subnet as the ZyAIR s LAN port Windows 95 98 Me Click Start Settings Control Panel and double click the Network 6 t xl Network icon to open the Network window Configuration identification Access Conta The following network components are installed 2 ZyAIR 100 Wireless PCMCIA a YT NDISWAN gt lt nothing gt Y TCP IP gt Accton EN1207D TX PCI Fast Ethemet Adapte Y TCP IP gt Dial Up Adapter Y TCPAP gt ZyAIR 100 Wireless PCMCIA X Add Remove Properties Primary Network Logon Client for Microsoft Networks ad Eile and Print Sharing r Description TCP IP is the protocol you use to connect to the Internet and wide area networks Cancel The Network window Configuration tab displays a list of installed components You need a network adapter th
116. isused tampered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser To obtain the services of this warranty contact ZyXEL s Service Center for your Return Material Authorization number RMA Products must be returned Postage Prepaid It is recommended that the unit be insured when shipped Any returned products without proof of purchase or those with an out dated warranty will be repaired or replaced at the discretion of ZyXEL and the customer will be billed for parts and labor All repaired or replaced products will be shipped by ZyXEL to the corresponding return address Postage Paid This warranty gives you specific legal rights and you may also have other rights that vary from country to country Safety Warnings 1 To reduce the risk of fire use only No 26 AWG or larger telephone wire 2 Do not use this product near water for example in a wet basement or near a swimming pool 3 Avoid using this product during an electrical storm There may be a remote risk of electric shock from lightening iv ZyXEL Warranty ZyAIR B
117. ith dynamic session key You must configure WEP encryption keys for data encryption EAP TLS Transport Layer Security With EAP TLS digital certifications are needed by both the server and the wireless stations for mutual authentication The server presents a certificate to the client After validating the identity of the server the client sends a different certificate to the server The exchange of certificates is done in the open before a secured tunnel is created This makes user identity vulnerable to passive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which imposes a management overhead EAP TTLS Tunneled Transport Layer Service EAP TTLS is an extension of the EAP TLS authentication that uses certificates for only the server side authentications to establish a secure connection Client authentication is then done by sending username and password through the secure connection thus client identity is protected For client authentication EAP TTLS supports EAP methods and legacy authentication methods such as PAP CHAP MS CHAP and MS CHAP v2 PEAP Protected EAP Like EAP TTLS server side certificate authentication is used to establish a secure connection then use simple username and password methods through the secured connection to authenticate the clients thus hiding client identity H
118. laces the current configuration file with the factory default configuration file This means that you will lose all configurations that you had previously The password will be reset to 1234 also 2 2 1 Method of Restoring Factory Defaults You can erase the current configuration and restore factory defaults in three ways 1 Use the RESET button on the top panel of the ZyAIR to upload the default configuration file hold this button in for about 10 seconds or until the Link LED turns red Use this method for cases when the password or IP address of the ZyAIR is not known 2 Use the web configurator to restore defaults refer to the chapter on maintenance 3 Transfer the configuration file to your ZyAIR using FTP See later in the part on SMT configuration for more information 2 2 Introducing the Web Configurator ZyAIR B 500 Wireless Access Point User s Guide 2 3 Navigating the ZyAIR Web Configurator The following summarizes how to navigate the web configurator Follow the instructions below or click the icon located in the top right corner of most screens to view online help Click WIZARD SETUP for initial Click the links under ADVANCED to configure advanced features configuration including general setup such as SYSTEM General Setup Password WIRELESS Wireless LAN setup and IP address Wireless MAC Filter Roaming Local User Database and assignment RADIUS IP and Logs View reports and Log Setting
119. less Access Point User s Guide Chapter 17 Firmware and Configuration File Maintenance csccsscssssesesssescesscscescessssessccesesseees 17 1 171 Filename Conventions actor ri 17 1 172 Backup Configurations a a a a a 17 2 17 2 1 Backup Configuration Using FTP cccccccseesescessceesceeecesecenecaeecaeeeseeeaeeneeseeesereneeeeneees 17 2 17 2 2 Using the FTP command from the DOS Prompt cece eeceeseeeeeseeeeeeceeeecneeeeceaeeeeeaeeates 17 3 17 2 3 Backup Configuration Using TFTP cccccccessessseescessceeeceeeceseceseceecneeeseeeneeseesereenrenerens 17 4 17 2 4 Example TFTP Command 00 ccccccceecesseesceseeeeseesecesecesecaeceaecaaecaeecaeeeaeseneseeenereneeereeas 17 4 17 3 Restore Configuration ara a a a eaaa en aaa es asetan eiaeiiai 17 5 17 4 Uploading Firmware and Configuration Files ssssssssesessseseeessseseesseserseseeressrseseesessreeessesees 17 6 17 41 E ETa IEA o Ta E a A EE E T 17 7 17 4 2 Configuration File Upload 00 cccceccesecsseescesseeeseeeecesecesecesecaecnaecaaecaeeeaeeeaeeseeseeesereneens 17 7 17 43 Using the FTP command from the DOS Prompt Example cccecesseeseeseeeeeeeeeeerees 17 8 ITAA TRIP File Uplodd cise ae e hides a Loita nous econ ad baci e ER dai des 17 9 17 4 5 Example TFTP Command 00 cccccccecsseeseeseeeseeeseeeececceeeesecnseceaecaecsaecseecaeeeneeeneeneeenes 17 10 Chapter 18 System Maintenance and Information esesesessseseeoess
120. licable IP Address Enter the LAN IP address of your ZyAIR in dotted decimal notation 192 168 1 2 IP Subnet Mask Your ZyAIR will automatically calculate the subnet mask based on the IP 255 255 255 0 address that you assign Unless you are implementing subnetting use the subnet mask computed by the ZyAIR Gateway IP Type the IP address of the gateway The gateway is an immediate Address neighbor of your ZyAIR that will forward the packet to the destination On the LAN the gateway must be a router on the same network segment as your ZyAIR When you have completed this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time to cancel 12 3 Wireless LAN Setup Use menu 3 5 to set up your ZyAIR as the wireless access point To edit menu 3 5 enter 3 from the main menu to display Menu 3 LAN Setup When menu 3 appears press 5 and then press ENTER to display Menu 3 5 Wireless LAN Setup as shown next 12 2 LAN Setup ZyAIR B 500 Wireless Access Point User s Guide Menu 3 5 Wireless LAN Setup ESSID Wireless Hide ESSID No Channel ID CH06 2437MHz RTS Threshold 2432 Frag Threshold 2432 WEP Encryption 64 bit WEP Default Key 1 Keyl KKKKKKKK Key2 KKKKKKKK Key3 KKKKKKKK Key4 KKKKKKKXk Authen Method Auto Edit MAC Address Filter No Edit Roaming Configuration No Block Intra BSS Traffic No Number of
121. lt IP address of the ZyAIR is 192 168 1 2 2 1 Accessing the ZyAIR Web Configurator Step 1 Make sure your ZyAIR hardware is properly connected refer to the Quick Installation Guide Step 2 Prepare your computer computer network to connect to the ZyAIR refer to the appendix Step 3 Launch your web browser Step 4 Type 192 168 1 2 default as the URL Step 5 Type 1234 default as the password and click Login In some versions the default password appears automatically if this is the case click Login Step 6 You should see a screen asking you to change your password highly recommended as shown next Type a new password and retype it to confirm and click Apply or click Ignore to allow access without password change Use this screen to change the password New Password Retype to Confirm MI Figure 2 1 Change Password Screen Step 7 You should now see the MAIN MENU screen Introducing the Web Configurator 2 1 ZyAIR B 500 Wireless Access Point User s Guide The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires default five minutes Simply log back into the ZyAIR if this happens to you 2 2 Resetting the ZyAIR If you forget your password or cannot access the ZyAIR you will need to reload the factory default configuration file or use the RESET button on the top panel of the ZyAIR Uploading this configuration file rep
122. m firmware using TFTP note that you must remain on this menu to upload system firmware using TFTP please see your manual Press ENTER to Exit Figure 17 6 Menu 24 7 2 System Maintenance Upload System Configuration File To transfer the firmware and the configuration file follow these examples 17 4 3 Using the FTP command from the DOS Prompt Example Step 1 Launch the FTP client on your computer Step 2 Enter open and the IP address of your ZyAIR Step 3 Press ENTER when prompted for a username Step 4 Enter root and your SMT password as requested The default is 1234 Step 5 Enter bin to set transfer mode to binary Step 6 Use put to transfer files from the computer to the ZyAIR e g put firmware bin ras transfers the firmware on your computer firmware bin to the ZyAIR and renames it ras Similarly put config rom rom 0 transfers the configuration file on your computer config rom to the ZyAIR and renames it rom 0 Likewise get rom 0 config rom transfers the configuration file on the ZyAIR to your computer and renames it config rom See earlier in this chapter for more information on filename conventions Step 7 Enter quit to exit the FTP prompt 17 8 Firmware and Configuraiton File Maintenance ZyAIR B 500 Wireless Access Point User s Guide 331 Enter PASS command Password 230 Logged in ftp gt bin 200 Type I OK ftp gt put firmware bin r
123. me Protocol field enter the new time in this field and then click Apply Current Date This field displays the date of your ZyAIR yyyy mm dd Each time you reload this page the ZyAIR synchronizes the time with the time server New Date This field displays the last updated date from the time server yyyy mm dd When you select None in the Time Protocol field enter the new date in this field and then click Apply Time Zone Choose the time zone of your location This will set the time difference between your time zone and Greenwich Mean Time GMT Daylight Savings Select this option if you use daylight savings time Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening Start Date mm dd Enter the month and day that your daylight savings time starts on if you selected Daylight Savings End Date mm dd Enter the month and day that your daylight savings time ends on if you selected Daylight Savings Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to reload the previous configuration for this screen System Screens 4 5 ZyAIR B 500 Wireless Access Point User s Guide Chapter 5 Wireless Configuration and Roaming This chapter discusses how to configure Wireless and Roaming screens on the ZyAIR 5 1 Wireless LAN Ove
124. mputer and binary to set binary transfer mode 17 2 4 Example TFTP Command The following is an example TFTP command TFTP i host get rom 0 config rom 17 4 Firmware and Configuraiton File Maintenance ZyAIR B 500 Wireless Access Point User s Guide where i specifies binary image transfer mode use this mode when transferring binary files host is the ZyAIR IP address get transfers the file source on the ZyAIR rom 0 name of the configuration file on the ZyAIR to the file destination on the computer and renames it config rom The following table describes some of the fields that you may see in third party TFTP clients Table 17 3 General Commands for Third Party TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the ZyAIR 192 168 1 2 is the ZyAIR s default IP address when shipped Send Fetch Use Send to upload the file to the ZyAIR and Fetch to back up the file on your computer Local File Enter the path and name of the firmware file bin extension or configuration file rom extension on your computer Remote File This is the filename on the ZyAIR The filename for the firmware is ras and for the configuration file is rom 0 Binary Transfer the file in binary mode Abort Stop transfer of the file 17 3 Restore Configuration Menu 24 6 System Maintenance Restore Configuration allows you to restore the
125. mware The CI provides much of the same functionality as the SMT while adding some low level setup and diagnostic functions Enter the CI from the SMT by selecting menu 24 8 See the included disk or the zyxel com web site for more detailed information on CI commands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found by typing help or at the command prompt Type exit to return to the SMT main menu when finished Menu 24 System Maintenance System Status System Information and Console Port Speed Log and Trace Diagnostic Backup Configuration Restore Configuration Upload Firmware Command Interpreter Mode 1 23 ES 4 5 6 Ta 8 E o Time and Date Setting Enter Menu Selection Number Figure 18 1 Menu 24 System Maintenance Copyright c 1994 2004 ZyXEL Communications Corp B 500 gt Valid commands are sys exit device ether config wlan ip ppp bridge hdap cnm radius 8021x B 500 gt Figure 18 2 Valid Cl Commands System Maintenance and Information 18 1 ZyAIR B 500 Wireless Access Point User s Guide 18 2 Time and Date Setting The ZyAIR keeps track of the time and date There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyAIR Menu 24 10 allows you to update the time and date settings of your ZyAIR The real time is then displayed in the ZyAIR error logs and
126. n Messages 16 5 Diagnostic The diagnostic facility allows you to test the different aspects of your ZyAIR to determine if it is working properly Menu 24 4 allows you to choose among various types of diagnostic tests to evaluate your system as shown in the following figure System Information and Diagnosis 16 5 ZyAIR B 500 Wireless Access Point User s Guide Menu 24 4 System Maintenance Diagnostic TCB LP 1 Ping Host 2 DHCP Release 3 DHCP Renewal System 11 Reboot System Enter Menu Selection Number Host IP Address N A Figure 16 8 Menu 24 4 System Maintenance Diagnostic Follow the procedure next to get to display this menu Step 1 From the main menu type 24 to open Menu 24 System Maintenance Step 2 From this menu type 4 Diagnostic to open Menu 24 4 System Maintenance Diagnostic The following table describes the diagnostic tests available in menu 24 4 for your ZyAIR and the connections Table 16 3 Menu 24 4 System Maintenance Menu Diagnostic FIELD DESCRIPTION Ping Host Ping the host to see if the links and TCP IP protocol on both systems are working DHCP Release Release the IP address assigned by the DHCP server DHCP Renewal Get anew IP address from the DHCP server Reboot System Reboot the ZyAIR Host IP Address If you typed 1 to Ping Host now type the address of the computer you want to ping 16 6 System Information and Diagnosis
127. n appears as shown 6 22 Wireless Security ZyAIR B 500 Wireless Access Point User s Guide Wireless MAC Filter Roaming yal User RADIUS MAC Address Filter Active No y Filter Action Allow Association y EN 00 00 00 00 00 00 E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gt fonon El ES 00 00 00 00 00 00 8 00 00 00 00 00 00 a 00 00 00 00 00 00 10 00 00 00 00 00 00 BB 00 00 00 00 00 00 E 00 00 00 00 00 00 29 00 00 00 00 00 00 E 00 00 00 00 00 00 KE oowoo EN Apply Reset Figure 6 12 MAC Address Filter The following table describes the labels in this screen Wireless Security 6 23 ZyAIR B 500 Wireless Access Point User s Guide Table 6 9 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table Select Deny Association to block access to the ZyAIR MAC addresses not listed will be allowed to access the ZyAIR Select Allow Association to permit access to the ZyAIR MAC addresses not listed will be denied access to the ZyAIR Set This is the index number of the MAC address MAC Enter the MAC addresses in XX XX XX XX XX XX format of the wireless station that are Address allowed or denied access to
128. n to enter ASCII characters as the WEP keys Hex Select this option to enter hexadecimal characters as the WEP keys The preceding 0x is entered automatically Key 1 to The WEP keys are used to encrypt data Both the ZyAIR and the wireless stations must Key 4 use the same WEP key for data transmission If you chose 64 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F You must configure all four keys but only one key can be used at any one time The default key is key 1 Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to begin configuring this screen afresh 6 5 Introduction to WPA Wi Fi Protected Access WPA is a subset of the IEEE 802 111 security specification draft Key differences between WPA and WEP are user authentication and improved data encryption 6 5 1 User Authentication WPA applies IEEE 802 1x and Extensible Authentication Protocol EAP to authenticate wireless clients using an external RADIUS database You can t use the ZyAIR s Local User Database for WPA authentication purposes since the Local User Database uses EAP MD5 which cannot be used to generate keys See later in this chapter and the appendices for more information on IEEE 802 1x RADIUS and EAP Therefore if you don t have an external RADIUS server you should use WPA PSK WPA Pr
129. n your ZyAIR you must also make the same change to the console port speed parameter of your communication software 16 4 System Information and Diagnosis ZyAIR B 500 Wireless Access Point User s Guide 16 4 Log and Trace Your ZyAIR provides the error logs and trace records that are stored locally 16 4 1 Viewing Error Log The first place you should look for clues when something goes wrong is the error log Follow the procedures to view the local error trace log Step 1 Type 24 in the main menu to display Menu 24 System Maintenance Step 2 From menu 24 type 3 to display Menu 24 3 System Maintenance Log and Trace Menu 24 3 System Maintenance Log and Trace 1 View Error Log Please enter selection Figure 16 6 Menu 24 3 System Maintenance Log and Trace Step 3 Enter 1 from Menu 24 3 System Maintenance Log and Trace and press ENTER twice to display the error log in the system After the ZyAIR finishes displaying the error log you will have the option to clear it Samples of typical error and information messages are presented in the next figure Sat Jan E 1 PPOd LAN promiscuous mode lt 1 gt Sat Jan J E PINI Last errorlog repeat 1 Times Sat Jan 00 PINI main init completed Sat Jan e E PPO5 SNMP TRAP 3 link up Sat Jan J PP13 sending request to NTP server 6 Sat Jan A PSSV SNMP TRAP 0 cold start Clear Error Log Figure 16 7 Sample Error and Informatio
130. nd the highest is 192 168 1 126 Similarly the host ID range for the second subnet is 192 168 1 129 to 192 168 1 254 Example Four Subnets The above example illustrated using a 25 bit subnet mask to divide a class C address space into two subnets Similarly to divide a class C address into four subnets you need to borrow two host ID bits to give four possible combinations of 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits giving 26 2 or 62 hosts for each subnet all 0 s is the subnet itself all 1 s is the broadcast address on the subnet Chart G 7 Subnet 1 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63 Highest Host ID 192 168 1 62 Chart G 8 Subnet 2 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 64 IP Address Binary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 64 Lowest Host ID 192 168 1 65 Broadcast Address 192 168 1 127 Highest Host ID 192 168 1 126 Chart G 9 Subnet 3 NETWORK NUMBER LAST OCTET BIT VALUE IP Addre
131. neral description of how IEEE 802 1x EAP authentication works For an example list of EAP MDS authentication steps see the IEEE 802 1x appendix e The wireless station sends a start message to the ZyAIR e The ZyAIR sends a request identity message to the wireless station for identity information e The wireless station replies with identity information including username and password e The RADIUS server checks the user information against its user profile database and determines whether or not to authenticate the wireless station 6 18 Introduction to Local User Database By storing user profiles locally on the ZyAIR your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server However there is a limit on the number of users you may authenticate in this way 6 19 Configuring Local User Database To change your ZyAIR s local user database click the WIRELESS link under ADVANCED and then the Local User Database tab The screen appears as shown 6 26 Wireless Security ZyAIR B 500 Wireless Access Point User s Guide WIRELESS LAN 14 Local User Database Figure 6 6 27 Wireless Security ZyAIR B 500 Wireless Access Point User s Guide The following table describes the labels in this screen Table 6 10 Local User Database LABEL DESCRIPTION Active Select this check box to activate the user profile User Name Enter the usern
132. nformation select Enable DNS and type the information in the oa fields below you may not need to fill them all Bua EEPE in Remove Setting Up Your Computer s IP Address C 3 ZyAIR B 500 Wireless Access Point User s Guide 3 Click the Gateway tab aixi If you do not know your gateway s IP address Bindings Advanced NeBlos remove previously installed gateways DNS Configuration Gateway wins Configuration IP Address A iti The first gateway in the Installed Gateway list will be the default y you have a gateway la address type it in the The address order in the list will be the order in which these New gateway field and click Add machines are used New gateway Installed gateways Core 4 Click OK to save and close the TCP IP Properties window 5 Click OK to close the Network window Insert the Windows CD if prompted 6 Turn on your ZyAIR and restart your computer when prompted Verifying Your Computer s IP Address 1 Click Start and then Run 2 In the Run window type winipcfg and then click OK to open the IP Configuration window Select your network adapter You should see your computer s IP address subnet mask and default gateway Windows 2000 NT XP C 4 Setting Up Your Computer s IP Address ZyAIR B 500 Wireless Access Point User s Guide 1 For Windows XP click start Control Panel In Windows 2000 NT click Start Settings Control Panel For Windows XP
133. ng RADIUS 3 3 5 aie eo Ree nia en HAA es a eee 6 13 Chapter 7 IP Screen AAA A A ON 7 1 i Factory Ethernet Defaults ii A a aa Eos asia 7 1 T2 TEPIP Parameters sss 4 50 55 oe Ree ees ee Ree A eee 7 1 7 2 1 IP Address and Subnet Mask iii A aL Ma es 7 1 T3 Confe rnne Panen i a ei ae hee head E teen ion ice Rh ee eee 7 1 O NN NON I Chapter Loss Screens scccscsssscccsesesetsccencsssoeveseesssenccensedseescsuuscesvescesdes sowssunevesecoavesevovedsunasdsvesenoase devecesssosesees 8 1 8 17 Configuring View Lo mi ie cas o acen 8 1 8 2 Configuring Log Seti iia e WARS wan ai a ae oneness 8 2 MAINTENANCE arenas aE EEN AA EEEE EIA OSEANE NAE OSTAS EE sotessdesodeseesee IV Chapter 9 Maintenance cccsscssscssscsssssscssscssesssesssssssvssssesscsssssssssssssscsesnsscnsesssensesssesssesesssessssssssseeseees 9 1 9 1 Maintenance Overview samine nace a Aun Aon aca ORG 9 1 90 System Status SCEE cai A E iaa 9 1 9 2 1 System TAMOS A ewes Oe a aka 9 2 938 Wireless crean dc io aa lalo iicd 9 3 9 3 1 ASSOCIATION Lists neei en eee 9 3 9 3 2 Chantel Usa A E T A gets 9 4 9 4 F W Upload S1 K a EEE T A ES 9 6 viii Table of Contents ZyAIR B 500 Wireless Access Point User s Guide OS a AAA A 9 8 9 5 1 Backup Configuration td bd 9 8 9 5 2 Restore Configurations atte ias 9 9 9 5 3 Bacleto Factory Defaults yi cc dad oh 9 11 SMT CONFIGURATION bieccsccsstzetesasttscdecoedecossschcscsasecatesvecoshecacececonessocsesec
134. ng WPA PSK Authentication In order to configure and enable WPA PSK Authentication click the WIRELESS link under ADVANCED to display the Wireless screen Select WPA PSK from the Security list Wireless Security 6 9 ZyAIR B 500 Wireless Access Point User s Guide Wireless MAC Filter Roaming ESSID l Hide ESSID Choose Channel ID RTS CTS Threshold Fragmentation Threshold Security Pre Shared Key ReAuthentication Timer Idle Timeout WPA Group Key Update Timer M Enable Intra BSS Traffic Local User Database RADIUS Wireless Channel 06 2437MHz y or 3can 2432 a zag 2432 256 2432 CE ma 77 nm fi 800 in Seconds 3600 In Seconds TIR in Seconds Number of Wireless Stations Allowed 32 32 Output Power Preamble Apply 17dBm 50mW y Long Reset Figure 6 6 Wireless WPA PSK The following table describes the wireless LAN security labels in this screen Table 6 4 Wireless WPA PSK LABEL DESCRIPTION Security Select WPA PSK from the drop down list 6 10 Wireless Security ZyAIR B 500 Wireless Access Point User s Guide Table 6 4 Wireless WPA PSK LABEL DESCRIPTION Pre Shared Key The encryption mechanisms used for WPA and WPA PSK are the same The only difference between the two is that WPA PSK uses a simple common password instead of user specific credentials Type a pre shared key from 8 to 63 case s
135. nu Table 15 1 Menu 23 2 System Security RADIUS Server FIELD DESCRIPTION EXAMPLE Authentication Server Active Press SPACE BAR to select Yes and press ENTER to enable No user authentication through an external authentication server Server Address Enter the IP address of the external authentication server in 10 11 12 13 dotted decimal notation Port The default port of the RADIUS server for authentication is 1812 1812 You need not change this value unless your network administrator instructs you to do so with additional information Shared Secret Specify a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the access points The key is not sent over the network This key must be the same on the external authentication server and ZyAIR Accounting Server Active Press SPACE BAR to select Yes and press ENTER to enable No user authentication through an external accounting server Server Address Enter the IP address of the external accounting server in dotted 10 11 12 13 decimal notation 15 2 System Security ZyAIR B 500 Wireless Access Point User s Guide Table 15 1 Menu 23 2 System Security RADIUS Server FIELD DESCRIPTION EXAMPLE Port The default port of the RADIUS server for accounting is 1813 1813 You need not change this value unless your network administrator instructs you to do so with a
136. nue The wireless stations and ZyAIR must use the same ESSID channel ID and WEP encryption key or pre shared key if wireless security is enabled for wireless communication 3 4 Wizard Setup Screen 3 Basic Secu rity If you choose Basic you can setup WEP Encryption parameters Wizard Setup ZyAIR B 500 Wireless Access Point User s Guide 64 bit WEP y The following table describes the labels in this screen Table 3 3 Wizard 2 Wireless LAN Setup LABEL DESCRIPTION Wireless LAN Setup WEP Encryption Select 64 bit WEP or 128 bit WEP to allow data encryption ASCII Select this option in order to enter ASCII characters as the WEP keys Hex Select this option to enter hexadecimal characters as the WEP keys The preceding Ox is entered automatically Key 1 to Key 4 The WEP keys are used to encrypt data Both the ZyAIR and the wireless stations must use the same WEP key for data transmission If you chose 64 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F You must configure all four keys but only one key can be used at any one time The default key is key 1 Back Click Back to return to the previous screen Next Click Next to continue Wizard Setup 3 5 ZyAIR B 500 Wirel
137. o Send handshake If the RTS CTS value is greater than the Fragmentation Threshold value see next then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmented before they reach RTS CTS size Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy 5 2 2 Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size between 256 and 2432 bytes that can be sent in the wireless network before the ZyAIR will fragment the packet into smaller data frames A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference 5 4 Wireless Configuration and Roaming ZyAIR B 500 Wireless Access Point User s Guide If the Fragmentation Threshold value is smaller than the RTS CTS value see previously you set then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmented before they reach RTS CTS size 5 3 Preamble Type A preamble is used to synchronize the transmission timing in your wireless network There are two preamble modes long and short Short preamble takes less time to process and minimizes overhead so it should be used in a good wireless network environment when all wireless client
138. oad Click Upload to begin the upload process Do not turn off the ZyAIR while configuration file upload is in progress After you see a restore configuration successful screen you must then wait one minute before logging into the ZyAIR again Figure 9 10 Configuration Upload Successful The ZyAIR automatically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop 9 10 Maintenance ZyAIR B 500 Wireless Access Point User s Guide D Local Area Connection Network cable unplugged Figure 9 11 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default ZyAIR IP address 192 168 1 2 See your Quick Installation Guide for details on how to set up your computer s IP address If the upload was not successful the following screen will appear Click Return to go back to the Configuration screen Figure 9 12 Configuration Upload Error 9 6 3 Back to Factory Defaults Pressing the Reset button in this section clears all user entered configuration information and returns the ZyAIR to its factory defaults as shown on the screen The following warning screen will appear Maintenance 9 11 ZyAIR B 500 Wireless Access Point User s Guide Router back to factory defaults Th
139. on SNMP is only available if TCP IP is configured MANAGER AGENT AGENT Managed Device Managed Device Managed Device Figure 14 1 SNMP Management Model An SNMP managed network consists of two main components agents and a manager SNMP Configuration 14 1 ZyAIR B 500 Wireless Access Point User s Guide An agent is a management software module that resides in a managed device the ZyAIR An agent translates the local management information from the managed device into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and monitor managed devices The managed devices contain object variables managed objects that define each piece of information to be collected about a device Examples of variables include the number of packets received node port status etc A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request response protocol based on the manager agent model The manager issues a request and the agent returns responses using the following protocol operations e Get Allows the manager to retrieve an object variable from the agent e GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1
140. or the ZyAIR through the network The ZyAIR supports SNMP version one SNMPv1 and version two c SNMPv2c Full Network Management The embedded web configurator is an all platform web based utility that allows you to easily access the ZyAIR s management settings Most functions of the ZyAIR are also software configurable via the SMT System Management Terminal interface The SMT is a menu driven interface that you can access from a terminal emulator over a telnet connection Logging and Tracing Built in message logging and packet tracing Unix syslog facility support Embedded FTP and TFTP Servers The ZyAIR s embedded FTP and TFTP servers enable fast firmware upgrades as well as configuration file backups and restoration Wireless Association List With the wireless association list you can see the list of the wireless stations that are currently using the ZyAIR to access your wired network Getting to Know Your ZyAIR 1 3 ZyAIR B 500 Wireless Access Point User s Guide Wireless LAN Channel Usage The Wireless Channel Usage screen displays whether the radio channels are used by other wireless devices within the transmission range of the ZyAIR This allows you to select the channel with minimum interference for your ZyAIR 1 3 Applications for the ZyAIR Here are some application examples of what you can do with your ZyAIR 1 3 1 Internet Access Application The ZyAIR is an ideal access solution for wireless In
141. orer xj 2 The Web page you are viewing is trying to close the window Do you want to close this window Wizard Setup 3 9 ZyAIR B 500 Wireless Access Point User s Guide WIZARD SETUP Well done You have successfully set up your ZyAIR to operate on your network and access the Internet 3 10 Wizard Setup System Wireless and IP Part II SYSTEM WIRELESS AND IP ZyAIR B 500 Wireless Access Point User s Guide Chapter 4 System Screens This chapter provides information on the System screens 4 1 System Overview This section provides information on general system setup 4 2 Configuring General Setup Click SYSTEM to open the General screen SYSTEM Figure 4 1 System General Setup The following table describes the labels in this screen System Screens 4 1 ZyAIR B 500 Wireless Access Point User s Guide Table 4 1 System General Setup LABEL DESCRIPTION System Name Type a descriptive name to identify the ZyAIR in the Ethernet network This name can be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores _ are accepted Domain Name This is not a required field Leave this field blank or enter the domain name here if you know it Administrator Inactivity Timer Type how many minutes a management session either via the web configurator or SMT can be lef
142. ou select 192 168 1 0 as the network number which covers 254 individual addresses from 192 168 1 1 to 192 168 1 254 zero and 255 are reserved In other words the first three numbers specify the network number while the last number identifies an individual computer on that network Once you have decided on the network number pick an IP address that is easy to remember for instance 192 168 1 2 for your ZyAIR but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP address Your ZyAIR will compute the subnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the ZyAIR unless you are instructed to do otherwise Wizard Setup 3 7 ZyAIR B 500 Wireless Access Point User s Guide 192 168 1 2 255 255 255 0 0 0 0 0 Figure 3 3 Wizard 3 IP Address Assignment The following table describes the labels in this screen Table 3 6 Wizard 3 IP Address Assignment LABEL DESCRIPTION IP Address Assignment Get automatically From DHCP Select this option if your ZyAIR is using a dynamically assigned IP address from a DHCP server each time You must know the IP address assigned to the ZyAIR by the DHCP server to access the ZyAIR again Use fixed IP address Select this option if your ZyAIR is using a static IP address When you select this option f
143. owever PEAP only supports EAP methods such as EAP MD5 EAP MSCHAPv2 Types of EAP Authentication F 1 ZyAIR B 500 Wireless Access Point User s Guide and EAP GTC EAP Generic Token Card for client authentication EAP GTC is implemented only by Cisco LEAP LEAP Lightweight Extensible Authentication Protocol is a Cisco implementation of IEEE802 1x For added security certificate based authentications EAP TLS EAP TTLS and PEAP use dynamic keys for data encryption They are often deployed in corporate environments but for public deployment a simple user name and password pair is more practical The following table is a comparison of the features of five authentication types Comparison of EAP Authentication Types EAP MD5 EAP TLS EAP TTLS PEAP LEAP Mutual No Yes Yes Yes Yes Authentication Certificate Client No Yes Optional Optional No Certificate Server No Yes Yes Yes No Dynamic Key No Yes Yes Yes Yes Exchange Credential Integrity None Strong Strong Strong Moderate Deployment Easy Hard Moderate Moderate Moderate Difficulty Client Identity No No Yes Yes No Protection F 2 Types of EAP Authentication ZyAIR B 500 Wireless Access Point User s Guide Appendix G IP Subnetting IP Addressing Routers route based on the network number The router that delivers the data packet to the correct destination host uses the host ID IP Classes An IP address
144. owing screen Menu 24 5 Backup Configuration To transfer the configuration file to your workstation follow the procedure below Launch the FTP client on your workstation Type open and the IP address of your router Then type root and SMT password as requested Locate the rom 0 file Type get rom 0 to back up the current router configuration to your workstation For details on FTP commands please consult the documentation of your FTP client program For details on backup using TFTP note that you must remain in the menu to back up using TFTP please see your router manual Press ENTER to Exit Figure 17 1 Menu 24 5 Backup Configuration 17 2 Firmware and Configuraiton File Maintenance ZyAIR B 500 Wireless Access Point User s Guide 17 2 2 Using the FTP command from the DOS Prompt Step 1 Launch the FTP client on your computer Step 2 Enter open and the IP address of your ZyAIR Step 3 Press ENTER when prompted for a username Step 4 Enter root and your SMT password as requested The default is 1234 Step 5 Enter bin to set transfer mode to binary Step 6 Use get to transfer files from the ZyAIR to the computer for example get rom 0 config rom gt transfers the configuration file on the ZyAIR to your computer and renames it config rom See earlier in this chapter for more information on filename conventions Step 7 Enter quit
145. pe of network it is almost invariably an Ethernet LAN Mobile nodes can roam between access points and seamless campus wide coverage is possible L gt K te a Ed Y A y 4 ES e un e i Notebook with ON AP 2 otebook wi i E Wireless Card i Desktop with Wireless Card i we 1 WirelessCard Y F 4 5 i A Bss2 i 4 i N J ea Desktop with Wireless Card e Desktop with s sWireless Card Note book with Si Wireless Card Notebook with j k a ESS Ses Wireless Card Mi e Al A x oe A de o E A Diagram D 2 ESS Provides Campus Wide Coverage D 3 Wireless LAN and IEEE 802 11 ZyAIR B 500 Wireless Access Point User s Guide Appendix E Wireless LAN With IEEE 802 1x As wireless networks become popular for both portable computing and corporate networks security is now a priority Security Flaws with IEEE 802 11 Wireless networks based on the original IEEE 802 11 have a poor reputation for safety The IEEE 802 11b wireless access standard first published in 1999 was based on the MAC address As the MAC address is sent across the wireless link in clear text it is easy to spoof and fake Even the WEP Wire Equivalent Privacy data encryption is unreliable as it can be easily decrypted with current computer speed Deployment Issues with IEEE 802 11 User account management has become a net
146. r should be from 1 to 32 32 Association Stations Output Power Press SPACE BAR to select 11dBm 14dBm or 17dBm and press ENTER 17dBm Preamble Press SPACE BAR to select a preamble type Choices are Long and Long Dynamic See the section on preamble for more information 12 4 LAN Setup ZyAIR B 500 Wireless Access Point User s Guide Table 12 2 Menu 3 5 Wireless LAN Setup FIELD DESCRIPTION EXMAPLE When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 12 3 1 Configuring MAC Address Filter Your ZyAIR checks the MAC address of the wireless station device against a list of allowed or denied MAC addresses However intruders could fake allowed MAC addresses so MAC based authentication is less secure than EAP authentication Follow the steps below to create the MAC address table on your ZyAIR Step 1 From the main menu enter 3 to open Menu 3 LAN Setup Step 2 Enter 5 to display Menu 3 5 Wireless LAN Setup Menu 3 5 Wireless LAN Setup ESSID Wireless Hide ESSID No Edit MAC Address Filter Yes Channel ID CH06 2437MHz Edit Roaming Configuration No RTS Threshold 2432 Block Intra BSS Traffic No Frag Threshold 2432 Number of Associated Stations 32 WEP Encryption 64 bit WEP Output Power 17dBm Default Key 1 Preamble Long Keyl KKKKKKKK Key2 KKKKK
147. ration or press ESC to cancel 18 2 1 Resetting the Time The ZyAIR resets the time in three instances System Maintenance and Information 18 3 ZyAIR B 500 Wireless Access Point User s Guide 1 On leaving menu 24 10 after making changes ii When the ZyAIR starts up if there is a time server configured in menu 24 10 iii 24 hour intervals after starting 18 4 System Maintenance and Information Appendices Part VI APPENDICES This part provides troubleshooting and background information about setting up your computer s IP address wireless LAN 802 1x and IP subnetting It also provides information on the command interpreter interface and logs A VI ZyAIR B 500 Wireless Access Point User s Guide Appendix A Troubleshooting This appendix covers potential problems and possible remedies After each problem description some instructions are provided to help you to diagnose and to solve the problem Problems Starting Up the ZyAIR Chart A 1 Troubleshooting the Start Up of Your ZyAIR PROBLEM CORRECTIVE ACTION None of the LEDs turn on when plug in the power adaptor Make sure you are using the supplied power adaptor and that it is plugged in to an appropriate power source Check that the power source is turned on If the problem persists you may have a hardware problem In this case you should contact your local vendor The ZyAIR
148. rd the error logs and alerts and then view the results ras gt sys logs load ras gt sys logs category error 3 ras gt sys logs save ras gt sys logs display access Log Descriptions ZyAIR B 500 Wireless Access Point User s Guide time source destination notes message 0 11 11 2002 15 10 12 172 22 3 80 137 WA 222552552137 ACCESS BLOCK Log Description 1 5 ZyAIR B 500 Wireless Access Point User s Guide 802 1X Overview cocooconocconccononnnoncconocnnonnonnonnccnnonnnnns 6 14 A Address ASSIgnMent c ccccsceescesseseeseeeeceeenseeeees 3 6 Ad hoc Configuration ccccccccecceceseceeeeeeeceeenee D 2 Alternative Subnet Mask Notation oooooncoinccoo o G 3 Applications Authentication ooooonconccnicnoncnononnnonccononononncono cn nonnnonnons 6 4 auto negotiatiON cooonocnnonicnocncononononnconocononnnonnconccnnonns 1 1 B CA at F 1 Certificate AUthority ccececcseeseeeeceteeneeeeees See CA Channel TD vo noia 5 7 12 3 Classes of IP Addresses Collision ee 16 2 Command Interpreter oooooonccicnnncnocccononnocnconocnnonos 18 1 Community eee w 14 2 Computer s IP Address ooooonoonocincniccconocononnnonncnnonnos C 1 Copyright asernes he ni eee deaths ii CPU Load 16 3 Customer SUpPPOlTt oooconoccnnoccnocononcnonnnononononoconaconnnonnncnnno v D Data encryption 3 1 Data Encryption Appendix J Index Default coon cscs iaa DA
149. requirements must be met in order for wireless stations to roam between the coverage areas 1 All the access points must be on the same subnet and configured with the same ESSID 2 IFIEEE 802 1x user authentication is enabled and to be done locally on the access point the new access point must have the user profile for the wireless station 3 The adjacent access points should use different radio channels when their coverage areas overlap All access points must use the same port number to relay roaming information Wireless Configuration and Roaming 5 9 ZyAIR B 500 Wireless Access Point User s Guide 5 The access points must be connected to the Ethernet and be able to get IP addresses from a DHCP server if using dynamic IP address assignment To enable roaming on your ZyAIR click the WIRELESS link under ADVANCED and then the Roaming tab The screen appears as shown Database Figure 5 7 Roaming The following table describes the labels in this screen Table 5 2 Roaming LABEL DESCRIPTION Active Select Yes from the drop down list box to enable roaming on the ZyAIR if you have two or more ZyAlRs on the same subnet All APs on the same subnet and the wireless stations must have the same ESSID to allow roaming Port Enter the port number to communicate roaming information between access points The port number must be the same on all access points The default is 16290 Make sure this port is
150. rt I 1 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The ZyAIR has adjusted its time based on information from the time server Time calibration failed The ZyAIR failed to get information from the time server DHCP client gets s A DHCP client got a new IP address from the DHCP server DHCP client IP A DHCP client s IP address has expired expired DHCP server assigns The DHCP server assigned an IP address to a client SS SMT Login Someone has logged on to the ZyAIR s SMT interface Successfully SMT Login Fail Someone has failed to log on to the ZyAIR s SMT interface WEB Login Someone has logged on to the ZyAIR s web configurator interface Successfully WEB Login Fail Someone has failed to log on to the ZyAIR s web configurator interface TELNET Login Someone has logged on to the ZyAIR via telnet Successfully TELNET Login Fail Someone has failed to log on to the ZyAIR via telnet FTP Login Someone has logged on to the ZyAIR via FTP Successfully FTP Login Fail Someone has failed to log on to the ZyAIR via FTP Log Description ZyAIR B 500 Wireless Access Point User s Guide Chart l 2 ICMP Notes TYPE CODE DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable
151. rview This section introduces the wireless LAN WLAN and some basic scenarios 5 1 1 IBSS An Independent Basic Service Set IBSS also called an Ad hoc network is the simplest WLAN configuration An IBSS is defined as two or more computers with wireless adapters within range of each other that from an independent wireless network without the need of an access point AP gt A y X Y 2 ER 2 Notebook with Desktop With wireless adapter wireless adapter 1 I Ad hoc Wireless LAN IBSS S a a PS Desktop with 7 Notebook with wireless adapter wireless adapter Figure 5 1 IBSS Ad hoc Wireless LAN 5 1 2 BSS A Basic Service Set BSS exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point AP Intra BSS traffic is traffic between wireless stations in the BSS When Intra BSS is enabled wireless station A and B can access the wired network and communicate with each other When Intra BSS is disabled wireless station A and B can still access the wired network but cannot communicate with each other Wireless Configuration and Roaming 5 1 ZyAIR B 500 Wireless Access Point User s Guide Mr Pd a cd Wireless Station B_ gt e A Figure 5 2 Basic Service set 5 1 3 ESS An Extended Service Set ESS consists
152. ryption is activated the default setting is Auto ASCII Select this option to enter ASCII characters as the WEP keys Hex Select this option to enter hexadecimal characters as the WEP keys The preceding Ox is entered automatically Key 1 to The WEP keys are used to encrypt data Both the ZyAIR and the wireless stations Key 4 must use the same WEP key for data transmission If you chose 64 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F You must configure all four keys but only one key can be used at any one time The default key is key 1 ReAuthentication Specify how often wireless stations have to reenter usernames and passwords in Timer in order to stay connected Enter a time interval between 10 and 9999 seconds The seconds default time interval is 1800 seconds 30 minutes If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Idle Timeout The ZyAIR automatically disconnects a wireless station from the wired network after a period of inactivity The wireless station needs to enter the username and password again before access to the wired network is allowed The default time interval is 3600 seconds or 1 hour 6 18 Wireless Security ZyAIR B 500 Wireless Access Point User s Guide Table 6 7 Wireless
153. s ZyXEL WIZARD SETUP ADVANCED SYSTEM WIRELESS Welcome to the ZyXEL embedded web configurator MAINTENANCE LOGOUT e Click Wizard Setup to configure your system for Internet access A Click Advanced to access a range of advanced submenus Click to view the web configurator in the language of your choice Maintenance to access a range of maintenance submenus Please choose the langage you need Click LOGOUT at English Francais Deutsch Espa ol Italiano ES any time to exit the web configurator Click MAINTENANCE to view information about your ZyAIR or upgrade configuration firmware files Maintenance includes Status Statistics Association List Channel Usage F W firmware Upload Configuration Backup Restore and Default and Restart Figure 2 2 Navigating the ZyAIR Web Configurator Introducing the Web Configurator 2 3 ZyAIR B 500 Wireless Access Point User s Guide Chapter 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator 3 1 Wizard Setup Overview The web configurator s setup wizard helps you configure your ZyAIR for wireless stations to access your wired LAN 3 1 1 Channel A channel is the radio frequency ies used by IEEE 802 11b wireless devices Channels available depend on your geographical area You may have a choice of channels for your region so you should use a different channel than an adjac
154. s Control Panels d Appearance M Favorites Apple Menu Options a Key Caps AppleTalk Network Browser Colorsync Recent Applications Control Strip E Recent Documents Edd EF Remote Access Status Energy Saver Scrapbook Extensions Manager Sherlock2 File Exchange Speakable Items File Sharing j General Controls Internet Keyboard Keychain Access Launcher Location Manager Memory Modem Monitors Mouse Multiple Users Numbers QuickTime Settings Remote Access Software Update Sound Speech Startup Disk Text USBPrinter Sharing 2 Select Ethernet built in D TCN SSS H from the Connect via list Comect vla Ethernet Setup Configure Using DHCP Server DHCP Client ID IP Address lt will be supplied by server gt Subnet mask lt will be supplied by server gt Router address lt will be supplied by server gt Search comans Name server addr will be supplied by server gt 3 For dynamically assigned settings select Using DHCP Server from the Configure list Setting Up Your Computer s IP Address C 9 ZyAIR B 500 Wireless Access Point User s Guide 4 For statically assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your ZyAIR in the Router address box Close the TCP IP Control Panel 6 Click Save if prompted to save changes to yo
155. s Access Point User s Guide 5 5 Configuring Roaming A wireless station is a device with an IEEE 802 11b compliant wireless adapters An access point AP acts as a bridge between the wireless and wired networks An AP creates its own wireless coverage area A wireless station can associate with a particular access point only 1f it is within the access point s coverage area In a network environment with multiple access points wireless stations are able to switch from one access point to another as they move between the coverage areas This is roaming As the wireless station moves from place to place it is responsible for choosing the most appropriate access point depending on the signal strength network utilization or other factors The roaming feature on the access points allows the access points to relay information about the wireless stations to each other When a wireless station moves from a coverage area to another it scans and uses the channel of a new access point which then informs the access points on the LAN about the change The new information is then propagated to the other access points on the LAN An example is shown in Figure 5 6 With roaming a wireless LAN mobile user enjoys a continuous connection to the wired network through an access point while moving around the wireless LAN Enable roaming to exchange the latest bridge information of all wireless stations between APs when a wireless station moves between cover
156. s selected WPA Broadcast Multicast Key Update Timer The WPA Broadcast Multicast Key Update Timer is the rate at which the AP if using WPA PSK key management or RADIUS server if using WPA key management sends a new group key out to all clients The re keying process is the WPA equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis Setting of the WPA Broadcast Multicast Key Update Timer is also supported in WPA PSK mode The ZyAIR default is 1800 seconds 30 minutes System Security 15 5 ZyAIR B 500 Wireless Access Point User s Guide Table 15 2 Menu 23 4 System Security IEEE802 1x FIELD DESCRIPTION Authentication The authentication database contains wireless station login information The local Databases user database is the built in database on the ZyAIR The RADIUS is an external server Use this field to decide which database the ZyAIR should use first to authenticate a wireless station Before you specify the priority make sure you have set up the corresponding database correctly first When you configure Key Management Protocol to WPA the Authentication Databases must be RADIUS Only You can only use the Local User Database with 802 1x Key Management Protocol Select Local User Database Only to have the ZyAIR just check the built in user database on the ZyAIR for a wireless station s username and password Select RADIUS Only to hav
157. s support it Select Long if you have a noisy network or are unsure of what preamble mode your wireless clients support as all IEEE 802 11b compliant wireless adapters must support long preamble However not all wireless adapters support short preamble Use long preamble if you are unsure what preamble mode the wireless adapters support to ensure interpretability between the ZyAIR and the wireless stations and to provide more reliable communication in noisy networks Select Dynamic to have the ZyAIR automatically use short preamble when all wireless clients support it otherwise the ZyAIR uses long preamble The ZyAIR and the wireless stations MUST use the same preamble mode in order to communicate 5 4 Configuring Wireless Click the WIRELESS link under ADVANCED to display the Wireless screen Wireless Configuration and Roaming 5 5 ZyAIR B 500 Wireless Access Point User s Guide Wireless MAC Filter Roaming Local User Database RADIUS ESSID Wireless l Hide ESSID Choose Channel ID Channel 06 2437 MHz or Scan RTS CTS Threshold 2432 0 2432 Fragmentation Threshold 2432 256 2432 Security No Security V Enable Intra BSS Traffic Number of Wireless Stations Allowed 32 1 32 Output Power 17dBm 50m Preamble Long y Apply Reset Figure 5 5 Wireless The following table describes the general wireless LAN labels in this screen Table 5 1 Wireless
158. s the wireless LAN security labels in this screen Wireless Security 6 15 ZyAIR B 500 Wireless Access Point User s Guide Table 6 6 Wireless 802 1x and Dynamic WEP LABEL DESCRIPTION Security Select 802 1x Dynamic WEP from the drop down list ReAuthentication Specify how often wireless stations have to reenter usernames and passwords in Timer in seconds order to stay connected Enter a time interval between 10 and 9999 seconds The default time interval is 1800 seconds 30 minutes If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Idle Timeout The ZyAIR automatically disconnects a wireless station from the wired network after a period of inactivity The wireless station needs to enter the username and password again before access to the wired network is allowed The default time interval is 3600 seconds or 1 hour Dynamic WEP Select 64 bit WEP or 128 bit WEP to enable data encryption Up to 32 stations can Key Exchange access the ZyAIR when you configure dynamic WEP key exchange 6 14 Configuring 802 1x and Static WEP Key Exchange In order to configure and enable 802 1x and Static WEP Key Exchange click the WIRELESS link under ADVANCED to display the Wireless screen Select 802 1x Static WEP from the Security list 6 16 Wireless Security ZyAIR B 500 Wireless Access Point User s Guide Wir
159. shown This screen allows you to change the ZyAIR s password If you forget your password or the ZyAIR IP address you will need to reset the ZyAIR See the section on resetting the ZyAIR for details 4 2 System Screens ZyAIR B 500 Wireless Access Point User s Guide Figure 4 2 Password The following table describes the labels in this screen Table 4 2 Password LABEL DESCRIPTION Old Password Type in your existing system password 1234 is the default password New Password Type your new system password up to 31 characters Note that as you type a password the screen displays an asterisk for each character you type Retype to Confirm Retype your new system password for confirmation Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to reload the previous configuration for this screen 4 4 Configuring Time Setting To change your ZyAIR s time and date click SYSTEM and then the Time Setting tab The screen appears as shown Use this screen to configure the ZyAIR s time based on your local time zone System Screens 4 3 ZyAIR B 500 Wireless Access Point User s Guide General Password Time Setting Time Protocol None y Time Server Address Current Time hh mm ss fi fi2 Jas New Time hh mm ss hi fo 20 Current Date yyyy mm dd 2000 New Date yyyy mm dd 2000 ah eh Time Zone GMT Greenwich Mean Time D
160. sic form a wireless LAN connects a set of computers with wireless adapters Any time two or more wireless adapters are within range of each other they can set up an independent network which is commonly referred to as an Ad hoc network or Independent Basic Service Set IBSS See the following diagram of an example of an Ad hoc wireless LAN O ER EEEO mn ann BL otebook with Desktop with wireless card wireless cakd Ad hoc Wireless LAN H IBSS a P pr oy Desktop with Notebook with wireless card AS wireless card Diagram D 1 Peer to Peer Communication in an Ad hoc Network Infrastructure Wireless LAN Configuration For infrastructure WLANs multiple access points APs link the WLAN to the wired network and allow users to efficiently share network resources The access points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood Multiple access points can provide wireless coverage for an entire building or campus All communications between stations or between a station and a wired network client go through the access point D 2 Wireless LAN and IEEE 802 11 ZyAIR B 500 Wireless Access Point User s Guide The Extended Service Set ESS shown in the next figure consists of a series of overlapping BSSs each containing an Access Point connected together by means of a Distribution System DS Although the DS could be any ty
161. ss 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 IP Subnetting G 5 ZyAIR B 500 Wireless Access Point User s Guide Chart G 9 Subnet 3 NETWORK NUMBER LAST OCTET BIT VALUE Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Chart G 10 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 192 IP Address Binary 11000000 10101000 00000001 11000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Example Eight Subnets Similarly use a 27 bit mask to create 8 subnets 001 010 011 100 101 110 The following table shows class C IP address last octet values for each subnet Chart G 11 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 223 254 255 G 6 IP Subnetting ZyAIR B 500 Wireless Access Point User s Guide The following table is a summary for class C subnet planning
162. ss point requesting accounting e Accounting Response Sent by the RADIUS server to indicate that it has started or stopped accounting In order to ensure network security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the wired network from unauthorized access 6 17 1 EAP Authentication Overview EAP Extensible Authentication Protocol is an authentication protocol that runs on top of the IEEE802 1x transport mechanism in order to support multiple types of user authentication By using EAP to interact with an EAP compatible RADIUS server the access point helps a wireless station and a RADIUS server perform authentication The type of authentication you use depends on the RADIUS server or the AP The ZyAIR supports EAP TLS EAP TTLS and DEAP with RADIUS Refer to the Types of EAP Authentication appendix for descriptions on the four common types Your ZyAIR supports EAP MD5 Message Digest Algorithm 5 with the local user database and RADIUS The following figure shows an overview of authentication when you specify a RADIUS server on your access point AP moe A Wireless Station o Eth met RADIUS Server Figure 6 13 EAP Authentication Wireless Security 6 25 ZyAIR B 500 Wireless Access Point User s Guide The details below provide a ge
163. sssccscssssssccscessssscsccessscsscscesescessscesesseecccesscsssssseesceseeees F 1 Appendix G IP Submetting csscsscsssccssssscsssessscssessesssessssesensssssssssseescssssessesesnsesssesssesessesssesssesooess G 1 Appendix H Command Interpreter sscccssscssssccscccssssesssessssscsscssscssssccsescessscseessescscesecsssscssesceseeese H 1 Appendix T LOS DESCriPptiONs AAA OL I 1 Appendix J Undex cccssscssssssessssssscsssssssesssssscsscsesssssssssssesnsessssesesesenesssesscessessssssssssesssesssesenesssessocsooess J 1 x Table of Contents ZyAIR B 500 Wireless Access Point User s Guide List of Figures Figure D Internet Access A pplication x nes ces eget a aaoita 1 4 Figure 1 2 Corporation Network Application cesceessceceeecesesecesecseescceeeeeeecneeseceaeeeeaecaeesecneseeeaeaeeeaeeates 1 5 Figure 2 1 Change Password aos 2 1 Figure 2 2 Navigating the ZyAIR Web Configurator 0 ccecseccssecceeeeeesecseeeceeeeceaeeeessecaeesecneveeceaeeneeaesaees 2 3 Figure 321 Wizard 1 3 General bacan 3 2 Figure 3 2 Wizard 2 Wireless LAN Setup 0 ccccescsesscseeeecesceeeeecaeeeeesecaeesecneeseceaeeeeaecaeeeesneveceaeeeeeneeaees 3 3 Figure 3 3 Wizard 3 IP Address Assignment sccssssccseescescseseeceseeeeesecseesecneesecsaeeeeaecaeesecneeeceasaeeeaeeates 3 6 Figure 4 1 System General Setup oiiire neenon eae aa eeo iriri nE Sr e N eeoa oiai siii 4 1 Figure 422 Password ios baaa 4 3 Figure A
164. system instructing the wireless client how to use WPA At the time of writing the most widely available supplicants are the WPA patch for Windows XP Funk Software s Odyssey client and Meetinghouse Data Communications AEGIS client The Windows XP patch is a free download that adds WPA capability to Windows XP s built in Zero Configuration wireless client However you must run Windows XP to use it Wireless Security 6 11 ZyAIR B 500 Wireless Access Point User s Guide 6 9 WPAwith RADIUS Application Example You need the IP address of the RADIUS server its port number default is 1812 and the RADIUS shared secret A WPA application example with an external RADIUS server looks as follows A is the RADIUS server DS is the distribution system Step 1 Step 2 Step 3 The AP passes the wireless client s authentication request to the RADIUS server The RADIUS server then checks the user s identification against its database and grants or denies network access accordingly The RADIUS server distributes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the pair wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients gt Internet w Figure 6 7 WPA with RADIUS Application Example 6 10 Configuring WPA Authentication In order to con
165. t idle before the session times out The default is 5 minutes After it times out you have to log in with your password again Very long idle timeouts may have security risks A value of 0 means a management session never times out no matter how long it has been left idle not recommended System DNS Servers First DNS Server Second DNS Server Third DNS Server Select From DHCP if your DHCP server dynamically assigns DNS server information and the ZyAIR s Ethernet IP address The field to the right displays the read only DNS server IP address that the DHCP assigns Select User Defined if you have the IP address of a DNS server Enter the DNS server s IP address in the field to the right If you chose User Defined but leave the IP address set to 0 0 0 0 User Defined changes to None after you click Apply If you set a second choice to User Defined and enter the same IP address the second User Defined changes to None after you click Apply Select None if you do not want to configure DNS servers If you do not configure a DNS server you must know the IP address of a machine in order to access it The default setting is None Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to reload the previous configuration for this screen 4 3 Configuring Password To change your ZyAIR s password recommended click SYSTEM and then the Password tab The screen appears as
166. t use the new IP address if you want to access the web configurator again IP Subnet Mask Enter the subnet mask Gateway IP Address Enter the IP address of a gateway The gateway is an immediate neighbor of your ZyAIR that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your ZyAIR over the WAN the gateway must be the IP address of one of the remote node Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to begin configuring this screen afresh 7 2 IP Logs Part III ZyAIR B 500 Wireless Access Point User s Guide Chapter 8 Logs Screens This chapter contains information about configuring general log settings and viewing the ZyAIR s logs Refer to the appendix for example log message explanations 8 1 Configuring View Log The web configurator allows you to look at all of the ZyAIR s logs in one location Click LOGS to open the View Log screen Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen see section 8 2 Options include logs about system maintenance system errors and access control You can view logs and alert messages in this page Once the log entries are all used the log will wrap around and the old logs will be deleted Click a column heading to sort the entries A triangle indicates the direction of the sort order
167. tected Access ooooococccnccconocononnnonoconocnnonnnno Wired Equivalent Privacy Wireless Client WPA Supplicants Wireless LAN ooooocconcccocconocononnconccnonns a Benefits asc ai tee Wireless LAN Setup coooococcocononocnconccononnnonncnoonconos Wizard Setup 3 1 3 2 3 3 3 4 3 6 WEAN vecinos See Wireless LAN WPA with RADIUS Application WPA PSK A NAT WPA PSK ApplicatiOM ooconnicconinoninicnonnoncnncononacnnos ZYNOS F W Versiointi ninna penine iis 17 1 Index J 3
168. ternal filename refers to the filename not on the ZyAIR that is on your computer local network or FTP site and so the name but not the extension will vary After uploading new firmware see the ZyNOS F W Version field in Menu 24 2 1 System Maintenance Information to confirm that you have uploaded the correct firmware version Firmware and Configuraiton File Maintenance 17 1 ZyAIR B 500 Wireless Access Point User s Guide Table 17 1 Filename Conventions FILE TYPE INTERNAL EXTERNAL DESCRIPTION NAME NAME Configuration File Rom 0 rom This is the configuration filename on the ZyAIR Uploading the rom 0 file replaces the entire ROM file system including your ZyAIR configurations system related data including the default password the error log and the trace log Firmware Ras bin This is the generic name for the ZyNOS firmware on the ZyAIR 17 2 Backup Configuration Option 5 from Menu 24 System Maintenance allows you to backup the current ZyAIR configuration to your computer Backup is highly recommended once your ZyAIR is functioning properly FTP is the preferred method although TFTP can also be used Please note that the terms download and upload are relative to the computer Download means to transfer from the ZyAIR to the computer while upload means from your computer to the ZyAIR 17 2 1 Backup Configuration Using FTP Enter 5 in Menu 24 System Maintenance to get the foll
169. ternet connection A typical Internet access application for your ZyAIR is shown as follows lt Wireless M Station A WHR gt C y lt h q Internet 3 ZyAl lt gt Wireless LAN A ble Modem p Connections R Router POLGA MoS e Wireless _ a p ae Station B ISP Figure 1 1 Internet Access Application 1 3 2 Corporation Network Application In situations where users are always on the move in the coverage area but still need access to corporate network access the ZyAIR is an ideal solution for wireless stations to connect to the corporate network without expensive network cabling The following figure depicts a typical application of the ZyAIR in an enterprise environment The three computers with wireless adapters are allowed to access the network resource through the ZyAIR after account validation by the network authentication server 1 4 Getting to Know Your ZyAIR ZyAIR B 500 Wireless Access Point User s Guide a Internet D Ss PP e Sanese Ni ad Wireless Station A Re td a Wireless Station B 5 eo E E ps PE Wireless StationC _ Figure 1 2 Corporation Network Application 1 5 Getting to Know Your ZyAIR ZyAIR B 500 Wireless Access Point User s Guide Chapter 2 Introducing the Web Configurator This chapter describes how to access the ZyAIR web configurator and provides an overview of its screens The defau
170. to meeting getting up to date access to information and the ability to communicate decisions while on the go 5 It provides campus wide networking mobility allowing enterprises the roaming capability to set up easy to use wireless networks that cover the entire campus transparently IEEE 802 11 The 1997 completion of the IEEE 802 11 standard for wireless LANs WLANs was a first important step in the evolutionary development of wireless networking technologies The standard was developed to maximize interoperability between differing brands of wireless LANs as well as to introduce a variety of performance improvements and benefits The IEEE 802 11 specifies three different transmission methods for the PHY the layer responsible for transferring data between nodes Two of the methods use spread spectrum RF signals Direct Sequence Spread Spectrum DSSS and Frequency Hopping Spread Spectrum FHSS in the 2 4 to 2 4825 GHz Wireless LAN and IEEE 802 11 D 1 ZyAlR B 500 Wireless Access Point User s Guide unlicensed ISM Industrial Scientific and Medical band The third method is infrared technology using very high frequencies just below visible light in the electromagnetic spectrum to carry data Ad hoc Wireless LAN Configuration The simplest WLAN configuration is an independent Ad hoc WLAN that connects a set of computers with wireless nodes or stations STA which is called a Basic Service Set BSS In the most ba
171. tures can be configured through all interfaces The web configurator parts of this guide contain background information on features configurable by the web configurator and the SMT The SMT parts of this guide contain background information solely on features not configurable by the web configurator Register your product online to receive e mail notices of firmware upgrades and information at www zyxel com for global products or at www us zyxel com for North American products Related Documentation gt Supporting Disk Refer to the included CD for support documents gt Quick Installation Guide Our Quick Installation Guide is designed to help you get up and running right away It contains information on the configuration of key features and hardware connections and installation gt ZyXEL Web Site The ZyXEL download library at www zyxel com contains additional support documentation Please also refer to www zyxel com for an online glossary of networking terms Syntax Conventions e Enter means for you to type one or more characters and press the carriage return Select or Choose means for you to use one predefined choices e Enter or carriage return key ESC means the escape key and SPACE BAR means the space bar UP and DOWN are the up and down arrow keys Preface xvii ZyAIR B 500 Wireless Access Point User s Guide e Mouse action sequences are denoted using a comma For example
172. turn off the ZyAIR while firmware upload is in progress After you see the Firmware Upload in Process screen wait two minutes before logging into the ZyAIR again Figure 9 6 Firmware Upload In Process The ZyAIR automatically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Local Area Connection Network cable unplugged Figure 9 7 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the System Status screen Maintenance 9 7 ZyAIR B 500 Wireless Access Point User s Guide If the upload was not successful the following screen will appear Click Return to go back to the F W Upload screen Figure 9 8 Firmware Upload Error 9 6 Configuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP TFTP commands Click MAINTENANCE and then the Configuration tab Information related to factory defaults backup configuration and restoring configuration appears as shown next 9 8 Maintenance ZyAIR B 500 Wireless Access Point User s Guide Status Association List Channel Usage FAW Upload Configuration Restart Backup Configuration Click Backup to save the current configuration of your system to your computer Backup Restore Configuration To restore a previously sa
173. ublin Edinburgh Lisbon London y l Daylight Savings Start Date mm dd lo Month J Day End Date mm dd lo Month Day Reset Figure 4 3 Time Setting The following table describes the labels in this screen Table 4 3 Time Setting LABEL DESCRIPTION Time Protocol Select the time service protocol that your time server sends when you turn on the ZyAIR Not all time servers support all protocols so you may have to check with your ISP network administrator or use trial and error to find a protocol that works The main difference between them is the format Daytime RFC 867 format is day month year time zone of the server Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 The default NTP RFC 1305 is similar to Time RFC 868 Select None to enter the time and date manually 4 4 System Screens ZyAIR B 500 Wireless Access Point User s Guide Table 4 3 Time Setting LABEL DESCRIPTION Time Server Enter the IP address or the URL of your time server Check with your ISP network Address administrator if you are unsure of this information Current Time This field displays the time of your ZyAIR hh mm ss Each time you reload this page the ZyAIR synchronizes the time with the time server New Time This field displays the last updated time from the time server hh mm ss When you select None in the Ti
174. uide Chapter 12 LAN Setup This chapter shows you how to configure the LAN on your ZyAIR 12 1 LAN Setup This section describes how to configure the Ethernet using Menu 3 LAN Setup From the main menu enter 3 to display menu 3 Menu 3 LAN Setup 2 TCP IP Setup 5 Wireless LAN Setup Enter Menu Selection Number Figure 12 1 Menu 3 LAN Setup 12 2 TCP IP Ethernet Setup Use menu 3 2 to configure your ZyAIR for TCP IP To edit menu 3 2 enter 3 from the main menu to display Menu 3 LAN Setup When menu 3 appears press 2 and press ENTER to display Menu 3 2 TCP IP Setup as shown next Menu 3 2 TCP IP Setup IP Address Assignment Static IP Address 192 168 1 2 IP Subnet Mask 255 255 255 0 Gateway IP Address 0 0 0 0 Press ENTER to Confirm or ESC to Cancel Figure 12 2 Menu 3 2 TCP IP Setup Follow the instructions in the following table on how to configure the fields in this menu LAN Setup 12 1 ZyAIR B 500 Wireless Access Point User s Guide Table 12 1 Menu 3 2 TCP IP Setup FIELD DESCRIPTION EXAMPLE IP Address Press SPACE BAR and then ENTER to select Dynamic to have the Assignment ZyAIR obtain an IP address from a DHCP server You must know the IP address assigned to the ZyAIR by the DHCP server to access the ZyAIR again Select Static to give the ZyAIR a fixed unique IP address Enter a subnet mask appropriate to your network and the gateway IP address if app
175. unicate with the access points without any data encryption The screen varies according to what you select in the Security field Wireless Security 6 1 ZyAIR B 500 Wireless Access Point User s Guide Wireless MAC Filter Roaming paises RADIUS ESSID Wireless Hide ESSID Choose Channel ID Channel 06 2437 MHz or Scan RTS CTS Threshold 2432 0 2432 Fragmentation Threshold 2432 256 2432 Security No Security V Enable Intra BSS Traffic Number of Wireless Stations Allowed 32 1 32 Output Power 1 dBm 50m Preamble Long y Apply Reset Figure 6 2 Wireless The following table describes the wireless LAN security label in this screen Table 6 1 Wireless LABEL DESCRIPTION Security Choose from one of the security features listed in the drop down box e No Security e Static WEP e WPA PSK e WPA e 802 1x Dynamic WEP e 802 1x Static WEP e 802 1x No WEP Wireless Security ZyAIR B 500 Wireless Access Point User s Guide 6 2 Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method key management protocol type You enter manual keys by first selecting 64 bit WEP or 128 bit WEP from the WEP Encryption field and then typing the keys in ASCII or hexadecimal format in the key text boxes MAC address filters are not dependent on how you configure these security f
176. ur configuration Turn on your ZyAIR and restart your computer if prompted Verifying Your Computer s IP Address Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu and click System Preferences to open the System Preferences window le Grab File Edit Capt About This Mac Get Mac OS X Software System Preferences Dock gt Location gt C 10 Setting Up Your Computer s IP Address ZyAIR B 500 Wireless Access Point User s Guide 2 Click Network in the icon bar Select Automatic from the Location list Select Built in Ethernet from the Show list Click the TCP IP tab e0 Network is HQ a Show All Displays Network Startup Disk Location Automatic 3 Show Built in Ethernet A Fcene Y PPPoE il AppleTalk f Proxies Configure Using DHCP 5 Domain Name Servers Optional 168 95 1 1 IP Address 192 168 11 12 Provided by DHCP Server Subnet Mask 255 255 254 0 Search Domains Optional Router 192 168 10 11 DHCP Client ID Optional Example apple com earthlink net Ethernet Address 00 05 02 43 93 ff 3 Click the lock to prevent further changes 3 For dynamically assigned settings select Using DHCP from the Configure list 4 For statically assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box
177. ure 925 Firmware Upload ota ia 9 6 Figure 9 6 Firmware Upload In Process ccsssescssssscesesssesecseesecneeseceecneeseceaeceessecaeeeecneeseceaeeeeeaecaeesaeeeeeaeeaees 9 7 Figure 9 7 Network Temporarily Disconnected c cccesccesceeseceseeeceeseeeseeeseeeeeeeenseenseeseceaecaecaecaeecseeeneesss 9 7 Figure 9 8 Firmware Upload Error incio eiii deidad chee a 9 8 Figure 9 9 Backup Configurations onenian ninni o ii a e i 9 9 Figure 9 10 Restore Configuration ccceescssescssesecesesseesecseeeccnecseceaeeecsaecaeesecnesseceaeeeesaecaeeeeaeseeeeaeeneeaeeaees 9 9 Figure 9 11 Configuration Upload Successful ceseesssessseseceeseeceseeceesecseeecaecsessccneveecnaeeeeeaecaeeeeeaeeetenee 9 10 List of Figures xi ZyAIR B 500 Wireless Access Point User s Guide Figure 9 12 Network Temporarily Disconmected cecceseceeesseeseeeeceececseeeseeseeeecesecesecesecaeeaeenseeaeeeaeenaes 9 10 Figure 9 13 Configuration Upload Error cccccccesscessesssceeseesecesecseecseecsecsaecaaecaeecaeeeaeceneseeeeeeeneeneesseeeseeenes 9 11 Figure 9 14 Back to Factory Default 2 0 0 ccceccceccessceseceseeeceseceaecseecseecseeeaeeeaeeeeeseessecsaeceeecaeeaeeseneenaeenses 9 12 Figure 9 15 Reset Warning Message cc cccscesssesseessceescesceesecsceaecnsecsaecaaecaeecaeeeaeeeaeseeeeeeeeeenaeenaeeasenaeenaes 9 12 Figure 1 02 LOS Serei ta scutes caus took ni ove aaa a a oaea a loci abuse 10 1 Figure 10 2 Menu 23 1 System Security
178. ved configuration file to your system browse to the location of the configuration file and click Upload File Path Browse Upload Back to Factory Defaults Click Reset to clear all user entered configuration information and return to factory defaults After resetting the Password will be 1234 This device can be reached by IP address 192 168 1 2 Reset Figure 9 9 Configuration 9 6 1 Backup Configuration Backup configuration allows you to back up save the ZyAIR s current configuration to a file on your computer Once your ZyAIR is configured and functioning properly it is highly recommended that you back Maintenance 9 9 ZyAIR B 500 Wireless Access Point User s Guide up your configuration file before making configuration changes The backup configuration file will be useful in case you need to return to your previous settings Click Backup to save the ZyAIR s current configuration to your computer 9 6 2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyAIR Table 9 6 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it Click Browse to find the file you want to upload Remember that you must decompress Browse compressed ZIP files before you can upload them Upl
179. ves an unencrypted two message procedure A wireless station sends an open system authentication request to the AP which will then automatically accept and connect the wireless station to the network In effect open system is not authentication at all as any station can gain access to the network Shared key authentication involves a four message procedure A wireless station sends a shared key authentication request to the AP which will then reply with a challenge text message The wireless station must then use the AP s default WEP key to encrypt the challenge text and return it to the AP which attempts to decrypt the message using the AP s default WEP key If the decrypted message matches the challenge text the wireless station is authenticated This requires you to enable the WEP encryption and specify a WEP key on both the wireless station and the AP 6 4 Wireless Security ZyAIR B 500 Wireless Access Point User s Guide When your ZyAIR s authentication method is set to open system it will only accept open system authentication requests The same is true for shared key authentication However when it is set to auto authentication the ZyAIR will accept either type of authentication request and the ZyAIR will fall back to use open authentication if the shared key does not match 6 4 Configuring WEP Encryption In order to configure and enable WEP encryption click the WIRELESS link under ADVANCED to display the Wireless screen
180. when a manager wants to retrieve all elements of a table from an agent it initiates a Get operation followed by a series of GetNext operations e Set Allows the manager to set values for object variables within an agent e Trap Used by the agent to inform the manager of some events 14 2 Supported MIBs The ZyAIR supports RFC 1215 and MIB II as defined in RFC 1213 The focus of the MIBs is to let administrators collect statistic data and monitor status and performance 14 3 SNMP Configuration To configure SNMP select option 22 from the main menu to open Menu 22 SNMP Configuration as shown next The community for Get Set and Trap fields is SNMP terminology for password 14 2 SNMP Configuration ZyAIR B 500 Wireless Access Point User s Guide Menu 22 SNMP Configuration SNMP Get Community public Set Community public Trusted Host 0 0 0 0 Trap Community public Destination 0 0 0 0 Press ENTER to Confirm or ESC to Cancel Figure 14 2 Menu 22 SNMP Configuration The following table describes the SNMP configuration parameters Table 14 1 Menu 22 SNMP Configuration FIELD DESCRIPTION EXAMPLE SNMP Get Community Type the Get Community which is the password for the incoming public Get and GetNext requests from the management station Set Community Type the Set Community which is the password for incoming Set public requests from the management station Trust
181. work administrator s nightmare in a corporate environment as the IEEE 802 11b standard does not provide any central user account management User access control is done through manual modification of the MAC address table on the access point Although WEP data encryption offers a form of data security you have to reset the WEP key on the clients each time you change your WEP key on the access point IEEE 802 1x In June 2001 the IEEE 802 1x standard was designed to extend the features of IEEE 802 11 to support extended authentication as well as providing additional accounting and control features It is supported by Windows XP and a number of network devices Advantages of the IEEE 802 1x e User based identification that allows for roaming e Support for RADIUS Remote Authentication Dial In User Service RFC 2138 2139 for centralized user profile and accounting management on a network RADIUS server e Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to be deployed with no changes to the access point or the wireless stations Wireless LAN with IEEE 802 1x E 1 ZyAIR B 500 Wireless Access Point User s Guide RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL EAP Over LAN SS Wireless Station RADIUS Server Unauthorized State AP RADIUS Server
182. your network supports automatically if you do not know your DNS te cr ole need to ask your network administrator for server IP address es Obtain an IP address automatically If you know your DNS server IP address es O Use the following IP address click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them Obtain DNS server address automatically Use the following DNS server addresses 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click OK to close the Local Area Connection Properties window 10 Turn on your ZyAIR and restart your computer if prompted Verifying Your Computer s IP Address 1 Click Start All Programs Accessories and then Command Prompt 2 Inthe Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then click the Support tab Macintosh OS 8 9 C 8 Setting Up Your Computer s IP Address ZyAIR B 500 Wireless Access Point User s Guide File Edit View Window Special Help 1 Click the Apple menu Control Panel and double click About This Computer TCP IP to open the TCP IP Control Panel Apple system Profiler E Calculator Chooser ADSL Control and Statu
Download Pdf Manuals
Related Search