ZyXEL NXC8160 User's Manual
Contents
1. 73 Part Ill Troubleshooting and Specifications 75 Chapter 10 Lis irit S TD uL e 77 10 1 Power Hardware Connections and LEDs rte ra a 4S ra and aen 77 QUA LIRE vg terc soon c 78 10 3 REM T ACCESS RUE 79 Chapter 11 Product Specifica3tiofis vise kssana kizin sa kok kn kan IR AN ERR BA NR uA A A KA A RNAMD UC KE EK A KA ki AKA 81 Part IV Appendices and Index eeeeeeeeeeeeeeeeees 85 Appendix A Setting up Your Computer s IP Address eeseessseseseseseeeeeeeeeeee 87 Appendix B IP Addresses and Subnetting cccccccccccscccecccecececceecceecceeceecececeeeceeeeeeeeeness 109 Appendix C Pop up Windows JavaScripts and Java Permissions cccccceeeeeeeeeeeeeeees 119 Appendix D Wireless LANS ccccccccsssccceceeecceeccecceeccceccecececececceecceeceeeceeeeeeeeeeeeeeeeeeeeeess 127 Appendix E Legal Information essssssssssssesseenenenennnnnn nennen enne nnne nnns 141 Appendix F Custamar SUDO ua ses ret tinon ki tn kk kk kk RR kak ak EE ENERO kk A RADA 145 3 err 151 NXC 8160 User s Guide 13 Table of Contents NXC 8160 User s Guide List of Figures List of Figures Figure T Wireless IHIGIHOE Access arn eei eia diee e onn adenine S a e S o P RR alin 24 Figure2. NXC 8160 User s Guide a Safety Warnings Safety Warnings gt For your safety be sure to read and follow all warning notices and instructions e e e e e e e e Do NOT use this product near water for example in a wet basement or near a swimming pool Do NOT expose your device to dampness dust or corrosive liquids Do NOT store things on the device Do NOT install use or service this device during a thunderstorm There is a remote risk of electric shock from lightning Connect ONLY suitable accessories to the device Do NOT open the device or unit Opening or removing covers can expose you to dangerous high voltage points or other risks ONLY qualified service personnel should service or disassemble this device Please contact your vendor for further information Make sure to connect the cables to the correct ports Place connecting cables carefully so that no one will step on them or stumble over them Always disconnect all cables from this device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect the power adaptor or cord to the right supply voltage for example 110V AC in North America or 230V AC in Europe Not to remove the plug and plug into a wall outlet by itself always attach the plug to the power supply first before insert into the wall Do NOT allow anything to rest on the power adaptor or cord and do NOT place the produ
3. Customize the appearance and functionality of your computer add or remove programs and set up network connections and user accounts Figure 42 Windows Vista Control Panel Ge Control Panel vl i 1 p File Edit View Tools Help Control Panel Home z System and Maintenance User Accounts Classic View Me B Get started with Windows Change account type Back up your computer Ae Appearance and Personalization Change desktop background Security Check for updates Allow a program through Windows Firewall Change the color scheme Adjust screen resolution etwork and Internet onnect to the Internet D Clock Language and Region View network status and tasks ik Change keyboards or other input methods Set up file sharing Change display language 3 Click Network and Sharing Center Figure 43 Windows Vista Network And Internet CION uw Control Panel Network and Internet v 5 Search p File Edit View Tools Help Control Panel Home x M Network and Sharing Center netu Connect to a network System and Maintenance View network c 5 vices vic work 5 Security View network computers and devices dd a device to the network Set up file sharing Network and Internet Internet Options Connect to the Internet Change your homepage Manage browser add ons Programs Delete browsing history and cookies Hardware and Sound 4 Click Manage ne
4. 4 Click the Gateway tab Ifyou do not know your gateway s IP address remove previously installed gateways f you have a gateway IP address type it in the New gateway field and click Add 5 Click OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your NXC 8160 and restart your computer when prompted Verifying Settings 1 Click Start and then Run 2 Inthe Run window type winipcfg and then click OK to open the IP Configuration window 3 Select your network adapter You should see your computer s IP address subnet mask and default gateway Windows 2000 NT XP The following example figures use the default Windows XP GUI theme 1 Click start Start in Windows 2000 NT Settings Control Panel NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address Figure 34 Windows XP Start Menu Internet Explorer Z My Documents e Outlook Express Y Paint Files and Settings Transfer W ES Command Prompt e My Music E Acrobat Reader 4 0 B My Computer Tour Windows xP QB Windows Movie Maker 5 My Recent Documents gt e My Pictures Q9 Help and Support Search All Programs gt 177 Run D Log Off o Turn Off Computer 5 untitled Paint 2 Inthe Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 35 Windows XP Control Panel am
5. 5 4 1 Rename SSIDs Click the Rename SSIDs link in the WLAN Configuration screen to change an existing SSID NXC 8160 User s Guide 2 Chapter 5 Wireless LAN Figure 17 WLAN gt SSID Table SSID Table SSID Table SSID Name ZyxXEL_G zyxEL ftesti23 Save Cancel The following table describes the labels in this screen Table 12 WLAN gt SSID Table LABEL DESCRIPTION SSID Name This displays the SSIDs available on the NXC 8160 Enter a new descriptive name up to 32 printable English keyboard characters to replace an existing one Save Click Save to save your customized settings Cancel Click Cancel to exit this screen without saving 5 5 Configuring Wireless Security Click SSID amp Security in the navigation panel or the SSID amp Security link in the WLAN Configuration screen to open the SSID amp Security screen Use this screen to onfigure the wireless and wireless security settings for the specified SSID The screen varies according to the security modes you select The following table describes the security modes you can configure Table 13 Security Modes SECURITY MODE DESCRIPTION None Select this to have no data encryption WEP64 Select this to use WEP encryption with a static 64bit WEP key WEP128 Select this to use WEP encryption with a static 128bit WEP key WEPG4 amp 802 1x Select this to use 802 1x aut
6. 2 Double click on the profile of the network card you wish to configure The Ethernet Device General screen displays as shown Figure 55 Red Hat 9 0 KDE Ethernet Device General W Ethernet Device General Route Hardware Device Nickname ethO lt Activate device when computer starts Allow all users to enable and disable the device Automatically obtain IP address settings with dhcp DHCP Settings Hostname optional Automatically obtain DNS information from provider Statically set IP addresses Manual IP Address Settings Address Subnet Mask Default Gateway Address 3 Cancel NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address f you have a dynamic IP address click Automatically obtain IP address settings with and select dhep from the drop down list f you have a static IP address click Statically set IP Addresses and fill in the Address Subnet mask and Default Gateway Address fields Click OK to save the changes and close the Ethernet Device General screen 4 If you know your DNS server IP address es click the DNS tab in the Network Configuration screen Enter the DNS server information in the fields provided Co Figure 56 Red Hat 9 0 KDE Network Configuration DNS bANetwork Configuration File Profile Help B 69 New Edit Copy Delete Devices
7. Allow Default SSID Enable C Disable Display SSID in Beacon Enable C Disable Allow Intra BSS Traffic Enable C Disable Allow Inter Ess Forward Enable C Disable VLAN 0 4095 none Disassociation Timeout 500 0 3600 seconds 0 for no disassociation DTIM period s 7 Encryption amp Authentication Security Mode WEP64 yi WEP Keys mm Transmission Key Gkeyi fo asc S 10 WEP64 13 26 WEP128 Cpe n asa S 10 WEP64 13 26 WEP128 Ou 1 asci s 10 wEP64 13 26 WEP128 Crys Po asc wm S 10 WEP64 13 26 WEP128 Reset The following table describes the labels in this screen Table 16 SSID 8 Security WEP LABEL DESCRIPTION Security Mode Select WEP64 or WEP128 from the drop down list WEP Keys WEP Wired Equivalent Privacy provides data encryption to prevent unauthorized wireless stations from accessing data transmitted over the wireless network Transmission The WEP keys are used to encrypt data Both the NXC 8160 and the wireless clients Keys must use the same WEP key for data transmission You can configure up to four keys but only one key can be activated at any one time Select a WEP key to use for data encryption The default key is key 1 To set the WEP keys select ASCII or HEX as the WEP key input method and enter the WEP key in the field provided Select ASCII option to enter ASCII characters as the WEP keys Select the HEX option to ent
8. bleshooting 77 pecifications 81 Troubleshooting This chapter offers some suggestions to solve problems you might encounter The potential problems are divided into the following categories Power Hardware Connections and LEDs NXC 8160 Access and Login Internet Access 10 1 Power Hardware Connections and LEDs e The NXC 8160 does not turn on None of the LEDs turn on 1 Make sure the NXC 8160 is turned on 2 Make sure you are using the power cord included with the NXC 8160 3 Make sure the power cord is connected to the NXC 8160 and plugged in to an appropriate power source Make sure the power source is turned on 4 Disconnect and re connect the power cord to the NXC 8160 5 Ifthe problem continues contact the vendor One of the LEDs does not behave as expected Make sure you understand the normal behavior of the LED See Section 1 5 on page 25 Check the hardware connections See the Quick Start Guide Inspect your cables for damage Replace any damaged cables Disconnect and re connect the power cord to the NXC 8160 If the problem continues contact the vendor ah whd NXC 8160 User s Guide Chapter 10 Troubleshooting 10 2 NXC 8160 Access and Login forgot the LAN IP address for the NXC 8160 1 The default LAN IP address is 192 168 1 10 2 Ifthis does not work or you changed the IP address and have forgotten it you have to contact your
9. KAD 129 Document Title List of Figures Figure oZ RTS DS sas iaeniasectio qae qa et aat aa dta vegan a tac ad LU RIS LR n Rd 130 Figure 83 WPA 2 with RADIUS Application Example seen 137 Figure 84 WPA 2 PSK Authentication M M 138 Document Title List of Figures Document Title List of Tables List of Tables Tubo Trom Pel LEDS LIONEL ke ton kk zo a net d p e Rata dap rS eR RE tio Et c Ut 26 Table 2 Title Bar Web Configurator IGOR iuis ees reitera etx nba a bik kap ai Ek LR bd koki a opa bk kaka dE ik EN Ak 28 Table Web Confidurdater Status DOFGOEII ie ter s sovoe rasta akt est k ARI ask a bU pake ka FENCE ANE ask bsp Ceo Ub A dik hae 29 TDB 4 SEEN SUN aa zon ei kn tea p nee ke e ez ka e on ek ez ke Ze eee e pez AZA ANA 30 Table o Web Contgurater About Screan kab desk dod PH ea bank a br ks kk RE EDU Ree 31 I 1008 d Em 39 Table 7 ZyXEL Centralized Configuration Specifications sssssssssssssssssseeeenne 41 Table 9 Centralized Configuration Member oda kk cH int b ar pi CRISI dead a RA cda uirum UR EK ENG 44 Table 9 Centralized Configuration Master ssa rtt rb PER ya EX bue e pee anpes dH 44 Table 10 Types of Encryption for Each Type of Authentication ssssssssssssseseeeee 49 Dr su AA Meer C m 52 Tabs t2 WLAN SAB TINE Lutetia D NUMEN arx sah RR t B p vetu s pae t CO ad 54 Table 13 Seca Modos aaa eki aa tete n etin pelis a ak ma eM
10. BS Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space 3 2 2 Management IP Addresses The NXC 8160 needs an IP address for it to be managed over the network The factory default IP address is 192 168 1 10 The subnet mask specifies the network number portion of an IP address The factory default subnet mask is 255 255 255 0 NXC 8160 User s Guide Chapter 3 LAN Screen 3 3 VLAN A VLAN Virtual Local Area Network allows a physical network to be partitioned into multiple logical networks Stations on a logical network can belong to more than one group Only stations within the same group can talk to each other With VLAN a device cannot directly talk to or hear from devices that are not in the same group s unless such traffic first goes through a router In traditional switched environments all broadcast packets go to each and every individual port With VLAN all broadcasts are confined to a specific broadcast domain SSIDs in the same VLAN group share the same broadcast domain thus increase network performance through reduced broadcast traffic VLAN on the NXC 8160 allows you to Provide security and isolation among the LAN IP addresses and SSIDs Stop an SSID from accessing the Inte
11. Chapter 5 Wireless LAN Table 11 WLAN continued LABEL DESCRIPTION 1 Mbps 54 Mbps This is the data rate at which the NXC 8160 can transmit Select Adapt to allow the NXC 8160 to switch between and send traffic to wireless clients at the specified rates after you select Enable Rate Adaption If you select Disabled the Adapt check box is grayed out and the rate will not be available for rate adaption even if you have selected it Select Basic when your wireless clients can transmit at the specified rate This allows only the wireless devices that support this data rate or higher to connect to the wireless network It s recommended that you set the rate supported by all wireless devices in your wireless network as the basic rate Basic is not available for the extended data rates Select Optional to set this rate as an optional choice The wireless devices that support it can choose to communicate with the network at this rate Select Disabled to not allow the wireless devices to communicate with the network at this rate You can select Adapt and Basic or Optional at the same time Setup SSIDs The SSID Service Set IDentifier identifies the service set with which a wireless client is associated Wireless clients associating with the access point AP must have the same SSID When a wireless client scans for an AP to associate with this is the name that is broadcast and seen in the wireless client utility
12. NXC 8160 User s Guide Introducing the Web Configurator This chapter describes how to access the NXC 8160 web configurator and provides an overview of its screens 2 1 Web Configurator Overview The web configurator is an HTML based management interface that allows easy NXC 8160 setup and management via Internet browser Use Internet Explorer 6 0 and later or Netscape Navigator 7 0 and later versions The recommended screen resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScripts enabled by default Java permissions enabled by default See Appendix C on page 119 if you want to make sure these functions are allowed in Internet Explorer or Netscape Navigator 2 2 Accessing the NXC 8160 Web Configurator 1 Make sure your NXC 8160 hardware is properly connected and prepare your computer computer network to connect to the NXC 8160 refer to the Quick Start Guide Launch your web browser Type https and the IP address of the switch for example the default is 192 168 1 10 in the Location or Address field Press Enter The login screen appears The default username is admin and the associated default password is default Click OK to view the first web configurator screen 2 3 Navigating the NXC 8160 Web Configurator The following summarize
13. mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default metric the number of transmission hops clear the Automatic metric check box and type a metric in Metric Click Add Repeat the previous three steps for each default gateway you want to add Click OK when finished NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address Figure 39 Windows XP Advanced TCP IP Properties Advanced TCP IP Settings IP Settings DNS WINS Options IP addresses IP address Subnet mask DHCP Enabled Default gateways Gateway Metric Automatic metric 7 Inthe Internet Protocol TCP IP Properties window the General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es Ifyou know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address Figure 40 Windows XP Internet Protocol TCP IP Properties Internet Protocol TCP IP
14. n i 8 I a E Uu a i 1 Internet t Li H Li I li I li I a I I I li y 192 168 1 0 24 1 r 4 LE E on m um um m um Um Um Em Em um um You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 The following figure shows the company network after subnetting There are now two sub networks A and B 112 NXC 8160 User s Guide Appendix B IP Addresses and Subnetting Figure 65 Subnetting Example After Subnetting 1 A LI B L P E3 m N i I LI es 5 H AN P T Internet gt a n l TM P i P ki LI i 1192 168 1 0 25 4 W192 168 1 128 ue a mumumumumum um eom um um um um um um In a 25 bit subnet the host ID has 7 bits so each sub network has a maximum of 27 2 or 126 possible hosts a host ID of all zeroes is the subnet s address itself all ones is the subnet s broadcast address 192 168 1 0 with mask 255 255 255 128 is subnet A itself and 192 168 1 127 with mask 255 255 255 128 is its broadcast address Therefore the lowest IP address that can be assigned to an actual host for subnet A is 192 168 1 1 and the highest is 192 168 1 126 Similarly the host ID range for subnet B is 192 168 1 129 to 192 168 1 254 Example F
15. Hardware DNS Hosts mss You may configure the system s hostname domain name servers and search domain Name servers are used to look up other hosts on the network Hostname Primary DNS Secondary DNS Tertiary DNS DNS Search Path Active Profile Common modified 5 Click the Devices tab 6 Click the Activate button to apply the changes The following screen displays Click Yes to save the changes in all screens Figure 57 Red Hat 9 0 KDE Network ork Configuration Activate redhat config network You have made some changes in your configuration To activate the network device ethO the changes have to be saved Do you want to continue 7 After the network card restart process is complete make sure the Status is Active in the Network Configuration screen Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address 1 Assuming that you have only one network card on the computer locate the ifconfig eth0 configuration file where eth0 is the name of the Ethernet card Open the configuration file with any plain text editor f you have a dynamic IP address enter dhcp in the BOOTPROTO field The following figure shows an example NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address Figure 58 Red Hat 9 0 Dynamic IP Address Setting in ifconfig ethO EV
16. SUDO ESSE E scd rutas kt ka ai ELS PARRA EC kaj e da A BED LEM A SLE RES in EUN REX IN PURA ob m Re a GE Su uaa denda 111 Table a2 Manman Host MOI BOIS eee v ti koktaa Haie EP E PN DIEN Pd UE Pepe kota kaa IIa PD MERI desk kkide 111 Table 33 Altemalive Subnet Mask Notation i5 err rant ntn arra ga qat d er sous ev repa d ek en hann 111 MNES SUN T pa kb ke ti kek io ke kinh Vnd lite sateen atu eee a a e pace i opi A ed me eal a n A kat 113 TADIE 45 GUDEL L kabann 114 THS SO SU rg Me o dsi e essen eae 114 y AY UNE Be ii ete kit ki a pi p n a e E EP kika reer kib be sin rere 114 TEMES meh e M pouyo 114 Document Title List of Tables Table 39 24 bit Network Number Subnet Planning cicer rnnt tnn ihnen TIS Table 40 16 bit Network Number Subnet Planning aseeeseiessseeesieeeeen nennen tnn nha aa nan inna 115 PADIS dI IEEE BOZ TAG M M 131 Tete 42 WI Security Levels aues rra tole ta adeo eb Ra od e c a rr 132 Table 43 Comparison of EAP Authentication Types iride kk kk ke reae akt tnn Era ou kk RH Ern nnb rdi a kk 135 Table 44 Wireless Security Relational Matrix 2c ieececee terrent tta tct ttti snl ase kwa 138 Document Title PART I Introduction Getting to Know Your NXC 8160 23 Introducing the Web Configurator 27 Getting to Know Your NXC 8160 This chapter intr
17. The controllers must be able to communicate with one another Table 7 ZyXEL Centralized Configuration Specifications Maximum number of centralized 6 configuration members Centralized configuration Member Must be compatible with ZyXEL centralized configuration Models implementation Master Controller The device through which you manage the member devices Member Controllers The devices being managed by the master device In the following example controller A is the master and the other controllers are members Figure 10 Centralized Configuration Example Nae Internet u 4 2 SSH You can use SSH Secure SHell to securely access the NXC 8160 NXC 8160 User s Guide Chapter 4 Centralized Configuration Unlike Telnet or FTP which transmit data in plaintext clear or unencrypted text SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network In the following figure computer A on the Internet uses SSH to securely connect to the NXC 8160 for a management session A If the NXC 8160 is behind a NAT router or a firewall you need to configure the router or firewall to allow a SSH connection to the NXC 8160 Figure 11 SSH Communication Over the WAN Example WAN a a 4 3 How SSH Works The following table summarizes how a secure connection is established between two
18. This trap is sent when the referenced host is down Standby Switch is up This trap is sent when the backup WLAN controller is up Standby Switch is down This trap is sent when the backup WLAN controller is down Inactive Reference Host is down This trap is sent when the referenced host is down and the main WLAN controller becomes inactive Inactive Standby Switch Main Switch is up This trap is sent when the backup WLAN controller is deactived because the main WLAN controller becomes active Main Switch is active again This trap is sent when the main WLAN controller becomes active again Failure detected in Main Switch Switching Over This trap is sent when the main WLAN controller is down and then the backup WLAN controller is enabled 6 2 Configuring the Advanced Screen Click Advanced to display the screen as shown NXC 8160 User s Guide Chapter 6 Advanced Screen Figure 25 Advanced Redundancy Redundancy Status Main Standby Monitored IP Reference IP Keep Alive Interval ms SNMP Enable Traps Community Destination Keep Alive Check Threshold Disabled Standby w l 500 3 vw ul Reset public Save Reset The following table describes the labels in this screen Table 21 Advanced LABEL DESCRIPTION Redundancy Redundancy Status Select Enabled to turn on redundancy bet
19. a followed by the number of bits in the mask after the address For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with subnet mask 255 255 255 128 The following table shows some possible subnet masks using both notations Table 33 Alternative Subnet Mask Notation ALTERNATIVE LASTOCTET LASTOCTET SUBNET MASK NOTATION BINARY DECIMAL 255 255 255 0 24 0000 0000 0 255 255 255 128 25 1000 0000 128 NXC 8160 User s Guide Appendix B IP Addresses and Subnetting Table 33 Alternative Subnet Mask Notation continued sumerweek AUR T ener SER 255 255 255 192 26 1100 0000 192 255 255 255 224 27 1110 0000 224 255 255 255 240 28 1111 0000 240 255 255 255 248 29 1111 1000 248 255 255 255 252 30 1111 1100 252 Subnetting You can use subnetting to divide one network into multiple sub networks In the following example a network administrator creates two sub networks to isolate a group of servers from the rest of the company network for security reasons In this example the company network address is 192 168 1 0 The first three octets of the address 192 168 1 are the network number and the remaining octet is the host ID allowing a maximum of 2 2 or 254 possible hosts The following figure shows the company network before subnetting Figure 64 Subnetting Example Before Subnetting gn EB EM EN EN EM
20. 2 Backup ifo onse 24 Figure 3 Front Panel e 25 Fowo NS SN ik kt ko a ak ka pl a ek kk a ko pen L ko ek kk kk bk ks za kk kk aa Z 28 Figure 3 Web Configurator Status SGre alias esiskes Ls 29 Figure 6 Web Configurator About Screen iue cessisse ee dola ski Godsk soi Ge eei ai vi ks ki do Pra ami GADE kak vide 31 Foure T LAN and WAN al ek ki is ok ks e E ET 35 Figure SYLAN Application Example ccce cto papa aka los MERE V AEE EE ok kk ee SERM eka 38 2 12 08 X da 39 Figure 10 Centralized Configuration Example 1 race eara tak koc rt ok bad Dok ked a E ERR n b d 41 Figure 11 SSH Communication Over the WAN Example 1 eeeeeecscceeene rere ennt nnne nannten 42 igus Tz How SS VIOIER aie uisi tei petia Raga d is ARCH Pte og A o Loic PCS RD RR RN 42 Figure 13 Centralized Configuration Member oze rieez tob presse esse LX an EE kepi da ie pi ek ad ob kapa anew 43 Figure 14 Centralized Configuration MASET ssseetviristiaeevnaesisasoneeteasan bete ossan oka kos perpe tna Seba taa an bk KREE LA 44 Figure 15 Example of a Wireless Network uses kk kika ka kas sn tad ari iik kk ki A A kk Ak 47 isi kbps eec ki e e ky kk a e A a e e e kk e kk ko ek pe a A n ke a 51 Figuie Tf WLANP SSN Table essai n t oi aaa pl a ik ka a e e e n ode e ped a pe a o ed 54 Foure 10 SD SS oils kn pine at ca ed a a n ka a VO TOU UM 55 Figure 19 SSID amp Securty NONG M 9 57 Figs ZO SIS x0 VEP srne
21. 4 TCP IPv4 Properties 100 Figure 50 Macintosh 2 Apple MONN MT 101 Figure 3 cene OSE TEP esr T 101 Figure 52 Macintosh OS X Apple MENU 4ssisiive ee erecti EH go s iar e Eb eb Een A E EpL decia bd Capi d td au Rita 102 Figure 53 Macintosh OS X MODO 2222 v ol ian a nnn sp eda npa aa an Ex kk aap bal n nd Lad 103 Figure 54 Red Hat 9 0 KDE Network Configuration Devices 0 iiieerreeeeesserrresasononsssssanonnoaasosoonnnenoo 104 Figure 55 Red Hat 9 0 KDE Ethernet Device General iuueeeesesesseeeeeeeeee enne nnne 104 Figure 56 Red Hat 9 0 KDE Network Configuration DNS ssssseeeee een 105 Figure 57 Red Hat 9 0 KDE Network Configuration Activate ssssssseem 105 Figure 58 Red Hat 9 0 Dynamic IP Address Setting in ifconfig ethO ssssseees 106 Figure 59 Red Hat 9 0 Static IP Address Setting in ifconfig ethO eeeeeeeeeeeneee 106 Figure 60 Red Hat 8 0 DNS Settings in resolv conf aiuucsessesseeecisese tenui portent tota zn mu sa Ebro doa aa apro tappa 106 Figura 61 Red Hat 9 0 Restart EThermet Card use entienden atta aki ER Rating aia ann 106 Figure 82 Red Hat 9 0 Checking TOPHP Properties sisie esse see eara PERO a ener E p sis eskan S En ere mas irak R S 107 Figure 52 Network Number and Hast ID 35 5 ea aid an ner ena Rer ie ore Rer Gs l a ope RR MR c A n 110 Figure 64 Subnetting Example Before Subnet
22. 8 bit mask 11111111 00000000 00000000 00000000 255 0 0 0 16 bit mask 11111111 11111111 00000000 00000000 255 255 0 0 24 bit mask 11111111 11111111 11111111 00000000 255 255 255 0 29 bit mask 11111111 11111111 11111111 11111000 255 255 255 248 Network Size The size of the network number determines the maximum number of possible hosts you can have on your network The larger the number of network number bits the smaller the number of remaining host ID bits An IP address with host IDs of all zeros is the IP address of the network 192 168 1 0 with a 24 bit subnet mask for example An IP address with host IDs of all ones 1s the broadcast address for that network 192 168 1 255 with a 24 bit subnet mask for example As these two IP addresses cannot be used for individual hosts calculate the maximum number of possible hosts in a network as follows Table 32 Maximum Host Numbers SUBNET MASK HOST ID SIZE MAXIMUM NUMBER OF HOSTS 8bits 255 0 0 0 24 bits 242 16777214 16 bits 255 255 0 0 16 bits 216_2 65534 24 bits 255 255 255 0 8 bits 28 2 254 29 bits 255 255 255 248 3 bits 0925 6 Notation Since the mask 1s always a continuous number of ones beginning from the left followed by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing
23. 802 11a or IEEE 802 11 b g wirless clients can access the network behind the NXC 8160 through the access point s connected to the NXC 8160 NXC 8160 User s Guide KI Chapter 1 Getting to Know Your NXC 8160 Figure 1 Wireless Internet Access Internet 1 2 2 Backup NXC 8160 To ensure wireless Internet access availability deploy one NXC 8160 as the main WLAN controller and the other NXC 8160 as the backup Both NXC 8160s should be in the same network and have the same number of connected access points and use the same wireless settings such as SSID channel IEEE 802 11 mode and security If the main NXC 8160 fails wireless clients can still access the Internet or wired network by connecting to the backup NXC 8160 Figure 2 Backup NXC 8160 NXC 8160 User s Guide Chapter 1 Getting to Know Your NXC 8160 1 3 Ways to Manage the NXC 8160 Use any of the following methods to manage the NXC 8160 Web Configurator This is recommended for everyday management of the NXC 8160 using a supported web browser Command Line Interface Line commands are mostly used for troubleshooting by service engineers SNMP The device can be monitored by an SNMP manager See the SNMP chapter in this User s Guide 1 4 Good Habits for Managing the NXC 8160 Do the following things regularly to make the NXC 8160 more secure and to manage the NXC 8160 more effectively Change the password Use a password that s not eas
24. Apple System Profiler E Calculator 79 Chooser ADSL Control and Status Control Panels Appearance i Favorites Apple Menu Options Key Caps AppleTalk EBI Network Browser ColorSync G Recent Applications Control Strip S Recent Documents ee DialAssist cif Remote Access Status Energy Saver Scrapbook Extensions Manager 49 Sherlock 2 File Exchange a Speakable Items File Sharing W Stickies General Controls Internet Keyboard Keychain Access Launcher Location Manager Memory Modem Monitors Mouse Multiple Users Numbers QuickTime Settings Remote Access Software Update Sound Speech USB Printer Sharing 2 Select Ethernet built in from the Connect via list Figure 51 Macintosh OS 8 9 TCP IP TCP IP camest vn Setup Configure Using DHCP Server DHCP Client ID l IP Address lt will be supplied by server 7 Sunet mask lt will be supplied by server gt Router address will be supplied by server gt Search comans Name server addr lt will be supplied by server 3 For dynamically assigned settings select Using DHCP Server from the Configure list 4 For statically assigned settings do the following From the Configure box select Manually NXC 8160 User s Guide 101 Appendix A Setting up Your Computer s IP Address Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the I
25. Assigned SSIDs This text box shows the SSID s which is assigned to this radio You can create and assign up to 16 SSIDs to a radio Select an SSID and click Remove from Channel to delete the SSID from this radio after you click Save Note You cannot delete all SSIDs from a radio Unassigned This text box shows the SSID s which is created on the NXC 8160 but not SSIDs assigned to this radio Select an SSID and click Add to Channel to assign it to this radio after you click Save Note An SSID cannot be assigned to both radios If you assign the radio an SSID that is already assigned to the other radio the SSID will be taken out from the other radio New SSID Enter a new SSID and select Create and Assign to add this new SSID to this radio after you click Save Rename SSIDs Click the Rename SSIDs link to open a screen where you can change the SSID s created on the NXC 8160 See Section 5 4 1 on page 53 for more information All SSIDs This text box shows all SSIDs available on the NXC 8160 Select an SSID and click Delete Permanently to remove it from the NXC 8160 Edit SSID amp Click the link to go to the SSID amp Security screen where you can configure the Security Setting wireless and wireless security settings for the specified SSID See Section 5 5 on page 54 for more information Save Click Save to save your changes back to the NXC 8160 Reset Click Reset to begin configuring this screen afresh
26. Fax 65 6899 8887 Web http www zyxel com sg Regular Mail ZyXEL Singapore Pte Ltd No 2 International Business Park The Strategry 03 28 Singapore 609930 Support E mail support zyxel es Sales E mail sales zyxel es Telephone 34 902 195 420 Fax 34 913 005 345 Web www zyxel es Regular Mail ZyXEL Communications Arte 21 5 planta 28033 Madrid Spain NXC 8160 User s Guide Appendix F Customer Support Sweden Support E mail support zyxel se Sales E mail sales zyxel se Telephone 46 3 1 744 7700 Fax 46 31 744 7701 Web www zyxel se Regular Mail ZyXEL Communications A S Sj porten 4 41764 G teborg Sweden Thailand Support E mail support zyxel co th Sales E mail sales zyxel co th Telephone 662 831 5315 Fax 662 831 5395 Web http www zyxel co th Regular Mail ZyXEL Thailand Co Ltd 1 1 Moo 2 Ratchaphruk Road Bangrak Noi Muang Nonthaburi 11000 Thailand Ukraine Support E mail support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69 78 Fax 380 44 494 49 32 Web www ua zyxel com Regular Mail ZyXEL Ukraine 13 Pimonenko Str Kiev 04050 Ukraine United Kingdom Support E mail support zyxel co uk Sales E mail sales zyxel co uk Telephone 44 1344 303044 08707 555779 UK only Fax 44 1344 303034 Web www zyxel co uk FTP ftp zyxel co uk Regular Mail ZyXEL Communications UK Ltd 11 The Courtyard Eastern Road Bracknell Be
27. NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address Verifying Settings Enter ifconfig in a terminal screen to check your TCP IP properties Figure 62 Red Hat 9 0 Checking TCP IP Properties eth0 root localhost ifconfig Link encap Ethernet HWaddr 00 50 BA 72 5B 44 inet addr 172 23 19 129 Bcast 172 23 19 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 717 errors 0 dropped 0 overruns 0 frame 0 TX packets 13 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 100 RX bytes 730412 713 2 Kb TX bytes 1570 1 5 Kb Interrupt 10 Base address 0x1000 root localhost NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address NXC 8160 User s Guide IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks IP addresses identify individual devices on a network Every networking device including computers servers routers printers etc needs an IP address to communicate across the network These networking devices are also known as hosts Subnet masks determine the maximum number of possible hosts on a network You can also use subnet masks to divide one network into multiple sub networks Introduction to IP Addresses One part of the IP address is the network number and the other part is the host ID In the same way that houses on a street share a common street name the hosts
28. TKIP AES No Enable WPA2 PSK TKIP AES Yes Disable NXC 8160 User s Guide Appendix D Wireless LANs Antenna Overview An antenna couples RF signals onto air A transmitter within a wireless device sends an RF signal to the antenna which propagates the signal through the air The antenna also operates in reverse by capturing RF signals from the air Positioning the antennas properly increases the range and coverage area of a wireless LAN Antenna Characteristics Frequency An antenna in the frequency of 2 4GHz IEEE 802 11b and IEEE 802 11g or 5GHz IEEE 802 11a is needed to communicate efficiently in a wireless LAN Radiation Pattern A radiation pattern is a diagram that allows you to visualize the shape of the antenna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for better communications For an indoor site each 1 dB increase in antenna gain results in a range increase of approximately 2 596 For an unobstructed outdoor site each 1dB increase in gain results in a range increase of approximately 5 Actual results may vary depending on the network environment Antenna gain is sometimes specified in dBi which is how much the antenna increases the signal power compared to using an isotropic antenna An isotropic antenna 1s a theoretical perfect antenna that sends out radi
29. The SSID is the name of the wireless network It stands for Service Set IDentity e If two wireless networks overlap they should use different channels Like radio stations or television channels each wireless network uses a specific channel or frequency to send and receive information Every wireless client in the same wireless network must use security compatible with the AP Security stops unauthorized devices from using the wireless network It can also protect the information that is sent in the wireless network 5 2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network 5 2 1 SSID Normally the AP acts like a beacon and regularly broadcasts the SSID in the area You can hide the SSID instead in which case the AP does not broadcast the SSID In addition you should change the default SSID to something that is difficult to guess This type of security is fairly weak however because there are ways for unauthorized devices to get the SSID In addition unauthorized devices can still see the information that is sent in the wireless network 5 2 2 User Authentication You can make every user log in to the wireless network before they can use it This is called user authentication However every wireless client in the wireless network has to support IEEE 802 1x to do this For wireless networks there are two typical places to store the user names
30. This device may not cause harmful interference This device must accept any interference received including interference that may cause undesired operations This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This device generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation NXC 8160 User s Guide Appendix E Legal Information If this device does cause harmful interference to radio television reception which can be determined by turning the device off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and the receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio TV technician for help fa FCC Radiation Exposure Statement This transmitter must not be co located or operating in conjunction with any other antenna or transmitter e For operation within 5 15 5
31. WEP128 5 10 WEP64 13 26 WEP128 umm The following table describes the labels in this screen Table 17 SSID 8 Security Static WEP IEEE 802 1x LEAP LABEL DESCRIPTION Security Mode list Select WEP64 amp 802 1x LEAP or WEP128 amp 802 1x LEAP from the drop down WEP Keys WEP Wired Equivalent Privacy provides data encryption to prevent unauthorized wireless stations from accessing data transmitted over the wireless network NXC 8160 User s Guide Chapter 5 Wireless LAN Table 17 SSID 8 Security Static WEP IEEE 802 1x LEAP continued LABEL DESCRIPTION Transmission The WEP keys are used to secure your data from eavesdropping by unauthorized Keys wireless users Both the NXC 8160 and the wireless clients must use the same WEP key for data transmission You can configure up to four keys but only one key can be activated at any one time Select a WEP key to use for data encryption The default key is key 1 To set the WEP keys select ASCII or HEX as the WEP key input method and enter the WEP key in the field provided Select ASCII option to enter ASCII characters as the WEP keys Select the HEX option to enter hexadecimal characters as the WEP keys If you chose WEP64 in the Security Mode field then enter 5 ASCII characters or 10 hexadecimal characters 0 9 A F for each key If you chose WEP128 in the Security Mode field then enter 13 ASCII characters o
32. addresses follow their instructions in selecting the IP addresses and the subnet mask Ifthe ISP did not explicitly give you an IP network number then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to 192 168 255 0 The Internet Assigned Number Authority LANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise You must also enable Network Address Translation NAT on the NXC 8160 Once you have decided on the network number pick an IP address for your NXC 8160 that is easy to remember for instance 192 168 1 1 but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP address Your NXC 8160 will compute the subnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the NXC 8160 unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet running only between two branch offices for example you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved the following three blocks o
33. and passwords for each user e Inthe AP or WLAN controller this feature is called a local user database or a local database na RADIUS server this is a server used in businesses more than in homes If your AP or WLAN controller does not provide a local user database and if you do not have a RADIUS server you cannot set up user names and passwords for your users NXC 8160 User s Guide Chapter 5 Wireless LAN Unauthorized devices can still see the information that is sent in the wireless network even if they cannot use the wireless network Furthermore there are ways for unauthorized wireless users to get a valid user name and password Then they can use that user name and password to use the wireless network Local user databases also have an additional limitation that is explained in the next section 5 2 3 Encryption Wireless networks can use encryption to protect the information that 1s sent in the wireless network Encryption is like a secret code If you do not know the secret code you cannot understand the message The types of encryption you can choose depend on the type of user authentication See Section 5 2 2 on page 48 for information about this Table 10 Types of Encryption for Each Type of Authentication NO AUTHENTICATION RADIUS SERVER Weakest No Security WEP l WEP 802 1x LEAP Strongest WPA PSK WPA For example if the wireless network has a RADIUS server you can cho
34. following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your NXC 8160 in the Router address box 5 Click Apply Now and close the window 6 Turn on your NXC 8160 and restart your computer if prompted Verifying Settings Check your TCP IP properties in the Network window Linux This section shows you how to configure your computer s TCP IP settings in Red Hat Linux 9 0 Procedure screens and file location may vary depending on your Linux distribution and release version NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address A Make sure you are logged in as the root administrator Using the K Desktop Environment KDE Follow the steps below to configure your computer IP address using the KDE 1 Click the Red Hat button located on the bottom left comer select System Setting and click Network Figure 54 Red Hat 9 0 KDE Network Configuration Devices bANetwork Configuration 7 Ax Eile Profile Help f B0 Xx New Edit Copy Delete Activate Deactivate Devices Hardware DNS Hosts 5 LI You may configure network devices associated with 3 a physical hardware here Multiple logical devices can be T associated with a single piece of hardware Profile Status Device Nickname Type X Inactive ethO ethO Ethemet
35. hoc WLAN that connects a set of computers with wireless adapters A B C Any time two or more wireless adapters are within range of each other they can set up an independent network which is commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 79 Peer to Peer Communication in an Ad hoc Network _ _ A s L I PA BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point AP Intra BSS traffic is traffic between wireless clients in the BSS When Intra BSS is enabled wireless client A and B can access the wired network and communicate with each other When Intra BSS is disabled wireless client A and B can still access the wired network but cannot communicate with each other NXC 8160 User s Guide Appendix D Wireless LANs ESS Figure 80 Basic Service Set a a a kt ii An Extended Service Set ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only
36. of computers The NXC 8160 supports versions 1 and 2 of IGMP Internet Group Management Protocol used to join multicast groups see RFC 2236 Time and Date Get the current time and date from an external server when you turn on your NXC 8160 You can also set the time manually These dates and times are then used in logs Logging and Tracing Use packet tracing and logs for troubleshooting You can send logs from the NXC 8160 to an external syslog server In a serial communications connection generally a computer is DTE Data Terminal Equipment and a modem is DCE Data Circuit terminating Equipment The NXC 8160 is DCE when you connect a computer to the console port The pin layout for the DB 9 connector end of the cables is as follows Figure 30 Console Cable DB 9 End Pin Layout Table 28 Console Port Pin Assignments CONSOLE Port RS 232 Female DB 9F DIAL BACKUP RS 232 Male DB 9M Pin 1 NON Pin 2 DCE TXD Pin 3 DCE RXD Pin 4 DCE DSR Pin 5 GND Pin 6 DCE DTR Pin 7 DCE CTS Pin 8 DCE RTS PIN 9 NON Pin 1 NON Pin 2 DTE RXD Pin 3 DTE TXD Pin 4 DTE DTR Pin 5 GND Pin 6 DTE DSR Pin 7 DTE RTS Pin 8 DTE CTS PIN 9 NON Table 29 Ethernet Cable Pin Assignments WAN LAN ETHERNET CABLE PIN LAYOUT Straight through Crossover Switch Adapter Switch Switch NXC 8160 User s Guide Chapter 1
37. provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood An ESSID ESS IDentification uniquely identifies each ESS All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate NXC 8160 User s Guide Appendix D Wireless LANs Figure 81 Infrastructure WLAN Channel A channel is the radio frequency ies used by wireless devices to transmit and receive data Channels available depend on your geographical area You may have a choice of channels for your region so you should use a channel different from an adjacent AP access point to reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6 or 11 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not within range of each other The following figure illustrates a hidden node Both stations STA are within range of the access point AP or wireless gateway but out of range of each other so they cannot hear each
38. remote hosts Figure 12 How SSH Works NXC 8160 User s Guide Chapter 4 Centralized Configuration 1 Host Identification The SSH client sends a connection request to the SSH server The server identifies itself with a host key The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server The client automatically saves any new server public keys In subsequent connections the server public key is checked against the saved version on the client computer 2 Encryption Method Once the identification is verified both the client and server must agree on the type of encryption method to use 3 Authentication and Data Transmission After the identification is verified and data encryption activated a secure tunnel is established between the client and the server The client then sends its authentication information user name and password to the server to log in to the server 4 4 SSH Implementation on the NXC 8160 Your NXC 8160 supports SSH version 1 and 2 using RSA authentication and three encryption methods DES 3DES and Blowfish The SSH server is implemented on the NXC 8160 for management and file transfer on port 22 4 4 1 Requirements for Using SSH You must install an SSH client program on a client computer Windows or Linux operating system that is used to connect to the NXC 8160 over SSH 4 5 Centralized Configuration Screen Click Centralize
39. wireless clients connected to SSID y WAN dedi Internet P SSID x A SSID y p ko eL a N gt a Swe WLAN If no devices are in the same VLAN as the NXC 8160 LAN IP address then you will not be able to configure the NXC 8160 through the LAN port 3 4 LAN Click LAN to open the LAN screen Use this screen to configure the NXC 8160 s IP address and other LAN TCP IP settings NXC 8160 User s Guide Chapter 3 LAN Screen Figure 9 LAN LAN LAN IP Address fra2168440 DINE 255 255 255 0 VLAN 0 4095 2nd IP Address 122168210 eue Subnet Ds 255 255 0 2nd VLAN 0 4095 192 168 1 1 192 168 1 254 Default Gateway 19216831 si 192 168 2 1 192 168 2 254 System Name Save Reset The following table describes the labels in this screen Table 6 LAN LABEL DESCRIPTION LAN You can pre configure two LAN IP addresses but only one is in use at a time 192 168 1 10 is the default IP address IP Address Type the IP address of your NXC 8160 in dotted decimal notation IP Subnet Mask Enter the subnet mask that specifies the network number portion of an IP address VLAN 0 4095 Enter the VLAN identification number between 0 and 4095 for the LAN IP address Otherwise leave this field blank The LAN IP address s VLAN ID should be unique and cannot be in the same VLAN group as an SSID That means if you enable VLAN wireless clients connected
40. 1 Product Specifications Table 29 Ethernet Cable Pin Assignments WAN LAN ETHERNET CABLE PIN LAYOUT 1 IRD ssmmmumusuum 1 OTD 1 2 IRD 2 OTD 2 3 OTD mammmmmmmmm 3 IRD 3 6 OTD 6 IRD 6 IRD IRD OTD OTD rmen Oo o N IRD IRD OTD OTD NXC 8160 User s Guide Chapter 11 Product Specifications NXC 8160 User s Guide PART IV Appendices and Index The appendices provide general information Some details may not apply to your NXC 8160 Setting up Your Computer s IP Address 87 IP Addresses and Subnetting 109 Pop up Windows JavaScripts and Java Permissions 119 Wireless LANs 127 Legal Information 141 Customer Support 145 Index 151 Setting up Your Computer s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP IP installed Windows 95 98 Me NT 2000 XP Vista Macintosh OS 7 and later operating systems and all versions of UNIX LINUX include the software components you need to install and use TCP IP on your computer Windows 3 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead o
41. 25 GHz frequency range it is restricted to indoor environment IEEE 802 11b or 802 11g operation of this product in the U S A is firmware limited to channels 1 through 11 To comply with FCC RF exposure compliance requirements a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons c TEX EM TE muy L T K ETHER PETERE me SSR RUNE AS RE ES JERSE HT gt AVA AE ASA ESE gt JKR REE E Seeme STR SUPRA f FAI GEREBAT UOS o KERN AFERE ETRE AGE ATA TAR e APR AA a XE ae EXE FEAR FES ENR BRATS SAAS eT PEAR E H ED at HE TE 5250MHz 5350MHz SAT AEE EZ ASA AE BRA EAE e Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This device has been designed for the WLAN 2 4 GHz and 5 GHz networks throughout the EC region and Switzerland with restrictions in France This Class B digital apparatus complies with Canadian ICES 003 Cet appa
42. 3 4 72 52 97 97 Fax 33 4 72 52 19 20 Web www zyxel fr Regular Mail ZyXEL France 1 rue des Vergers Bat 1 C 69760 Limonest France Germany Support E mail support zyxel de Sales E mail sales zyxel de Telephone 49 2405 6909 69 Fax 49 2405 6909 99 Web www zyxel de Regular Mail ZyXEL Deutschland GmbH Adenauerstr 20 A2 D 52146 Wuerselen Germany Hungary Support E mail support zyxel hu Sales E mail info zyxel hu Telephone 36 1 3361649 Fax 36 1 3259100 Web www zyxel hu Regular Mail ZyXEL Hungary 48 Zoldlomb Str H 1025 Budapest Hungary NXC 8160 User s Guide Appendix F Customer Support India Support E mail support zyxel in Sales E mail sales zyxel in Telephone 91 11 30888144 to 91 11 30888153 e Fax 91 11 30888149 91 11 26810715 Web http www zyxel in Regular Mail India ZyXEL Technology India Pvt Ltd II Floor F2 9 Okhla Phase 1 New Delhi 110020 India Support E mail support zyxel co jp Sales E mail zyp zyxel co jp Telephone 81 3 6847 3700 Fax 81 3 6847 3705 Web www zyxel co jp Regular Mail ZyXEL Japan 3F Office T amp U 1 10 10 Higashi Gotanda Shinagawa ku Tokyo 141 0022 Japan Kazakhstan Support http zyxel kz support Sales E mail sales zyxel kz Telephone 7 3272 590 698 e Fax 7 3272 590 689 Web www zyxel kz Regular Mail ZyXEL Kazakhstan 43 Dostyk Ave Office 414 Dostyk Business C
43. 9 Management Information Base See MIB managing the device good habits 25 using Telnet See command interface using the command interface See command interface Message Integrity Check MIC 136 MIB 64 N NAT 35 116 navigation panel 30 P Pairwise Master Key PMK 136 138 Password Default 27 password 73 preamble mode 131 pre shared key 61 private IP address 36 product overview 23 product registration 143 PSK 136 R RADIUS 132 message types 133 messages 133 shared secret key 133 RADIUS server 48 registration product 143 related documentation 3 remote management how SSH works 42 SNMP 63 SSH 41 SSH implementation 43 RFC 1466 See IP address RFC 1597 See private IP address RTS Request To Send 130 threshold 129 130 S safety warnings 6 Service Set IDentification see SSID 53 Service Set IDentity See SSID SNMP 63 Get 64 GetNext 64 manager 63 MIB 64 Set 64 Trap 64 SSH 41 how SSH works 42 implementation 43 SSID 48 hide 48 static WEPkey 57 subnet 109 subnet mask 35 110 subnetting 112 syntax conventions 4 I target market 23 Temporal Key Integrity Protocol TKIP 136 trademarks 141 NXC 8160 User s Guide Index U wireless client supplicant 137 with RADIUS application example 137 et WPA2 135 user authentication 48 user authentication 136 local user database 48 vs WPA2 PSK 136 RADIUS server 48 wireless client supplicant 137 weaknesses 49 with RA
44. 92 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 37 Subnet 4 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 192 IP Address Binary 11000000 10101000 00000001 11000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Example Eight Subnets Similarly use a 27 bit mask to create eight subnets 000 001 010 011 100 101 110 and 111 The following table shows IP address last octet values for each subnet Table 38 Eight Subnets SUBNET ADDRESS FIRST ADDRESS ADDRESS ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 NXC 8160 User s Guide Appendix B IP Addresses and Subnetting Table 38 Eight Subnets continued SUBNET ADDRESS FIRST ADDRESS ADDRESS ADDRESS 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24 bit network number Tabl
45. CP ena Erba fu m lode A a led a ns 54 Table 14 SSID amp GOGU 55 TAB 19 SSID 3 9 0028 70 ie ki kdk t kr a wa koka ok ea pv am kan ke a kk A ak e ak K ka ak kk kk kk 57 TD SOD Secu WEP eec EC 58 Table 17 SSID amp Security Static WEP IEEE 802 1 LEAP Lieder eder sekte kane i pae sasinay s n 59 Table 18 SSID amp Security WPA PSK iussa koke dol el kidonk bik Rand Du pu aU kd ad ok ond DEA ke Add ob kana 61 Table 19 SSID 8 Souri C R TDD 62 THE ZO SNMP TADS y patriis sette S PAPA MERE pak kaa sara on AE RE Ya DABIS es A ERA PAPE A 64 Table e TAUVON asciende HR QE HMM BA a a MN M Sn bu Mg Rom nu E MEM E 65 Table 24 Anness POIDS iocrxenedidsuasiensevidsdua iui evi Sent a lk kk e DD D s EE a denier dU EE ea Four capi aka b bos 67 Tao d OBSS DONIS iii kr kt l veo ratu bae e e ik kl oa a saepe al emda ans Qu aur bd Pu e ia 70 Table 24 S310 ONION ak fesa eko pa ki et a ik l ak ki kaa ek aa ke ie an ER RH a al aue MER T1 WANS 2S PASAN Me M 73 TADIG ZG Hardware SE IG EN OANE ai kn M TU UR 81 Table 27 FRATIWAF SHSCINCANOINS ei bon ek aaa S G Re 81 Table 29 Console Port FIN SSSIONMONMIS eka a pi pk a da a RR E tO Ped dd 82 Table 29 Elhiamet Cable Pin Assigninenis ike ckics ak prbei an RE IR sak EHI AERE FR RR EROR EHI panera 82 Table 30 IP Address Network Number and Host ID Example ssssssssssssssee 110 ue
46. Check MIC named Michael an extended initialization vector IV with sequencing rules and a re keying mechanism WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key 1s never used twice The RADIUS server distributes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys to encrypt every data packet that 1s wirelessly communicated between the AP and the wireless clients This all happens in the background automatically The Message Integrity Check MIC is designed to prevent an attacker from capturing data packets altering them and resending them The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC If they do not match it is assumed that the data has been tampered with and the packet 1s dropped By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism MIC with TKIP and AES it is more difficult to decrypt data on a Wi Fi network than WEP and difficult for an intruder to break into the network The encryption mechanisms used for WPA 2 and WPA 2 PSK are the same The only difference between the two is that WPA 2 PSK uses a simple common password instead of user specific credentials The common password approach makes WPA 2 PSK susceptible to brute force passw
47. DIUS application example 137 Mo WPA2 Pre Shared Key 135 SM WPA2 PSK 135 136 application example 137 WPA PSK 135 136 V application example 137 Virtual Local Area Network see VLAN VLAN 37 VLAN tagging 37 W warranty 143 note 143 web configurator 27 WEP key 57 Wi Fi Protected Access 135 wireless client 48 wireless client WPA supplicants 137 wireless LAN introduction 47 wireless network basic guidelines 48 channel 48 encryption 49 example 47 overview 48 security 48 SSID 48 wireless security 48 131 none 56 overview 48 static WEP 57 type 48 WPA WPA2 61 WPA PSK WPA2 PSK 60 WLAN interference 129 security parameters 138 WPA 135 key caching 136 pre authentication 136 user authentication 136 vs WPA PSK 136 NXC 8160 User s Guide 153 Index NXC 8160 User s Guide Index NXC 8160 User s Guide 155 Index NXC 8160 User s Guide Index NXC 8160 User s Guide Index NXC 8160 User s Guide Index NXC 8160 User s Guide Index NXC 8160 User s Guide
48. ICE ethO BOOT yes OOTPROTO dhcp SERCTL no ERDNS yes ucGUOog TYPE Ethernet Ifyou have a static IP address enter static in the BOOTPROTo field Type IPADDR followed by the IP address in dotted decimal notation and type NETMASK followed by the subnet mask The following example shows an example where the static IP address is 192 168 1 10 and the subnet mask 1s 255 255 255 0 Figure 59 Red Hat 9 0 Static IP Address Setting in ifconfig ethO DEVICE eth0 ONBOOT yes BOOTPROTO static IPADDR 192 168 1 10 NETMASK 255 255 255 0 USERCTL no PEERDNS yes TYPE Ethernet 2 Ifyou know your DNS server IP address es enter the DNS server information in the resolv conf file in the etc directory The following figure shows an example where two DNS server IP addresses are specified Figure 60 Red Hat 9 0 DNS Settings in resolv conf nameserver 172 23 5 1 nameserver 172 23 5 2 3 After you edit and save the configuration files you must restart the network card Enter network restart inthe etc rc d init d directory The following figure shows an example Figure 61 Red Hat 9 0 Restart Ethernet Card root localhost init d network restart Shutting down interface eth0 OK Shutting down loopback interface OK Setting network parameters OK Bringing up loopback interface OK Bringing up interface eth0 OK
49. Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication If both an AP and the wireless clients support WPA2 and you have an external RADIUS server use WPA2 for stronger data encryption If you don t have an external RADIUS server you should use WPA2 PSK WPA2 Pre Shared Key that only requires a single identical password entered into each access point wireless gateway and wireless client As long as the passwords match a wireless client will be granted access to a WLAN If the AP or the wireless clients do not support WPA2 just use WPA or WPA PSK depending on whether you have an external RADIUS server or not Select WEP only when the AP and or wireless clients do not support WPA or WPA2 WEP is less secure than WPA or WPA2 NXC 8160 User s Guide E Appendix D Wireless LANs Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol TKIP Message Integrity Check MIC and IEEE 802 1x WPA and WPA2 use Advanced Encryption Standard AES in the Counter mode with Cipher block chaining Message authentication code Protocol CCMP to offer stronger encryption than TKIP TKIP uses 128 bit keys that are dynamically generated and distributed by the authentication server AES Advanced Encryption Standard is a block cipher that uses a 256 bit mathematical algorithm called Rijndael They both include a per packet key mixing function a Message Integrity
50. N D 1 t 192 168 1 1 LAN WAN m E lt gt a 1 lt I E 3 AE a Ii 8 192 168 1 1 Internet i ua NXC 8160 User s Guide Pop up Windows JavaScripts and Java Permissions In order to use the web configurator you need to allow Web browser pop up windows from your device JavaScripts enabled by default Java permissions enabled by default BS Internet Explorer 6 screens are used here Screens for other Internet Explorer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 69 Pop up Blocker Mail and News Pop up Blocker urn Off Pop up Blocker Manage Add ons Pop up Blocker Setting Synchronize f windows Update Windows Messenger Internet Options You can also check if pop up blocking is disabled in the Pop up Blocker section in the Privacy tab 1 In Internet Explorer select Tools Internet Options Privacy NXC 8160 User s Guide Appendix C Pop up Windows JavaScripts and Java Permissions 2 Clear the Block pop ups check box in the Pop up Blocker section of the screen Th
51. NXC 8160 Business WLAN Controller User s Guide Version 1 0 6 2007 Edition 1 ZyXEL www zyxel com About This User s Guide About This User s Guide Intended Audience This manual is intended for people who want to configure the NXC 8160 using the web configurator You should have at least a basic knowledge of TCP IP networking concepts and topology Related Documentation Quick Start Guide The Quick Start Guide is designed to help you get up and running right away It contains information on setting up your network and configuring for Internet access Supporting Disk Refer to the included CD for support documents ZyXEL Web Site Please refer to www zyxel com for additional support documentation and product certifications User Guide Feedback Help us help you Send all User Guide related comments questions or suggestions for improvement to the following address or use e mail instead Thank you The Technical Writing Team ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park Hsinchu 300 Taiwan E mail techwriters zyxel com tw NXC 8160 User s Guide 3 Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User s Guide lt gt Warnings tell you about things that could harm you or your device BS Notes tell you other important information for example other things you may need to co
52. P address of your NXC 8160 in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save changes to your configuration 7 Turn on your NXC 8160 and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu and click System Preferences to open the System Preferences window Figure 52 Macintosh OS X Apple Menu r1 Grab File Edit Capt About This Mac Get Mac OS X Software a System Preferences Location 2 Click Network in the icon bar Select Automatic from the Location list Select Built in Ethernet from the Show list Click the TCP IP tab 3 For dynamically assigned settings select Using DHCP from the Configure list NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address Figure 53 Macintosh OS X Network ee Network m g Show All Displays Network Startup Disk Location Automatic m Show Built in Ethernet a AppleTalk Proxies Configure Using DHCP Domain Name Servers Optional IP Address 192 168 11 12 168 95 1 1 Provided by DHCP Server Subnet Mask 255 255 254 0 Router 192 168 10 11 Search Domains Optional DHCP Client ID Optional Example apple com earthlink net Ethernet Address 00 05 02 43 93 ff a Click the lock to prevent further changes 4 For statically assigned settings do the
53. Preamble Type Preamble is used to signal that data is coming to the receiver Short and long refer to the length of the synchronization field in a packet Short preamble increases performance as less time sending preamble means more time for sending data All IEEE 802 11 compliant wireless adapters support long preamble but not all support short preamble Use long preamble if you are unsure what preamble mode other wireless devices on the network support and to provide more reliable communications in busy wireless networks Use short preamble if you are sure all wireless devices on the network support it and to provide more efficient communications Use the dynamic setting to automatically use short preamble when all wireless devices on the network support it otherwise the NXC 8160 uses long preamble A The wireless devices MUST use the same preamble mode in order to communicate IEEE 802 11g Wireless LAN IEEE 802 11g is fully compatible with the IEEE 802 11b standard This means an IEEE 802 11b adapter can interface directly with an IEEE 802 11g access point and vice versa at 11 Mbps or lower depending on range IEEE 802 11g has several intermediate rate steps between the maximum and minimum data rates The IEEE 802 11g data rate and modulation are as follows Table 41 IEEE 802 11g DATA RATE MBPS MODULATION 1 DBPSK Differential Binary Phase Shift Keyed 2 DQPSK Differential Quadrature Phase Shift Keyin
54. Properties P General Altemate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically C Use the following IP address Obtain DNS server address automatically C Use the following DNS server addresses 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click Close OK in Windows 2000 NT to close the Local Area Connection Properties window 10 Close the Network Connections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your NXC 8160 and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 Inthe Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then click the Support tab Windows Vista This section shows screens from Windows Vista Enterprise Version 6 0 1 Click the Start icon Control Panel NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address Figure 41 Windows Vista Start Menu Dr eye 7 0 Professional Connect To g Media Player Classic gt All Programs Help and Support Bion seorch 5 AAA 2M eee as 2 Inthe Control Panel double click Network and Internet
55. SIDs Assigned SSIDs Unassigned SSIDs Mew SSID Rename SSIDs All SSIDs Radio 1 7 e0211 Mixed big yi 6 w e zl 1 14 retries Vv M adapt Basic C Optional C Disabled M adapt Basic Optional C Disabled adapt C Basic Optional C Disabled adapt C Basic Optional C Disabled M adapt Basic Optional C Disabled adapt Basic Optional C Disabled Adapt C Basic Optional C Disabled Adapt C Basic Optional C Disabled M adapt Basic Optional C Disabled adapt Basic Optional C Disabled Adapt C Basic Optional C Disabled Adapt C Basic Optional C Disabled ZyXEL G Remove from Channel ZyXEL A Add to Channel Create and Assign Rename SSIDs ZyXEL G Delete Permanently ZyXEL A Edit SSID amp Security Setting NXC 8160 User s Guide Chapter 5 Wireless LAN The following table describes the labels in this screen Table 11 WLAN LABEL DESCRIPTION Regulatory Domain Country Select the country where the NXC 8160 is located Regulatory Domain WLAN The NXC 8160 supports two radios at the same time That means you can have two Configuration separate wireless networks on the NXC 8160 They can be in the same or different 802 11 mode Select the radio Radio 1 Radio 2 you want to configure in this screen Channel Options 802 11 Mode Select 802 11a to allow only IEEE 802 11a compliant WLAN devices to a
56. ame on the external authentication server and NXC 8160 62 NXC 8160 User s Guide Advanced Screen This chapter describes how to configure switch redundancy and SNMP settings 6 1 SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices SNMP is a member of the TCP IP protocol suite Your NXC 8160 supports SNMP agent functionality which allows a manager station to manage and monitor the NXC 8160 through the network The NXC 8160 supports SNMP version one SNMPv1 The next figure illustrates an SNMP management operation Figure 24 SNMP Management Model Managed Device Managed Device Managed Device MANAGER An SNMP managed network consists of two main types of component agents and a manager An agent is a management software module that resides in a managed device the NXC 8160 An agent translates the local management information from the managed device into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and monitor managed devices NXC 8160 User s Guide Chapter 6 Advanced Screen The managed devices contain object variables managed objects that define each piece of information to be collected about a device Examples of variables include such as number of packets received node port status etc A Management Informat
57. as possible For directional antennas point the antenna in the direction of the desired coverage area NXC 8160 User s Guide Legal Information Copyright Copyright O 2007 by ZyXEL Communications Corporation The contents of this publication may not be reproduced in any part or as a whole transcribed stored in a retrieval system translated into any language or transmitted in any form or by any means electronic mechanical magnetic optical chemical photocopying manual or otherwise without the prior written permission of ZyXEL Communications Corporation Published by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners Certifications Federal Communications Commission FCC Interference Statement The device complies with Part 15 of FCC rules Operation is subject to the following two conditions
58. can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames 1s more than the extra network overhead involved in the RTS Request To Send CTS Clear to Send handshake Ifthe RTS CTS value is greater than the Fragmentation Threshold value see next then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmented before they reach RTS CTS size Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size between 256 and 2432 bytes that can be sent in the wireless network before the AP will fragment the packet into smaller data frames A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference NXC 8160 User s Guide Appendix D Wireless LANs If the Fragmentation Threshold value is smaller than the RTS CTS value see previously you set then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmented before they reach RTS CTS size
59. ct where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution If the power adaptor or cord is damaged remove it from the power outlet Do NOT attempt to repair the power adaptor or cord Contact your local vendor to order a new one Do not use the device outside and make sure all the connections are indoors There is a remote risk of electric shock from lightning CAUTION RISK OF EXPLOSION IF BATTERY on the motherboard IS REPLACED BY AN INCORRECT TYPE DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS Dispose them at the applicable collection point for the recycling of electrical and electronic equipment For detailed information about recycling of this product please contact your local city office your household waste disposal service or the store where you purchased the product Do NOT obstruct the device ventilation slots as insufficient airflow may harm your device NXC 8160 User s Guide Safety Warnings Antenna Warning This device meets ETSI and FCC certification requirements when using the included antenna s Only use the included antenna s Ifyou wall mount your device make sure that no electrical lines gas or water pipes will be damaged This product is recyclable Dispose of it properly NXC 8160 User s Guide Safety Warnings NXC 8160 User s Guide Contents Overview Contents Overview I
60. d Configuration to display the screen as shown next Use this screen to set each NXC 8160 as a master or member controller The screen changes depending on whether you select the Master Controller check box By default the Master Controller check box is not selected and the NXC 8160 acts as a member controller Figure 13 Centralized Configuration Member Centralized Configuration SSH Key Management Master Controller Save Upload Master Controller s Public Key D imaster key pub Browse swe NXC 8160 User s Guide Chapter 4 Centralized Configuration The following table describes the labels in this screen Table 8 Centralized Configuration Member LABEL DESCRIPTION Master Controller Clear the check box to have the NXC 8160 act as a member You can manage the member controllers through the master controller Save Click Save to save your customized settings in this section Upload Master Click the Apply button next to Upload Master Controller s Public Key to upload Controller s the public key to the NXC 8160 Public Key You should have got the key from the main controller and saved it on your computer See Table 9 on page 44 for more information Browse Type in the location of the file you want to upload in the field next to Browse or click Browse to find it Sve Click Save to save your customized settings You should go to the Maintenance screen and cl
61. d Key PSK must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters including spaces and symbols 2 The AP checks each wireless client s password and allows it to join the network only if the password matches NXC 8160 User s Guide Appendix D Wireless LANs 3 The AP and wireless clients generate a common PMK Pairwise Master Key The key itself is not sent over the network but is derived from the PSK and the SSID 4 The AP and wireless clients use the TKIP or AES encryption process the PMK and information exchanged in a handshake to create temporal encryption keys They use these keys to encrypt data exchanged between them Figure 84 WPA 2 PSK Authentication PSK te RIZ Internet Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type MAC address filters are not dependent on how you configure these security features Table 44 Wireless Security Relational Matrix METHOD KEY ENCE EHO ENTER IEEE 802 1X MANAGEMENT PROTOCOL METHOD MANUAL KEY l Open None No Disable Enable without Dynamic WEP Key Open WEP No Enable with Dynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable Shared WEP No Enable with Dynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable WPA TKIP AES No Enable WPA PSK TKIP AES Yes Disable WPA2
62. de Eo ch cd ep UE dde 91 Figure 36 Windows XP Control Panel Network Connections Properties esssssssss 92 Figure 37 Windows XP Local Area Connection Properties ccccccseccccceeeeeccccceeenseccceeeeneaceeeensnenaaee 92 Figure 38 Windows XP Internet Protocol TCP IP Properties eeceeeeeseesseeeeee ec ee eee enne 93 Document Title 15 List of Figures Figure 39 Windows XP Advanced TCP IP Properties 1 nter te erri tton tnn n hore a north errant 94 Figure 40 Windows XP Internet Protocol TCP IP Properties eese nenne 95 Figure 41 Windows Vista Start MOD uui ideni e koki en annia viae piv rc ri a du gud 96 Figure 42 Windows Vista Control Panel 2 iss ri rect a a a edo rte Lia Fence Ra eps aes 96 Figure 43 Windows Vista Network And Interripl 22 ece rine ke paka a ko petere x RP daki ehe obo YER CERERI EAE APR 96 Figure 44 Windows Vista Network and Sharing Center eeeeeesiseseseeie eee nnn th nnne 96 Figure 45 Windows Vista Network and Sharing Center ssssssssssseeeeeeenne eene 97 Figure 46 Windows Vista Local Area Connection Properties ssssssee e 97 Figure 47 Windows Vista Internet Protocol Version 4 TCP IPv4 Properties 98 Figure 48 Windows Vista Advanced TCP IP Properties cc csccccesescceeeesesecceeeeeeeeeaeeeeseeaaeeeeensaaes 99 Figure 49 Windows Vista Internet Protocol Version
63. display it in the Controllers Table Reset Click Reset to clear your configuration in the Create a New Table Entry section NXC 8160 User s Guide Chapter 4 Centralized Configuration NXC 8160 User s Guide Wireless LAN This chapter discusses how to configure wireless LAN on the NXC 8160 5 1 Wireless LAN Introduction A wireless LAN can be as simple as two computers with wireless LAN adapters communicating in a peer to peer network or as complex as a number of computers with wireless LAN adapters communicating through access points which bridge network traffic to the wired LAN LES See the WLAN appendix for more detailed information on WLANs The following figure provides an example of a wireless network Figure 15 Example of a Wireless Network 4 r a j a a SIC AP Y v a 1 1 1 A e 1 H N m H p T EE A a 4 4 4 Pd AA n capu pi w e T SSS on n eee NXC 8160 User s Guide Chapter 5 Wireless LAN In this wireless network devices A and B are called wireless clients The wireless clients use the access point AP which is connected to a WLAN controller to interact with other devices such as the printer or with the Internet Your NXC 8160 is the WLAN controller Every wireless network must follow these basic guidelines Every wireless client in the same wireless network must use the same SSID
64. e 39 24 bit Network Number Subnet Planning NO BORROWED SUBNET MASK NO SUBNETS NO NOSTS PER 1 255 255 255 128 25 126 2 255 255 255 192 26 62 3 255 255 255 224 27 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 The following table is a summary for subnet planning on a network with a 16 bit network number Table 40 16 bit Network Number Subnet Planning Nostre SOWED SUBNET MASK NO SUBNETS NO HOSTS PER 1 255 255 128 0 17 32766 2 255 255 192 0 18 16382 3 255 255 224 0 19 8190 4 255 255 240 0 20 16 4094 5 255 255 248 0 21 32 2046 6 255 255 252 0 22 64 1022 7 255 255 254 0 23 128 510 8 255 255 255 0 24 256 254 9 255 255 255 128 25 512 126 10 255 255 255 192 26 1024 62 11 255 255 255 224 27 2048 30 12 255 255 255 240 28 4096 14 13 255 255 255 248 29 8192 6 NXC 8160 User s Guide 115 Appendix B IP Addresses and Subnetting Table 40 16 bit Network Number Subnet Planning continued NO BORROWED NO HOSTS PER HOST BITS SUBNET MASK NO SUBNETS SUBNET 14 255 255 255 252 30 16384 2 15 255 255 255 254 31 32768 1 Configuring IP Addresses Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP
65. e open before a secured tunnel is created This makes user identity vulnerable to passive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which imposes a management overhead EAP TTLS Tunneled Transport Layer Service EAP TTLS is an extension of the EAP TLS authentication that uses certificates for only the server side authentications to establish a secure connection Client authentication is then done by sending username and password through the secure connection thus client identity is protected For client authentication EAP TTLS supports EAP methods and legacy authentication methods such as PAP CHAP MS CHAP and MS CHAP v2 PEAP Protected EAP LEAP Like EAP TTLS server side certificate authentication is used to establish a secure connection then use simple username and password methods through the secured connection to authenticate the clients thus hiding client identity However PEAP only supports EAP methods such as EAP MD5 EAP MSCHAPv2 and EAP GTC EAP Generic Token Card for client authentication EAP GTC is implemented only by Cisco LEAP Lightweight Extensible Authentication Protocol is a Cisco implementation of IEEE 802 1x NXC 8160 User s Guide Appendix D Wireless LANs Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server Thi
66. ection This connection uses the following items l JR DM Client for Microsoft Networks B Network Monitor3 Driver Brie File and PRIX Shore for bah a Networks Es Install Uninstall Description Transmission Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks OK l Cancel NXC 8160 User s Guide 97 Appendix A Setting up Your Computer s IP Address 7 The Internet Protocol Version 4 TCP IPv4 Properties window opens the General tab f you have a dynamic IP address click Obtain an IP address automatically Ifyou have a static IP address click Use the following IP address and fill in the IP address Subnet mask and Default gateway fields Click Advanced Figure 47 Windows Vista Internet Protocol Version 4 TCP IPv4 Properties Internet Protocol Version 4 TCP IPv4 Properties E25 General alternate Configuration i You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Use the following IP address Obtain DNS server address automatically Use the following DNS server addresses Advanced cance 8 If you do not know your gateway s IP address remove any previously installed gateways in the IP Settings tab and click OK Do o
67. entre 050010 Almaty Republic of Kazakhstan Malaysia Support E mail support zyxel com my Sales E mail sales zyxel com my Telephone 603 8076 9933 Fax 603 8076 9833 e Web http www zyxel com my e Regular Mail ZyXEL Malaysia Sdn Bhd 1 02 amp 1 03 Jalan Kenari 17F Bandar Puchong Jaya 47100 Puchong Selangor Darul Ehsan Malaysia North America Support E mail support zyxel com Sales E mail sales zyxel com Telephone 1 800 255 4101 1 714 632 0882 Fax 1 714 632 0858 Web www us zyxel com FTP ftp us zyxel com NXC 8160 User s Guide Appendix F Customer Support Regular Mail ZyXEL Communications Inc 1130 N Miller St Anaheim CA 92806 2001 U S A Norway Support E mail support zyxel no Sales E mail sales zyxel no Telephone 47 22 80 61 80 Fax 47 22 80 61 81 Web www zyxel no Regular Mail ZyXEL Communications A S Nils Hansens vei 13 0667 Oslo Norway Poland E mail info pl zyxel com Telephone 48 22 333 8250 Fax 48 22 333 8251 Web www pl zyxel com Regular Mail ZyXEL Communications ul Okrzei 1A 03 715 Warszawa Poland Russia Support http zyxel ru support Sales E mail sales zyxel ru Telephone 7 095 542 89 29 Fax 7 095 542 89 25 Web www zyxel ru Regular Mail ZyXEL Russia Ostrovityanova 37a Str Moscow 117279 Russia Singapore Support E mail support zyxel com sg Sales E mail sales zyxel com sg Telephone 65 6899 6678
68. er hexadecimal characters as the WEP keys If you chose WEP64 in the Security Mode field then enter 5 ASCII characters or 10 hexadecimal characters 0 9 A F for each key If you chose WEP128 in the Security Mode field then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F for each key 58 NXC 8160 User s Guide Chapter 5 Wireless LAN 5 5 3 Static WEP IEEE 802 1x LEAP Select WEP64 amp 802 1x LEAP or WEP128 amp 802 1x LEAP in the Security Mode field to display the fol lowing screen Figure 21 SSID 8 Security Static WEP IEEE 802 1x LEAP SSID Choose SSID Q Note SSID Options Allow Inter Ess Forward Enable C Disable VLAN 0 4095 Disassociation DTIM period Encryption amp A Security Mode WEP Keys G keyi C key 2 C key 3 Key 4 RADIUS RADIUS Se Address RADIUS Se Share Secr SSID amp Security ZyXEL G Allow Default SSID Enable C Disable Display SSID in Beacon Enable C Disable Allow Intra BSS Traffic Enable C Disable none All configuration in this page applies to the chosen SSID Timeout 600 0 3600 seconds 0 for no disassociation FI uthentication wEpS4 8 802 1x LEAP yi Transmission Key pem n n e rver IP rver Port fis12 et ex x aser esci esa Reset 5 10 WEP64 13 26 WEP128 5 10 WEP64 13 26 WEP128 5 10 WEP64 13 26
69. erver fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address Figure 49 Windows Vista Internet Protocol Version 4 TCP IPv4 Properties Internet Protocol Version 4 TCP IPv4 Properties 2 sa You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator For the appropriate IP settings Use the following IP address Obtain DNS server address automatically Lise the following DNS server addresses Advanced 10 Click OK to close the Internet Protocol Version 4 TCP IPv4 Properties window 11 Click Close to close the Local Area Connection Properties window 12 Close the Network Connections window 13 Turn on your NXC 8160 and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 Inthe Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then click the Support tab Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address Figure 50 Macintosh OS 8 9 Apple Menu About This Computer D
70. ess may take up to two minutes Current Time 24h This field displays the NXC 8160 s present time and date Set Time amp Date Specify the time and date manually Click Update to change the time and date immediately Reboot System restart allows you to reboot the NXC 8160 without turning the power off Controller Click Reboot to restart the NXC 8160 to have your new settings take effect immediately Restart is different to reset reset returns the device to its default configuration Apply Settings Not all new changes on the NXC 8160 need a system reboot to take effect Click Apply to apply your changes immediately when a system reboot is not required Back to Factory Defaults Click the Restore button to clear all user entered configuration information and return the NXC 8160 to its factory defaults 8 2 Configuring Syslog amp Monitor Use this screen to configure to where the NXC 8160 is to send logs and how often a log will be sent Click Maintenance gt Syslog amp Monitor The screen appears as shown NXC 8160 User s Guide Chapter 8 Maintenance Screen Figure 28 Syslog amp Monitor Syslog amp Monitor Enable Syslog Syslog Server IP Address Enable Monitor Monitor Server IP address Syslog amp Monitor Syslog Interval sec Monitor Interval sec f m m Save Reset The following table describes the labels in this
71. etwork most likely the Internet that you connect to a modem or router The LAN and the WAN are two separate networks The following graphic gives an example Figure 7 LAN and WAN LN BE je NS wan yN Internet J 3 2 IP Address and Subnet Mask Similar to the way houses on a street share a common street name so too do computers on a LAN share one common network number Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in selecting the IP addresses and the subnet mask If the ISP did not explicitly give you an IP network number then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to 192 168 255 0 and you must enable the Network Address Translation NAT feature of the connected router The Internet Assigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless NXC 8160 User s Guide 35 Chapter 3 LAN Screen you are told otherwise If you select 192 168 1 0 as the network number it covers 254 individual addresses from 192 168 1 1 to 192 168 1 254 zero and 255 are reserved In other words the first three numbers specify the network number whi
72. etwork status information LAN LAN Use this screen to configure LAN TCP IP settings WLAN WLAN Use this screen to configure your WLAN settings for a radio and Configuration create new SSIDs SSID Table Use this screen to rename an SSID SSID amp Security Use this screen to configure the wireless LAN settings and WLAN security settings for an SSID Advanced Use this screen to set up an alternative NXC 8160 as a backup in case the primary NXC 8160 fails You can also use this screen to send SNMP traps to an SNMP manager Access Points Use this screen to view which AP is active and decide whether to send power to an AP Maintenance Maintenance Use this screen to change your NXC 8160 s time and date upload firmware to your NXC 8160 backup and restore the configuration or reset the factory defaults to your NXC 8160 This screen also allows you to reboot the NXC 8160 without turning the power off Syslog amp Monitor Use this screen to enter the IP address of your syslog server and monitor server Password Use this screen to change your system passwords 2 3 5 About Screen The About screen displays firmware information To display the screen as shown below click the about EP button NXC 8160 User s Guide Chapter 2 Introducing the Web Configurator Figure 6 Web Configurator About Screen NXC 8160 ZyXELFS AppsFS RootFS Kernel Redboot C Copyrig
73. ey Interval 3600 0 3600 seconds 0 for permanent Reset The following table describes the labels in this screen Table 18 SSID 8 Security WPA PSK LABEL DESCRIPTION Security Mode Select WPA PSK from the drop down list WPA WPA PSK The encryption mechanisms used for WPA and WPA PSK are the same The only difference between the two is that WPA PSK uses a simple common password instead of user specific credentials Select ASCII or HEX as the key input method and enter the key in the field provided Type a pre shared key from 8 to 63 case sensitive ASCII characters including spaces and symbols or of 64 hexadecimal characters 0 9 A F WPA RADIUS Rekey Interval This is the rate at which the AP sends a new group key out to all clients The re keying process is the WPA equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis Enter a time interval between 0 and 3600 seconds 5 5 5 WPA Select WPA from the Security Mode list NXC 8160 User s Guide Chapter 5 Wireless LAN Figure 23 SSID 8 Security WPA SSID amp Security SSID Choose SSID ZyXEL_G NT Note All configuration in this page applies to the chosen SSID SSID Options Allow Default SSID Enable C Disable Display SSID in Beacon Enable C Disable Allow Intra BSS Traffic Enable C Disable Allow Inter Ess Forward Enable C Disab
74. f IP addresses specifically for private networks e 10 0 0 0 10 255 255 255 e 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space NXC 8160 User s Guide Appendix B IP Addresses and Subnetting IP Address Conflicts Each device on a network must have a unique IP address Devices with duplicate IP addresses on the same network will not be able to access the Internet or other resources The devices may also be unreachable through the network Conflicting Computer IP Addresses Example More than one device can not use the same IP address In the following example computer A has a static or fixed IP address that is the same as the IP address that a DHCP server assigns to computer B which is a DHCP client Neither can access the Interne
75. f using dynamic assignment make sure that your computers have IP addresses that place them in the same subnet as the NXC 8160 s LAN port Windows 95 98 Me Click Start Settings Control Panel and double click the Network icon to open the Network window NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address Figure 31 Windows 95 98 Me Network Configuration LPR for TCP IP Printing 3Com EtherLink 10 100 PCI TX NIC 3C905B TX Dial Up Adapter USB Fast Ethernet Adapter Y TCP IP gt 3Com EtherLink 10 100 PCI T NIC 3C305B T79 Client for Microsoft Networks 5 Installing Components The Network window Configuration tab displays a list of installed components You need a network adapter the TCP IP protocol and Client for Microsoft Networks If you need the adapter 1 Inthe Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 Inthe Network window click Add 2 Select Protocol and then click Add 3 Select Microsoft from the list of manufacturers 4 Select TCP IP from the list of network protocols and then click OK If you need Client for Microsoft Networks 1 Click Add 2 Select Client and then click Add 3 Select Microsoft from the list of manufacturers 4 Select Client for Microsoft Networks from the list of network clients and then click OK 5 Restart your computer so the changes
76. g 5 5111 CCK Complementary Code Keying 6 9 12 18 24 36 48 54 OFDM Orthogonal Frequency Division Multiplexing Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless clients access points and the wired network NXC 8160 User s Guide 131 Appendix D Wireless LANs Wireless security methods available on the NXC 8160 are data encryption wireless client authentication restricting access by device MAC address and hiding the NXC 8160 identity The following figure shows the relative effectiveness of these wireless security methods available on your NXC 8160 Table 42 Wireless Security Levels SECURITY LEVEL SECURITY TYPE Least Unique SSID Default Secure Unique SSID with Hide SSID Enabled MAC Address Filtering WEP Encryption IEEE802 1x EAP with RADIUS Server Authentication Wi Fi Protected Access WPA Most Secure WPA2 SA You must enable the same wireless security settings on the NXC 8160 and on all wireless clients that you want to associate with it IEEE 802 1x In June 2001 the IEEE 802 1x standard was designed to extend the features of IEEE 802 11 to support extended authentication as well as providing additional accounting and control features It is supported by Windows XP and a number of network devices Some advantages of IEEE 802 1x are User based identification that allows fo
77. has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal Table 30 IP Address Network Number and Host ID Example 1ST OCTET cter octet dJHOCTET 168 1 IP Address Binary 11000000 10101000 00000001 00000010 Subnet Mask Binary 11111111 11111111 11111111 00000000 Network Number 11000000 10101000 00000001 Host ID 00000010 By convention subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask followed by a continuous sequence of zeros for a total number of 32 bits Subnet masks can be referred to by the size of the network number part the bits with a 1 value For example an 8 bit mask means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes NXC 8160 User s Guide Appendix B IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses The following examples show the binary and decimal notation for 8 bit 16 bit 24 bit and 29 bit subnet masks Table 31 Subnet Masks BINARY DECIMAL OCTET OCTET OCTET SCTE
78. he access point sends a proper response from the user and then sends another Access Request message The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting Accounting Request Sent by the access point requesting accounting Accounting Response Sent by the RADIUS server to indicate that it has started or stopped accounting In order to ensure network security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the network from unauthorized access Types of EAP Authentication This section discusses some popular authentication types EAP MDS EAP TLS EAP TTLS PEAP and LEAP Your wireless LAN device may not support all authentication types EAP Extensible Authentication Protocol is an authentication protocol that runs on top of the IEEE 802 1x transport mechanism in order to support multiple types of user authentication By using EAP to interact with an EAP compatible RADIUS server an access point helps a wireless station and a RADIUS server perform authentication The type of authentication you use depends on the RADIUS server and an intermediary AP s that supports IEEE 802 1x NXC 8160 User s Guide 133 Appendix D Wireless LANs For EAP TLS authentication type you must first ha
79. hentication with a static 64bit WEP key and an LEAP authentication server WEP128 8 802 1x Select this to use 802 1x authentication with a static 128bit WEP key and an LEAP authentication server WPA PSK Select this to use WPA with a pre shared key WPA Select this to use WPA with an authentication server NXC 8160 User s Guide Chapter 5 Wireless LAN Figure 18 SSID 8 Security SSID amp Security SSID Choose SSID ZyxEL_G 7 q Note All configuration in this page applies to the chosen SSID SSID Options Allow Default SSID Enable C Disable Display SSID in Beacon Enable C Disable Allow Intra BSS Traffic Enable C Disable Allow Inter Ess Forward Enable C Disable VLAN 0 4095 nene Disassociation Timeout 500 0 3600 seconds 0 for no disassociation DTIM period s 7 Encryption amp Authentication Security Mode None Reset The following table describes the labels in this screen Table 14 SSID 8 Security LABEL DESCRIPTION SSID Choose SSID Select an SSID for which you want to configure the wireless and wireless security settings SSID Options Allow Default SSID Select Enable to allow a wireless client to connect to a service set on the NXC 8160 even when the wireless client is trying to connect to any network Select Disable to allow a wireless client to connect to a service set on the NXC 8160 only when the wireless c
80. ht 2007 by ZyXEL Communications Corp Did you check 1 00 ZT 0 b2 2007 Apr 26 1707 1 00 2T 0 b2 2007 Apr 26 1707 Sun Nov 12 19 29 04 2006 Thu Oct 5 11 39 44 2006 version 1 94 built 09 07 17 Sep 13 2004 www zyxel com today The following table describes the read only fields in this screen Table 5 Web Configurator About Screen LABEL DESCRIPTION ZyXELFS This field displays the firmware version number and the date created AppsFS This field displays the firmware version number and the date created RootFs This field displays the date and time when RootFs used as a placeholder inside the firmware kernel was built Kernel This field displays the date and time when firmware kernel was built Redboot This field displays the Redboot version number and the date created RedBoot is an embedded system bootstrap and debug firmware from RedHat NXC 8160 User s Guide Chapter 2 Introducing the Web Configurator 32 NXC 8160 User s Guide PART li Web Configurator een 35 Wireless LAN 47 LAN Screen This chapter describes how to configure LAN settings 3 1 LAN and WAN A network is a shared communication system to which many computers are attached The Local Area Network LAN includes the computers and networking devices such as the NXC 8160 in your home or office that you connect to a modem or router s LAN ports The Wide Area Network WAN is another n
81. ick Apply to have your changes take effect immediately without a system rebbot When you select Master Controller and click Save the screen changes and displays as shown next Figure 14 Centralized Configuration Master Centralized Configuration SSH Key Management M Master Controller Save Generate New SSH Keys Save Retrieve Public SSH Key Save Controllers Table Status Name IP Address Action o SWITCH 192 168 1 10 None z ftest 192 168 2 23 configure Controller 7 res Create a New Table Entry Name IP Address Save Reset The following table describes the labels in this screen Table 9 Centralized Configuration Master LABEL DESCRIPTION SSH Key Management Master Controller When you have more than one NXC 8160 in the network select this to have your NXC 8160 act as the master controller You can manage the member controllers in the same network through the master controller Save Click Save to save your customized settings NXC 8160 User s Guide Chapter 4 Centralized Configuration Table 9 Centralized Configuration Master LABEL DESCRIPTION Generate New Click the Save button next to Generate New SSH Keys to have the NXC 8160 SSH Keys create a SSH key which is to be used to identify the NXC 8160 for SSH connections Retrieve Public SSH Key Click the Save button next to Retrieve Public SSH Key to download a
82. ing device within range NXC 8160 User s Guide Chapter 5 Wireless LAN Figure 19 SSID 8 Security None SSID amp Security SSID Choose SSID ZyxEL_G 7 Note All configuration in this page applies to the chosen SSID SSID Options Allow Default SSID Enable C Disable Display SSID in Beacon Enable C Disable Allow Intra BSS Traffic Enable C Disable Allow Inter Ess Forward Enable C Disable VLAN 0 4095 none Disassociation Timeout 500 0 3600 seconds 0 for no disassociation DTIM period s 7 Encryption amp Authentication Security Mode None Reset The following table describes the wireless LAN security labels in this screen Table 15 SSID amp Security None LABEL DESCRIPTION Select None to allow wireless clients to communicate with the access points without any data encryption Security Mode 5 5 2 Static WEP Static WEP provides a mechanism for encrypting data using encryption keys Both the AP and the wireless clients must use the same WEP key to encrypt and decrypt data Your NXC 8160 allows you to configure up to four 64 bit or 128 bit WEP keys but only one key can be used at any one time NXC 8160 User s Guide Chapter 5 Wireless LAN Figure 20 SSID amp Security WEP SSID amp Security SSID Choose SSID zyxEL 6 7 a Note All configuration in this page applies to the chosen SSID SSID Options
83. ion Transmission Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks C Show icon in notification area when connected 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP f you have a dynamic IP address click Obtain an IP address automatically f you have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields Click Advanced NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address Figure 38 Windows XP Internet Protocol TCP IP Properties Internet Protocol TCP IP Properties General Alternate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically C Use the following IP address Obtain DNS server address automatically C Use the following DNS server addresses 6 Ifyou do not know your gateway s IP address remove any previously installed gateways in the IP Settings tab and click OK Do one or more of the following if you want to configure additional IP addresses nthe IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet
84. ion Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request response protocol based on the manager agent model The manager issues a request and the agent returns responses using the following protocol operations Get Allows the manager to retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements of a table from an agent it initiates a Get operation followed by a series of GetNext operations Set Allows the manager to set values for object variables within an agent Trap Used by the agent to inform the manager of some events 6 1 1 SNMP Traps The NXC 8160 can send the following traps to the SNMP manager Table 20 SNMP Traps TRAP NAME DESCRIPTION Configured and connected APs of channel channel number This trap is sent when an AP is disconnected or connected from to the WLAN controller AP ap number in hex base has been connected This trap is sent when an AP is connected to the WLAN controller AP ap number in hex base has been disconnected This trap is sent when an AP is disconnected from the WLAN controller Reference Host is up This trap is sent when the referenced host is up Reference Host is down
85. is disables any web pop up blockers you may have enabled Figure 70 Internet Options Privacy Internet Options General Security Privacy Content Connections Programs Advanced Settings Move the slider to select a privacy setting for the Internet gt zone Medium Blocks third party cookies that do not have a compact privacy policy Blocks third party cookies that use personally identifiable L information without your implicit consent Restricts first party cookies that use personally identifiable information without implicit consent Pop up Blocker 6 Prevent most pop up windows from appearing Block pop ups 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab 2 Select Settings to open the Pop up Blocker Settings screen NXC 8160 User s Guide Appendix C Pop up Windows JavaScripts and Java Permissions Figure 71 Internet Options Privacy Internet Options a Settings Move the slider to select a privacy setting for the Internet MER zone Medium privacy policy Blocks third party cookies that use personally identifiable Li information without your implicit consent Restricts first party cookies that use personally identifiable information without i
86. j o n 33 NXC 8160 User s Guide n Table of Contents Chapter 3 LAN SEIEN ci cdit ik a i CRY ka a km kl e l RATER QR MAU DEREN ER RARE n ER ka FREE ERU e ad kn e kk ad kaka 35 eu LR and XU a ka in oak e a tk ek kk a deals ka a kab kl a kk e kob bl ek undo Da 35 3 2 IPF Address and Subnet MASK aee T 35 SR MN II MET rc ETT TT TOT 36 3 2 2 Management IF ic cc qe 36 Co VLA Mo 37 LANT OE aa Hadas teu ka l oed ek esp n Sati eat Bn 37 S VLAN Application EXSIilla 2 ras eai saba desi bai eve Ha eonan er RU I ie Lb i 37 EULA Rm pA a 38 Chapter 4 Centralized Configrall DEL ai iie uis exi Mni k edat Rald a kana RAI A R9 kola FR ARRA E ARR VERA AERA RAM GRAM ERAS 41 4 4 Introduction to Centralized Configuration 255 ooi na nto I AMEN PER Yu av k r nex AREE MER VER RREFH EY Yu 2 kreyon 41 Les m E 41 LES ads POD ate NR TP TINO 42 24 SSH Implementation an the INXC 8 B0 uiscdiai okay ase tonics cess Cukk 2d eng cxt ed ER nenduan 43 4 4 1 Requirements for Using SSH ei kako didi Cor a OR rl i eas ess 43 4S CA rsBRels cri DNE nnan 0 T 43 Chapter 5 Wireless LAN n M 47 51 Wireless LAN FSQAUCTNON isiya da pea pak aa kk kak kk e kib k ban twin fi ke ko kk p e jak kaa kad ea An 47 5 2 Wireless Security OVervi W ai kika aid a aka ka kk aktik kk DA kok kk kn kk kak kav S ek kk kk ik ke ka kk k
87. k kn 48 E op 48 GENRE ANT UE WRITE OLI 48 uiua ritis rc 49 5 2 4 Additional Installation Requirements for Using 802 1x sese 50 Dice producion to RADIUS mE ks ak ke lak bi ks NN 50 meis LAN epee aa ko ti a a bk kak o kask in 50 54 1 PROTEINS SSDS CT T 53 5 5 Contiguring Wireless Securiiy dee 54 MM NO SOCUIIY okt M 56 552986 PIE ii tt klan fi ekta neni den Wadi deni reb ie ER ees aes 57 Doar slap WEP JEEE BUS 1X LEAP aaustadisbendie tu PR E e eka ass ia TRG 59 RO ME AE SI ak res ba tanoe sk anan kk a a e ak e wk ki S kk kk a a pk SAA ak EE ks ka tis koki M 60 zer AU FE T v 61 Chapter 6 Advanced SGP ci koi kk ki kw ik ik 63 EL m oi ole ka ko ad kep e kk a eda iI 63 GOT SIME TAPE s ooo ton sakap zan ayo at A 64 6 2 Configuring the Advanced SONSON eke aaa e kre kib krak risk kk e ek kk b bk bk kk TI 64 a NXC 8160 User s Guide Table of Contents Chapter 7 ACESS POMS SECC coo kasika CER UR abiy ak UE CEA kok kk RA REEF E VORRR ARES MR Ak PRSE REV e Ek ka kk AS 67 Chapter 8 Maintenance SCPC GIN PT 69 8 1 Maintenance LVENNON RT 69 8 2 Configuring Syslog amp Monit r eias ske aa b oka k kika wa oi pad kk ii aa buna ti kk da pa ma kk A KR 70 Chapter 9 crc e NA SE 73 91 Goantiguriinig FaSSWOF c
88. kk ko a kk K DE ki ak 19 Part E NINETY a ki kit kk kk kk a w kk l a kk e S a KA DR INE pk kk ik e kk kk 21 Chapter 1 Getting f Know Your MAC S16D es sin iesnkin ni soi si kk ki a ka ak ka kk n kata K kn kak kn kk A kk A ME A AER 23 14 NXC BTBU CAS ad eec ne a ak eren ak a a a oe kk Ak HR a ea RR a 23 1 2 Applicaton or TEN KCA NO Dat kl kle ks n et EEEE REE 23 Tad Wireless Mernel ACCISE a pk ka ii aa ki peti pa t n n a pk kk RF pk po ele pk ik 23 1 2 2E e AEEA A i Mp 24 1 3 Ways to Manage the INXO B TOU 1uieecuiciesk eu tri eir miui etit tke di docu An ida 25 1 4 Good Habits for Managing the NAGO TOU auis tert ko deba ved ia dd o cerea 25 Toron Panel LEDS LONG sanonnan 25 Chapter 2 Introducing the Web Configurator serisinin kaea aai aaia 27 231 Wes COM WON CAP EN aise et a pd ok kk a a ae co inion L e es kan 27 2 2 Accessing the NXC 8160 Web Configurator ssseeenn emen 27 4 9 Navigating the NXC 8160 Web Configurator 1 kaki onere tensa rrr eere rto neu e rtt AE a Ak 27 Z0 TIUS Ba uos ati i bep an a pe e REESE E RO ESOS RERO RE PR AR E et E Y PN 28 2 9 2 Man RIDE OEC Lorca rbd E E PES RH ERU EP RUE EM kk EUR CHEN RR E MG uim 28 zi o BUS DOO aurscHeteridettieiienre pk e e ao ebbe e bli Fk kn De a ad a koka kai p okt TTA 28 2 0 HOUR FANN ak atid e anda ca oa a e n a kl n tases ik ak n kk aa eared kk od 30 PRSTA DO EEEE EN in n a kb e ka a kn a ak e ak ka po n a E a ko ot ka bo pi es 30 Parti ik Web Ep g
89. lable supplicant is the WPA patch for Windows XP Funk Software s Odyssey client The Windows XP patch is a free download that adds WPA capability to Windows XP s built in Zero Configuration wireless client However you must run Windows XP to use it WPA 2 with RADIUS Application Example To set up WPA 2 you need the IP address of the RADIUS server its port number default is 1812 and the RADIUS shared secret A WPA 2 application example with an external RADIUS server looks as follows A is the RADIUS server DS is the distribution system 1 The AP passes the wireless client s authentication request to the RADIUS server The RADIUS server then checks the user s identification against its database and grants or denies network access accordingly 3 A 256 bit Pairwise Master Key PMK is derived from the authentication process by the RADIUS server and the client 4 The RADIUS server distributes the PMK to the AP The AP then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys The keys are used to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients Figure 83 WPA 2 with RADIUS Application Example NEL a Ne Internet D m x ko Es e ANT MIMI WPA 2 PSK Application Example A WPA 2 PSK application looks as follows 1 First enter identical passwords into the AP and all wireless clients The Pre Share
90. le VLAN 0 4095 none Disassociation Timeout 3600 0 3600 seconds 0 for no disassociation DTIM period 3 7 Encryption amp Authentication Security Mode WPA w WPA RADIUS Rekey Interval 3600 0 3600 seconds 0 for permanent RADIUS RADIUS Server IP lh n Address RADIUS Server Port 1812 Share Secret Reset The following table describes the labels in this screen Table 19 SSID 8 Security WPA LABEL DESCRIPTION Security Mode Select WPA from the drop down list WPA RADIUS Rekey Interval This is the rate at which the RADIUS server sends a new group key out to all clients The re keying process is the WPA equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis Enter a time interval between 0 and 3600 seconds RADIUS The NXC 8160 can use an external RADIUS server to authenticate an unlimited number of users RADIUS Server Enter the IP address of the external authentication server in dotted decimal IP Address notation RADIUS Server The default port of the RADIUS server for authentication is 1812 Port You need not change this value unless your network administrator instructs you to do so with additional information Share Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the NXC 8160 The key is not sent over the network This key must be the s
91. le the last number identifies an individual computer on that network Once you have decided on the network number pick an IP address that is easy to remember for instance 192 168 1 10 for your NXC 8160 but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP address Your NXC 8160 will compute the subnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the NXC 8160 unless you are instructed to do otherwise 3 2 1 Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet for example only between your two branch offices you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved the following three blocks of IP addresses specifically for private networks e 10 0 0 0 10 255 255 255 e 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses
92. lient is trying to connect to a specific SSID Display SSID in Select Enable to allow the AP to broadcasts the SSID in the area and a client can Beacon see it from the utility Select Disable to hide the SSID in the outgoing beacon frame so that a client cannot obtain the SSID through scanning using a site survey tool Allow Intra BSS A Basic Service Set BSS exists when all communications between wireless Traffic clients or between a wireless client and a wired network client go through the AP s and use the same SSID Intra BSS traffic is traffic between wireless clients in the BSS If you select Enable wireless clients in the same BSS can access the wired network and communicate with each other If you select Disable wireless clients in the same BSS can still access the wired network but cannot communicate with each other NXC 8160 User s Guide Chapter 5 Wireless LAN Table 14 SSID 8 Security continued LABEL DESCRIPTION Allow Inter Ess An Extended Service Set ESS consists of a series of overlapping BSSs each Forward containing an access point with each access point connected together by a wired network This type of wireless LAN topology is called an Infrastructure WLAN Select Enable to allow wireless clients using different SSIDs to communicate with each other Traffic between them will not go through the NXC 8160 Note To allow Inter ESS forwarding you need to enable this feature on b
93. lt Gateway This shows the IP address of the gateway in your network Syslog Server This shows the IP address of the server to which the NXC 8160 sends system logs Access Points 1 8 Active Access Points This shows the number s of the WLAN port s to which an active access point is connected Power On Access Points This shows the number s of the WLAN port s which is enabled to supply power to an access point WLAN Country Regulatory Domain This shows the country you selected in the WLAN Configuraion screen NXC 8160 User s Guide Chapter 2 Introducing the Web Configurator Table 3 Web Configurator Status Screen continued LABEL DESCRIPTION 802 11 Mode This shows the wireless standard IEEE 802 112 b or g you configured for the radio wireless transmissions of signals If Radio 2 is disabled this displays Inactive Channel This shows the channel number you configured for the radio SSIDs vlan This shows the SSID Service Set IDentity and the VLAN ID number if configured for the radio Other SSIDs This shows the configured SSIDs if any which are not assigned to a radio 2 3 4 Navigation Panel Use the sub menus on the navigation panel to configure NXC 8160 features The following table describes the sub menus Table 4 Screens Summary LINK TAB FUNCTION Status This screen shows the NXC 8160 s general device and n
94. mplicit consent Blocks third party cookies that do not have a compact j Pop up Blocker Prevent most pop up windows from appearing v Block pop ups 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add to move the IP address to the list of Allowed sites Figure 72 Pop up Blocker Settings Pop up Blocker Settings Exceptions Pop ups are currently blocked You can allow pop ups from specific Web sites by adding the site to the list below Address of W eb site to allow http 4 192 168 1 1 Add Allowed sites Notifications and Filter Level Play a sound when a pop up is blocked Show Information Bar when a pop up is blocked Filter Level Medium Block most automatic pop ups Pop up Blocker FAQ Close NXC 8160 User s Guide Appendix C Pop up Windows JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of the web configurator do not display properly in Internet Explorer check that JavaScripts are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 73 Internet Options Security General Security Privacy Content Connections Programs Advanced Select a Web content zone to specify its security settings e Z o e Inte
95. nap a e pk pk ik AA pak kk yad 58 Figure 21 SSID amp Security Static WEP IEEE 802 1X LEAP sennosensnoninonenunnnininninan 59 Figure 22 SSID amp Security WPA PSK sisson vise koooasosaekk brennt ated rra rtis o ride kabet dde ben edd der pied E bd 61 Figure 23 SSID amp Security WPA iv ki ia kk tier ana End epa i E c ERA i e Bu Ke La n 62 Figure 24 SNMP Management Modal ee seke outa erret dni por akt kk ete o PE v MERECE EM SR Fels un ok Erbe YN pk bk DEL VN RE bUUUA 63 PWSZ AOTC c 65 ad Euro cu n kika kf kan ai kn e a is kk kk kak a ka n kk a ek kk a A a ak kk A kn ko 67 Eu mwedtnoncucpc e e 69 FRE ZO sys MOMMY ucsibsrc i dette Maccab Let ope Da ed La UR ADR X OUR AR UR a RS T1 FONS wae gage fares o ET 73 Figure 30 Console Cable DB S End PIN LayOlt scscicccssiissencssstassacacestesiccecisasveicetisaesncesenacee cessaasteneaserenens 82 Figure 31 Windows 95 98 Me Network Configuration cccccccsecceeesseccceeeeseeeceeeesnseecceeesnseeceeeeeeneaaes 88 Figure 32 Windows 95 98 Me TCP IP Properties IP Address icssscisguasieicdscetniaiepinanciceemacabiads 89 Figure 33 Windows 95 98 Me TCP IP Properties DNS Configuration sseeneee 90 Figure 34 Windows XP Start MORE eio oder stipe cona paa Kec E S PAR A Er kk ik R ada kk 91 Figure 35 Windows XP Control Panel ssccsccsscssenecatuersustsassssacve thai nie rr ede ar tede e tret be pro I
96. national telephone call Corporate Headquarters Worldwide Support E mail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 3 578 3942 Fax 886 3 578 2439 Web www zyxel com www europe zyxel com FTP ftp zyxel com ftp europe zyxel com Regular Mail ZyXEL Communications Corp 6 Innovation Road II Science Park Hsinchu 300 Taiwan Costa Rica Support E mail soporte zyxel co cr Sales E mail sales zyxel co cr Telephone 506 2017878 Fax 506 2015098 Web www zyxel co cr FTP ftp zyxel co cr Regular Mail ZyXEL Costa Rica Plaza Roble Escaz Etapa El Patio Tercer Piso San Jos Costa Rica Czech Republic E mail info cz zyxel com Telephone 420 241 091 350 NXC 8160 User s Guide Appendix F Customer Support Fax 420 241 091 359 Web www zyxel cz Regular Mail ZyXEL Communications Czech s r o Modransk 621 143 01 Praha 4 Modrany Cesk Republika Denmark Support E mail support zyxel dk Sales E mail sales zyxel dk Telephone 45 39 55 07 00 Fax 45 39 55 07 07 Web www zyxel dk Regular Mail ZyXEL Communications A S Columbusvej 2860 Soeborg Denmark Finland Support E mail support zyxel fi Sales E mail sales zyxel fi Telephone 358 9 4780 8411 Fax 358 9 4780 8448 Web www zyxel fi Regular Mail ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland France E mail info zyxel fr Telephone 3
97. nd save a public key on your computer so that you can upload the key to a member Controllers Table This table shows the controllers added to the centralized configuration group The master controller s entry is grayed out You cannot configure it Status This field displays which indicates the member controller is accessible Name This is the name of a controller you added to this group To change the name enter a new one select edit entry in the Action field and then click Save IP Address This shows the IP address of a controller you added to this group using the fields below Action Select the action that you want to take on the specified member controller Select None to not apply changes to the selected controller Select configure controller to apply this NXC 8160 s configuration to the selected controller Select reboot controller to restart the controller Select edit entry to configure the controller s decriptive name Select delete entry to remove the controller from this group Save Click Save to save your customized settings in the Controllers Table section Reset Click Reset to reload the previous configuration for the Controllers Table section Create a New Use the fields below to add a controller to the centralized configuration group Table Entry Name Enter the name of the member controller IP Address Enter the IP address of the member controller Save Click Save to add a member and
98. ne or more of the following if you want to configure additional IP addresses nthe IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default metric the number of transmission hops clear the Automatic metric check box and type a metric in Metric Click Add Repeat the previous three steps for each default gateway you want to add Click OK when finished NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address Figure 48 Windows Vista Advanced TCP IP Properties Advanced TCP IP Settings ka la 1P Settings ons wins IP addresses IP address Subnet mask DHCP Enabled Add Edit Remove Default gateways Gateway Metric Add Edit Remove J Automatic metric Cancel 9 Inthe Internet Protocol Version 4 TCP IPv4 Properties window the General tab Click Obtain DNS server address automatically if you do not know your DNS server IP address es f you know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS s
99. nfigure or helpful tips or recommendations Syntax Conventions The NXC 8160 wireless switch may be referred to as the NXC 8160 the WLAN controller or the system in this User s Guide Product labels screen names field labels and field choices are all in bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket gt within a screen name denotes a mouse click For example Maintenance gt Log gt Log Setting means you first click Maintenance in the navigation panel then the Log sub menu and finally the Log Setting tab to get to that screen Units of measurement may denote the metric value or the scientific value For example k for kilo may denote 1000 or 1024 M for mega may denote 1000000 or 1048576 and so on e g is a Shorthand for for instance and i e means that is or in other words NXC 8160 User s Guide Document Conventions Icons Used in Figures Figures in this User s Guide may use the following generic icons NXC 8160 Computer Notebook computer NEN NS Server Wireless Signal Modem Router 4 No ll Access Point
100. nternet Explorer click Tools and then Internet Options to open the Internet Options screen In the General tab click Delete Files In the pop up window select the Delete all offline content check box and click OK Click OK in the Internet Options screen to close it NXC 8160 User s Guide Chapter 10 Troubleshooting f you disconnect your computer from one device and connect it to another device that has the same IP address your computer s ARP Address Resolution Protocol table may contain an entry that maps the management IP address to the previous device s MAC address In Windows use arp d at the command prompt to delete all entries in your computer s ARP table e can see the Login screen but cannot log in to the NXC 8160 1 Make sure you have entered the user name and password correctly The default user name is admin and the default password is Switch1 These fields are case sensitive so make sure Caps Lock is not on N Disconnect and re connect the power cord to the NXC 8160 If this does not work you have to contact your vendor e cannot Telnet to the NXC 8160 You cannot use Telnet to access the NXC 8160 The NXC 8160 supports SSH Secure SHell and allows a secure encrypted connection for support purposes only e cannot access the NXC 8160 or ping any computer from the WLAN Make sure the wireless adapter on the wireless client is working properly 2 Make su
101. ntroductio ekite kk 21 Coe ling te KADW YOUN MO TOU ize sinnena AEEA 23 nies ior siluis Er alle pite MNT E kk n A pk al 27 Lise GON AU 1 65 EPIIT T TTL AE EIN E 33 f ON OP AN ai a ik ka na hu abu seda feu eias CHR ek a ak MD pal VE a lk kk ak ke EAT ED 35 enr riesci M 41 prio DEJA eC He 47 PONCE S TEN ii aaa bi kis e ae pal da al a e e an e a n kk n e ak MU MM MM 63 ALOS Pome SANON AN E 67 Mamtenanos NON OCI ve saa kl ki a kan kk alo candle al ks et opt n e a ak e pak e a ak e e le ek p Nude 69 POSS WONG rek ki 73 Troubleshooting and Specifications ei eeeskeies tein rien iu dat ix tuc that 2a Ea bebi kkak kisa MR MAREA S bkk ta du ki RR R DE 75 ereo ae E UT UT T7 ixi emer eT M mE 81 Appendices and Index icccicssio coru kk i e coc kk kk kk aaa 85 NXC 8160 User s Guide a Contents Overview NXC 8160 User s Guide Table of Contents Table of Contents About This Usb s CUIUS uico i ivi kis ati mak ERE it DE Fe RE OR CERE RH X ROV RE EE SRM SINUM RO Gr M e e 3 Document CAN YE NON NS seo ia aes Y UEM MARE EFE dU KELLER Fas CE Ie DV kn a a ad QE EDGE VE a Ru FON RR da RD 4 Safety rl ce E S 6 Contents OVEPVIGW sexa aec e a kai va Xa Vea za Id pre a La kae E E RENE M RR URN UEM I VR RV CR UR 9 Table of Come N S ikid Vid cede REGE aT ML aaia 11 AS TE W W B Mere 15 List AP Tables ki kok kk ki kk kk e kk kf kk a ai kk
102. o signals equally well in all directions dBi represents the true gain that the antenna provides Types of Antennas for WLAN There are two types of antennas used for wireless LAN applications Omni directional antennas send the RF signal out in all directions on a horizontal plane The coverage area is torus shaped like a donut which makes these antennas ideal for a room environment With a wide coverage area it 1s possible to make circular overlapping coverage areas with multiple access points Directional antennas concentrate the RF signal in a beam like a flashlight does with the light from its bulb The angle of the beam determines the width of the coverage pattern Angles typically range from 20 degrees very directional to 120 degrees less directional Directional antennas are ideal for hallways and outdoor point to point applications NXC 8160 User s Guide Appendix D Wireless LANs Positioning Antennas In general antennas should be mounted as high as practically possible and free of obstructions In point to point application position both antennas at the same height and in a direct line of sight to each other to attain the best performance For omni directional antennas mounted on a table desk and so on point the antenna up For omni directional antennas mounted on a wall or ceiling point the antenna down For a single AP application place omni directional antennas as close to the center of the coverage area
103. oduces the main features and applications of the NXC 8160 1 1 NXC 8160 Overview The NXC 8160 is a WLAN controller that allows you to connect the NWA 8500 access points APs to extend your wireless network The NXC 8160 centralizes the management of all of the connected APs You can maintain the APs through the NXC 8160 thus eliminating the need to connect to and configure each AP individually The AP acts as an antenna of the NXC 8160 If you have more than one NXC 8160 in your network you can manage the other NXC 8160 s through a NXC 8160 You can also set one NXC 8160 as the main WLAN controller and the other as the backup when the primary is not active or cannot work properly The NXC 8160 provides secure wireless connectivity to your wired network The NWA 8500 supports two radios wireless transmissions of signals simultaneously which can be of the same or different IEEE 802 11 mode That means both IEEE 802 11b g and IEEE 802 11a compatible clients can wirelessly access the wired network behind the NXC 8160 through a connected access point Only use firmware for your NXC 8160 s specific model See Chapter 11 on page 81 for a complete list of features 1 2 Application for the NXC 8160 Here are some examples of what you can do with your NXC 8160 1 2 1 Wireless Internet Access You can connect a cable or DSL modem router to the NXC 8160 for broadband Internet access via an Ethernet port on the modem router Both IEEE
104. on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the network the packets are delivered Structure An IP address is made up of four parts written in dotted decimal notation for example 192 168 1 1 Each of these four parts is known as an octet An octet 1s an eight digit binary number for example 11000000 which is 192 in decimal notation Therefore each octet has a possible range of 00000000 to 11111111 in binary or 0 to 255 in decimal The following figure shows an example IP address in which the first three octets 192 168 1 are the network number and the fourth octet 16 is the host ID NXC 8160 User s Guide Appendix B IP Addresses and Subnetting Figure 63 Network Number and Host ID 192 168 1 16 ai i at i i a M mmmh i I L L n L I L I i I L I L I L N 4 mm m m m m m um m 9 How much of the IP address is the network number and how much is the host ID varies according to the subnet mask Subnet Masks A subnet mask is used to determine which bits are part of the network number and which bits are part of the host ID using a logical AND operation The term subnet is short for sub network A subnet mask
105. or other versions may vary You can enable Java Javascripts and pop ups in one screen Click Tools then click Options in the screen that appears NXC 8160 User s Guide Appendix C Pop up Windows JavaScripts and Java Permissions Figure 77 Mozilla Firefox Tools Options IS Help Web Search Ctri K Downloads Ctri 3 Add ons Web Developer Error Console Adblock Plus Page Info Ctri Shift A FireFTP Clear Private Data Ctrl Shift Del Tab Mix Plus Options 3 Session Manager Options Click Content to show the screen below Select the check boxes as shown in the following screen Figure 78 Mozilla Firefox Content Security x ld d amp amp Main Tabs Feeds Privacy Security Advanced w Block pop up windows Exceptions IV Load images automatically Exceptions v Enable JavaScript Advanced IV Enable Java r Fonts amp Colors Default Font Times New Roman vi Size 16 v Advanced Colors r File Types Configure how Firefox handles certain types of Files Manage HT NXC 8160 User s Guide Appendix C Pop up Windows JavaScripts and Java Permissions NXC 8160 User s Guide Wireless LANs Wireless LAN Topologies This section discusses ad hoc and infrastructure wireless LAN topologies Ad hoc Wireless LAN Configuration The simplest WLAN configuration is an independent Ad
106. ord guessing attacks but it s still an improvement over WEP as it employs a consistent single alphanumeric password to derive a PMK which is used to generate unique temporal encryption keys This prevent all wireless devices sharing the same encryption keys a weakness of WEP User Authentication WPA and WPA2 apply IEEE 802 1x and Extensible Authentication Protocol EAP to authenticate wireless clients using an external RADIUS database WPA2 reduces the number of key exchange messages from six to four CCMP 4 way handshake and shortens the time required to connect to a network Other WPA2 authentication features that are different from WPA include key caching and pre authentication These two features are optional and may not be supported in all wireless devices Key caching allows a wireless client to store the PMK it derived through a successful authentication with an AP The wireless client uses the PMK when it tries to connect to the same AP and does not need to go with the authentication process again Pre authentication enables fast roaming by allowing the wireless client already connecting to an AP to perform IEEE 802 1x authentication with another AP before connecting to it NXC 8160 User s Guide Appendix D Wireless LANs Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA At the time of writing the most widely avai
107. ose WEP 802 1x LEAP or WPA If users do not log in to the wireless network you can choose no encryption WEP or WPA PSK Usually you should set up the strongest encryption that every wireless client in the wireless network supports For example suppose the AP does not have a local user database and you do not have a RADIUS server Therefore there is no user authentication Suppose the wireless network has two wireless clients Device A only supports WEP and device B supports WEP and WPA Therefore you should set up WEP in the wireless network A It is recommended that wireless clients use WPA PSK WPA or stronger encryption IEEE 802 1x and WEP encryption are better than none at all but it is still possible for unauthorized devices to figure out the original information pretty quickly SA It is not possible to use WPA PSK WPA or stronger encryption with a local user database In this case it is better to set up stronger encryption with no authentication than to set up weaker encryption with the local user database NXC 8160 User s Guide Chapter 5 Wireless LAN Many types of encryption use a key to protect the information in the wireless network The longer the key the stronger the encryption Every wireless client in the wireless network must have the same key 5 2 4 Additional Installation Requirements for Using 802 1x A computer with an IEEE 802 11 compatible wireless LAN card A computer equipped wi
108. oth SSIDs The SSIDs should also belong to the same VLAN group if you activate VLAN Select Disable to stop communications between wireless clients using different SSIDs and all traffic will go through the NXC 8160 VLAN 0 4095 A VLAN Virtual Local Area Network allows a physical network to be partitioned into multiple logical networks Devices on a logical network belong to one group Specify a VLAN ID number between 0 and 4095 to have the SSID belong to one VLAN group Otherwise leave this field at its default none Disassociation Timeout Enter the number of seconds from 0 to 3600 for the NXC 8160 to wait before it automatically disconnect a wireless client from the wired network when there is no traffic sent to or from the wireless client DTIM period A DTIM Delivery Traffic Indication Message is used to tell the wireless clients in power saving mode that a packet is to be sent to them Select a DTIM period from 1 to 5 in beacon intervals This indicates how many broadcast and multicast packets can be transmitted to wireless clients between two DTIMs Save Click Save to save your changes back to the NXC 8160 Your changes take effect only after you click Apply in the Maintenance screen Reset Click Reset to begin configuring this screen afresh 5 5 1 No Security BS If you do not enable any wireless security on your NXC 8160 your network is accessible to any wireless network
109. other that is they do not know if the channel is currently being used Therefore they are considered hidden from each other NXC 8160 User s Guide Appendix D Wireless LANs BS Figure 82 RTS CTS RTS Rang CTS Range it ath O nn om 0 oo n RR ARI ER RR je ma aene P nwi Station AP E oss ano j A Data EI EE Pi TEN r m DC Ke EH NR Stations A and B do not FN 7 pee ii Station A D hear each other They f Station B m t m can hear the AP When station A sends data to the AP it might not know that the station B is already using the channel If these two stations send data at the same time collisions may occur when both sets of data arrive at the AP at the same time resulting in a loss of messages for both stations RTS CTS is designed to prevent collisions due to hidden nodes An RTS CTS defines the biggest size data frame you can send before an RTS Request To Send CTS Clear to Send handshake is invoked When a data frame exceeds the RTS CTS value you set between 0 to 2432 bytes the station that wants to transmit this frame must first send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer their transmission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations
110. our Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits giving 26 2 or 62 hosts for each subnet a host ID of all zeroes is the subnet itself all ones is the subnet s broadcast address Table 34 Subnet 1 LAST OCTET BIT IP SUBNET MASK NETWORK NUMBER VALUE IP Address Decimal 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address Lowest Host ID 192 168 1 1 192 168 1 0 Broadcast Address Highest Host ID 192 168 1 62 192 168 1 63 NXC 8160 User s Guide 113 Appendix B IP Addresses and Subnetting Table 35 Subnet 2 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 64 IP Address Binary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 64 Lowest Host ID 192 168 1 65 Broadcast Address 192 168 1 127 Highest Host ID 192 168 1 126 Table 36 Subnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 1
111. p Control Panel File Edit view Favorites Tools Help Q Ba d pa Search E Folders E Address Control Panel Vg Control Panel G Switch to Category View See Also Game 4 Windows Update Controllers 3 Right click Local Area Connection and then click Properties NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address Figure 36 Windows XP Control Panel Network Connections Properties Network Connections File Edit View Favorites Tools Advanced Help ck v Ss ei pa Search Folders Es 55 e Network Connections LAN or High Speed Internet Network Tasks ocal Area Connection E Create a new d connection Standard PCI Fast Ethernet Adapte 9 Set up a home or small Disable office network Stat atus Disable this network device Repair W Repair this connection Bridge Connections mij Rename this connection view status of this connection Change settings of this connection Create Shortcut 4 Select Internet Protocol TCP IP under the General tab in Win XP and then click Properties Figure 37 Windows XP Local Area Connection Properties 4 Local Area Connection Properties General Authentication Advanced Connect using B Accton EN1207D TX PCI Fast Ethernet Adapter This connection uses the following items ied Client for Microsoft Networks ivi vi Internet Protocol TCP IP Descript
112. pter 6 Advanced Screen Table 21 Advanced LABEL DESCRIPTION Save Click Save to save your customized settings in this section Reset Click Reset to begin configuring this section of the screen afresh SNMP Enable Traps Select the check box to enable sending of SNMP traps to a station Community Type the trap community which is the password sent with each trap to the SNMP manager The default is public and allows all requests Destination Type the IP address of the station to send your SNMP traps to Save Click Save to save your customized settings in this section Reset Click Reset to begin configuring this section of the screen afresh NXC 8160 User s Guide Access Points Screen Click Access Points to display the screen as shown This screen allows you to view the status of the access points APs connected to the NXC 8160 You can also use this screen to set the NXC 8160 not to supply power to an AP Figure 26 Access Points Access Points Active Access W iH HSH Points H2oHM4HN6HMS ivils3sivesrp7 i 2wvap 6ka Power On APs Apply Reset The following table describes the labels in this screen Table 22 Access Points LABEL DESCRIPTION Active Access This field is grayed out and shows whether an access point connected to the WLAN Points port is active selected or not cleared By default an AP receives power from the NXC 8160 and is acti
113. r 26 hexadecimal characters 0 9 A F for each key RADIUS The NXC 8160 can use an external RADIUS server to authenticate users RADIUS Server Enter the IP address of the external authentication server in dotted decimal IP Address notation RADIUS Server The default port of the RADIUS server for authentication is 1812 Port You need not change this value unless your network administrator instructs you to do so with additional information Share Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the NXC 8160 The key is not sent over the network This key must be the same on the external authentication server and NXC 8160 5 5 4 WPA PSK Select WPA PSK from the Security Mode list NXC 8160 User s Guide Chapter 5 Wireless LAN Figure 22 SSID 8 Security WPA PSK SSID amp Security SSID Choose SSID ZyXEL G Q Note All configuration in this page applies to the chosen SSID SSID Options Allow Default SSID Enable C Disable Display SSID in Beacon Enable C Disable Allow Intra BSS Traffic Enable C Disable Allow Inter Ess Forward Enable C Disable VLAN 0 4095 none Disassociation Timeout 3600 0 3600 seconds 0 for no disassociation DTIM period 3 a Encryption amp Authentication Security Mode WPA PSK a WPA WPA PSK insere asci yi 8 63 64 WPA RADIUS Rek
114. r 8 Maintenance Screen The following table describes the labels in this screen Table 23 Access Points LABEL DESCRIPTION Show Click the Configuration file link to display the NXC 8160 s currect configuration Configuration settings You can right click the link and select Save Target As to back up your configuration to an XML file on your computer The backup configuration file will be useful in case you need to return to your previous settings Upload Load a configuration file from your computer to your NXC 8160 Type in the location Configuration of the file you want to upload in this field or click Browse to find it Browse Click Browse to find the file you want to upload Remember that you must decompress compressed ZIP files before you can upload them Upload Click Upload to begin the upload process Upgrade Find firmware at www zyxel com in a file that usually uses the system model name Firmware with a bin extension for example NXC 8160 bin The upload process uses HTTPs Hypertext Transfer Protocol over SSL and may take up to two minutes After a successful upload the system will reboot Type in the location of the file you want to upload in this field or click Browse to find it Browse Click Browse to find the bin file you want to upload Remember that you must decompress compressed zip files before you can upload them Upgrade Click Upgrade to begin the upload process This proc
115. r roaming Support for RADIUS Remote Authentication Dial In User Service RFC 2138 2139 for centralized user profile and accounting management on a network RADIUS server Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The RADIUS server handles the following tasks Authentication Determines the identity of the users Authorization 132 NXC 8160 User s Guide Appendix D Wireless LANs Determines the network services available to authenticated users once they are connected to the network Accounting Keeps track of the client s network activity RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication Access Request Sent by an access point requesting authentication Access Reject Sent by a RADIUS server rejecting access Access Accept Sent by a RADIUS server allowing access Access Challenge Sent by a RADIUS server requesting more information in order to allow access T
116. re 30 C 60 C Operation Humidity 10 95 RH non condensing Storage Humidity 5 95 RH non condensing Certifications EMC FCC Part 15 Class B CE EMC Class B C Tick Class B Safety CSA International UL60950 1 EN60950 1 Table 27 Firmware Specifications FEATURE DESCRIPTION Default IP Address 192 168 1 10 Default Subnet Mask 255 255 255 0 24 bits Default User Name admin Default Password default Device Management Use the web configurator to easily configure the rich range of features on the NXC 8160 Wireless Functionality Allow the IEEE 802 11a IEEE 802 11b and or IEEE 802 11g wireless clients to connect to the NXC 8160 wirelessly Enable wireless security WEP WPA WPA PSK or IEEE 802 1x with static WEP to protect your wireless network Firmware Upgrade Download new firmware when available from the ZyXEL web site and use the web configurator to put it on the NXC 8160 Note Only upload firmware for your specific model NXC 8160 User s Guide Chapter 11 Product Specifications Cable Pin Assignments Table 27 Firmware Specifications FEATURE DESCRIPTION Configuration Backup amp Restoration Make a copy of the NXC 8160 s configuration You can put it back on the NXC 8160 later if you decide to revert back to an earlier configuration IP Multicast IP multicast is used to send traffic to a specific group
117. re 5 Web Configurator Status Screen System Information Refresh Interval None vi Access Points 1 8 Refresh Now Date Thu May 10 7 47 37 2007 Active Access Points 4 Uptime 2 18 Power On Access Points 1 2 3 4 5 8 IP Address 192 168 1 10 Country Regulatory Domain United States IP Subnet Mask 255 255 255 0 Radiol Radio2 MAC address 00 19 cb 00 00 36 802 11 Mode 802 11b g 802 114 Default Gateway 192 168 1 1 Channel 6 36 ES Syslog Server SSIDs vlan ZyXEL G ZyXEL A Other SSIDs The following table describes the labels in this screen Table 3 Web Configurator Status Screen LABEL DESCRIPTION Refresh Interval Select a number of seconds or None from the drop down list box to update all Screen statistics automatically at the end of every time interval or to not update the screen statistics Refresh Now Click this button to update the status screen statistics immediately System Information Date This field displays your NXC 8160 s present date and time Up Time This field displays how long the NXC 8160 has been running since it last started up The NXC 8160 starts up when you turn it on when you restart it or reset to the defaults using the Maintenance screen LAN IP Address This shows the LAN port s IP address IP Subnet Mask This shows the LAN port s subnet mask MAC Address This shows the LAN Ethernet adapter MAC Address of your device Defau
118. re the wireless adapter installed on your computer is IEEE 802 11 compatible and supports the same wireless standard as the NXC 8160 3 Make sure your computer with a wireless adapter installed is within the transmission range of the AP s connected to the NXC 8160 4 Check that both the NXC 8160 and your wireless client are using the same wireless and wireless security settings 5 Make sure you didn t enable VLAN on the NXC 8160 s LAN IP address and the SSID to which the wireless station is connecting 10 3 Internet Access e cannot access the Internet wirelessly through the NXC 8160 NXC 8160 User s Guide 9 EI Chapter 10 Troubleshooting Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 1 5 on page 25 Make sure the NXC 8160 is connected to a network that has Internet access Make sure the wireless and wireless security settings in the wireless client are the same as the settings in the NXC 8160 Make sure the wireless adapter on the wireless client is working properly Make sure the wireless adapter installed on your computer is IEEE 802 11 compatible and supports the same wireless standard as the NXC 8160 Make sure your computer with a wireless adapter installed is within the transmission range of the AP s connected to the NXC 8160 Make sure the AP s connected to the NXC 8160 is receiving power from the NXC 8160 and wo
119. reil num rique de la classe B est conforme a la norme NMB 003 du Canada NXC 8160 User s Guide Appendix E Legal Information Viewing Certifications 1 Go to http www zyxel com 2 Select your product on the ZyXEL home page to go to that product s page 3 Select the certification you wish to view from this page ZyXEL Limited Warranty ZyXEL warrants to the original end user purchaser that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials ZyXEL will at its discretion repair or replace the defective products or components without charge for either parts or labor and to whatever extent it shall deem necessary to restore the product or components to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product has been modified misused tampered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty 1s the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantabilit
120. rking properly The Internet connection is slow or intermittent 1 There might be a lot of traffic on the network Look at the LEDs and check Section 1 5 on page 25 If the NXC 8160 is sending or receiving a lot of information try closing some programs that use the Internet especially peer to peer applications Check the signal strength If the signal strength is low try moving your computer closer to an AP if possible and look around to see if there are any devices that might be interfering with the wireless network for example microwaves other wireless networks and so on 3 Reboot the NXC 8160 or disconnect and re connect the power cord to the NXC 8160 4 Ifthe problem continues contact the network administrator or vendor NXC 8160 User s Guide Product Specifications The following tables summarize the NXC 8160 s hardware and firmware features Table 26 Hardware Specifications Dimensions 430 W x 240 D x 45 H mm Weight 3 Kg Power Specification 100 240 VAC 2A max Supply 15 W power to each WLAN port Ethernet Interface LAN One auto negotiating auto MDI MDI X 10 100 Mbps RJ 45 Ethernet port WLAN Eight 100 Mbps RJ 45 Fast Ethernet IEEE 802 3u ports which are compliant with the IEEE 802 3af Power over Ethernet standard Reset Button Restores factory default settings Console RS 232 DB9M Operation Temperature 0 C 50 C Storage Temperatu
121. rkshire RG12 2XB United Kingdom UK NXC 8160 User s Guide Appendix F Customer Support NXC 8160 User s Guide Index A About 30 Access point See also AP access point 48 Advanced Encryption Standard See AES AES 136 alternative subnet mask notation 111 antenna directional 139 gain 139 omni directional 139 AP 48 See also access point AP access point 129 applications 23 B Basic Service Set See BSS 127 BSS 127 C CA 134 Certificate Authority See CA certifications 141 notices 142 viewing 143 channel 48 129 interference 129 Clustering Management ZyXEL Specifications 41 contact information 145 copyright 141 CTS Clear to Send 130 customer support 145 Index D device introduction 23 disclaimer 141 dynamic WEP key exchange 135 E EAP Authentication 133 encryption 49 136 and local user database 49 key 50 ESS 128 Extended Service Set See ESS 128 F FCC interference statement 141 fragmentation threshold 130 H hidden node 129 hide SSID 48 IANA 35 36 116 IBSS 127 IEEE 802 11g 131 IEEE 802 1x installation requirements 50 Independent Basic Service Set See IBSS 127 initialization vector IV 136 Internet Assigned Number Authority See IANA Internet Assigned Numbers Authority NXC 8160 User s Guide Be Index See IANA 116 IP address private 36 L LAN 38 local user database 48 and encryption 49 maintenance 6
122. rnet Prevent two SSIDs from communicating with each other or allow specific SSIDs to communicate with each other Improve network performance Provide different services to different VLAN groups by connecting to another VLAN aware switch 3 3 1 VLAN Tagging The NXC 8160 supports IEEE 802 1q VLAN tagging Tagged VLAN uses an explicit tag VLAN ID in the MAC header of a frame to identify VLAN membership The NXC 8160 can identify VLAN tags for incoming Ethernet frames and add VLAN tags to outgoing Ethernet frames a When VLAN is enabled you must connect the NXC 8160 to a VLAN aware device 3 3 2 VLAN Application Example In this example there is an NXC 8160 and a VLAN aware switch A in your network The NXC 8160 is connected to port 4 on switch A Port 5 on switch A is the uplink port and connected to the Internet You configure the following VLAN settings on switch A and the NXC 8160 VLAN GROUP MEMBER VLAN GROUP SWITCH A NXC 8160 VLAN 101 Port 1 4 LAN IP Address NXC 8160 User s Guide Chapter 3 LAN Screen BS VLAN 201 VLAN 301 Port 2 4 5 Port 3 4 5 SSID x SSID y This way the device connected to port 1 on switch A can configure the NXC 8160 Wireless clients connected to SSID x or y cannot manage the NXC 8160 itself but they can communicate with port 2 or 3 on switch A and access the Internet Wireless clients connected to SSID x cannot talk to
123. rnet Local intranet Trusted sites Restricted sites Internet A This zone contains all Web sites you Gites haven t placed in other zones m Security level for this zone Move the slider to set the security level for this zone E Medium Safe browsing and still functional a Prompts before downloading potentially unsafe content Unsigned Activex controls will not be downloaded Appropriate for most Internet sites C Custom Level D Default Level OK Cancel Apply Click the Custom Level button Scroll down to Scripting Under Active scripting make sure that Enable is selected the default Under Scripting of Java applets make sure that Enable is selected the default Click OK to close the window oar WO ND 122 NXC 8160 User s Guide Appendix C Pop up Windows JavaScripts and Java Permissions Figure 74 Security Settings Java Scripting Security Settings Settings Scripting B Active scripting Disab Prone 3 Allow paste operations via script Q Disable 9 Enable Q Prompt amp Scripting of Java applets Q Disable Prompt Lienas AukhSenkie Sion E b fan custom settings Reset to Medium Reset cou Java Permissions From Internet Explorer click Tools Internet Options and then the Security tab Click the Custom Level button Scroll down to Microsoft VM Under Java permissions make sure that a safety level is selec
124. s Save Reset The following table describes the labels in this screen Table 25 Password LABEL DESCRIPTION Select the user name admin operator or root you want to configure in this Screen To access the web configurator use the admin user name To configure the NXC 8160 through a secure SSH connection use the admin or operator user name To configure the NXC 8160 via the console port you can use any one of the user names The root user name has the highest priority The admin user name has the lowest priority The root and operator user names can enable debug mode and are for troubleshooting and customer support only Old Password Type the default password or the existing password you use to access the system in this field By default the password is default for all the user accounts admin operator or root on the NXC 8160 NXC 8160 User s Guide Chapter 9 Password Table 25 Password LABEL DESCRIPTION New Password Type your new system password at least 5 alphanumeric characters Note that as you type a password the screen displays a for each character you type Retype to Confirm Type the new password again for confirmation Apply Click Save to save your changes back to the NXC 8160 Reset Click Reset to begin configuring this screen afresh NXC 8160 User s Guide PART III Troubleshooting and Specifications
125. s how to navigate the web configurator from the Status screen NXC 8160 User s Guide Chapter 2 Introducing the Web Configurator Figure 4 Status Screen ZyXEL Status Refresh Interval None yi Refresh Now Date Thu May 10 7 47 37 2007 Active Access Points 4 Uptime 2 18 Power On Access Points 1 2 3 4 5 8 LAN B WLAN e Status IP Address 192 168 1 10 Country Regulatory Domain United States IP Subnet Mask 255 255 255 0 E Radioi Radio2 MAC address 00 19 cb 00 00 36 802 11 Mode X 802 11b a 802 11a Default Gateway 192 168 1 1 Channel 6 36 Syslog Server SSIDs vlan ZyXEL G ZyXEL A Other SSIDs Message As illustrated above the main screen is divided into these parts e A title bar B main window C status bar D navigation panel 2 3 1 Title Bar The title bar provides a icon in the upper right corner The icon provide the following function Table2 Title Bar Web Configurator Icon ICON DESCRIPTION About Click this icon to open a screen where you can view the firmware version 2 3 2 Main Window The main window shows the screen you select in the navigation panel It is discussed in more detail in the rest of this document Right after you log in the Status screen is displayed 2 3 3 Status Screen This screen displays general status information about the NXC 8160 NXC 8160 User s Guide Chapter 2 Introducing the Web Configurator Figu
126. s key expires when the wireless connection times out disconnects or reauthentication times out A new WEP key is generated each time reauthentication is performed If this feature is enabled it is not necessary to configure a default encryption key in the wireless security configuration screen You may still configure and store keys but they will not be used while dynamic WEP is enabled EAP MD5 cannot be used with Dynamic WEP Key Exchange For added security certificate based authentications EAP TLS EAP TTLS and PEAP use dynamic keys for data encryption They are often deployed in corporate environments but for public deployment a simple user name and password pair 1s more practical The following table is a comparison of the features of authentication types Table 43 Comparison of EAP Authentication Types EAP MD5 EAP TLS EAP TTLS PEAP LEAP Mutual Authentication No Yes Yes Yes Yes Certificate Client No Yes Optional Optional No Certificate Server No Yes Yes Yes No Dynamic Key Exchange No Yes Yes Yes Yes Credential Integrity None Strong Strong Strong Moderate Deployment Difficulty Easy Hard Moderate Moderate Moderate Client Identity Protection No No Yes Yes No WPA and WPA2 Wi Fi Protected Access WPA is a subset of the IEEE 802 111 standard WPA2 IEEE 802 111 is a wireless security standard that defines stronger encryption authentication and key management than WPA
127. screen Table 24 Syslog amp Monitor LABEL DESCRIPTION Enable Syslog Select the check box to activate syslog logging Syslog logging sends a system log to an external syslog server Syslog Server IP Address Enter the server name or IP address of the syslog server Syslog Interval sec Specify the time interval in seconds from 1 to 99999 at which the NXC 8160 sends the system logs to the server Enable Monitor Select the check box to send wireless network status logs to an external server Monitor Server IP address Enter the server name or IP address of the monitor server Monitor Interval sec Specify the time interval in seconds from 1 to 99999 at which the NXC 8160 sends the wireless network status logs to the server Save Click Save to save your changes back to the NXC 8160 Reset Click Reset to begin configuring this screen afresh NXC 8160 User s Guide Chapter 8 Maintenance Screen NXC 8160 User s Guide Password This chapter displays information on the password screen 9 1 Configuring Password Click Password to open the following screen Use this screen to change the NXC 8160 s management password Figure 29 Password Password Change password admin Old Password Mew Password Retype to Confirm q Note Please use a combination of upper and lower case letters and numbers at least 5 character
128. ssociate with the NXC 8160 Select 802 11b to allow only IEEE 802 11b compliant WLAN devices to associate with the NXC 8160 Select 802 11g to allow only IEEE 802 11g compliant WLAN devices to associate with the NXC 8160 Select 802 11 Mixed b g to allow both IEEE802 11b and IEEE802 11g compliant WLAN devices to associate with the NXC 8160 The transmission rate of your NXC 8160 might be reduced Select Inactive to disable Radio 2 Channel Set the operating frequency channel depending on your particular region The options vary depending on the 802 11 mode you selected and the country you are in Note The same channel cannot be assigned to both radios Maximum Retries Enter a number from one to 15 to specify how many times the NXC 8160 tries to send a packet when the transmission fails Enable Rate Adaption Select the check box to have the NXC 8160 operate at the best possible transmission data rate The NXC 8160 can switch between the data rates with the Adapt check box selected When the communication quality drops below a certain level the NXC 8160 automatically switches to a lower transmission data rate Transmission at lower data speeds is usually more reliable However when the communication quality improves again the NXC 8160 gradually increases the transmission data rate again until it reaches the highest available transmission rate Rates Configuration NXC 8160 User s Guide
129. t This problem can be solved by assigning a different static IP address to computer A or setting computer A to obtain an IP address automatically Figure 66 Conflicting Computer IP Addresses Example 4 A LI A m SEK 192 168 1 33 ASD Internet a mmmmmmm Sa 192 168 1 33 eat Conflicting Router IP Addresses Example Since a router connects different networks it must have interfaces using different network numbers For example if a router is set between a LAN and the Internet WAN the router s LAN and WAN addresses must be on different subnets In the following example the LAN and WAN are on the same subnet The LAN computers cannot access the Internet because the router cannot route between networks Figure 67 Conflicting Computer IP Addresses Example EN WAN ANT Of COE NU 192 168 1 88 192 168 1 1 a tn Internet 3 Qummn ummmmmmmm NXC 8160 User s Guide Appendix B IP Addresses and Subnetting Conflicting Computer and Router IP Addresses Example More than one device can not use the same IP address In the following example the computer and the router s LAN port both use 192 168 1 1 as the IP address The computer cannot access the Internet This problem can be solved by assigning a different IP address to the computer or the router s LAN port Figure 68 Conflicting Computer and Router IP Addresses Example omm um um um um Um UN U
130. ted Click OK to close the window cO 0Nv Figure 75 Security Settings Java Security Settings Settings Q Disable 9 Enable a Font download Q Disable 9 Enable a Prompt 3 Microsoft VM Java permissions Q Custom J Disable Jav 9 High safety Q Low safety Reset custom settings Reset to Medium vw Reset cma NXC 8160 User s Guide 123 Appendix C Pop up Windows JavaScripts and Java Permissions JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected 3 Click OK to close the window Figure 76 Java Sun General Security Privacy Content Connections Programs Advanced Settings O Use inline AutoComplete O Use Passive FTP for firewall and DSL modem compatibility Use smooth scrolling E HTTP 1 1 settings Use HTTP 1 1 O Use HTTP 1 1 through proxy connections amp Java Sun CM Use Java 2 v1 4 1 07 for applet requires restart 3 Microsoft v O Java console enabled requires restart O Java logging enabled JIT compiler for virtual machine enabled requires restart Multimedia O Always show Internet Explorer 5 0 or later Radio toolbar O Don t display online media content in the media bar Enable Automatic Image Resizing xf la Restore Defaults Mozilla Firefox Mozilla Firefox 2 0 screens are used here Screens f
131. th a web browser with JavaScript enabled and or Telnet A wireless station must be running IEEE 802 1x compliant software Currently this is offered in Windows XP An optional network RADIUS server for remote user authentication and accounting 5 3 Introduction to RADIUS The NXC 8160 can use an external RADIUS server to authenticate users RADIUS is based on a client sever model that supports authentication and accounting where access point is the client and the server is the RADIUS server Authentication Determines the identity of the users Accounting Keeps track of the client s network activity RADIUS user is a simple package exchange in which your NXC 8160 acts as a message relay between the wireless station and the network RADIUS server 5 4 Configuring WLAN Click WLAN to open the WLAN Configuration screen Use this screen to configure the wireless settings such as SSID data rate or channel for each radio NXC 8160 User s Guide Chapter 5 Wireless LAN Figure 16 WLAN WLAN Configuration Regulatory Domain Country Regulatory Domain United States z WLAN Configuration Channel Options 802 11 Mode Channel Maximum Retries Enable Rate Adaption Rates Configuration 1 Mbps 2 Mbps 5 5 Mbps 11 Mbps 6 Mbps Extended 9 Mbps Extended 12 Mbps Extended 18 Mbps Extended 24 Mbps Extended 36 Mbps Extended 48 Mbps Extended 54 Mbps Extended Setup S
132. ting eeeeeeesesee seen enitn rnit nn 112 Figure 65 Subnetting Example After Subnetting 1 222 occieisiccrtet iter enata runter etra duree teta a entere tane de 113 Figure 66 Conflicting Computer IP Addresses Example ccccsscccceesssccccceesseecceeeenseececensnteeceeenenssaee 117 Figure 67 Conflicting Computer IP Addresses Example ertet kn dine espes kankan or ne EE EINER Ak ARE RSS 117 Figure 68 Conflicting Computer and Router IP Addresses Example sssseeeee 118 Figure 69 Pop up BE WERT T T ak A Ak ee 119 Figure TO hitemet Optone PIVAC sa s cancexe niet oi sa kan ik ak a e ak m NUIT 120 Figure Ti MEL CUORE PWAN kote eka oak kaa A 121 Figure 72 Pop up Blocker BRIDE ke kai ki ka a kt ed a ceca e emos eU dg ta a Cm n dL kk AA ERR 121 E NAE crus cE ele R 122 Figure 74 Secunty Settings Java Se pli Luisa dag cita aa Uode ad ubt a S MAG LR AUR kk ik 123 Figure To SECUAO SOUS eR nm 123 Figure TO Java SUN ee 124 Figure 77 Mozilla Firefox Tools FOTOS ie ii kr kk od lk ak lk A ERU d IER ELIO ER kk e nnl i E Er Ead 125 Figure f Mozilla Firefox Content Securiy acooaeietpdentem terne een iit v en p kk a ER IN E EEUU meio 125 Figure 79 Peer to Peer Communication in an Ad hoc Network eese 127 Figure G0 Basic Servite DB ipoteke ka kk ka pk a n aah a l kk osten Mos epp add 128 Figure 81 Infrastructure WLAN m
133. to an SSID on the NXC 8160 cannot communicate with the LAN IP address to configure the NXC 8160 With VLAN an SSID can still access the Internet through the NXC 8160 Note All centralized configuration members and the master NXC 8160 should belong to the same VLAN group 2nd IP Address Enter a second IP address as the NXC 8160 s backup IP address It should be in a different subnet from the primary one 2nd IP Subnet Mask Enter the subnet mask that specifies the network number portion of the second IP address 2nd VLAN 0 4095 Enter the VLAN ID of the second IP address Otherwise leave this field blank Default Gateway Enter the IP address of the gateway System Name Choose a descriptive name for identification purposes It is recommended you enter your computer s Computer name in this field This name can be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores are accepted Apply Click Apply to save your changes back to the NXC 8160 Reset Click Reset to begin configuring this screen afresh NXC 8160 User s Guide Chapter 3 LAN Screen NXC 8160 User s Guide Centralized Configuration This chapter describes centralized configuration 4 1 Introduction to Centralized Configuration Centralized configuration allows you to configure multiple WLAN controllers through one controller called the master controller
134. twork connections Figure 44 Windows Vista Network and Sharing Center O S Network and Internet p Network and Sharing Center v 5 Search p File Edit View Tools Help Tasks Pi e Network and Sharing Center View computers and devices View full map Connect to a network Set up a connection or network A s kw Manage network connections TWPCS9111 Internet Diagnose and repair This computer L Not connected NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address BS 5 Right click Local Area Connection and then click Properties During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue Figure 45 Windows Vista Network and Sharing Center z 5 OU g Network and Internet p Network Connections File Edit View Tools Advanced Help L Organize v B Views v Disable this network device Name Status Device Mame Connectivity Network LAN or High SasselIntaraat 11 Tocai Collapse group Left Arrow A Conne x Gt y in Expand all groups WU Inte Collapse all groups Disable Diagnose Bridge Connections Create Shortcut 6 Select Internet Protocol Version 4 TCP IPv4 and click Properties Figure 46 Windows Vista Local Area Connection Properties T Local Area Connection Properties Wes Networking Connect using Pu Intel R PRO 1000 MT Desktop Conn
135. vated automatically when it is connected to the NXC 8160 The check boxes correspond to the WLAN ports on the front panel of the NXC 8160 Power On APs Select a check box to have the NXC 8160 supply power to the AP connected to this port Otherwise clear the check box and the NXC 8160 stops supplying power to the AP connected to this port after you click Apply Apply Click Apply to save your customized settings Reset Click Reset to begin configuring this screen afresh NXC 8160 User s Guide Chapter 7 Access Points Screen NXC 8160 User s Guide Maintenance Screen This chapter displays information on the maintenance screens 8 1 Maintenance Overview R N The maintenance screens can help you view the configuration upload new firmware manage configuration configure the NXC 8160 s time and restart your NXC 8160 Only upload firmware for your specific model Do not turn off the NXC 8160 while firmware upload is in progress Figure 27 Maintenance Configuration Show Configuration Confiquration file Upload E 7 pes Configuration Browse Uploa Upgrade Firmware E HH Bises rud Current Time 24h Mon May 14 10 16 16 2007 Set Time amp Date am yi January x Update Reboot Controller Reboot Apply Settings Apply Back to Factory Defaults Restore NXC 8160 User s Guide Chapte
136. ve a wired connection to the network and obtain the certificate s from a certificate authority CA A certificate also called digital IDs can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner EAP MD5 Message Digest Algorithm 5 MDS authentication is the simplest one way authentication method The authentication server sends a challenge to the wireless client The wireless client proves that it knows the password by encrypting the password with the challenge and sends back the information Password is not sent in plain text However MDS authentication has some weaknesses Since the authentication server needs to get the plaintext passwords the passwords must be stored Thus someone other than the authentication server may access the password file In addition it is possible to impersonate an authentication server as MDS authentication method does not perform mutual authentication Finally MD5 authentication method does not support data encryption with dynamic session key You must configure WEP encryption keys for data encryption EAP TLS Transport Layer Security With EAP TLS digital certifications are needed by both the server and the wireless clients for mutual authentication The server presents a certificate to the client After validating the identity of the server the client sends a different certificate to the server The exchange of certificates is done in th
137. vendor forgot the password 1 The default password is default 2 Ifthis does not work or you changed the password and have forgotten it you have to contact your vendor cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default LAN IP address is 192 168 1 10 and should begin with https If you changed the LAN IP address Section 3 4 on page 38 use the new IP address f you changed the LAN IP address and have forgotten it see the troubleshooting suggestions for I forgot the LAN IP address for the NXC 8160 2 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 1 5 on page 25 3 Make sure your Internet browser does not block pop up windows and has JavaScripts and Java enabled See Appendix C on page 119 A Make sure your computer s Ethernet adapter is installed and functioning properly Make sure your computer is in the same subnet as the NXC 8160 If you know that there are routers between your computer and the NXC 8160 skip this step Ifthere is a DHCP server on your network make sure your computer is using a dynamic IP address See Appendix A on page 87 a 6 Ifthe problem continues contact the network administrator or vendor or try one of the advanced suggestions Advanced Suggestions You may also need to clear your Internet browser s cache In I
138. ween a pair of NXC 8160s You can deploy one NXC 8160 as the main controller and the other as the backup one Otherwise select Disabled Main Standby When you have two NXC 8160s in the network select Main to have this NXC 8160 acts as the active WLAN controller and set another NXC 8160 as the backup WLAN controller Otherwise select Standby and this NXC 8160 will function as a backup The backup WLAN controller periodically tests the connections to the main WLAN controller and the referenced host If the connection to the main WLAN controller is down and the connection to the referenced host is up the backup WLAN controller becomes active automatically If the main WLAN controller fails wireless clients can automatically connect to the backup WLAN controller Monitored IP Enter the IP address of the other WLAN controller Reference IP Eenter the IP address of a reliable nearby computer to have the NXC 8160 ping that address and test the connection to the LAN Keep Alive The NXC 8160 tests the connection by periodically sending a ping to the address in Interval ms the Reference IP field Select a number of seconds to set the time interval between checks Allow more time if your destination IP address handles lots of traffic Keep Alive Select the number of the lost packets that can be allowed before the the connection Check is considered down not connected Threshold NXC 8160 User s Guide Cha
139. y or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact ZyXEL s Service Center for your Return Material Authorization number RMA Products must be returned Postage Prepaid It is recommended that the unit be insured when shipped Any returned products without proof of purchase or those with an out dated warranty will be repaired or replaced at the discretion of ZyXEL and the customer will be billed for parts and labor All repaired or replaced products will be shipped by ZyXEL to the corresponding return address Postage Paid This warranty gives you specific legal rights and you may also have other rights that vary from country to country Registration Register your product online to receive e mail notices of firmware upgrades and information at www zyxel com for global products or at www us zyxel com for North American products NXC 8160 User s Guide Appendix E Legal Information NXC 8160 User s Guide Appendix F Customer Support Customer Support Please have the following information ready when you contact customer support Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it is the prefix number you dial to make an inter
140. y to guess and that consists of different types of characters such as numbers and letters Write down the password and put it in a safe place A If you forgot the password you cannot restore the defaults and need to contact your vendor or customer support Back up the configuration and make sure you know how to restore it Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes If you backed up an earlier configuration file you would not have to totally re configure the NXC 8160 You could simply restore your last configuration 1 5 Front Panel LEDS Lights The following figure shows the front panel of the NXC 8160 Figure 3 Front Panel NXC 8160 User s Guide 25 Chapter 1 Getting to Know Your NXC 8160 The following table describes the lights on the NXC 8160 Table 1 Front Panel LEDs Lights LED COLOR STATUS DESCRIPTION POWER Off The NXC 8160 is turned off Green On The NXC 8160 is ready and running Flashing The NXC 8160 is restarting Red On The power to the NXC 8160 is too low LAN LINK ACT Off The LAN is not connected Green On The NXC 8160 has a successful LAN connection Flashing The LAN is sending or receiving packets WLAN 1 8 LINK Green Off The wireless LAN is not ready or has failed On The wireless LAN is ready Flashing The wireless LAN is sending or receiving packets
141. you made take effect NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address Configuring 1 Inthe Network window Configuration tab select your network adapter s TCP IP entry and click Properties 2 Click the IP Address tab f your IP address is dynamic select Obtain an IP address automatically Ifyou have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields Figure 32 Windows 95 98 Me TCP IP Properties IP Address TCP IP Properties ES 7 x Bindings Advanced NeBIOS DNS Configuration Gateway WINS Configuration IP Address An IP address can be automatically assigned to this computer IF your network does not automatically assign IP addresses ask your network administrator for an address and then type it in the space below C Specify an IP address v Detect connection to network media Cancel 3 Click the DNS Configuration tab f you do not know your DNS information select Disable DNS f you know your DNS information select Enable DNS and type the information in the fields below you may not need to fill them all in NXC 8160 User s Guide Appendix A Setting up Your Computer s IP Address Figure 33 Windows 95 98 Me TCP IP Properties DNS Configuration Bindings Advanced Netpios DNS Configuration Gateway WINS Configuration IP Address
Download Pdf Manuals
Related Search