ZyXEL NWA1121NI User's Manual
Contents
1. compliance MY ATE A TK ERT SHE ETE BE EIRA ETOR RENNERI JERE gt 2S RRE PANE A ES lt A at ERE SSM ESSE EZ Mae HE B e RA A FERR EZISH GOES REFERRE 9 MAMAE IKEEN FRE TUER RE o BIRA ERA SS CHEB BCS PARER ERA EB ERST TE Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This device is designed for the WLAN 2 4 GHz and or 5 GHz networks throughout the EC region and Switzerland with restrictions in France Ce produit est concu pour les bandes de fr quences 2 4 GHz et ou 5 GHz conform ment la l gislation Europ enne En France m tropolitaine suivant les d cisions n 03 908 et 03 909 de l ARCEP la puissance d mission ne devra pas d passer 10 mW 10 dB dans le cadre d une installation WiFi en ext rieur pour les fr quences comprises entre 2454 MHz et 2483 5 MHz This Class B digital apparatus complies with Canadian ICES 003 Cet appareil num rique de la classe B est conforme la norme NMB 003 du Canada CLASS 1 LASER PRODUCT APPAREIL A LASER DE CLASS 1 PRODUCT COMPLIES WITH 21 CFR 1040 10 AND 1040 11 PRODUIT CONFORME SELON 21 CFR 1040 10 ET 1040 11 Viewing Certifications Go to http www zyxel com to view this product s documentation and certifications ZyXEL Limited Warranty ZyXEL warr2. NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address 5 When the Network Card Setup window opens click the Address tab Figure 72 openSUSE 10 3 Network Card Setup YaST2 linux h2o0z Address Setup Select No Address Setup if you do not want any IP address for this device This is particularly useful for bonding ethernet devices Select Dynamic address if you do not have a static IP address assigned by the system administrator or your cable or DSL provider You can choose one of the dynamic address assignment method Select DHCP if you have a DHCP server running on your local network Network addresses are then obtained automatically from the server To automatically search for free IP and then assign it statically select Zeroconf To use Network Card Setup General Address onfiguration Name Ethernet I _ No IP Address for Bonding Devices D Dynamic Address DHCP i Statically assigned IP Address IP Address Subnet Mask Hostname IL jl Cancel 6 Select Dynamic Address DHCP if you have a dynamic IP address Select Statically assigned IP Address if you have a static IP address Fill in the IP address Subnet mask and Hostname fields 7 Click Next to save the changes and close the Network Card Setup window NWA1121 NI User s Guide Appendix A Setting U
3. Security Settings Profile Name SecProfile1 Security Mode 802 1X Only vi Rekey Options Reauthentication Time 300 Seconds max 100 3600 Enable Group Key Update Every 400 Seconds max 100 3600 Back Apply Cancel The following table describes the labels in this screen Table 17 Security 802 1x Only for Access Point LABEL DESCRIPTION Security Settings Profile Name This is the name that identifying this profile Security Mode Rekey Options Choose 802 1x Only in this field NWA1121 NI User s Guide Chapter 6 Wireless LAN Table 17 Security 802 1x Only for Access Point continued LABEL DESCRIPTION Reauthentication Specify how often wireless stations have to resend user names and passwords in order Time to stay connected Enter a time interval between 100 and 3600 seconds Alternatively enter O to turn reauthentication off Note If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Enable Group Key Select this option to have the NWA1121 NI automatically disconnect a wireless station Update from the wired network after a period of inactivity The wireless station needs to enter the user name and password again before access to the wired network is allowed Enter a time interval between 100 and 3600 seconds Back Click Back to return
4. jd t Hardware and Sound View devices and printers Programs Uninstall a program View by Category Y User Accounts and Family Safety 9 Add or remove user accounts Set up parental controls for any user Appearance and Personalization Change the theme Change desktop background Adjust screen resolution Ay Clock Language and Region Change keyboards or other input methods a Change display language p Y Ease of Access Let Windows suggest settings Optimize visual display Add a device 3 Click Change adapter settings G S gt Control Panel Network and Internet Network and Sharing Center Search Control Panel Home Manage wireless networks a A Change adapter settings Twac Change advanced sharing This computer angs View your active networks de ZyXEL com Work network View your basic network information and set up connections de Q See full map ZyXEL com Internet Connect or disconnect Access type Internet Connections Local Area Connection NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address Double click Local Area Connection and then select Properties QU gt Control Panel Network and Internet Network Connections Organize v Disable this network device Diagnose this connection Rename this K Local Area Connection AK Wireless Network Connection Unidentified network me
5. NWA1121 NI User s Guide Appendix D Wireless LANs An ESSID ESS IDentification uniquely identifies each ESS All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate Figure 93 Infrastructure WLAN Channel A channel is the radio frequency ies used by wireless devices to transmit and receive data Channels available depend on your geographical area You may have a choice of channels for your region so you should use a channel different from an adjacent AP access point to reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6 or 11 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not within range of each other The following figure illustrates a hidden node Both stations STA are within range of the access point AP or wireless gateway but out of range of each other so they NWA1121 NI User s Guide Appendix D Wireless LANs cannot hear each other that is they do not know if the channel is current
6. Number of Wireless Stations Allowed to Associate Use this field to set a maximum number of wireless stations that may connect to the device Hidden SSID If you do not select the checkbox the NWA1121 NI broadcasts this SSID a wireless client scanning for an AP will find this SSID Alternatively if you select the checkbox the NWA1121 NI hides this SSID a wireless client scanning for an AP will not find this SSID Intra BSS Traffic Select the check box to prevent wireless clients in this profile s BSS from Blocking communicating with one another Back Click Back to return to the previous screen Apply Click Apply to save your changes 6 6 Wireless Security Screen Use this screen to choose the security mode for your NWA1121 NI Click Wireless LAN gt Security Select the profile that you want to configure and click Edit Figure 26 Wireless gt Security Wireless Settings SSID Security Profiles co amp Wh 3X oN c Security RADIUS MAC Filter Profile Name Security Mode Modify SecProfile1 None 3 SecProfile2 WPA PSK s SecProfile3 None s SecProfile4 None g SecProfile5 None Li SecProfiles None g SecProfile7 None Li SecProfile8 None i 74 NWA1121 NI User s Guide Chapter 6 Wireless LAN The Security Settings screen varies depending upon the security mode you select Figure 27 Security None Security Security Settings Profile Name SecProf
7. 9 5 Certificates Screen Use this screen to delete or import certificates NWA1121 NI User s Guide Chapter 9 System Click System gt Certificates The following screen shows Figure 50 System gt Certificates www Certificates Telnet SNMP FTP Import Certificate Import Certificate Delete Certificates You can delete a certificate ZyXEL RootCA v The following table describes the labels in this screen Table 31 System gt Certificates LABEL DESCRIPTION Import Certificate Import Enter the location of a previously saved certificate to upload to the NWA1121 NI Certificate Alternatively click the Browse button to locate a list Browse Click this button to locate a previously saved certificate to upload to the NWA1121 NI Import Click this button to upload the previously saved certificate displayed in the Import Certificate field to the NWA1121 NI Delete Certificate You can delete a Select the certificate from the list that you want to delete certificate Delete Click this to delete the selected certificate 9 6 Telnet Screen Use this screen to configure your NWA1121 NI for remote Telnet access You can use Telnet to access the NWA1121 NI s Command Line Interface CLI Click System Telnet The following screen displays Figure 51 System gt Telnet WWW Certificates Telnet j SNMP Telnet Port 23 Server Access Disable iv
8. E Hardware Drivers elp and Suppo About GNOME G About Ubuntu Hardware Testing ISl Language Support i Login Window Quit Bis 2 Network Tools NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address 3 When the Network Settings window opens click Unlock to open the Authenticate window By default the Unlock button is greyed out until clicked You cannot make changes to your configuration unless you first enter your admin password ia Location Network Settings Fx Connections General DNS Hosts Point to point connec This network interface is not c gt Details Authenticate ix System policy prevents modifying the configuration An application is attempting to perform an action that requires privileges Authentication as one of the users below is required to perform this action OC chris Q cancel 4 Authenticate gt In the Authenticate window enter your admin account name and password then click the Authenticate button NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address 4 Inthe Network Settings window select the connection that you want to configure then click Properties Network Settings Connections General DNS Hosts Point to point connec This network interface is not c cS Sey Properties Tx
9. Figure 15 Association List Association List View Association List MAC Address SSID Association Time Signal Strength 1 00 19 cb 32 be ac ZyXEL 1970 01 01 00 17 51 ail oos The following table describes the labels in this screen Table 7 Association List LABEL DESCRIPTION This is the index number of an associated wireless device MAC Address This field displays the MAC address of an associated wireless device SSID This field displays the SSID to which the wireless device is associated Association Time This field displays the time a wireless device first associated with the NWA1121 NI s wireless network Signal Strength This field displays the RSSI Received Signal Strength Indicator of the wireless connection Refresh Click Refresh to reload the list 5 6 Channel Usage Use this screen to know whether a channel is used by another wireless network or not If a channel is being used you should select a channel removed from it by five channels to completely avoid overlap Click Monitor gt Channel Usage to display the screen shown next NWA1121 NI User s Guide Chapter 5 Monitor Wait a moment while the NWA1121 NI compiles the information Figure 16 Channel Usage Channel Usage Site Survey SSID Channel MAC Address Wireless Mode Signal Strength Security ZyXEL NAS Aslan 6 00 02 CF 9C 63 F0 802 11b g alil 73 WPA2 PSK ZyXEL_MIS_WPA 6 06 19 CB 8A 34 D0 802 11b g al 22
10. Figure 24 Wireless LAN gt SSID SSID Security RADIUS MAC Filter Wireless Settings Profile Settings Profi Profi Profi Profi Profi Profi Profi Profi on c uU F amp F t DY Profile Name e1 e2 e3 e4 e5 e6 e7 e8 SSID Security RADIUS QoS MAC Filter Modify ZyXEL NWA Disabled RadProfile1 None Disabled a ZyXEL SecProfile2 RadProfile1 None Disabled a ZyXEL Disabled RadProfile1 None Disabled 3 ZyXEL Disabled RadProfile1 None Disabled 4 ZyXEL Disabled RadProfile1 None Disabled g ZyXEL Disabled RadProfile1 None Disabled 4 ZyXEL Disabled RadProfile1 None Disabled 4 ZyXEL Disabled RadProfile1 None Disabled a The following table describes the labels in this screen Table 14 Wireless LAN gt SSID LABEL Profile Settings DESCRIPTION Profile Name This field displays the index number of each SSID profile This field displays the identification name of each SSID profile on the NWA1121 NI SSID This field displays the SSID Service Set IDentifier that is the name of the wireless network to which a wireless client can connect When a wireless client scans for an AP to associate with this is the name that is broadcast and seen in the wireless client utility Security This field indicates which security profile is currently associated with each SSID profile See Section 6 6 on page 74 for more information RADIUS This field displays which RADIUS profile i
11. SSID01 VoIP SSID Guest SSID Profile4 Profiles Profile6 Profile7 Profiles SSID SSIDO01 VoIP SSID Guest SSID ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL Security RADIUS QoS Disabled RadProfile1 WMM Disabled RadProfile1 WMM Disabled RadProfile1 WMM Disabled RadProfile1 WMM Disabled RadProfile1 WMM Disabled RadProfile1 WMM Disabled RadProfile1 WMM Disabled RadProfile1 WMM MAC Filter Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Modify Sy Cy Uy Uy Uy Sy Sy 2 Select SecProfilel as SSI DO1 s security profile Select the Hidden SSID checkbox as you want only authorized company employees to use this network so there is no need to broadcast the SSID to wireless clients scanning the area Also the clients on SSIDO1 might need to access other clients on the same wireless network Do not select the Intra BSS Traffic blocking check box Click Apply Profile Name SSID RADIUS MAC Filtering Qos idden SSID Profile Settings BSSID VLAN ID ntra BSS Traffic Blocking Number of Wireless Stations Allowed to Associate SSIDO1 SSID01 secre RadProfile1 Disabled WMM Enabled 7 Enabled 1 4094 1 64 Back Cancel NWA1121 NI User s Guide Chapter 4 Tutorial 3 4 5 Next click Wireless LAN gt Security Click the Edit icon next to SecProfile1 Security Profiles Prof
12. The key itself is not sent over the network but is derived from the PSK and the SSID NWA1121 NI User s Guide Appendix D Wireless LANs 4 The AP and wireless clients use the TKIP or AES encryption process the PMK and information exchanged in a handshake to create temporal encryption keys They use these keys to encrypt data exchanged between them Figure 96 WPA 2 PSK Authentication lt INTERNEJ Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type MAC address filters are not dependent on how you configure these security features Table 55 Wireless Security Relational Matrix METHOD KEY BU ah eo IEEE 802 1X N METHOD MANUAL KEY z MANAGEMENT PROTOCOL Open None No Disable Enable without Dynamic WEP Key Open WEP No Enable with Dynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable Shared WEP No Enable with Dynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable WPA TKIP AES No Enable WPA PSK TKIP AES Yes Disable WPA2 TKIP AES No Enable WPA2 PSK TKIP AES Yes Disable Antenna Overview An antenna couples RF signals onto air A transmitter within a wireless device sends an RF signal to the antenna which propagates the signal through the air The antenna also operates in reverse by capturing RF signals from the air NWA
13. 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24 bit network number Table 50 24 bit Network Number Subnet Planning NO BORROWED SUBNET MASK NO SUBNETS NO NOSTS PER 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 7 255 255 255 254 31 128 1 The following table is a summary for subnet planning on a network with a 16 bit network number Table 51 16 bit Network Number Subnet Planning NO BORROWED SUBNET MASK NO SUBNETS NO HOSTS PER HOST BITS SUBNET 1 255 255 128 0 17 32766 2 255 255 192 0 18 16382 3 255 255 224 0 19 8190 4 255 255 240 0 20 16 4094 5 255 255 248 0 21 32 2046 6 255 255 252 0 22 64 1022 7 255 255 254 0 23 128 510 8 255 255 255 0 24 256 254 9 255 255 255 128 25 512 126 10 255 255 255 192 26 1024 62 11 255 255 255 224 27 2048 30 12 255 255 255 240 28 4096 14 NWA1121 NI User s Guide 177 Appendix C IP Addresses and Subnetting Table 51 16 bit Network Number Subnet Planning continued NO
14. 3 Find and select NWA1121 NI A s SSID AP A Site Survey Select SSID Channel MAC Address Wireless Mode Signal Strength Security o ZyXEL MIS WPA 1 50 67 F0 37 A0 85 802 11b g n tllilazss WPA2 ZT01053 1 00 13 49 00 00 06 802 11b g n WPA2 PSK 1 22 00 4A 79 78 47 802 11b g n WPA PSK O NWA1121 NI 85898 1 CC 5D 4E 66 3B 3D 802 11b g n WPA2 PSK o linux jc 1 C8 34 35 C0 00 F5 802 11b g al 33 WPA PSK ZT01053 5 40 44 03 49 6E 0C 802 11b gin wl 50 WPA2 PSK Oo Home 3160 N 6 40 44 03 79 ED 4D 802 11b g n ail 80 WPA2 PSK Oo w8021xwpa 6 50 67 F0 37 9F 72 802 11b g 111696 WPA NWA1121 NI User s Guide Chapter 4 Tutorial 4 Goto Wireless LAN gt Security to configure the NWA1121 NI to use the same security mode and Pre Shared Key as NWA1121 NI A WPA PSK ThisisMyPreSharedKey Click Apply Figure 12 Security Settings Profile Name SecProfile1 Security Mode WPA PSK v Pre Shared Key ThisisMyPreSharedKey 8 63 ASCII Characters 4 3 4 MAC Filter Setup One way to ensure that only specified wireless clients can access the FTP server is by enabling MAC filtering on NWA1121 NI B See Section 6 8 on page 89 for more information on MAC Filter Q1 Goto Wireless LAN gt MAC Filter Click the Edit icon next to MacProfilel MAC Filter Profiles Profile Name Filter Action Modify 1 MacProfile1 Disabled C 2 MacProfile2 Disabled 3 3 MacProfile3 Disabled 4 4 MacProfile4 Disab
15. Chapter 1 Introducing the NWA1121 NI between associated wireless clients and the wired LAN Clients A B and C access the AP and the wired network behind the AP throught repeaters Z and Y Figure 4 Repeater Application When the NWA1121 NI is in Repeater mode universal repeater security between the NWA1121 NI and other repeater is independent of the security between the wireless clients and the AP or repeater If you do not enable universal repeater security traffic between APs is not encrypted When universal repeater security is enabled both APs and repeaters must use the same pre shared key See Section 6 6 on page 74 for more details Once the security settings of peer sides match one another the connection between devices is made At the time of writing universal repeater security is compatible with the NWA1121 NI only 1 3 Ways to Manage the NWA1121 NI Use any of the following methods to manage the NWA1121 NI e Web Configurator This is recommended for everyday management of the NWA1121 NI using a supported web browser e FTP File Transfer Protocol for firmware upgrades and configuration backup and restore e SNMP Simple Network Management Protocol The device can be monitored by an SNMP manager NWA1121 NI User s Guide 15 Chapter 1 Introducing the NWA1121 NI 1 4 Configuring Your NWA1121 NI s Security Features Your NWA1121 NI comes with a variety of security features This section summarizes th
16. Connection Settings IP address Subnet mask Gateway address e In the Configuration list select Automatic Configuration DHCP if you have a dynamic IP address e In the Configuration list select Static IP address if you have a static IP address Fill in the IP address Subnet mask and Gateway address fields 6 Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen NWA1121 NI User s Guide 151 Appendix A Setting Up Your Computer s IP Address 7 Ifyou know your DNS server IP address es click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided Erg NETWOTCSELDHOS Location Connections General DNS Hosts DNS Servers Search Domains Hep llo Ec 8 Click the Close button to apply the changes 152 NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address Verifying Settings Check your TCP IP properties by clicking System gt Administration gt Network Tools and then selecting the appropriate Network device from the Devices tab The Interface Statistics column shows data if your connection is working properly Figure 71 Ubuntu 8 Network Tools Mc Devices Network Jools eben ub 3a Tool Edit Help Devices Ping Netstat Traceroute Port Scan
17. Disable Figure 46 Remote Management Example LAN WLAN In the figure above the NWA1121 NI A is being managed by a desktop computer B connected via LAN Land Area Network It is also being accessed by a notebook C connected via WLAN Wireless LAN 9 2 What You Can Do in this Chapter Use the WWW screen to configure through which interface s and from which IP address es you can use the Web Browser to manage the NWA1121 NI see Section 9 4 on page 104 Use the Certificates screen to delete and import certificates seen Section 9 5 on page 105 NWA1121 NI User s Guide Chapter 9 System e Use the Telnet screen to configure through which interface s and from which IP address es you can use Telnet to manage the NWA1121 NI A Telnet connection is prioritized by the NWA1121 NI over other remote management sessions see Section 9 6 on page 106 e Use the SNMP screen to configure through which interface s and from which IP address es a network systems manager can access the NWA1121 NI see Section 9 7 on page 107 e Use the FTP screen to configure through which interface s and from which IP address es you can use File Transfer Protocol FTP to manage the NWA1121 NI You can use FTP to upload the latest firmware for example see Section 9 8 on page 110 9 3 What You Need To Know WWW The World Wide Web allows you to access files hosted in a remote server For example you can view text files usually refe
18. Enable Group Key Update C Every 100 Seconds max 100 3600 Back Apply Cancel SecProfile1 802 1X Static WEP v ze pitwer v Generate max 16 alphanumeric printable characters The following table describes the labels in this screen Table 19 Security 802 1X Static WEP for Access Point LABEL DESCRIPTION Security Settings Profile Name Security Mode This is the name that identifying this profile Choose 802 1X Static WEP in this field Data Encryption Select 64 bit WEP or 128 bit WEP to enable data encryption Passphrase Enter the passphrase or string of text used for automatic WEP key generation on wireless client adapters Generate Click this to get the keys from the Passphrase you entered NWA1121 NI User s Guide Chapter 6 Wireless LAN Table 19 Security 802 1X Static WEP for Access Point continued LABEL DESCRIPTION Key 1 to The WEP keys are used to encrypt data Both the NWA1121 NI and the wireless stations eae must use the same WEP key for data transmission ey If you chose 64 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F You can configure up to four keys but only one key can be activated at any one time Rekey Options Reauthentication Specify how often wirele
19. Poll Interval s 5 1 65534 sec Setintemal Stop Retry Count FCS Error Count 0 0 The following table describes the labels in this screen Table 6 Statistics LABEL DESCRIPTION Description This is the wireless interface on the NWA1121 NI 802 11 Mode This field shows which 802 11 mode the NWA1121 NI is using Channel ID This shows the channel number which the NWA1121 NI is currently using over the wireless LAN RX Pkts This is the number of received packets on this port TX Pkts This is the number of transmitted packets on this port Retry Count FCS Error Count This is the total number of retries for transmitted packets TX This is the total number of checksum error of received packets RX Poll Interval Set Interval Enter the time interval for refreshing statistics Click this button to apply the new poll interval you entered above Stop Click this button to stop refreshing statistics 5 5 Association List View the wireless devices that are currently associated with the NWA1121 NI in the Association List screen Association means that a wireless client for example your network or computer with a wireless network card has connected successfully to the AP or wireless router using the same SSID channel and security settings NWA1121 NI User s Guide Chapter 5 Monitor Click Monitor gt Association List to display the screen as shown next
20. your primary concern is to keep your network secure while allowing access to certain resources such as a network printer or the Internet For this reason the pre configured Guest_ SSID profile has intra BSS traffic blocking enabled by default Intra BSS traffic blocking means that the client cannot access other clients on the same wireless network 1 Click Wireless LAN gt SSID Click the Edit icon next to Guest SSID Profile Settings Profile Name SSID Security RADIUS QoS MAC Filter Modify 1 SSID01 SSIDO01 Disabled RadProfile1 WMM Disabled sz 2 VoIP SSID VoIP SSID Disabled RadProfile1 WMM Disabled x 3 Guest_SSID Guest SSID Disabled RadProfile1 WMM Disabled E Profile4 ZyXEL Disabled RadProfile1 WMM Disabled s 5 Profile5 ZyXEL Disabled RadProfile1 WMM Disabled G 6 Profile6 ZyXEL Disabled RadProfile1 WMM Disabled g 7 Profile7 ZyXEL Disabled RadProfile1 WMM Disabled g 8 Profile8 ZyXEL Disabled RadProfile1 WMM Disabled G 2 Select SecProfile3 in the Security field Do not select the Hidden SSID check box so the guests can easily find the wireless network 3 Select WMM BESTEFFORT in the QoS field to give the guest a lower QoS priority 39 NWA1121 NI User s Guide Chapter 4 Tutorial 4 Select the check box of Intra BSS Traffic blocking Enabled Click Apply Profile Settings Profile Name Guest SSID SSID Guest SSID SecProfile3 RADIUS RadProfile1 y MAC Filtering Disabled x BSSID VLAN ID
21. 1 1 4094 Number of Wireless Stations Allowed to 64 1 64 Associate idden SSID Enabled Intra BSS Traffic Blocking Enabled Bac Appy Cancel 5 Next click Wireless LAN gt Security Click the Edit icon next to SecProfile3 Security Profiles Profile Name Security Mode Modify 1 SecProfile1 WPA2 PSK MIX 4 2 SecProfile2 WPA2 PSK 4 3 SecProfile3 None 4 SecProfile4 None s 5 SecProfile5 None i 6 SecProfile6 None g 7 SecProfile7 None s 8 SecProfile8 None 4 6 Select WPA PSK in the Security Mode field WPA PSK provides strong security that is supported by most wireless clients Even though your Guest SSID clients do not have access to sensitive information on the network you should not leave the network without security An attacker could still cause damage to the network or intercept unsecured communications or use your Internet access for illegal activities NWA1121 NI User s Guide 37 Chapter 4 Tutorial 7 Enter the PSK you want to use in your network in the Pre Shared Key field In this example the PSK is ThisismyGuestWPApre sharedkey Click Apply Security Settings Profile Name SecProfile3 Security Mode WPA PSK ThisismyGuestWPApre 8 63 ASCII Characters Back Apply Cancel 8 Your guest wireless network is now ready to use 4 2 5 Testing the Wireless Networks To make sure that the three networks are correctly configured do the foll
22. 2 46 Media 2 0 GB available wis N Eavorites Applications Computer User zyxel on linux h20z Please enter the Administrator root password to continue Command sbin yast2 Password Ignore X Cancel NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address 3 When the YaST Control Center window opens select Network Devices and then click the Network Card icon YaST Control Center linux h20z File Edit Help D Software e Network Card Network Devices C fad Network Services 49 Novell AppArmor Security and Users Miscellaneous 4 When the Network Settings window opens click the Overview tab select the appropriate connection Name from the list and then click the Configure button vasr2Glinux h2oz Network Card 9 Network Settings Overview Obtain an overview of installed network cards Global Options Overview Hostname DNS Routing Additionally edit their configuration Name IP Address AMD PCnet Fast 79C971 DHCP Adding a Network Card Press Add to configure a new network card manually Configuring or Deleting Choose a network card to change or remove Then press Configure or Delete as desired AMD PCnet Fast 79C971 MAC 08 00 27 96 ed 3d Device Name eth etho Started automatically at boot P address assigned using DHCP
23. 95 K key 59 77 81 83 L LEAP 59 LEDs 17 127 Blinking 17 Flashing 17 Off 17 Lightweight Extensible Authentication Protocol 59 Log 49 Log Screens 115 Logs accessing logs 115 receiving logs via e mail 116 Logs Screen Mail Server 117 Mail Subject 117 Send Log to 117 NWA1121 NI User s Guide Index Syslog 118 Logs Uses of 115 MAC Filter Allow Association 89 Deny Association 89 Maintenance 119 Association List 120 Backup 124 Restore 124 Management Information Base MIB 111 managing the device good habits 16 MBSSID 11 Media Access Control 89 Message Integrity Check MIC 187 message relay 60 Microsoft Challenge Handshake Authentication Protocol Version 2 59 MSCHAPv2 59 MSDU 63 66 71 N NAT 178 Network Time Protocol NTP 119 NTP 119 O Operating Mode 56 other documentation 2 Output Power Management 63 65 68 70 P Pairwise Master Key PMK 188 189 Passphrase 59 Password 128 PEAP 59 Personal Information Exchange Syntax Standard 104 PFX PKCS 12 104 Preamble 91 preamble mode 183 Preamble Type 63 66 68 71 Pre Shared Key 59 priorities 92 product registration 196 Protected Extensible Authentication Protocol 59 PSK 59 188 Q QoS 73 Quick Start Guide 2 R Radio Frequency 92 RADIUS 59 184 Accounting 60 Authentication 60 Authorization 60 message types 185 messages 185 shared secret key 185 RADIUS Screen Accounting Server 88 Accounting Se
24. Authority See CA Certificates Fingerprint 112 MD5 112 public key 104 SHA1 112 Certification Authority 112 certifications 193 notices 195 viewing 195 Channel 56 channel 181 interference 181 Controlling network access Ways of 11 copyright 193 CTS Clear to Send 182 D disclaimer 193 Distribution System 56 DNS 97 119 documentation related 2 Domain Name Server DNS 119 DS 56 DTIM Interval 63 65 70 dynamic WEP key exchange 186 NWA1121 NI User s Guide Index E EAP 59 EAP Authentication 185 Encryption 59 76 80 83 85 encryption 14 187 ESS 56 180 Ethernet device 89 Extended Service Set 56 Extended Service Set See ESS 180 Extensible Authentication Protocol 59 F Factory Defaults 125 restoring 21 FCC interference statement 193 Firmware 120 Fragmentation 63 66 68 71 Fragmentation threshold 91 fragmentation threshold 182 FTP 103 restrictions 103 G Generic Token Card 59 GTC 59 Guide Quick Start 2 H hidden node 181 IANA 178 IBSS 179 IEEE 802 11g 183 IEEE 802 1x 57 Import Certificate 106 Independent Basic Service Set See IBSS 179 initialization vector IV 188 Internet Assigned Numbers Authority See IANA Internet Protocol version 6 see IPv6 Internet telephony 12 IP Address 94 Gateway IP address 94 IP Screen 94 DHCP 96 IPv6 95 addressing 95 global address 95 link local address 95 Neighbor Discovery Protocol 95 ping 95 prefix 95 prefix length
25. BORROWED SUBNET MASK NO SUBNETS NO HOSTS PER 13 255 255 255 248 29 8192 6 14 255 255 255 252 30 16384 2 15 255 255 255 254 31 32768 1 Configuring IP Addresses Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in selecting the IP addresses and the subnet mask If the ISP did not explicitly give you an IP network number then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to 192 168 255 0 The Internet Assigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise You must also enable Network Address Translation NAT on the NWA1121 NI Once you have decided on the network number pick an IP address for your NWA1121 NI that is easy to remember for instance 192 168 1 1 but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP address Your NWA1121 NI will compute the subnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the NWA1121 NI unless you are instructed to do otherwise
26. Chapter 4 Tutorial 6 4 4 on page 69 to provide multiple wireless networks Each wireless network will cater to a different type of user You want to make three wireless networks one standard office wireless network with all the same settings you already have another wireless network with high priority QoS settings for Voice over IP VoIP users and a guest network that allows visitors to access only the Internet and the network printer To do this you will take the following steps 1 Edit the SSID profiles 2 Change the operating mode from Root AP to MBSSID and reactivate the standard network 3 Configure different security modes for the networks 4 Configure a wireless network for standard office use 5 Configure a wireless network for VoIP users 6 Configure a wireless network for guests to your office The following figure shows the multiple networks you want to set up Your NWA1121 NI is marked Z the main network router is marked A and your network printer is marked B MAC 00 AA 00 AA 00 AA The standard network SSI DO1 has access to all resources The VoIP network VoIP SSID has access to all resources and a high QoS priority The guest network Guest SSI D has access to the Internet and the network printer only and a low QoS priority NWA1121 NI User s Guide Chapter 4 Tutorial To configure these settings you need to know the Media Access Control MAC addresses of the devices you want to allow user
27. Configurator 2 3 2 Navigation Panel Use the menu items on the navigation panel to open screens to configure NWA1121 NI features The following tables describe each menu item Table 2 Navigation Panel Summary LINK TAB FUNCTION Dashboard This screen shows the NWA1121 NI s general device and network status information Use this screen to access the statistics and client list Monitor Logs View Log Use this screen to view the logs for the categories that you selected Statistics Association List Use this screen to view port status packet specific statistics the system up time and so on Use this screen to view the wireless stations that are currently associated to the NWA1121 NI Channel Usage Use this screen to know whether a channel is used by another wireless network or not Configuration Network Wireless LAN Wireless Settings Use this screen to configure the wireless LAN settings and NWA1121 NI s operation mode SSID Use this screen to configure up to eight SSID profiles for your NWA1121 NI Security Use this screen to configure wireless security profiles on the NWA1121 NI RADIUS Use this screen to configure up to four RADIUS profiles MAC Filter Use this screen to configure MAC filtering profiles LAN Use this screen to configure the NWA1121 NI s LAN IP address VLAN Use this screen to configure the NWA1121 NI
28. EC Bulgarian C Hacrosuijoro ZyXEL geknapupa ue TOBa O60pyABaHe e B CbOTBeTCTBMe CbC CblljecTBeHuTe n3ncKBaHna n Apyrure npnnoxnmn pasnopez6ure Ha Anupektusa 1999 5 EC Icelandic H r me l sir ZyXEL v yfir a essi b na ur er samr mi vi grunnkr fur og nnur vi eigandi kv i tilskipunar 1999 5 EC Norwegian Erkl rer herved ZyXEL at dette utstyret er I samsvar med de grunnleggende kravene og andre relevante bestemmelser I direktiv 1999 5 EF Romanian Prin prezenta ZyXEL declar c acest echipament este in conformitate cu cerin ele esen iale si alte prevederi relevante ale Directivei 1999 5 EC CEO National Restrictions This product may be used in all EU countries and other countries following the EU directive 1999 5 EC without any limitation except for the countries mentioned below NWA1121 NI User s Guide 197 Appendix E Legal Information Ce produit peut tre utilis dans tous les pays de l UE et dans tous les pays ayant transpos s la directive 1999 5 CE sans aucune limitation except pour les pays mentionn s ci dessous Questo prodotto e utilizzabile in tutte i paesi EU ed in tutti gli altri paesi che seguono le direttive EU 1999 5 EC senza nessuna limitazione eccetto per i paesii menzionati di seguito Das Produkt kann in allen EU Staaten ohne Einschr nkungen eingesetzt werden sowie in anderen Staaten die der EU Direktive 1995 5 CE folgen mi
29. Lookup Finger whois Network device 3i Configure IP Information Protocol IP Address Netmask Prefix Broadcast Scope IPv4 10 0 2 15 255 255 255 0 10 0 2 255 IPv6 fe80 a00 27ff fe30 el6c 64 Link Interface Information Interface Statistics Hardware address 08 00 27 30 e1 6c sremitied sytes 684 6 KiB Multicast Enabled Transmitted packets 1425 MTU 1500 Transmission errors 0 Link speed not available Received bytes 219 5 KiB State Active Received packets 1426 Reception errors 0 Collisions 0 mm Linux openSUSE 10 3 KDE This section shows you how to configure your computer s TCP IP settings in the K Desktop Environment KDE using the openSUSE 10 3 Linux distribution The procedure screens and file locations may vary depending on your specific distribution release version and individual configuration The following screens use the default openSUSE 10 3 installation Note Make sure you are logged in as the root administrator Follow the steps below to configure your computer IP address in the KDE NWA1121 NI User s Guide 153 Appendix A Setting Up Your Computer s IP Address 1 2 Click K Menu Computer Administrator Settings YaST san O Applications a Administrator Settings Install Software e System Information Home Folder My Documents j Network Folders System Folders Media Uf
30. MAC Filter Basic Settings Wireless LAN Interface Operation Mode Wireless Mode Channel Channel Width Universal Repeater Settings Local MAC Address Universal Repeater SSID Profile Root MAC Address Advanced Settings Beacon Interval DTIM Interval Output Power Preamble Type RTS CTS Threshold A MPDU Aggregation Short Gl MCS Rate Auto 0 Enabled v Extension Channel Protection Mode v Enabled Repeater 802 11b g n 6 20MHZ Profile2 x 00 A0 c5 01 23 45 Dynamic 2346 None v Enabled v Enabled 1 15 y 1 2346 I MJ 5 6 T 8 9 10 11 A213 14 15 opi Wireless LAN gt Wireless Settings Repeater 1 25 1000 ms The following table describes the bridge labels in this screen Table 11 Wireless LAN gt Wireless Settings Repeater LABEL DESCRIPTION Basic Settings Wireless LAN Select the check box to turn on the wireless LAN on the NWA1121 NI Interface Operation Mode Select Repeater from the drop down list NWA1121 NI User s Guide Chapter 6 Wireless LAN Table 11 Wireless LAN gt Wireless Settings Repeater continued LABEL DESCRIPTION Wireless Mode Select 802 11b g to allow both IEEE802 11b and IEEE802 11g compliant WLAN devices to associate with the NWA1121 NI The transmission rate of your NWA1121 NI might be reduced Select 802 11b
31. Private IP Addresses 178 Every machine on the Internet must have a unique address If your networks are isolated from the Internet running only between two branch offices for example you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved the following three blocks of IP addresses specifically for private networks e 10 0 0 0 10 255 255 255 e 172 16 0 0 172 31 255 255 e 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space NWA1121 NI User s Guide Wireless LANs Wireless LAN Topologies This section discusses ad hoc and infrastructure wireless LAN topologies Ad hoc Wireless LAN Configuration The simplest WLAN configuration is an independent Ad hoc WLAN that connects a set of c
32. SNMP allows a manager and agents to communicate for the purpose of accessing information such as packets received node port status etc SNMP v3 and Security SNMP v3 enhances security for SNMP management SNMP managers can be required to authenticate with agents before conducting SNMP management sessions Security can be further enhanced by encrypting the SNMP messages sent from the managers Encryption protects the contents of the SNMP messages When the contents of the SNMP messages are encrypted only the intended recipients can read them Remote Management Limitations Remote management over LAN or WLAN will not work when e You have disabled that service in one of the remote management screens e The IP address in the Secured Client I P Address field does not match the client IP address If it does not match the NWA1121 NI will disconnect the session immediately NWA1121 NI User s Guide Chapter 9 System e You may only have one remote management session running at one time The NWA1121 NI automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts The priorities for the different types of remote management sessions are as follows 1 Telnet 2 HTTP Certificate A certificate contains the certificate owner s identity and public key Certificates provide a way to exchange public keys for use in authentication Figure 48 Certificates Example A
33. Time and Date Current Time This field displays the time of your NWA1121 NI Each time you reload this page the NWA1121 NI synchronizes the time with the time server if configured When you disable NTP Client Update you can manually enter the new time in this field and then click Apply Current Date This field displays the last updated date from the time server When you disable NTP Client Update you can manually enter the new date in this field and then click Apply Time and Date Setup NTP Client Update Select this to have the NWA1121 NI get the time and date from the time server you specified below NTP server Select this option to use the predefined list of Network Time Protocol NTP servers Select an NTP server from the drop list box Manual IP Select this option to enter the IP address or URL of your time server Check with your ISP network administrator if you are unsure of this information Time Zone Setup Time Zone Choose the time zone of your location This will set the time difference between your time zone and Greenwich Mean Time GMT Apply Click Apply to save your changes Cancel Click Cancel to reload the previous configuration for this screen NWA1121 NI User s Guide Chapter 11 Maintenance 11 7 Firmware Upgrade Screen Use this screen to upload a firmware to your NWA1121 NI Click Maintenance gt Firmware Upgrade Follow the instructions in this s
34. Wireless LAN gt Wireless Settings MBSSID continued LABEL DESCRIPTION Preamble Type Select Dynamic to have the AP automatically use short preamble when wireless adapters support it otherwise the AP uses long preamble Select Long if you are unsure what preamble mode the wireless adapters support and to provide more reliable communications in busy wireless networks Aggregation RTS CTS Request To Send The threshold number of bytes for enabling RTS CTS handshake Threshold Data with its frame size larger than this value will perform the RTS CTS handshake Setting this attribute to be larger than the maximum MSDU MAC service data unit size turns off the RTS CTS handshake Setting this attribute to its smallest value 1 turns on the RTS CTS handshake Extension You can use CTS to self or RTS CTS protection mechanism to reduce conflicts with other Channel wireless networks or hidden wireless clients The throughput of RTS CTS is much lower Protection Mode than CTS to self Using this mode may decrease your wireless performance A MPDU This field is available only when 802 11 b g n is selected as the Wireless Mode Select to enable A MPDU aggregation Message Protocol Data Unit MPDU aggregation collects Ethernet frames along with their 802 11n headers and wraps them in a 802 11n MAC header This method is useful for increasing bandwidth throughput in environments that are prone to high error rates S
35. You may still configure and store keys but they will not be used while dynamic WEP is enabled Note EAP MD5 cannot be used with Dynamic WEP Key Exchange For added security certificate based authentications EAP TLS EAP TTLS and PEAP use dynamic keys for data encryption They are often deployed in corporate environments but for public deployment a simple user name and password pair is more practical The following table is a comparison of the features of authentication types Table 54 Comparison of EAP Authentication Types EAP MD5 EAP TLS EAP TTLS PEAP LEAP Mutual Authentication No Yes Yes Yes Yes Certificate Client No Yes Optional Optional No Certificate Server No Yes Yes Yes No Dynamic Key Exchange No Yes Yes Yes Yes Credential Integrity None Strong Strong Strong Moderate Deployment Difficulty Easy Hard Moderate Moderate Moderate Client Identity Protection No No Yes Yes No WPA and WPA2 Wi Fi Protected Access WPA is a subset of the IEEE 802 11i standard WPA2 IEEE 802 11i is a wireless security standard that defines stronger encryption authentication and key management than WPA Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication If both an AP and the wireless clients support WPA2 and you have an external RADIUS server use WPA2 for stronger data encryption If you don t have an external RADIUS server you should use WPA2 PSK
36. a ZyXEL RT3062 AP1 4 a Broadcom NetXtreme Gigabit Eth iil amp ss USB Adapter 4 Local Area Connection Status General Connection IPv4 Connectivity No network access IPv6 Connectivity No network access Media State Enabled Duration 00 04 36 Speed 100 0 Mbps Activity A a T Received Packets 432 dsabe_ _Degrose Close Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address 5 Select I nternet Protocol Version 4 TCP I Pv4 and then select Properties Networking Sharing Connect using Broadcom NetXtreme Gigabit Ethemet This connection uses the following items 9l Client for Microsoft Networks dal QoS Packet Scheduler a File and Printer Sharing for Microsoft Networks ersion b IC F IPy6 E Intemet Protocol Version 4 TCP IPv4 Link Layer Topology Discovery Mapper 1 0 Driver Link Layer Topology Discovery Responder m AB m Transmission Control Protocol Intemet Protocol The default wide area network protocol that provides communication across diverse interconnected networks NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address 6 The Internet Protocol Version 4 TCP IPv4 Properties window opens In
37. a weakness of WEP User Authentication WPA and WPA2 apply IEEE 802 1x and Extensible Authentication Protocol EAP to authenticate wireless clients using an external RADIUS database WPA2 reduces the number of key exchange messages from six to four CCMP 4 way handshake and shortens the time required to connect to a network Other WPA2 authentication features that are different from WPA include key caching and pre authentication These two features are optional and may not be supported in all wireless devices Key caching allows a wireless client to store the PMK it derived through a successful authentication with an AP The wireless client uses the PMK when it tries to connect to the same AP and does not need to go with the authentication process again Pre authentication enables fast roaming by allowing the wireless client already connecting to an AP to perform IEEE 802 1x authentication with another AP before connecting to it Wireless Client WPA Supplicants 188 A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA At the time of writing the most widely available supplicant is the WPA patch for Windows XP Funk Software s Odyssey client The Windows XP patch is a free download that adds WPA capability to Windows XP s built in Zero Configuration wireless client However you must run Windows XP to use it NWA1121 NI User s Guide Appendix D Wireless LAN
38. advanced suggestions Advanced Suggestions e Check the settings for QoS If it is disabled you might consider activating it NWA1121 NI User s Guide Setting Up Your Computer s IP Address Note Your specific NWA1121 NI may not support all of the operating systems described in this appendix See the product specifications for more information about which operating systems are supported This appendix shows you how to configure the IP settings on your computer in order for it to be able to communicate with the other devices on your network Windows Vista XP 2000 Mac OS 9 OS X and all versions of UNIX LINUX include the software components you need to use TCP IP on your computer If you manually assign IP information instead of using a dynamic IP make sure that your network s computers have IP addresses that place them in the same subnet In this appendix you can set up an IP address for e Windows XP NT 2000 on page 131 e Windows Vista on page 135 e Windows 7 on page 139 e Mac OS X 10 3 and 10 4 on page 143 e Mac OS X 10 5 and 10 6 on page 146 e Linux Ubuntu 8 GNOME on page 149 e Linux openSUSE 10 3 KDE on page 153 Windows XP NT 2000 The following example uses the default Windows XP display theme but can also apply to Windows 2000 and Windows NT NWA1121 NI User s Guide 131 Appendix A Setting Up Your Computer s IP Address 1 2 3 Click Start gt Control Panel
39. airflow may harm your device e Antenna Warning This device meets ETSI and FCC certification requirements when using the included antenna s Only use the included antenna s e If you wall mount your device make sure that no electrical lines gas or water pipes will be damaged e The PoE Power over Ethernet devices that supply or receive power and their connected Ethernet cables must all be completely indoors e This product is for indoor use only utilisation int rieure exclusivement Your product is marked with this symbol which is known as the WEEE mark WEEE stands for Waste Electronics and Electrical Equipment It means that used electrical and electronic products should not be mixed with general waste Used electrical and electronic equipment should be treated separately NWA1121 NI User s Guide Index Numbers 802 1x Only 58 802 1x Static128 58 802 1x Static64 58 A access privileges 12 Accounting Server 88 Advanced Encryption Standard See AES AES 187 Alerts 116 Alternative subnet mask notation 174 Antenna 92 antenna directional 191 gain 191 omni directional 191 AP access point 181 Applications Access Point 14 AP Bridge 14 applications MBSSID 11 Repeater 14 ATC 73 ATC WMM 73 Basic Service Set 56 see BSS Basic Service Set See BSS 179 beacon 56 Beacon Interval 63 65 70 Index BSS 11 12 56 179 C CA 186 Certificate authentication 104 file format 104 Certificate
40. connections and one SSID for the connection with a repeater universal repeater SSID Wireless clients can use either SSID to associate with the NWA1121 NI in Root AP mode A repeater must use the universal repeater SSID to connect to the NWA1121 NI in Root AP mode When the NWA1121 NI is in Root AP mode universal repeater security between the NWA1121 NI and other repeater is independent of the security between the wireless clients and the AP or repeater If you do not enable universal repeater security traffic between APs is not encrypted When universal repeater security is enabled both APs and repeaters must use the same pre shared key See Section 6 6 on page 74 for more details Unless specified the term security settings refers to the traffic between the wireless clients and the AP At the time of writing universal repeater security is compatible with the NWA1121 NI only 1 2 4 Repeater The NWA can act as a wireless network repeater to extend a root AP s wireless network range and also establish wireless connections with wireless clients Using Repeater mode your NWA1121 NI can extend the range of the WLAN In the figure below the NWA1121 NI in Repeater mode Z has a wireless connection to the NWA1121 NI in Root AP mode X which is connected to a wired network and also has a wireless connection to another NWA1121 NI in Repeater mode Y at the same time Z and Y act as repeaters that forward traffic NWA1121 NI User s Guide
41. drop down list box Data Encryption Select 64 bit WEP or 128 bit WEP to enable data encryption Passphrase Enter the passphrase or string of text used for automatic WEP key generation on wireless client adapters Generate Click this to get the keys from the Passphrase you entered 76 NWA1121 NI User s Guide Chapter 6 Wireless LAN Table 16 Security WEP continued LABEL DESCRIPTION Key 1 to The WEP keys are used to encrypt data Both the NWA1121 NI and the wireless stations must use the same WEP key for data transmission ey If you chose 64 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F You can configure up to four keys but only one key can be activated at any one time Back Click Back to return to the previous screen Apply Click Apply to save your changes Cancel Click Cancel to begin configuring this screen afresh 6 6 2 Security 802 1x Only This screen varies depending on the operating mode you select in the Wireless LAN Wireless Settings screen 6 6 2 1 Access Point Use this screen to use 802 1x Only security mode for your NWA1121 NI that is in root AP MBSSID or repeater operating mode Select 802 1x Only in the Security Mode field to display the following screen Figure 29 Security 802 1x Only for Access Point
42. for your NWA1121 NI that is in wireless client operating mode Select WPA or WPA2 in the Security Mode field to display the following screen Figure 34 Security WPA for Wireless Client Security Security Settings Profile Name SecProfile1 Security Mode WPA2 iv Data Encryption AES iv IEEEB02 1X Authentication Eap Type TLS imi User Information Login Name Certificate User Certificate Password Back Apply Cancel The following table describes the labels in this screen Table 22 Security WPA WPA2 for Wireless Client LABEL DESCRIPTION Security Settings Profile Name This is the name that identifying this profile Security Mode Choose the same security mode used by the AP Data Encryption This shows the encryption method used by the NWA1121 NI IEEE802 1x Authentication Eap Type The options on the left refer to EAP methods You can choose either TLS LEAP PEAP or TTLS If you select TTLS or PEAP the options on the right refer to authentication protocols You can choose between PAP CHAP MSCHAP MSCHAPv2 and or GTC User Information Username Supply the user name of the account created in the RADIUS server Login Name Password Supply the password of the account created in the RADIUS server Certificate User Certificate If you select TLS enter the name of the certificate used to to verify the identity of clients NWA1121 NI
43. g n to allow IEEE802 11b IEEE802 11g and IEEE802 11n compliant WLAN devices to associate with the NWA1121 NI The transmission rate of the NWA1121 NI might be reduced Select 802 11n to allow only IEEE802 11n compliant WLAN devices to associate with the NWA1121 NI Channel Select the operating frequency channel depending on your particular region from the drop down list box Channel Width This field displays only when you select 802 11n or 802 11b g n in the Wireless Mode field A standard 20MHz channel offers transfer speeds of up to 150Mbps whereas a 40MHz channel uses two standard channels and offers speeds of up to 300Mbps However not all devices support 40MHz channels Select the channel bandwidth you want to use for your wireless network It is recommended that you select 20 40MHz This allows the NWA1121 NI to adjust the channel bandwidth depending on network conditions Select 20MHz if you want to lessen radio interference with other wireless devices in your neighborhood or the wireless clients do not support channel bonding Universal Repeater Settings The Universal repeater function allows the NWA1121 NI in root AP or repeater mode to set up a wireless connection between it and another NWA1121 NI in root AP or repeater mode Note Universal repeater security is independent of the security settings between the NWA1121 NI and any wireless clients Local MAC Local MAC Address is the MAC address of y
44. lose your wireless connection when you press Apply to confirm You must then change the wireless settings of your computer to match the NWA1121 Nl s new settings This is the index number of each SSID profile Activve Select the check box to enable an SSID profile Otherwise clear the check box Profile Select an SSID Profile from the drop down list box Advanced Settings Beacon Interval When a wirelessly network device sends a beacon it includes with it a beacon interval This specifies the time period before the device sends the beacon again The interval tells receiving devices on the network how long they can wait in lowpower mode before waking up to handle the beacon A high value helps save current consumption of the access point DTIM Interval Delivery Traffic Indication Message DTIM is the time period after which broadcast and multicast packets are transmitted to mobile clients in the Active Power Management mode A high DTIM value can cause clients to lose connectivity with the network Output Power Set the output power of the NWA1121 NI in this field If there is a high density of APs in an area decrease the output power of the NWA1121 NI to reduce interference with other APs Select one of the following Full Full Power 50 25 or 12 5 See the product specifications for more information on your NWA1121 NI s output power NWA1121 NI User s Guide Chapter 6 Wireless LAN Table 13
45. of bytes for the fragmentation boundary for directed messages It is the maximum data fragment size that can be sent Aggregation Extension You can use CTS to self or RTS CTS protection mechanism to reduce conflicts with other channel wireless networks or hidden wireless clients The throughput of RTS CTS is much lower protection mode than CTS to self Using this mode may decrease your wireless performance A MPDU Select to enable A MPDU aggregation Message Protocol Data Unit MPDU aggregation collects Ethernet frames along with their 802 11n headers and wraps them in a 802 11n MAC header This method is useful for increasing bandwidth throughput in environments that are prone to high error rates NWA1121 NI User s Guide Chapter 6 Wireless LAN Table 12 Wireless LAN gt Wireless Settings Wireless Client continued LABEL DESCRIPTION Short GI Select Enabled to use Short GI Guard Interval The guard interval is the gap introduced between data transmission from users in order to reduce interference Reducing the GI increases data transfer rates but also increases interference Increasing the GI reduces data transfer rates but also reduces interference Apply Click Apply to save your changes Cancel Click Cancel to begin configuring this screen afresh 6 4 4 MBSSID Mode Use this screen to have the NWA1121 NI function in MBSSID mode Select MBSSI D as the Operation Mode The follow
46. server to be used for authentication Backup Server Port Enter the port number of the RADIUS server to be used for authentication Backup Share Secret Enter a password up to 64 alphanumeric characters as the key to be shared between the external authentication server and the NWA1121 NI The key must be the same on the external authentication server and your NWA1121 NI The key is not sent over the network Primary Accounting Server Select the check box to enable user accounting through an external authentication server Primary Server IP Address Enter the IP address of the external accounting server in dotted decimal notation Primary Server Port Enter the port number of the external accounting server Primary Share Secret Enter a password up to 64 alphanumeric characters as the key to be shared between the external accounting server and the NWA1121 NI The key must be the same on the external accounting server and your NWA1121 NI The key is not sent over the network Backup Accounting Server If the NWA1121 NI cannot communicate with the primary accounting server you can have the NWA1121 NI use a backup accounting server Make sure the check boxe is selected if you want to use the backup server The NWA1121 NI will attempt to communicate three times before using the backup server Backup Server IP Address Enter the IP address of the external accounting server in dotted decimal
47. specific statistics See Section 5 4 on page 50 Association List Click this to see a list of wireless clients currently associated to each of the NWA1121 NI s wireless modules See Section 5 5 on page 51 View Log Click this to see a list of logs produced by the NWA1121 NI See Section 5 3 on page 49 System Status System Up Time This field displays the elapsed time since the NWA1121 NI was turned on NWA1121 NI User s Guide Chapter 3 Dashboard Table 3 The Dashboard Screen continued LABEL DESCRIPTION Current Date Time This field displays the date and time configured on the NWA1121 NI You can change this in the Maintenance gt Time screen System Resource CPU Usage This field displays what percentage of the NWA1121 NI s processing ability is currently being used The higher the CPU usage the more likely the NWA1121 NI is to slow down Memory Usage This field displays what percentage of the NWA1121 NI s volatile memory is currently in use The higher the memory usage the more likely the NWA1121 NI is to slow down Some memory is required just to start the NWA1121 NI and to run the web configurator Interface Status Interface This column displays each interface of the NWA1121 NI Status This field indicates whether or not the NWA1121 NI is using the interface For each interface this field displays Up when the NWA1121 NI is using the inter
48. support long preamble but not all support short preamble Use long preamble if you are unsure what preamble mode other wireless devices on the network support and to provide more reliable communications in busy wireless networks Use short preamble if you are sure all wireless devices on the network support it and to provide more efficient communications Use the dynamic setting to automatically use short preamble when all wireless devices on the network support it otherwise the NWA1121 NI uses long preamble Note The wireless devices MUST use the same preamble mode in order to communicate IEEE 802 11g Wireless LAN IEEE 802 11g is fully compatible with the IEEE 802 11b standard This means an IEEE 802 11b adapter can interface directly with an IEEE 802 11g access point and vice versa at 11 Mbps or lower depending on range IEEE 802 11g has several intermediate rate steps between the maximum and minimum data rates The IEEE 802 11g data rate and modulation are as follows Table 52 IEEE 802 11g DATA RATE MBPS MODULATION 1 DBPSK Differential Binary Phase Shift Keyed 2 DQPSK Differential Quadrature Phase Shift Keying 5 5 11 CCK Complementary Code Keying 6 9 12 18 24 36 48 OFDM Orthogonal Frequency Division Multiplexing 54 Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless clients access points and the wired network Wi
49. the maximum number of possible hosts in a network as follows Table 43 Maximum Host Numbers SUBNET MASK HOST ID SIZE MAXIMUM NUMBER OF HOSTS 8 bits 255 0 0 0 24 bits 224 2 16777214 16 bits 255 255 0 0 16 bits 216 2 65534 24 bits 255 255 255 0 8 bits 28 2 254 29 bits 255 255 255 24 3 bits 23 2 6 8 Since the mask is always a continuous number of ones beginning from the left followed by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed by the number of bits in the mask after the address For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with subnet mask 255 255 255 128 NWA1121 NI User s Guide 173 Appendix C IP Addresses and Subnetting The following table shows some possible subnet masks using both notations Table 44 Alternative Subnet Mask Notation suerwank ARTY sane BERGA 255 255 255 0 24 0000 0000 0 255 255 255 128 25 1000 0000 128 255 255 255 192 26 1100 0000 192 255 255 255 224 27 1110 0000 224 255 255 255 240 28 1111 0000 240 255 255 255 248 29 1111 1000 248 255 255 255 252 30 1111 1100 252 Subnetting 174 You can use subnetting to divide one network into multiple sub networks In the following example a network administrator creates two sub netwo
50. to begin configuring this screen afresh NWA1121 NI User s Guide Chapter 6 Wireless LAN 6 7 RADIUS Screen Use this screen to set up your NWA1121 NI s RADIUS server settings Click Wireless LAN gt RADI US The screen appears as shown Figure 36 Wireless LAN gt RADIUS Wireless Settings SSID Security RADIUS MAC Filter RADIUS Profiles Profile Primary Server Primary Server Backup Server Backup Server Modify Name Status Accounting Status Accounting 1 RadProfile1 Active Inactive Inactive Inactive ie 2 RadProfile2 Inactive Inactive Inactive Inactive i4 3 RadProfile3 Inactive Inactive Inactive Inactive i4 4 RadProfile4 Inactive Inactive Inactive Inactive L4 Select a profile you want to configure and click Edit Figure 37 Wireless LAN gt RADIUS RADIUS Profile Profile Name RadProfile1 RADIUS Server Settings Primary RADIUS Server Enabled Primary Server IP Address 0 0 0 0 Primary Server Port 1812 Primary Share Secret password Backup RADIUS Server C Enabled Backup Server IP Address Backup Server Port Backup Share Secret Accounting Server Settings Primary Accounting Server C Enabled Primary Server IP Address Primary Server Port Primary Share Secret Backup Accounting Server CI Enabled Backup Server IP Address Backup Server Port Backup Share Secret Back Apply Cancel NWA1121 NI User s Guide 87 Chapter 6 Wireless
51. x Rekey Options Reauthentication Time 300 Seconds max 100 3600 Enable Group Key Update Every 100 Seconds max 100 3600 The following table describes the labels in this screen Table 21 Security WPA WPA2 for Access Point LABEL DESCRIPTION Security Settings Profile Name This is the name that identifying this profile Security Mode Choose WPA WPA2 or WPA MIX in this field Rekey Options Reauthentication Specify how often wireless stations have to resend user names and passwords in order to Time stay connected Enter a time interval between 100 and 3600 seconds Alternatively enter 0 to turn reauthentication off Note If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Enable Group Key Select this option to have the NWA1121 NI automatically disconnect a wireless station Update from the wired network after a period of inactivity The wireless station needs to enter the user name and password again before access to the wired network is allowed Enter a time interval between 100 and 3600 seconds Back Click Back to return to the previous screen Apply Click Apply to save your changes Cancel Click Cancel to begin configuring this screen afresh Eg NWA1121 NI User s Guide Chapter 6 Wireless LAN 6 6 4 2 Wireless Client Use this screen to employ WPA or WPA2 as the security mode
52. 00 0000 1a2 0000 can be written as 2001 db8 1a2b 15 0 0 1a2 0 e Any number of consecutive blocks of zeros can be replaced by a double colon A double colon can only appear once in an IPv6 address So 2001 0db8 0000 0000 1a2 0000 0000 0015 can be written as 2001 0db8 1a2 0000 0000 0015 2001 0db8 0000 0000 1a2 0015 2001 db8 1a2 0 0 15 Or 2001 db8 0 0 la2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2 0 32 means that the first 32 bits 2001 db8 is the subnet prefix Link local Address A link local address uniquely identifies a device on the local network the LAN It is similar to a private IP address in IPv4 You can have the same link local address on multiple interfaces on a device A link local unicast address has a predefined prefix of fe80 10 The link local unicast address format is as follows Table 28 Link local Unicast Address Format 1111 1110 10 0 Interface ID 10 bits 54 bits 64 bits Global Address A global address uniquely identifies a device on the Internet It is similar to a public IP address in IPv4 A global unicast address starts with a 2 or 3 NWA1121 NI User s Guid
53. 1121 NI User s Guide Appendix D Wireless LANs Positioning the antennas properly increases the range and coverage area of a wireless LAN Antenna Characteristics Frequency An antenna in the frequency of 2 4GHz or 5GHz is needed to communicate efficiently in a wireless LAN Radiation Pattern A radiation pattern is a diagram that allows you to visualize the shape of the antenna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for better communications For an indoor site each 1 dB increase in antenna gain results in a range increase of approximately 2 5 For an unobstructed outdoor site each 1dB increase in gain results in a range increase of approximately 5 Actual results may vary depending on the network environment Antenna gain is sometimes specified in dBi which is how much the antenna increases the signal power compared to using an isotropic antenna An isotropic antenna is a theoretical perfect antenna that sends out radio signals equally well in all directions dBi represents the true gain that the antenna provides Types of Antennas for WLAN There are two types of antennas used for wireless LAN applications e Omni directional antennas send the RF signal out in all directions on a horizontal plane The coverage area is torus shaped like a donut which makes these antennas ideal fo
54. 1121 NI does not turn on None of the LEDs turn on 1 Make sure you are using the power adaptor or cord included with the NWA1121 NI 2 Make sure the power adaptor or cord is connected to the NWA1121 NI and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adaptor or cord to the NWA1121 NI 4 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure you understand the normal behavior of the LED See Section 1 7 on page 17 2 Check the hardware connections See the Quick Start Guide 3 Inspect your cables for damage Contact the vendor to replace any damaged cables 4 Disconnect and re connect the power adaptor to the NWA1121 NI 5 Ifthe problem continues contact the vendor NWA1121 NI User s Guide 127 Chapter 12 Troubleshooting 12 2 NWA1121 NI Access and Login I forgot the IP address for the NWA1121 NI 1 The default IP address is 192 168 1 2 2 Ifyou changed the IP address and have forgotten it you might get the IP address of the NWA1121 NI by looking up the IP address of the default gateway for your computer To do this in most Windows computers click Start Run enter cmd and then enter ipconfig The IP address of the Default Gateway might be the IP address of the NWA1121 NI it depends on the network so enter this IP address in your Internet browser 3 If this does not w
55. 121 NI User s Guide Chapter 4 Tutorial 3 Select WMM_VOICE in the QoS field to give VoIP the highest priority in the wireless network Click Apply Profile Settings Profile Name VolP_SSID SSID VoIP_SSID RADIUS RadProfile1 vi MAC Filtering Disabled Y WMM VOICE BSSID VLAN ID 4 1 4094 Number of Wireless Stations Allowed to 64 1 1 54 Associate Hidden SSID v Enabled Intra BSS Traffic Blocking C Enabled Back Gx ply Cancel 4 Next click Wireless LAN gt Security Click the Edit icon next to SecProfile2 Security Profiles Profile Name Security Mode Modify 1 SecProfile1 WPA2 PSK MIX Ei 2 SecProfile2 None 3 SecProfile3 None Fi 4 SecProfile4 None s 5 SecProfile5 None 3 6 SecProfile6 None 4 7 SecProfile7 None 4 8 SecProfile8 None 3 NWA1121 NI User s Guide Chapter 4 Tutorial 5 Select WPA2 PSK as the Security Mode and enter the Pre Shared Key In this example use ThisisVol PPreSharedKey Click Apply Security Settings Profile Name SecProfile2 Security Mode WPA2 PSK iv Pre Shared Key iisisVolIPPreSharedKey 8 63 ASCII Characters Back Cancel 6 Your VoIP wireless network is now ready to use Any traffic using the Vol P_ SSID profile will be given the highest priority across the wireless network 4 2 4 Configure the Guest Network When you are setting up the wireless network for guests to your office
56. 300 m tres doivent tre notifi es l Institut Belge des services Postaux et des T l communications IBPT Visitez http www ibpt be pour de plus amples d tails Denmark In Denmark the band 5150 5350 MHz is also allowed for outdoor usage I Danmark m frekvensbandet 5150 5350 ogs anvendes udend rs France For 2 4 GHz the output power is restricted to 10 mW EIRP when the product is used outdoors in the band 2454 2483 5 MHz There are no restrictions when used indoors or in other parts of the 2 4 GHz band Check http www arcep fr for more details 198 NWA1121 NI User s Guide Appendix E Legal Information Pour la bande 2 4 GHz la puissance est limit e 10 mW en p i r e pour les quipements utilis s en ext rieur dans la bande 2454 2483 5 MHz Il n y a pas de restrictions pour des utilisations en int rieur ou dans d autres parties de la bande 2 4 GHz Consultez http www arcep fr pour de plus amples d tails R amp TTE 1999 5 EC WLAN 2 4 2 4835 GHz IEEE 802 11 b g n Location Frequency Range GHz Power EIRP Indoor No restrictions 2 4 2 4835 100mW 20dBm Outdoor 2 4 2 454 100mW 20dBm 2 454 2 4835 10mW 10dBm Italy This product meets the National Radio Interface and the requirements specified in the National Frequency Allocation Table for Italy Unless this wireless LAN product is operating within the boundaries of the owner s property its
57. 6 Wireless LAN The following table describes the general wireless LAN labels in this screen Table 10 Wireless LAN gt Wireless Settings Root AP LABEL DESCRIPTION Basic Settings Wireless LAN Select the check box to turn on the wireless LAN on the NWA1121 NI Interface Operation Mode Select Root AP from the drop down list Wireless Mode Channel Select 802 11b g to allow both IEEE802 11b and IEEE802 11g compliant WLAN devices to associate with the NWA1121 NI The transmission rate of your NWA1121 NI might be reduced Select 802 11b g n to allow IEEE802 11b IEEE802 11g and IEEE802 11n compliant WLAN devices to associate with the NWA1121 NI The transmission rate of the NWA1121 NI might be reduced Select 802 11n to allow only IEEE802 11n compliant WLAN devices to associate with the NWA1121 NI Select the operating frequency channel depending on your particular region from the drop down list box Channel Width This field displays only when you select 802 11n or 802 11b g n in the Wireless Mode field A standard 20MHz channel offers transfer speeds of up to 150Mbps whereas a 40MHz channel uses two standard channels and offers speeds of up to 300Mbps However not all devices support 40MHz channels Select the channel bandwidth you want to use for your wireless network It is recommended that you select 20 40MHz This allows the NWA1121 NI to adjust the channel bandwidth depending on ne
58. A E TT 101 Logans anne A EEE 115 PUNITIVE rassen RAARO 119 Bs PONI si R 127 NWA1121 NI User s Guide 3 Contents Overview 4 NWA1121 NI User s Guide Table of Contents Table of Contents CG ntents ag ge en ee oo ee eee eee ee ee ee eer eee MG 3 iri i Reo lg eee 5 Part i Users GUIGO 9 Chapter 1 Introducing the NWATT2 T vssieiisscctesasssiacsosscssicaisssssiasenisasnnasssiesaaliasaiassassasaasaisasaseassasanbadcakiontiaianys 11 1 3 Introducing the NVA TTT AN sc ccsssscccnccmsrsoseccessts coca Ren Erat a T1 Qc depu MEE DD 11 Le I ro eM 11 L22 VSS CNBR 13 T3 OBL IAE crite T T AA EAE A E E E A epa eno de SK RR Du ERA DUIS EN 14 Ru NISI e 14 L3 Ways to Manege The INA ASI 2 ss dieses i nvut RrepEE S EY ARS RR PEREET sa uasennlsa sana EE IPC YER FRI DIIS ian 15 1 4 Configuring Your NWA1121 NI s Security Features ccccccessceeesseeeeeeceeeeceeeeeaceeeesaeeeeeeeeeeseeeeseaaeees 16 I SE Eo pis A 16 Toss VOID QUIS DB E A af ais mop a E acaba iu OR ae RD RN OL CDD Rae Pa P palin 16 1 5 Good Habits Tor Managing the NWATIST INI 1i aii tati no eire re tb niin EPre gana ser tt t vdd i Ere EU r d dSbaed 16 To Hawao TIA rr 17 og EED oon reset orn Tenn Dra ES UNI DEOS NM eran Eri REI Dux Hie AD FoU UC Dur nr eee 17 Chapter 2
59. A1121 NI s mangement VLAN Section 8 3 on page 99 8 2 What You Need to Know Introduction to VLANs A Virtual Local Area Network VLAN allows a physical network to be partitioned into multiple logical networks Devices on a logical network belong to one group A device can belong to more than one group With VLAN a device cannot directly talk to or hear from devices that are not in the same group s the traffic must first go through a router In Multi Tenant Unit MTU applications VLAN is vital in providing isolation and security among the subscribers When properly configured VLAN prevents one subscriber from accessing the network resources of another on the same LAN thus a user will not see the printers and hard disks of another user in the same building NWA1121 NI User s Guide Chapter 8 VLAN VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain In traditional switched environments all broadcast packets go to each and every individual port With VLAN all broadcasts are confined to a specific broadcast domain IEEE 802 1Q Tag The IEEE 802 1Q standard defines an explicit VLAN tag in the MAC header to identify the VLAN membership of a frame across bridges A VLAN tag includes the 12 bit VLAN ID and 3 bit user priority The VLAN ID associates a frame with a specific VLAN and provides the information that devices need to process the frame across the networ
60. A1121 NI s output power NWA1121 NI User s Guide Chapter 6 Wireless LAN Table 11 Wireless LAN gt Wireless Settings Repeater continued LABEL DESCRIPTION Preamble Type Select Dynamic to have the AP automatically use short preamble when wireless adapters support it otherwise the AP uses long preamble Select Long if you are unsure what preamble mode the wireless adapters support and to provide more reliable communications in busy wireless networks RTS CTS Threshold Request To Send The threshold number of bytes for enabling RTS CTS handshake Data with its frame size larger than this value will perform the RTS CTS handshake Setting this attribute to be larger than the maximum MSDU MAC service data unit size turns off the RTS CTS handshake Setting this attribute to its smallest value 1 turns on the RTS CTS handshake Fragmentation The threshold number of bytes for the fragmentation boundary for directed messages It is the maximum data fragment size that can be sent Aggregation Extension You can use CTS to self or RTS CTS protection mechanism to reduce conflicts with other Channel wireless networks or hidden wireless clients The throughput of RTS CTS is much lower Protection Mode than CTS to self Using this mode may decrease your wireless performance A MPDU This field is available only when 802 11 b g n is selected as the Wireless Mode Select to enable A MPDU agg
61. Appendix A Setting Up Your Computer s IP Address Verifying Settings Check your TCP IP properties by clicking Applications gt Utilities gt Network Utilities and then selecting the appropriate Network I nterface from the I nfo tab Figure 69 Mac OS X 10 4 Network Utility eoe Network Utility info Netstat AppleTalk Ping Lookup Traceroute Whois Finger Port Scan iaterface for information Network Interface en0 i Transfer Statistics Hardware Address 00 16 cb 8b 50 2e Sent Packets 20607 IP Address es 118 169 44 203 Link Speed 100 Mb Link Status Active Send Errors 0 Recv Packets 22626 Recv Errors 0 Vendor Marvell Collisions 0 Model Yukon Gigabit Adapter 88E8053 Mac OS X 10 5 and 10 6 1 The screens in this section are from Mac OS X 10 5 but can also apply to 10 6 Click Apple System Preferences Finder File Edit View About This Mac Software Update Mac OS X Software E ea System Preferences UO Pp Recent Items p Force Quit X388 Sleep Restart Shut Down NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address 2 In System Preferences click the Network icon Personal c ow M B uU o Q Appearance Desktop amp Expos amp International Security Spotlight Screen Saver Spaces Hardware E V o S a CDs amp DVDs Displays Energy Dist amp Print amp Fax Saver Mouse Internet amp N Mac Net
62. Click OK to close the window Figure 82 Java Sun Internet Options T Al xl General Security Privacy Content Connections Programs Advanced Settings O Use inline AutoComplete O Use Passive FTP for firewall and DSL modem compatibility Use smooth scrolling E HTTP 1 1 settings v Use HTTP 1 1 aH Use HTTP 1 1 through proxy connections Java ee d Use Java 21 41 07 for lt appleo eqs ea gt 2 v1 4 1 07 for d Use Java 2141 DT for lt appleo eques esi gt requires restart 3 Microso O Java ae enabled requires restart O Java logging enabled JIT compiler for virtual machine enabled requires restart Multimedia O Always show Internet Explorer 5 0 or later Radio toolbar O Don t display online media content in the media bar l Enable Automatic Image Resizing x b Restore Defaults Cancel Apply Mozilla Firefox Mozilla Firefox 2 0 screens are used here Screens for other versions may vary slightly The steps below apply to Mozilla Firefox 3 0 as well You can enable Java Javascript and pop ups in one screen Click Tools then click Options in the screen that appears Figure 83 Mozilla Firefox TOOLS gt Options IEEE Help Web Search Ctrl K Downloads Ctrl J Add ons Web Developer Error Console Adblock Plus Ctri Shift A Page Info FireFTP Clear Private Data Ctrl Shift Del Tab Mix Plus Options 3 Session Manager i Options NWA1121 NI Us
63. D5 authentication is the simplest one way authentication method The authentication server sends a challenge to the wireless client The wireless client proves that it knows the password by encrypting the password with the challenge and sends back the information Password is not sent in plain text However MD5 authentication has some weaknesses Since the authentication server needs to get the plaintext passwords the passwords must be stored Thus someone other than the authentication server may access the password file In addition it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication Finally MD5 authentication method does not support data encryption with dynamic session key You must configure WEP encryption keys for data encryption EAP TLS Transport Layer Security With EAP TLS digital certifications are needed by both the server and the wireless clients for mutual authentication The server presents a certificate to the client After validating the identity of the server the client sends a different certificate to the server The exchange of certificates is done in the open before a secured tunnel is created This makes user identity vulnerable to passive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which imposes a manag
64. E 93 Chapter 7 ERN icnn boss esiste b ciciteive te iue re let E METAM SI ERI GER PE TAERER GERE ELEM FEE RUE OR ERU EA LOCARE NU MATE a SEDI UER PL EE EORE HE RN D 94 rp x eer A E ELEA es cas ae EE ae ea a etd ee eset E O 94 T2 What You Can Doin tis ls PRETIUM 94 Ta What POU Need To KNOW 2iieuxnesxieccities ph Dia A E UE E bU Td one d d eed 94 FE SELLE dr Nm 96 Chapter 8 5 1 How EE n 98 NES RICE S E ETE D ST tm 98 831 1 What vou Can Do Im This D VIDI eacsespacccc Neto etas abepe cioe eo ease poca EE ae ce bna aci Cen edel 98 gv Yol NESO 1O RDUM sasini d duke odor ute arie tide E EAE a em Eae dpa Ri ad d da eR 98 Ba VLAM SEIS acusvisstentei ti nmdeden Mes mess Sask st Un MC Mit eeu Med Mrs Enden 99 Chapter 9 1 XE X 101 BT OUS VEU see eria oett aa Fb sa n bU d phar a deett o PRSE 101 9 2 Wheat You Can Desi tale SD BE ouissesestteictbeetitiu b rera a b ei vu RUP eA Eee iva Seg bte e 101 2 bac vau Need TOPON iussis ise REO a Ex eb epec am gena ca o reri tapa Raus Rer sa cabe imEni oaa Er code aeer s 102 CEU V Ec a UTE T a abet ie an ets TTL T E 104 cRo an dieci d E I NS E Sade cen EE OSEE 105 To REN SCOE LB P DET 106 CM DNI PN ONSE 107 SEI Ext 1 Me iene S E UU E TN 110 889 Techical Roron penan pud dt Rl ERE ER Re GO en a ER a ber RR OR S eee 111 RS pee m 111 BS aU PU IES mee PN 112 99 3 Private Publie CerllicaleB 1s i
65. EFFORT Typically used for traffic from applications or devices that lack QoS capabilities Use best effort priority for traffic that is less sensitive to latency but is affected by long delays such as Internet surfing background WMM_BACKGROUND This is typically used for non critical traffic such as bulk transfers and print jobs that are allowed but that should not affect other applications and users Use background priority for applications that do not have strict latency and throughput requirements NWA1121 NI User s Guide Chapter 6 Wireless LAN 6 9 3 Security Mode Guideline The following is a general guideline in choosing the security mode for your NWA1121 NI e Use WPA 2 PSK if you have WPA 2 aware wireless clients but no RADIUS server e Use WPA 2 security if you have WPA 2 aware wireless clients and a RADIUS server WPA has user authentication and improved data encryption over WEP e Use WPA 2 PSK if you have WPA 2 aware wireless clients but no RADIUS server e If you don t have WPA 2 aware wireless clients then use WEP key encrypting A higher bit key offers better security You can manually enter 64 bit or 128 bit WEP keys More information on Wireless Security can be found in Appendix D on page 179 NWA1121 NI User s Guide LAN 7 1 Overview This chapter describes how you can configure the IP address of your NWA1121 NI The Internet Protocol IP address identifies a de
66. Email Log Now Select the categories of alerts for which you want the NWA1121 NI to immediately send e mail alerts Apply Click Apply to save your customized settings Cancel Click Cancel to begin configuring this screen afresh NWA1121 NI User s Guide Maintenance 11 1 Overview This chapter describes the maintenance screens It discusses how you can upload new firmware manage configuration and restart your NWA1121 NI without turning it off and on This chapter provides information and instructions on how to identify and manage your NWA1121 NI over the network Figure 58 NWA1121 NI Setup NWA eae In the figure above the NWA1121 NI connects to a Domain Name Server DNS server to avail of a domain name It also connects to an Network Time Protocol NTP server to set the time on the device 11 2 What You Can Do in this Chapter e Use the General screen to specify the system name see Section 11 4 on page 120 e Use the Password screen to manage the password for your NWA1121 NI see Section 11 5 on page 121 e Use the Time screen to change your NWA1121 NI s time and date This screen allows you to configure the NWA1121 NI s time based on your local time zone see Section 11 6 on page 122 e Use the Firmware Upload screen to upload the latest firmware for your NWA1121 NI see Section 11 7 on page 123 e Use the Backup Restore screen to view information related to factory defaults bac
67. From the Options sub menu select Show Connection I nformation Figure 73 openSUSE 10 3 KNetwork Manager Disable Wireless 4 KNetworkManager a Wired Devices X Wired Network E Dial Up Connections v 3 Switch to Offline Mode 4 Show Connection Information Configure 2 Options NWA1121 NI User s Guide 157 Appendix A Setting Up Your Computer s IP Address When the Connection Status KNetwork Manager window opens click the Statistics tab to see if your connection is working properly Figure 74 openSUSE Connection Status KNetwork Manager Connection Status KNetworkManager Device S Addresse CH Statistics Received Transmitted Bytes 2317441 841875 MBytes 2 2 0 8 Packets 3621 3140 Errors 0 0 Dropped 0 0 KBytes s 0 0 0 0 NWA1121 NI User s Guide Pop up Windows JavaScript and Java Permissions In order to use the web configurator you need to allow e Web browser pop up windows from your device JavaScript enabled by default e Java permissions enabled by default Note The screens used below belong to Internet Explorer version 6 7 and 8 Screens for other Internet Explorer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s I
68. Introducing the Web Configurator eeeeeeeeeeeeeeeeeeee eese eene e nennen nn nant nnn anni nnn itaisaidia 19 2 1 Accessing the Web OTI DE cerrarse a eux bab sas ciu ps nt ar a 19 ec essttina die NET TEIN I sais bru REDEEM TENTER Re DIR AERRDGS RS ERP ERU UR Ma bag aa odas a RR Man D HR DOR Rs 20 2 2 1 Methods Of Restoring Factory Defaults ecu dest reed vp sani tetd d ga aE te ced Rank o beau daas vsu aia 21 excaderiugeRiimu emdne e rii EE 22 C WE Tam mE 22 esc ceIMIIP INS MUTET se vieset uacadicaig amin bisdeut ee niassis mata caigenlaideuueaeusaenelss 23 DACRON ANT CUCM etm 24 Chapter 3 NAN Mee 25 231 The Dashboard SOS eher epissRbe cxaaadneoidaeadcenneaead arenes HI dtu be QTEd EXE PLU edad REPE QUiP d TUUM d dn M ded RR QUE 25 Chapter 4 UU 29 NWA1121 NI User s Guide 5 Table of Contents 4 4 Flow to Configure the Wireless LAN 12er bd Log ta a ecce eua aac i betta a oda Rada 29 CINE eIDUE ASI Mode edv 29 BAL Funther ROAGO Ee 29 4 2 How to Configure Multiple Wireless Networks esssssssssseseseeeees eene enne nennen nens 29 4e i SUM TENG ol PROMI fe t E 31 422 Congue mhe standard NEWwWark Wet 33 Sg G migure he VolP MODE oesdeazoc osito dk sux a Db ara d Sca
69. LAN 88 The following table describes the labels in this screen Table 24 Wireless LAN gt RADIUS LABEL DESCRIPTION Profile Name This is the name that identifying this RADIUS profile Primary RADIUS Server Select the check box to enable user authentication through an external authentication server Primary Server IP Enter the IP address of the RADIUS server to be used for authentication Address Primary Server Enter the port number of the RADIUS server to be used for authentication Port Primary Share Enter a password up to 64 alphanumeric characters as the key to be shared Secret between the external authentication server and the NWA1121 NI The key must be the same on the external authentication server and your NWA1121 NI The key is not sent over the network Backup RADIUS Server If the NWA1121 NI cannot communicate with the primary RADIUS server you can have the NWA1121 NI use a backup RADIUS server Make sure the check boxe is selected if you want to use the backup server The NWA1121 NI will attempt to communicate three times before using the backup server Requests can be issued from the client interface to use the backup server The length of time for each authentication is decided by the wireless client or based on the configuration of the Reauthentication Time field in the Wireless LAN gt Security screen Backup Server IP Address Enter the IP address of the RADIUS
70. MT Desktop Connection This connection uses the following items amp Client for Microsoft Networks v e Network Monitor3 Driver I File and Printer Sharing for Microsoft Networks Mo Inteme ic E reg Internet Protocol Version 4 TCP NPA ow M Link Layer Topology Discovery Mapper I O Driver Link Layer Topology Discovery Responder Y P Description Transmission Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks KI S 137 NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address 7 9 The Internet Protocol Version 4 TCP IPv4 Properties window opens Internet Protocol Version 4 TCP IPv4 Properties aE General Alternate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator For the appropriate IP settings Use the Following IP address Obtain DNS server address automatically Use the following DNS server addresses Advanced cance Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically Select Use the following I P Address and fill in the IP address Subnet mask and Default gateway fields if you have a static IP address that
71. NWA1121 NI 802 11b g n PoE Access Point Default Login Details IP Address http 192 168 1 2 User Name admin Password 1234 Version 1 00 Edition 1 03 2012 ZyXEL www zyxel com Copyright 2012 ZyXEL Communications Corporation IMPORTANT READ CAREFULLY BEFORE USE KEEP THIS GUIDE FOR FUTURE REFERENCE Graphics in this book may differ slightly from the product due to differences in operating systems operating system versions or if you installed updated firmware software for your device Every effort has been made to ensure that the information in this manual is accurate Related Documentation e Quick Start Guide The Quick Start Guid is designed to help you get up and running right away NWA1121 NI User s Guide Contents Overview Contents Overview Usora GURO EE LIEU E PET E E nu ece mene ratcaane 9 rodic Pro TE N Sa Nro plot e 11 Trt ooucing die Web Conigurator 3 nie aee oin patere a d aa roD p Moa late a big i Rl Pedes ed p lan 19 Eds NE I T D m 25 EI me m 29 Technical PGTORO NICS oassiiaieeiedtelvsadi edax Hddes TAM dared nabsa aaia EGO P A RII AX M PPM iora MIO HA DR ME rA PUR UOda 47 ubere ME E EOD E D EN I IN I EE 49 bac ror M M 55 EAN M 94 PICO AAE EEE AE A A AES SE AE E E A AE EEE A AEE EEE T EE H 98 ER E rasa EE E E E
72. ON WWW HTTP Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management HTTPS Port The HTTPS proxy server listens on port 443 by default If you change the HTTPS proxy server port to a different number on the NWA1121 NI for example 8443 then you must notify people who need to access the NWA1121 NI web configurator to use https NWA1121 NI IP Address 8443 as the URL Select the interface s through which a computer may access the NWA1121 NI using WWW and to which the IP and MAC filtering rules you specified below are applied Otherwise select Disable to allow any computer to access the NWA1121 NI through any interface using WWW Secured Client IP Address Secured Client MAC Address Apply A secured client is a trusted computer that is allowed to communicate with the NWA1121 NI using this service Select All to allow any computer to access the NWA1121 NI using this service Choose Selected to just allow the computer with the IP address that you specify to access the NWA1121 NI using this service Select All to allow any computer to access the NWA1121 NI using this service Choose Selected to just allow the computer with the MAC address that you specify to access the NWA1121 NI using this service Click Apply to save your customized settings Cancel Click Cancel to begin configuring this screen afresh
73. P address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 75 Pop up Blocker Mail and News Pop up Blocker Manage Add ons Synchronize Windows Update Windows Messenger Internet Options You can also check if pop up blocking is disabled in the Pop up Blocker section in the Privacy tab 1 In Internet Explorer select Tools Internet Options Privacy NWA1121 NI User s Guide Appendix B Pop up Windows JavaScript and Java Permissions 2 Clear the Block pop ups check box in the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 76 Internet Options Privacy Internet Options General Security Privacy Content Connections Programs Advanced Settings 1 Move the slider to select a privacy setting for the Internet gt zone Medium Blocks third party cookies that do not have a compact privacy policy Blocks third party cookies that use personally identifiable LJ information without your implicit consent Restricts first party cookies that use personally identifiable information without implicit consent Pop up Blocker Prevent most pop up windows from appearing _ Block pop ups 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the f
74. PTION SNMP Port You can change the server port number for a service if needed however you must use the same port number in order to use that service for remote management NWA1121 NI User s Guide Chapter 9 System Table 33 System gt SNMP continued LABEL DESCRIPTION Server Access Select the interface s through which a computer may access the NWA1121 NI using SNMP and to which the IP and MAC filtering rules you specified below are applied Otherwise select Disable to allow any computer to access the NWA1121 NI through any interface using SNMP Secured Client IP Address A secured client is a trusted computer that is allowed to communicate with the NWA1121 NI using this service Select All to allow any computer to access the NWA1121 NI using this service Choose Selected to just allow the computer with the IP address that you specify to access the NWA1121 NI using this service Secured Client MAC Address SNMP Configuration Select All to allow any computer to access the NWA1121 NI using this service Choose Selected to just allow the computer with the MAC address that you specify to access the NWA1121 NI using this service Protocol Version Select the SNMP version for the NWA1121 NI which you allow the SNMP manager to use to access the NWA1121 NI The SNMP version on the NWA1121 NI must match the version on the SNMP manager Get Community Enter the Get Community which is
75. Secured Client IP Address 9 Al Selected 0 0 0 0 Secured Client MAC Address 9 Al Selected 00 00 00 00 00 00 NWA1121 NI User s Guide Chapter 9 System The following table describes the labels in this screen Table 32 System gt Telnet LABEL DESCRIPTION TELNET Port You can change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Server Access Select the interface s through which a computer may access the NWA1121 NI using Telnet and to which the IP and MAC filtering rules you specified below are applied Otherwise select Disable to allow any computer to access the NWA1121 NI through any interface using Telnet Secured Client IP Address Secured Client MAC Address Apply A secured client is a trusted computer that is allowed to communicate with the NWA1121 NI using this service Select All to allow any computer to access the NWA1121 NI using this service Choose Selected to just allow the computer with the IP address that you specify to access the NWA1121 NI using this service Select All to allow any computer to access the NWA1121 NI using this service Choose Selected to just allow the computer with the MAC address that you specify to access the NWA1121 NI using this service Click Apply to save your customized settings Cancel Click Cancel to begin configuri
76. Subnet 2 Subnet Address 192 168 1 64 IP SUBNET MASK NETWORK NUMBER vn acia IP Address 192 168 1 64 IP Address Binary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Lowest Host ID 192 168 1 65 Broadcast Address 192 168 1 127 Highest Host ID 192 168 1 126 Table 47 Subnet 3 IP SUBNET MASK NETWORK NUMBER DA aaa IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 48 Subnet 4 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 192 IP Address Binary 11000000 10101000 00000001 11000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Eight Subnets Similarly use a 27 bit mask to create eight subnets 000 001 010 011 100 101 110 and 111 176 NWA1121 NI User s Guide Appendix C IP Addresses and Subnetting The following table shows IP address last octet values for each subnet Table 49 Eight Subnets SUBNET ADDRESS FIRST ADDRESS ADDRESS ADDRESS
77. The IP settings are displayed as follows Mac OS X 10 3 and 10 4 The screens in this section are from Mac OS X 10 4 but can also apply to 10 3 1 Click Apple gt System Preferences W Finder File Edit Vie About This Mac Software Update Mac OS X Software System Preferences Dock Location Recent Items Force Quit Sleep Restart Shut Down NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address 2 Inthe System Preferences window click the Network icon ean System Preferences gt q Personal gH o E a oo Q Appearance Dashboard amp Desktop amp Dock International Security Spotlight Expos Screen Saver Hardware t i gt A 0 Ww y p Bluetooth CDs amp DVDs Displays Energy Keyboard amp Print amp Fax Sound Saver Mouse e e a B QuickTime Sharing 8 B e Accounts Date amp Time Software Speech Startup Disk Universal Update Access 3 When the Network preferences pane opens select Built in Ethernet from the network connection type list and then click Configure eoo Network J a gt Show ail Q Location Automatic Show Network Status 3 Built in Ethernet is currently active and has the IP address Built in Ethernet 10 0 1 2 You are connected to the Internet via Built in Ethernet Internet Sharing is on and is using AirPort to share the 6 AirPort connection 1 id Click the l
78. User s Guide Chapter 6 Wireless LAN Table 22 Security WPA WPA2 for Wireless Client continued LABEL DESCRIPTION Back Click Back to return to the previous screen Apply Click Apply to save your changes Cancel Click Cancel to begin configuring this screen afresh 6 6 5 Security WPA PSK WPA2 PSK WPA2 PSK MIX Use this screen to employ WPA PSK WPA2 PSK or WPA2 PSK MIX as the security mode of your NWA1121 NI Select WPA PSK WPA2 PSK or WPA2 PSK MI X in the Security Mode field to display the following screen Figure 35 Security WPA PSK WPA2 PSK or WPA2 PSK MIX Security Settings Profile Name Security Mode Pre Shared Key SecProfile1 WPAZ PSKMIX vw 8 63 ASCII Characters The following table describes the labels not previously discussed Table 23 Security WPA PSK WPA2 PSK or WPA2 PSK MIX LABEL DESCRIPTION Profile Name Security Mode This is the name that identifying this profile Choose WPA PSK WPA2 PSK or WPA2 PSK MI X in this field Pre Shared Key The encryption mechanisms used for WPA and WPA PSK are the same The only difference between the two is that WPA PSK uses a simple common password instead of user specific credentials Type a pre shared key from 8 to 63 case sensitive ASCII characters including spaces and symbols Back Click Back to return to the previous screen Apply Click Apply to save your changes Cancel Click Cancel
79. WPA2 HClLab 9 00 17 94 50 24 9F 802 11b g alll 77 WPA2 PSK ZyXEL 4CWHW7 6 00 13 49 FA 54 B4 802 11b g all 46 WPA2 PSK ZyXEL_MT01991 6 C8 6C 87 80 D2 6C 802 11b g a 26 WPA2 PSK kkap 6 04 46 65 74 C8 F9 802 11b g 1 19 WPA2 PSK SecureWirelessNetwork 6 00 19 CB 00 00 00 802 11b g 0 16 WPA2 PSK 6 68 92 34 09 9E C1 802 11b g Bi 9 WPA PSK 5200 TUN24G IN PSK 6 22 44 03 05 82 3B 802 11b g 0 16 WPA2 PSK 5200 TUN24G OUT WPA2 6 02 44 03 05 82 3B 802 11b g 0 16 WPA2 5200 TUN24G IN WPA2 6 40 44 03 05 82 3B 802 11b g Wil 16 WPA2 TN private H77E9W 7 00 13 49 12 84 60 802 11b g al 4 WPA PSK ZyXEL_MIS_WPA 11 40 44 03 69 D9 F5 802 1 1b g all 43 WPA2 ZyXEL_MIS_WPA 1 50 67 F0 37 A0 25 802 11b g atilllazs WPA2 ZyXEL GUEST 36 62 67 F0 37 A0 26 802 11a 0 5 WEP The following table describes the labels in this screen Table 8 Channel Usage LABEL DESCRIPTION SSID This is the Service Set IDentification SSID name of the AP in an Infrastructure wireless network or wireless station in an Ad Hoc wireless network For our purposes we define an Infrastructure network as a wireless network that uses an AP and an Ad Hoc network also known as Independent Basic Service Set IBSS as one that doesn t See the chapter on wireless configuration for more information on basic service sets BSS and extended service sets ESS This is the index number of the channel currently used by the associated AP in an Infrastructure wire
80. WPA2 Pre Shared Key that only requires a single identical password entered into each access point wireless gateway and wireless client As long as the passwords match a wireless client will be granted access to a WLAN If the AP or the wireless clients do not support WPA2 just use WPA or WPA PSK depending on whether you have an external RADIUS server or not Select WEP only when the AP and or wireless clients do not support WPA or WPA2 WEP is less secure than WPA or WPA2 Encryption WPA improves data encryption by using Temporal Key Integrity Protocol TKIP Message Integrity Check MIC and IEEE 802 1x WPA2 also uses TKIP when required for compatibility reasons but offers stronger encryption than TKIP with Advanced Encryption Standard AES in the Counter mode with Cipher block chaining Message authentication code Protocol CCMP TKIP uses 128 bit keys that are dynamically generated and distributed by the authentication server AES Advanced Encryption Standard is a block cipher that uses a 256 bit mathematical algorithm 187 NWA1121 NI User s Guide Appendix D Wireless LANs called Rijndael They both include a per packet key mixing function a Message Integrity Check MIC named Michael an extended initialization vector IV with sequencing rules and a re keying mechanism WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is never used twice The RADIUS server distribu
81. Wireless LAN gt Wireless Settings Wireless Client continued LABEL DESCRIPTION SSID Profile The SSID Service Set IDentifier identifies the Service Set with which a wireless station is associated Wireless stations associating to the access point AP must have the same SSID In this field select the SSID profile of the AP you want to use Click Apply The SSID used in the selected SSID profile automatically changes to be the one you select in the Site Survey screen Set the security configuration for this operating mode in the Wireless LAN gt Security screen Check the Dashboard screen to check if the settings you set show in the WLAN information Note If you are configuring the NWA1121 NI from a computer connected to the wireless LAN and you change the NWA1121 NI s SSID or security settings you will lose your wireless connection when you press Apply to confirm You must then change the wireless settings of your computer to match the NWA1121 Nl s new settings Channel This shows the operating frequency channel in use This field is read only when you select Client as your operation mode Channel Width A standard 20MHz channel offers transfer speeds of up to 150Mbps whereas a 40MHz channel uses two standard channels and offers speeds of up to 300Mbps However not all devices support 40MHz channels Select the channel bandwidth you want to use for your wireless network It is recommended that you sel
82. a Click the lock to prevent further changes 6 Click Apply and close the window NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address Verifying Settings Check your TCP IP properties by clicking Applications gt Utilities gt Network Utilities and then selecting the appropriate Network interface from the Info tab Figure 70 Mac OS X 10 5 Network Utility eoo twork Utili Info Netstat AppleTalk Ping Lookup Traceroute Whois Finger PortScan Please sels eiueckinterface for information Network Interface en1 a Hardware Address 00 30 65 25 6a b3 Sent Packets 1230 Transfer Statistics IP Address es 10 0 2 2 Send Errors 0 Link Speed 11 Mbit s Recv Packets 1197 Link Status Active Recv Errors 0 Vendor Apple Collisions 0 Model Wireless Network Adapter 802 11 Linux Ubuntu 8 GNOME This section shows you how to configure your computer s TCP IP settings in the GNU Object Model Environment GNOME using the Ubuntu 8 Linux distribution The procedure screens and file locations may vary depending on your specific distribution release version and individual configuration The following screens use the default Ubuntu 8 installation Note Make sure you are logged in as the root administrator Follow the steps below to configure your computer IP address in GNOME 1 Click System gt Administration gt Network System e Preferences F Authorizations o Hal T
83. a atitinka esminius reikalavimus ir kitas 1999 5 EB Direktyvos nuostatas Dutch Hierbij verklaart ZyXEL dat het toestel uitrusting in overeenstemming is met de essenti le eisen en de andere relevante bepalingen van richtlijn 1999 5 EC Maltese Hawnhekk ZyXEL jiddikjara li dan tag mir jikkonforma mal ti ijiet essenzjali u ma provvedimenti o rajn relevanti li hemm fid Dirrettiva 1999 5 EC Hungarian Alul rott ZyXEL nyilatkozom hogy a berendez s megfelel a vonatkoz alapvet k vetelm nyeknek s az 1999 5 EK ir nyelv egy b el r sainak Polish Niniejszym ZyXEL o wiadcza ze sprz t jest zgodny z zasadniczymi wymogami oraz pozosta ymi stosownymi postanowieniami Dyrektywy 1999 5 EC Portuguese ZyXEL declara que este equipamento est conforme com os requisitos essenciais e outras disposi es da Directiva 1999 5 EC Slovenian ZyXEL izjavlja da je ta oprema v skladu z bistvenimi zahtevami in ostalimi relevantnimi dolo ili direktive 1999 5 EC Slovak ZyXEL t mto vyhlasuje e zariadenia sp a z kladn po iadavky a v etky pr slu n ustanovenia Smernice 1999 5 EC Finnish ZyXEL vakuuttaa t ten ett laitteet tyyppinen laite on direktiivin 1999 5 EY oleellisten vaatimusten ja sit koskevien direktiivin muiden ehtojen mukainen Swedish H rmed intygar ZyXEL att denna utrustning st r I verensst mmelse med de v sentliga egenskapskrav och vriga relevanta best mmelser som framg r av direktiv 1999 5
84. address in which the first three octets 192 168 1 are the network number and the fourth octet 16 is the host ID Figure 88 Network Number and Host ID 192 168 1 16 r hr m p SER A a oi 8 1 a 1 1 i E i mn m m m m m m m mm V How much of the IP address is the network number and how much is the host ID varies according to the subnet mask Subnet Masks A subnet mask is used to determine which bits are part of the network number and which bits are part of the host ID using a logical AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal Table 41 Subnet Masks IST OCTET 72 on 4TH OCTET 192 168 1 2 IP Address Binary 11000000 10101000 00000001 00000010 Subnet Mask Binary 11111111 11111111 11111111 00000000 Network Number 11000000 10101000 00000001 Host ID 00000010 By convention subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask followed by a continuous sequence of zero
85. ants to the original end user purchaser that this product is free from any defects in material or workmanship for a specific period the Warranty Period from the date of purchase The Warranty Period varies by region Check with your vendor and or the authorized ZyXEL local distributor for details about the Warranty Period of this product During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials ZyXEL will at its discretion repair or replace the defective products or NWA1121 NI User s Guide Appendix E Legal Information components without charge for either parts or labor and to whatever extent it shall deem necessary to restore the product or components to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product has been modified misused tampered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind t
86. ated Interface athO MAC 40 a6 d9 cc 03 28 The following table describes the labels in this screen Table 5 Logs LABEL DESCRIPTION Display Select a category of logs to view Select All Log to view logs from all of the log categories that you selected in the Configuration gt Log Settings screen E Mail Log Now Click E Mail Log Now to send the log screen to the e mail address specified in the Log Settings page make sure that you have first filled in the E mail Log Settings fields in Configuration gt Log Settings Refresh Click Refresh to renew the log screen Clear Log Click Clear Log to delete all the logs This field is a sequential value and is not associated with a specific entry Time This field displays the time the log was recorded Message This field states the reason for the log Source This field lists the source IP address and the port number of the incoming packet 5 4 Statistics Use this screen to view read only information including 802 11 Mode Channel ID Retry Count and FCS Error Count Also provided is the poll interval The Poll Interval field is configurable and is used for refreshing the screen NWA1121 NI User s Guide Chapter 5 Monitor Click Monitor gt Statistics The following screen pops up Figure 14 Statistics Statistics View Status Description 802 11 Mode Channel ID RX Pkts TX Pkts WLAN1 802 11ng 6 7288510 936751
87. backed up an earlier configuration file you would not have to totally re configure the NWA1121 NI You could simply restore your last configuration 1 6 Hardware Connections See your Quick Start Guide for information on making hardware connections 1 7 LED Figure 5 LED Table 1 LED COLOR STATUS DESCRIPTION Amber On There is system error and the NWA1121 NI cannot boot up or the NWA1121 NI doesn t have an Ethernet connection with the LAN Flashing The NWA1121 NI is starting up Off The NWA1121 NI is receiving power and ready for use Green On The WLAN is active Blinking The WLAN is active and transmitting or receiving data Off The WLAN is not active NWA1121 NI User s Guide Chapter 1 Introducing the NWA1121 NI NWA1121 NI User s Guide Introducing the Web Configurator This chapter describes how to access the NWA1121 NI s web configurator and provides an overview of its screens 2 1 Accessing the Web Configurator 1 Make sure your hardware is properly connected and prepare your computer or computer network to connect to the NWA1121 NI refer to the Quick Start Guide 2 Launch your web browser 3 Type 192 168 1 2 as the URL default The login screen appears Figure 6 The Login Screen 4 Type admin as the default username and 1234 as the default password Click Login 5 You should see a screen asking you to change your password highly recommended as shown n
88. bled Disabled Summary ath1 ZyXEL 02 03 7F 42 82 68 Disabled Disabled Statistics Details ath2 ZyXEL NWA 12 03 7F 42 82 68 Disabled Disabled Association List Details View Log Details NWA1121 NI User s Guide Chapter 3 Dashboard The following table describes the labels in this screen Table 3 The Dashboard Screen LABEL DESCRIPTION Refresh Interval Select how often you want the NWA1121 NI to update this screen Refresh Now Click this to update this screen immediately System Information System Name This field displays the NWA1121 NI system name It is used for identification You can change this in the Maintenance gt General screen s System Name field WLAN Operating Mode This field displays the current operating mode of the wireless module Root AP Repeater Client or MBSSI D You can change the operating mode in the Configuration gt Wireless LAN gt Wireless Settings screen Firmware Version Serial Number This field displays the current version of the firmware inside the device It also shows the date the firmware version was created You can change the firmware version by uploading new firmware in Maintenance Firmware Upgrade This field displays the serial number of the NWA1121 NI Ethernet Information LAN MAC Address This displays the MAC Media Access Control address of the NWA1121 NI on the LAN Every networ
89. bnet s broadcast address 192 168 1 0 with mask 255 255 255 128 is subnet A itself and 192 168 1 127 with mask 255 255 255 128 is its broadcast address Therefore the lowest IP address that can be assigned to an actual host for subnet A is 192 168 1 1 and the highest is 192 168 1 126 Similarly the host ID range for subnet B is 192 168 1 129 to 192 168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits giving 29 2 or 62 hosts for each subnet a host ID of all zeroes is the subnet itself all ones is the subnet s broadcast address Table 45 Subnet 1 IP SUBNET MASK NETWORK NUMBER Tite aaa IP Address Decimal 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 NWA1121 NI User s Guide 175 Appendix C IP Addresses and Subnetting Example Table 45 Subnet 1 continued IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE Subnet Address Lowest Host ID 192 168 1 1 192 168 1 0 Broadcast Address Highest Host ID 192 168 1 62 192 168 1 63 Table 46
90. c cc 127 D CU REL ened LOG e T m 128 Te VRE o mE 129 Appendix A Setting Up Your Computer s IP Address eeeseeeeeeneeen 131 Appendix B Pop up Windows JavaScript and Java Permissions sssseeeee 159 Appendix C IP Addresses and Subnef ng ieee seriei traten neces ntn an Uta Rd ci M Race R acp i MMRRAS 171 Append D Wireless LANS T PQ 179 Append E eee LI Deen ee nar ee a Raia eer mus MS a Ae ere 193 201 NWA1121 NI User s Guide PART User s Guide Introducing the NWA1121 NI This chapter introduces the main applications and features of the NWA1121 NI It also discusses the ways you can manage your NWA1121 NI 1 1 Introducing the NWA1121 NI Your NWA1121 NI is an IPv6 wireless AP Access Point that can function in several wireless modes It extends the range of your existing wired network without additional wiring providing easy network access to mobile users The NWA1121 NI controls network access with MAC address filtering and RADIUS server authentication It also provides a high level of network traffic security supporting IEEE 802 1x Wi Fi Protected Access WPA WPA2 and WEP data encryption Its Quality of Service QoS features allow you to prioritize time sensitive or highly important applications such as VoIP Your NWA1121 NI is easy to install configure and
91. cis o miedo dba kk Cep EE d s pear anpra Fe d gu RE 112 994 Coriicaton FRU MOMMIES suani ota deo I s Meca e Aa EPA INgs ra NPNP RI ddianns 112 9 9 5 Checking the Fingerprint of a Certificate on Your Computer sessseeeeee 112 Chapter 10 Mes gcc oe ere 115 NWA1121 NI User s Guide Table of Contents MESS Vg A NU UU UU S 115 pes ho u Can Do Mihe Chaer TNR tS 115 TOS What You Negd TO RNOW dm 116 por 3g o eneee e aea do A E E pde iva bad Np A E E E 116 Chapter 11 Lili 0 5 0O A O 0 A O O 119 Vct UB cosdestousdbbu etie nda DeL MIND Hd buda UE P ep tree re leta cree aM M deben 119 Tea Niat vou Gam Docs Chapter cce De ead eb D Pott bes br uda ai RR 119 ERO CUEOGUEM Idqg X 120 E Ec i rd lle M 120 TEE PASS WORE SCIEN uiisosidietossdirbistidanta prc ena een ons agit EER 121 DEM II IDEE ES DL SU LESTIE 122 uS een Rogori mec a a 123 11 9 Conlgaralisn Flo SORRY oorname aaa aia a aa a Fo adstare 124 11281 Baup Eonia Geo trea i tRPOY a Uto aset ntes tei OA 124 tie Reser Ip MemT 9 124 11 5 3 Dach To Facto DOANE siisi p adn api rd Mad tad Gb Hd m teda pei a disk ONE EAAS NE RASA 125 11O Resla GOCE M T 125 Chapter 12 Troubleshoot P H 127 12 1 Power Hardware Connections and LEDS 1 5 uieeecesiank euin kaga karate a tti cr rk k
92. controls WLAN transmission priority on packets to be transmitted over the wireless network WMM QoS prioritizes wireless traffic according to the delivery requirements of the individual and applications WMM QoS is a part of the IEEE 802 11e QoS enhancement to certified Wi Fi wireless networks On APs without WMM QoS all traffic streams are given the same access priority to the wireless network If the introduction of another traffic stream creates a data transmission demand that exceeds the current network capacity then the new traffic stream reduces the throughput of the other traffic streams The NWA1121 NI uses WMM QoS to prioritize traffic streams according to the IEEE 802 1q or DSCP information in each packet s header The NWA1121 NI automatically determines the priority to use for an individual traffic stream This prevents reductions in data transmission for applications that are sensitive to latency and jitter variations in delay 6 9 2 1 WMM QoS Priorities The following table describes the WMM QoS priority levels that the NWA1121 NI uses Table 27 WMM QoS Priorities Priority Level description voice WMM_VOICE Typically used for traffic that is especially sensitive to jitter Use this priority to reduce latency for improved voice quality video WMM_VIDEO Typically used for traffic which has some tolerance for jitter but needs to be prioritized over other data traffic best effort WMM_BEST
93. counting Response Sent by the RADIUS server to indicate that it has started or stopped accounting In order to ensure network security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the network from unauthorized access Types of EAP Authentication This section discusses some popular authentication types EAP MD5 EAP TLS EAP TTLS PEAP and LEAP Your wireless LAN device may not support all authentication types EAP Extensible Authentication Protocol is an authentication protocol that runs on top of the IEEE 802 1x transport mechanism in order to support multiple types of user authentication By using EAP to interact with an EAP compatible RADIUS server an access point helps a wireless station and a RADIUS server perform authentication The type of authentication you use depends on the RADIUS server and an intermediary AP s that supports IEEE 802 1x For EAP TLS authentication type you must first have a wired connection to the network and obtain the certificate s from a certificate authority CA A certificate also called digital IDs can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner NWA1121 NI User s Guide Appendix D Wireless LANs EAP MD5 Message Digest Algorithm 5 M
94. defaults 129 firmware 129 Internet 129 LAN ETHERNET port 129 QoS 130 Web Configurator 128 TTLS 59 Tunneled Transport Layer Security 59 Tutorial 29 U User Authentication 58 V Virtual Local Area Network 98 VLAN 98 introduction 98 NWA1121 NI User s Guide Index VoIP 12 73 W warranty 195 note 196 WDS 14 Web Configurator 19 password 19 WEP 58 WEP key encrypting 93 Wi Fi Multimedia QoS 92 Wi Fi Protected Access 58 187 Wired Equivalent Privacy 58 Wireless Client 42 wireless client WPA supplicants 188 Wireless Distribution System WDS 14 Wireless Mode 57 Wireless Mode Choosing the Access Point 29 Bridge 29 Wireless Client 29 Wireless Security 16 how to improve 16 Levels 58 wireless security 12 183 Wireless Security Screen 802 1x Only 77 Access Point 77 80 Wireless Client 78 82 802 1x Static 64 bit 802 1x Static 128 bit 79 WEP 76 WPA 83 Access Point 84 Wireless Client 85 WPA PSK WPA2 PSK WPA2 PSK MIX 86 Wireless Settings Screen 55 Access Point Mode 61 Antenna 92 AP Bridge Mode 67 Bridge Mode 64 BSS 56 Channel 56 ESS 56 Fragmentation Threshold 91 Intra BSS Traffic 91 Operating Mode 56 Preamble 91 Roaming 92 RTS CTS Threshold 91 SSID 56 Wireless Client Mode 67 Wireless Mode 57 WMM QoS 91 WLAN interference 181 security parameters 190 WMM 73 WMM QoS 91 WPA 58 187 key caching 188 pre authentication 188 user authentication 188 vs WPA PSK 188 wireless client supplicant 188
95. e Chapter 7 LAN 7 4 LAN IP Screen Use this screen to configure the IP address for your NWA1121 NI Click Network gt LAN to display the following screen Figure 42 LAN IP IPv4 Address Assignment Obtain IP Address Automatically 9 Use Fixed IP Address IP Address Subnet Mask Gateway IP Address IPv6 Address Assignment Enable Stateful Address Auto configuration Oo IPv6 Address Prefix Length System DNS Servers Primary DNS Server Secondary DNS Server 192 168 1 2 255 255 255 0 The following table describes the labels in this screen Table 29 LAN IP LABEL DESCRIPTION IPv4 Address Assignment Obtain IP Address Automatically Select this option if your NWA1121 NI is using a dynamically assigned IPv4 address from a DHCP server each time Note You must know the IP address assigned to the NWA1121 NI by the DHCP server to access the NWA1121 NI again Use Fixed IP Address Select this option if your NWA1121 NI is using a static IPv4 address When you select this option fill in the fields below IP Address Subnet Mask Enter the IP address of your NWA1121 NI in dotted decimal notation Note If you change the NWA1121 NI s IP address you must use the new IP address if you want to access the web configurator again Type the subnet mask Gateway IP Address Type the IPv4 address of the gateway The gateway is an immediate neighbor o
96. e Internet Explorer eA My Documents 3 Outlook Express Y Paint Files and Settings Transfer W D BY Command Prompt ce My Music E Acrobat Reader 4 0 My Computer Tour Windows xP E My Recent Documents gt e My Pictures Vl Windows Movie Maker tg Printers and Faxes Q9 Help and Support All Programs gt 177 Run B Log Off Turn OFF Computer start untitled Paint In the Control Panel click the Network Connections icon amp Control Panel File Edit view Favorites Tools Help Q 2 x d P Search Folders Ez Address gt Control Panel a Control Panel d Hardware e Switch to Category View e s See Also Game A Windows Update Controllers Right click Local Area Connection and then select Properties ocal Area Connection nabled L a Standard PCI Fast Ethernet J Disable Status Repair Bridge Connections Create Shortcut Rename NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address 4 On the General tab select Internet Protocol TCP IP and then click Properties Local Area Connection Properties General Authentication Advanced Connect using E9 Accton EN1207D TX PCI Fast Ethernet Adapter E Client for Microsoft Networks A File and Printer Sharing for Microsoft Networks This connection uses the following items 4 Description Trans
97. e To comply with FCC RF exposure compliance requirements a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons Industry Canada Statement This device complies with RSS 210 of the Industry Canada Rules Operation is subject to the following two conditions 1 this device may not cause interference and 2 this device must accept any interference including interference that may cause undesired operation of the device This device has been designed to operate with an antenna having a maximum gain of 3dBi Antenna having a higher gain is strictly prohibited per regulations of Industry Canada The required antenna impedance is 50 ohms To reduce potential radio interference to other users the antenna type and its gain should be so chosen that the EIRP is not more than required for successful communication NWA1121 NI User s Guide Appendix E Legal Information IC Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment End users must follow the specific operating instructions for satisfying RF exposure
98. e deployed with no changes to the access point or the wireless clients RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The RADIUS server handles the following tasks e Authentication Determines the identity of the users e Authorization Determines the network services available to authenticated users once they are connected to the network e Accounting Keeps track of the client s network activity NWA1121 NI User s Guide Appendix D Wireless LANs RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication e Access Request Sent by an access point requesting authentication e Access Reject Sent by a RADIUS server rejecting access e Access Accept Sent by a RADIUS server allowing access e Access Challenge Sent by a RADIUS server requesting more information in order to allow access The access point sends a proper response from the user and then sends another Access Request message The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting e Accounting Request Sent by the access point requesting accounting e Ac
99. e only when 802 11 b g n is selected as the Wireless Mode Select Enabled to use Short GI Guard Interval The guard interval is the gap introduced between data transmission from users in order to reduce interference Reducing the GI increases data transfer rates but also increases interference Increasing the GI reduces data transfer rates but also reduces interference MCS Rate The MCS Rate table is available only when 802 11 b g n is selected in the Wireless Mode field IEEE 802 11n supports many different data rates which are called MCS rates MCS stands for Modulation and Coding Scheme This is an 802 11n feature that increases the wireless network performance in terms of throughput For each MCS Rate 0 15 select either Enabled to have the NWA1121 NI use the data rate Clear the Enabled check box if you do not want the NWA1121 NI to use the data rate Turn on the Auto option to have the NWA1121 NI set the data rates automatically to optimize the throughput Note You can set the NWA1121 NI to use up to four MCS rates at a time Apply Click Apply to save your changes Cancel Click Cancel to begin configuring this screen afresh NWA1121 NI User s Guide Chapter 6 Wireless LAN 6 4 2 Repeater Mode Use this screen to have the NWA1121 NI act as a wireless repeater You need to know the MAC address of the peer device which also must be in Repeater or Root AP mode Figure 21 Wireless Settings SSID Security RADIUS
100. e sure that Enable is selected the default NWA1121 NI User s Guide Appendix B Pop up Windows JavaScript and Java Permissions 6 Click OK to close the window Figure 80 Security Settings Java Scripting Security Settings 1 Settings Scripting Active scripting Orp El Allow paste operations via script Disable 9 Enable Q Prompt El Scripting of Java applets Q Disable Prompt Lene im EI AM x b custom settings Reset to Medium Reset cea Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 UnderJava permissions make sure that a safety level is selected NWA1121 NI User s Guide Appendix B Pop up Windows JavaScript and Java Permissions 5 Click OK to close the window Figure 81 Security Settings Java Security Settings Settings Q Disable 9 Enable es Font download Q Disable 9 Enable y Prompt 3 Microsoft vM a Java permissions Q Custom 2 Disable Tav 9 High safety Q Low safety Reset custom settings Reset to Medium Reset cea JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected NWA1121 NI User s Guide Appendix B Pop up Windows JavaScript and Java Permissions
101. echnical Reference The appendices provide general information Some details may not apply to your NWA1121 NI Monitor 5 1 Overview This chapter discusses read only information related to the device state of the NWA1121 NI Note To access the Monitor screens you can also click the links in the Summary table of the Dashboard screen to view the wireless packets sent received as well as the status of clients connected to the NWA1121 NI 5 2 What You Can Do e Use the Logs screen to see the logs for the categories that you selected in the Configuration gt Log Settings screen see Section 5 3 on page 49 You can view logs in this page Once the log entries are all used the log will wrap around and the old logs will be deleted e use the Statistics screen to view 802 11 mode channel number wireless packet specific statistics and so on see Section 5 4 on page 50 e Use the Association List screen to view the wireless devices that are currently associated to the NWA1121 NI see Section 5 5 on page 51 e Use the Channel Usage screen to view whether a channel is used by another wireless network or not If a channel is being used you should select a channel removed from it by five channels to completely avoid overlap see Section 5 6 on page 52 5 3 View Logs Use the Logs screen to see the logged messages for the NWA1121 NI Log entries in red indicate system error logs The log wraps around and deletes the old entries afte
102. ect 20 40MHz This allows the NWA1121 NI to adjust the channel bandwidth depending on network conditions Select 20MHz if you want to lessen radio interference with other wireless devices in your neighborhood or the AP do not support channel bonding Advanced Setting S Output Power Set the output power of the NWA1121 NI in this field If there is a high density of APs in an area decrease the output power of the NWA1121 NI to reduce interference with other APs Select one of the following Full Full Power 50 25 or 12 596 See the product specifications for more information on your NWA1121 NI s output power Preamble Type Select Dynamic to have the NWA1121 NI automatically use short preamble when the wireless network your NWA1121 NI is connected to supports it otherwise the NWA1121 NI uses long preamble Select Long preamble if you are unsure what preamble mode the wireless device your NWA1121 NI is connected to supports and to provide more reliable communications in busy wireless networks RTS CTS Threshold Request To Send The threshold number of bytes for enabling RTS CTS handshake Data with its frame size larger than this value will perform the RTS CTS handshake Setting this attribute to be larger than the maximum MSDU MAC service data unit size turns off the RTS CTS handshake Setting this attribute to its smallest value 1 turns on the RTS CTS handshake Fragmentation The threshold number
103. ect Deny to block access to theNWA1121 NI MAC addresses not listed will be allowed to access the NWA1121 NI This is the index number of the MAC address listed MAC Address Enter the MAC addresses in XX XX XX XX XX XX format of the wireless station to be allowed or denied access to the NWA1121 NI Back Click Back to return to the previous screen Apply Click Apply to save your changes Cancel Click Cancel to begin configuring this screen afresh 6 9 Technical Reference This section provides technical background information about the topics covered in this chapter Refer to Appendix D on page 179 for further readings on Wireless LAN 6 9 1 Additional Wireless Terms Table 26 Additional Wireless Terms TERM DESCRIPTION Intra BSS Traffic This describes direct communication not through the NWA1121 NI between two wireless devices within a wireless network You might disable this kind of communication to enhance security within your wireless network RTS CTS Threshold In a wireless network which covers a large area wireless devices are sometimes not aware of each other s presence This may cause them to send information to the AP at the same time and result in information colliding and not getting through By setting this value lower than the default value the wireless devices must sometimes get permission to send information to the NWA1121 NI The lower the value the more often the dev
104. ected Access WPA WPA2 Most Secure The available security modes in your NWA1121 NI are as follows e None No data encryption e WEP Wired Equivalent Privacy WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private e 802 1x Only This is a standard that extends the features of IEEE 802 11 to support extended authentication It provides additional accounting and control features This option does not support data encryption e 802 1x Static WEP This provides 802 1x Only authentication with a static 64bit or 128bit WEP key and an authentication server e WPA Wi Fi Protected Access WPA is a subset of the IEEE 802 11i standard e WPA2 WPA2 IEEE 802 11i is a wireless security standard that defines stronger encryption authentication and key management than WPA e WPA2 MIX This commands the NWA1121 NI to use either WPA2 or WPA depending on which security mode the wireless client uses e WPA2 PSK This adds a pre shared key on top of WPA2 standard e WPA2 PSK MI X This commands the NWA1121 NI to use either WPA PSK or WPA2 PSK depending on which security mode the wireless client uses Note To guarantee 802 11n wireless speed please only use WPA2 or WPA2 PSK security mode Other security modes may degrate the wireless speed performance to 802 11g NWA1121 NI User s Guide Chapter 6 Wireless LAN Passphrase A pass
105. ection to upload firmware to your NWA1121 NI Figure 62 Maintenance gt Firmware Upgrade Firmware Upgrade Firmware Upgrade To uparade the internal device firmware browse to the location of the binary BIN upgrade file and click Upload Upgrade files can be downloaded from website If the upgrade file is compressed ZIP file you must first extract the binary BIN file In some cases you may need to reconfigure File Path The following table describes the labels in this screen Table 39 Maintenance gt Firmware Upgrade LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it Browse Click Browse to find the bin file you want to upload Remember that you must decompress compressed zip files before you can upload them Upload Click Upload to begin the upload process This process may take up to two minutes Do not turn off the NWA1121 NI while firmware upload is in progress Figure 63 Firmware Upload In Process Firmware Upgrade Rebooting AP is rebooting now system will upgrade firmware As there will be no indication of when the process is complete please waitfor 141 seconds before attempting to access AP again The NWA1121 NI automatically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Fig
106. ement overhead EAP TTLS Tunneled Transport Layer Service EAP TTLS is an extension of the EAP TLS authentication that uses certificates for only the server side authentications to establish a secure connection Client authentication is then done by sending username and password through the secure connection thus client identity is protected For client authentication EAP TTLS supports EAP methods and legacy authentication methods such as PAP CHAP MS CHAP and MS CHAP v2 PEAP Protected EAP LEAP Like EAP TTLS server side certificate authentication is used to establish a secure connection then use simple username and password methods through the secured connection to authenticate the clients thus hiding client identity However PEAP only supports EAP methods such as EAP MD5 EAP MSCHAPv2 and EAP GTC EAP Generic Token Card for client authentication EAP GTC is implemented only by Cisco LEAP Lightweight Extensible Authentication Protocol is a Cisco implementation of IEEE 802 1x Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server This key expires when the wireless connection times out disconnects or reauthentication times out A new WEP key is generated each time reauthentication is performed NWA1121 NI User s Guide Appendix D Wireless LANs If this feature is enabled it is not necessary to configure a default encryption key in the wireless security configuration screen
107. er en pase nnect to a network System and Maintenance View network computers and devices Add a device to the network Set up file sharing Security Network and Internet Internet Options Hardware and Sound Connect to the Internet Change your homepage Manage browser add ons Programs Delete browsing history and cookies NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address 4 Click Manage network connections CION P3 Network and Internet Network and Sharing Center v File Edit View Tools Help Tasks 3 nis Network and Sharing Center View computers and devices Connect to a network Set up a connection or network A L i tw Manage network connections TWPC99111 Internet Diagnose ana repair This computer aj Not connected 5 Right click Local Area Connection and then select Properties LAN or High naad Intarnat 11 un Collapse group Left Arrow A Conn x at Intel Expand all groups Collapse all groups Disable Status Diagnose Bridge Connections Create Shortcut Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address 6 Select Internet Protocol Version 4 TCP I Pv4 and then select Properties Networking Connect using Lu Intel R PRO 1000
108. er s Guide Appendix B Pop up Windows JavaScript and Java Permissions Click Content to show the screen below Select the check boxes as shown in the following screen Figure 84 Mozilla Firefox Content Security Ti Me Main Tabs Feeds Privacy a amp Security rr ur Advanced w Block pop up windows IV Load images automatically IV Enable JavaScript IV Enable Java Exceptions Exceptions Advanced r Fonts amp Colors Default Font Times New Roman Size 16 v Advanced Colors r File Types Configure how Firefox handles certain types of Files Manage rn oH Opera Opera 10 screens are used here Screens for other versions may vary slightly NWA1121 NI User s Guide 167 Appendix B Pop up Windows JavaScript and Java Permissions Allowing Pop Ups From Opera click Tools then Preferences In the General tab go to Choose how you prefer to handle pop ups and select Open all pop ups Figure 85 Opera Allowing Pop Ups OOOO lt lt General Forms Search Web Pages Advanced Opera can start with your favorite Web pages or continue from last time Startup Continue From last time 7 Home page nttp fiportal opera com Lise Current Choose how you prefer to handle pop ups Pop ups C Open all pop t Open pop ups in background Block unwanted pop ups Block all pop u
109. ernet access 3 If you are trying to access the Internet wirelessly make sure the wireless settings on the wireless client are the same as the settings on the AP 4 Disconnect all the cables from your device and follow the directions in the Quick Start Guide again NWA1121 NI User s Guide Chapter 12 Troubleshooting 5 If the problem continues contact your ISP I cannot access the Internet anymore I had access to the Internet with the NWA1121 NI but my Internet connection is not available anymore Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 1 7 on page 17 Reboot the NWA1121 NI If the problem continues contact your ISP or network administrator The Internet connection is slow or intermittent There might be a lot of traffic on the network Look at the LEDs and check Section 1 7 on page 17 If the NWA1121 NI is sending or receiving a lot of information try closing some programs that use the Internet especially peer to peer applications Check the signal strength If the signal is weak try moving the NWA1121 NI in wireless client mode closer to the AP if possible and look around to see if there are any devices that might be interfering with the wireless network microwaves other wireless networks and so on Reboot the NWA1121 NI If the problem continues contact the network administrator or vendor or try one of the
110. erstorm There is a remote risk of electric shock from lightning e Connect ONLY suitable accessories to the device e Do NOT open the device or unit Opening or removing covers can expose you to dangerous high voltage points or other risks ONLY qualified service personnel should service or disassemble this device Please contact your vendor for further information e Make sure to connect the cables to the correct ports NWA1121 NI User s Guide 199 Appendix E Legal Information e Place connecting cables carefully so that no one will step on them or stumble over them e Always disconnect all cables from this device before servicing or disassembling e Use ONLY an appropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution e If the power adaptor or cord is damaged remove it from the device and the power source e Do NOT attempt to repair the power adaptor or cord Contact your local vendor to order a new one e Do not use the device outside and make sure all the connections are indoors There is a remote risk of electric shock from lightning e Do NOT obstruct the device ventilation slots as insufficient
111. es to associate with the NWA1121 NI The transmission rate of your NWA1121 NI might be reduced Select 802 11b g n to allow IEEE802 11b IEEE802 11g and IEEE802 11n compliant WLAN devices to associate with the NWA1121 NI The transmission rate of the NWA1121 NI might be reduced Select 802 11n to allow only IEEE802 11n compliant WLAN devices to associate with the NWA1121 NI Select the operating frequency channel depending on your particular region from the drop down list box Channel Width This field displays only when you select 802 11n or 802 11b g n in the Wireless Mode field A standard 20MHz channel offers transfer speeds of up to 150Mbps whereas a 40MHz channel uses two standard channels and offers speeds of up to 300Mbps However not all devices support 40MHz channels Select the channel bandwidth you want to use for your wireless network Select 20MHz if you want to lessen radio interference with other wireless devices in your neighborhood or the wireless clients do not support channel bonding Select SSID The SSID Service Set IDentifier identifies the Service Set with which a wireless station is Profile associated Wireless stations associating to the access point AP must have the same SSID You can have up to eight SSIDs active at the same time Note If you are configuring the NWA1121 NI from a computer connected to the wireless LAN and you change the NWA1121 NI s SSID or security settings you will
112. ese features and provides links to sections in the User s Guide to configure security settings on your NWA1121 NI Follow the suggestions below to improve security on your NWA1121 NI and network 1 4 1 Control Access to Your Device Ensure only people with permission can access your NWA1121 NI e Control physical access by locating devices in secure areas such as locked rooms Most NWA1121 NIs have a reset button If an unauthorized person has access to the reset button they can then reset the device s password to its default password log in and reconfigure its settings Change any default passwords on the NWA1121 NI such as the password used for accessing the NWA1121 NI s web configurator if it has a web configurator Use a password with a combination of letters and numbers and change your password regularly Write down the password and put it in a safe place See Section 11 5 on page 121 for instructions on changing your password Configure remote management to control who can manage your NWA1121 NI See Chapter 9 on page 101 for more information If you enable remote management ensure you have enabled remote management only on the IP addresses services or interfaces you intended and that other remote management settings are disabled 1 4 2 Wireless Security Wireless devices are especially vulnerable to attack Take the following measures to improve wireless security e Enable wireless security on your NWA1121 NI Choose the m
113. example you might want to set up a wireless network in your office where Internet telephony VoIP users have priority You also want a regular wireless network for standard users as well as a guest wireless network for visitors In the following figure VoIP SSID users have QoS priority SSIDO1 is the wireless network for standard users and Guest SSID is the wireless network for guest users In this example the guest user is forbidden access to the wired Land Area Network LAN behind the AP and can access only the Internet Figure 1 Multiple BSSs T suo j i GuetssD 12 NWA1121 NI User s Guide Chapter 1 Introducing the NWA1121 NI 1 2 2 Wireless Client The NWA1121 NI can be used as a wireless client to communicate with an existing network In the figure below the printer can receive requests from the wired computer clients A and B via the NWA1121 NI in Client mode Z Figure 2 Wireless Client Application NWA1121 NI User s Guide 13 Chapter 1 Introducing the NWA1121 NI 1 2 3 Root AP In Root AP mode the NWA1121 NI Z can act as the root AP in a wireless network and also allow repeaters X and Y to extend the range of its wireless network at the same time In the figure below both clients A B and C can access the wired network through the root AP Figure 3 Root AP Application e On the NWA1121 NI in Root AP mode you can have multiple SSIDs active for reqular wireless
114. ext Type a new password and retype it to confirm then click Apply Alternatively click Ignore NWA1121 NI User s Guide Chapter 2 Introducing the Web Configurator Note If you do not change the password the following screen appears every time you login Figure 7 Change Password Screen You should now see the Dashboard screen See Chapter 2 on page 19 for details about the Dashboard screen 2 2 Resetting the NWA1121 NI If you forget your password or cannot access the web configurator you will need to use the RESET button at the rear panel of the NWA1121 NI This replaces the current configuration file with the NWA1121 NI User s Guide Chapter 2 Introducing the Web Configurator factory default configuration file This means that you will lose all the settings you previously configured The password will be reset to 1234 Figure 8 The RESET Button 2 2 1 Methods of Restoring Factory Defaults You can erase the current configuration and restore factory defaults in two ways Use the RESET button to upload the default configuration file Hold this button in for about 3 seconds the light will begin to blink Use this method for cases when the password or IP address of the NWA1121 NI is not known Use the web configurator to restore defaults refer to Section 11 8 on page 124 NWA1121 NI User s Guide at Chapter 2 Introducing the Web Configurator 2 3 Navigating the Web Configurator The fo
115. f IEEE 802 11 to support extended authentication as well as providing additional accounting and control features Your NWA1121 NI can support 802 11b g 802 11n and 802 11b g n MBSSID Traditionally you needed to use different APs to configure different Basic Service Sets BSSs As well as the cost of buying extra APs there was also the possibility of channel interference The NWA1121 NI s MBSSID Multiple Basic Service Set IDentifier function allows you to use one access point to provide several BSSs simultaneously You can then assign varying levels of privilege to different SSIDs Wireless stations can use different BSSIDs to associate with the same AP The following are some notes on multiple BSS e A maximum of four BSSs are allowed on one AP simultaneously e You must use different WEP keys for different BSSs If two stations have different BSSIDs they are in different BSSs but have the same WEP keys they may hear each other s communications but not communicate with each other e MBSSID should not replace but rather be used in conjunction with 802 1x security Wireless Security Wireless security is vital to your network It protects communications between wireless stations access points and the wired network Figure 18 Securing the Wireless Network In the figure above the NWA1121 NI checks the identity of devices before giving them access to the network In this scenario Computer A is denied access to the network w
116. f your NWA1121 NI that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your NWA1121 NI over the WAN the gateway must be the IP address of one of the remote nodes NWA1121 NI User s Guide Chapter 7 LAN Table 29 LAN IP continued LABEL DESCRIPTION IPv6 Address Assignment Enable Stateful Select this to turn on IPv6 stateful autoconfiguration to have the NWA1121 NI obtain Address Auto an IPv6 global address from a DHCPv6 server in your network configuration IPv6 Address Prefix Enter your IPv6 address and prefix manually Length System DNS Servers Primary DNS Server Enter the IPv4 address of the first DNS Domain Name Service server if provided Secondary DNS Server Enter the IPv4 address of the second DNS Domain Name Service server address if provided Apply Click Apply to save your changes Cancel Click Cancel to begin configuring this screen afresh NWA1121 NI User s Guide 97 VLAN 8 1 Overview This chapter discusses how to configure the NWA1121 NI s VLAN settings Figure 43 Management VLAN Setup sm ee kcu bg me vem aum In the figure above to access and manage the NWA1121 NI from computer A the NWA1121 NI and switch B s ports to which computer A and the NWA1121 NI are connected should be in the same VLAN 8 1 1 What You Can Do in This Chapter The VLAN screens let you set up the NW
117. face and Down when the NWA1121 NI is not using the interface Channel This shows the channel number which the NWA1121 NI is currently using over the wireless LAN Rate For the LAN port this displays the port speed and duplex setting For the WLAN interface it displays the downstream and upstream transmission rate or N A if the interface is not in use SSID Status This section is not available when the WLAN operation mode is Client Interface This column displays each of the NWA1121 NI s wireless interfaces SSID This field displays the SSID s currently used by each wireless module BSSID This field displays the MAC address of the wireless module Security This field displays the type of wireless security used by each SSID VLAN This field displays the VLAN ID of each SSID in use or Disabled if the SSID does not use VLAN NWA1121 NI User s Guide 27 Chapter 3 Dashboard NWA1121 NI User s Guide Tutorial This chapter first provides an overview of how to configure the wireless LAN on your NWA1121 NI and then gives step by step guidelines showing how to configure your NWA1121 NI for some example scenarios 4 1 How to Configure the Wireless LAN This section illustrates how to choose which wireless operating mode to use on the NWA1121 NI and how to set up the wireless LAN in each wireless mode See Section 4 1 2 on page 29 for links to more information on each step 4 1 1 Choosin
118. figure up to four keys but only one key can be activated at any one time IEEE802 1x Authenti Eap Type cation The options on the left refer to EAP methods You can choose either TLS LEAP PEAP or TTLS If you select TTLS or PEAP the options on the right refer to authentication protocols You can choose between PAP CHAP MSCHAP MSCHAPv2 and or GTC User Information Username Supply the user name of the account created in the RADIUS server Login Name Password Supply the password of the account created in the RADIUS server Certificate User Certificate If you select TLS enter the name of the certificate used to to verify the identity of clients Back Click Back to return to the previous screen Apply Click Apply to save your changes Cancel Click Cancel to begin configuring this screen afresh 6 6 4 Security WPA WPA2 WPA2 MIX This screen varies depending on the operating mode you select in the Wireless LAN Wireless Settings screen NWA1121 NI User s Guide Chapter 6 Wireless LAN 6 6 4 1 Access Point Use this screen to employ WPA or WPA2 as the security mode for your NWA1121 NI that is in root AP MBSSID or repeater operating mode Select WPA WPA2 or WPA2 MI X in the Security Mode field to display the following screen Figure 33 Security WPA WPA2 for Access Point Security Security Settings Profile Name SecProfile1 Security Mode WPA2 MIX
119. g table describes the labels in this screen Table 35 Log Settings LABEL DESCRIPTION E mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e mail addresses specified below If this field is left blank logs and alert messages will not be sent via e mail Mail Subject Type a title that you want to be in the subject line of the log e mail message that the NWA1121 NI sends Send Log to Logs are sent to the e mail address specified in this field If this field is left blank logs will not be sent via e mail NWA1121 NI User s Guide 117 Chapter 10 Log Settings Table 35 Log Settings continued LABEL DESCRIPTION SMTP Authentication SMTP Simple Mail Transfer Protocol is the message exchange standard for the Internet Select the check box to activate SMTP authentication If mail server authentication is needed but this feature is disabled you will not receive the e mail logs If you use SMTP authentication the mail receiver should be the owner of the SMTP account User Name If your e mail account requires SMTP authentication enter the username here Password Enter the password associated with the above username Syslog Logging Syslog logging sends a log to an external syslog server used to store logs Syslog Logging Select the check box to enable syslog logging Syslog Server IP Enter the IP address of the
120. g the Wireless Mode e Use MBSSID Multiple Basic Service Set Identifier operating mode if you want to use the NWA1121 NI as an access point with some groups of users having different security or QoS settings from other groups of users See Section 1 2 1 on page 11 for details Use Client operating mode if you want to use the NWA1121 NI to access a wireless network See Section 1 2 2 on page 13 for details Use Root AP operating mode if you want to allow wireless clients to access your wired network through the NWA1121 NI and also have repeaters communicate with the NWA1121 NI to expand wireleass coverage See Section 1 2 3 on page 14 for details e Use Repeater operating mode if you want to use the NWA1121 NI to communicate with the root AP or other repeaters See Section 1 2 4 on page 14 for details 4 1 2 Further Reading Use these links to find more information on the steps e Choosing 802 11 Mode see Section 6 4 on page 60 e Choosing a wireless Channel ID see Section 6 4 on page 60 e Choosing a Security mode see Section 6 6 on page 74 e Configuring an external RADI US server see Section 6 7 on page 87 e Configuring MAC Filtering see Section 6 8 on page 89 4 2 How to Configure Multiple Wireless Networks In this example you have been using your NWA1121 NI as an access point for your office network Now your network is expanding and you want to make use of the MBSSID feature see Section NWA1121 NI User s Guide
121. hile Computer B is granted connectivity The NWA1121 NI secure communications via data encryption wireless client authentication and MAC address filtering It can also hide its identity in the network NWA1121 NI User s Guide Chapter 6 Wireless LAN User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network You can make every user log in to the wireless network before they can use it However every device in the wireless network has to support IEEE 802 1x to do this For wireless networks you can store the user names and passwords for each user in a RADIUS server This is a server used in businesses more than in homes If you do not have a RADIUS server you cannot set up user names and passwords for your users Unauthorized wireless devices can still see the information that is sent in the wireless network even if they cannot use the wireless network Furthermore there are ways for unauthorized wireless users to get a valid user name and password Then they can use that user name and password to use the wireless network The following table shows the relative effectiveness of wireless security methods Table 9 Wireless Security Levels SECURITY LEVEL SECURITY TYPE Least Unique SSID Default Secure Unique SSID with Hide SSID Enabled MAC Address Filtering WEP Encryption IEEE802 1x EAP with RADIUS Server Authentication Wi Fi Prot
122. hod used for SNMP communication with the SNMP user DES Data Encryption Standard is a widely used but breakable method of data encryption It applies a 56 bit key to each 64 bit block of data AES Advanced Encryption Standard is another method for data encryption that also uses a secret key AES applies a 128 bit key to 128 bit blocks of data Apply Click Apply to save your customized settings Cancel Click Cancel to begin configuring this screen afresh 9 8 FTP Screen Use this screen to upload and download the NWA1121 NI s firmware using FTP To use this feature your computer must have an FTP client To change your NWA1121 NI s FTP settings click System FTP The following screen displays Figure 53 System FTP WWW Certificates Telnet SNMP FTP FTP Port 21 Server Access Disable x Secured Client IP Address Al Selected 0 0 0 0 Secured Client MAC Address 9 Al Selected 00 00 00 00 00 00 NWA1121 NI User s Guide Chapter 9 System The following table describes the labels in this screen Table 34 System gt FTP LABEL DESCRIPTION FTP Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Server Access Select the interface s through which a computer may access the NWA1121 NI using this service and to which the IP and MAC filte
123. hort GI This field is available only when 802 11 b g n is selected as the Wireless Mode Select Enabled to use Short GI Guard Interval The guard interval is the gap introduced between data transmission from users in order to reduce interference Reducing the GI increases data transfer rates but also increases interference Increasing the GI reduces data transfer rates but also reduces interference MCS Rate The MCS Rate table is available only when 802 11 b g n is selected in the Wireless Mode field IEEE 802 11n supports many different data rates which are called MCS rates MCS stands for Modulation and Coding Scheme This is an 802 11n feature that increases the wireless network performance in terms of throughput For each MCS Rate 0 15 select either Enabled to have the NWA1121 NI use the data rate Clear the Enabled check box if you do not want the NWA1121 NI to use the data rate Turn on the Auto option to have the NWA1121 NI set the data rates automatically to optimize the throughput Note You can set the NWA1121 NI to use up to four MCS rates at a time Apply Click Apply to save your changes Cancel Click Cancel to begin configuring this screen afresh NWA1121 NI User s Guide 71 Chapter 6 Wireless LAN 6 5 SSID Screen 72 Use this screen to view and modify the settings of the SSID profiles on the NWA1121 NI Click Wireless LAN gt SSID to display the screen as shown
124. ices must get permission If this value is greater than the fragmentation threshold value see below then wireless devices never have to get permission to send information to the NWA1121 NI Preamble A preamble affects the timing in your wireless network There are two preamble modes long and short If a device uses a different preamble mode than the NWA1121 NI does it cannot communicate with the NWA1121 NI Fragmentation Threshold A small fragmentation threshold is recommended for busy networks while a larger threshold provides faster performance if the network is not very busy NWA1121 NI User s Guide Chapter 6 Wireless LAN TERM DESCRIPTION Roaming If you have two or more NWA1121 NIs or other wireless access points on your wireless network you can enable this option so that wireless devices can change locations without having to log in again This is useful for devices such as notebooks that move around a lot Antenna An antenna couples Radio Frequency RF signals onto air A transmitter within a wireless device sends an RF signal to the antenna which propagates the signal through the air The antenna also operates in reverse by capturing RF signals from the air Positioning the antennas properly increases the range and coverage area of a wireless LAN 6 9 2 WMM QoS WMM Wi Fi MultiMedia QoS Quality of Service ensures quality of service in wireless networks It
125. if you want to manually enter the WEP key 9 Key 1 O Key 2 O Key 3 O Key 4 Note IEEE802 1X Authentication Eap Type TLS ivl User Information Login Name Certificate User Certificate Password 64 bit WEP Enter 5 ASCII characters or 10 hexadecimal characters 0 9 A F 128 bit WEP Enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F Cancel The following table describes the labels in this screen Table 20 Security 802 1X Static WEP for Wireless Client LABEL DESCRIPTION Security Settings Profile Name This is the name that identifying this profile Security Mode Choose the same security mode used by the AP NWA1121 NI User s Guide Chapter 6 Wireless LAN Table 20 Security 802 1X Static WEP for Wireless Client continued LABEL DESCRIPTION Data Encryption Select 64 bit WEP or 128 bit WEP to enable data encryption Passphrase Enter the passphrase or string of text used for automatic WEP key generation Generate Click this to get the keys from the Passphrase you entered Key 1 to The WEP keys are used to encrypt data Both the NWA1121 NI and the AP must use the same WEP key for data transmission Key 4 If you chose 64 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F You can con
126. ile Name Security Mode 1 SecProfile1 None 2 SecProfile2 None 3 SecProfile3 None 4 SecProfile4 None 5 SecProfile5 None 6 SecProfile6 None 7 SecProfile7 None 8 SecProfile8 None Ry Sy Sy Ley Sy USUS Since SSI DO1 is the standard network that has access to all resources assign a more secure security mode Select WPA2 PSK MIX as the Security Mode and enter the Pre Shared Key In this example use ThisisSSI DO1PreSharedKey Click Apply Security Settings Profile Name SecProfile1 Security Mode WPA2 PSK MIX v Pre Shared Key ThisisSSIDO1PreShare 8 63 ASCII Characters Back Cancel You have finished configuring the standard network SSI DO1 4 2 3 Configure the VoIP Network 1 2 Go to Wireless LAN gt SSID Click the Edit icon next to VoIP SSID Profile Settings Profile Name SSID Security RADIUS Qos 1 SSID01 SSIDO01 Disabled RadProfile1 WMM 2 VoIP_SSID VoIP_SSID Disabled RadProfile1 WMM 3 Guest_SSID Guest_SSID Disabled RadProfile1 WMM 4 Profile4 ZyXEL Disabled RadProfile1 WMM 5 Profile5 ZyXEL Disabled RadProfile1 WMM 6 Profile6 ZyXEL Disabled RadProfile1 WMM 7 Profile7 ZyXEL Disabled RadProfile1 WMM 8 Profiles ZyXEL Disabled RadProfile1 WMM MAC Filter Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Modify ILLI Select SecProfile2 as the Security Profile for the VoIP network Select the Hidden SSI D check box NWA1
127. ile1 Security Mode None v Back Apply Cancel Note that some screens display differently depending on the operating mode selected in the Wireless LAN gt Wireless Settings screen Note You must enable the same wireless security settings on the NWA1121 NI and on all wireless clients that you want to associate with it NWA1121 NI User s Guide Chapter 6 Wireless LAN 6 6 1 Security WEP Use this screen to use WEP as the security mode for your NWA1121 NI Select WEP in the Security Mode field to display the following screen Figure 28 Security WEP Security Security Settings Profile Name Security Mode Authentication Type Data Encryption Passphrase Note Enter a passphrase to automatically generate a WEP key or leave it blank if you want to manually enter the WEP key Key 1 Key 2 O Key 3 O Key 4 Note SecProfile1 WEP iv Open Tl 128 bit WEP iv Generate tmax 16 alphanumeric printable characters 64 bit WEP Enter 5 ASCII characters or 10 hexadecimal characters 0 9 A F 128 bit WEP Enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F Back Apply Cancel The following table describes the labels in this screen Table 16 Security WEP LABEL DESCRIPTION Profile Name This is the name that identifying this profile Security Mode Choose WEP in this field Authentication Type Select Open or Shared from the
128. ile2 SecProfile3 SecProfile4 SecProfile5 SecProfile6 SecProfile7 co co O amp WH SecProfile8 Security Mode None None None None None None None None Modify VAS XS S s 12 Configure WPA PSK as the Security Mode and enter ThisisMyPreSharedKey in the Pre Shared Key field 13 Click Apply to finish configuration for NWA1121 NI A Security Settings Profile Name SecProfile1 4 3 3 Configuring the NWA1121 NI in Wireless Client Mode The NWA1121 NI B should have a wired connection before it can be set to wireless client operating mode Connect your NWA1121 NI to the FTP server Login to NWA1121 NI B s Web Configurator and go to the Wireless LAN gt Wireless Settings screen Follow these steps to configure station B NWA1121 NI User s Guide Chapter 4 Tutorial 1 Select Client as Operation Mode Click Apply Basic Settings Wireless LAN Interface Enabled Operation Mode Site Survey SSID Profile Profile1 v Channel 8 iv Channel Width 20MHZ ee Advanced Settings Output Power Full iv Preamble Type Dynamic v RTS CTS Threshold 2346 12346 Extension Channel Protection Mode None dw A MPDU Aggregation v Enabled Short GI v Enabled cm 2 Click on the Site Survey button A window should pop up which contains a list of all available wireless devices within your NWA1121 NI s range
129. in bereinstimmung mit den grundlegenden Anforderungen und den brigen einschl gigen Bestimmungen der Richtlinie 1999 5 EU befindet NWA1121 NI User s Guide Appendix E Legal Information Estonian K esolevaga kinnitab ZyXEL seadme seadmed vastavust direktiivi 1999 5 EU p hin uetele ja nimetatud direktiivist tulenevatele teistele asjakohastele s tetele English Hereby ZyXEL declares that this equipment is in compliance with the essential requirements and other relevant provisions of Directive 1999 5 EC Spanish Por medio de la presente ZyXEL declara que el equipo cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999 5 CE Greek ME THN lIAPOYZA ZyXEL AHAQNEI OTI efonAlopog ZYMMOPOONETAI lIPOZ TIZ OYZIQAEIZ ANAITHZEIZ KAI TIX AOINES ZXETIKEZ AIATA EIZ TH OAHIIAZ 1999 5 EC French Par la pr sente ZyXEL d clare que l appareil quipements est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999 5 EC Italian Con la presente ZyXEL dichiara che questo attrezzatura conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999 5 CE Latvian Ar o ZyXEL deklare ka iekartas atbilst Direktivas 1999 5 EK b tiskajam prasibam un citiem ar to saistitajiem noteikumiem Lithuanian iuo ZyXEL deklaruoja kad is rang
130. ing screen diplays Figure 23 Wireless LAN Wireless Settings MBSSID Wireless Settings i SSID Security RADIUS Basic Settings Wireless LAN Interface Operation Mode Wireless Mode Channel Channel Width Select SSID Profile Active vi F ao wo Advanced Settings Beacon Interval DTIM Interval Output Power Preamble Type RTS CTS Threshold Extension Channel Protection Mode A MPDU Aggregation Short GI MCS Rate Auto 0 Enabled Y Enabled MBSSID 802 11b g n 6 20MHZ Profile Profile1 iv Profile2 Profilet v Profile1 iv 100 4 Full Dynamic 2346 None v Enabled S Enabled 2 3 4 MAC Filter M iv E E a Active Profile 2 Profile1 ix Profile1 vl 6 Profile1 x 8 Profile v 25 1000 ms 1 15 1 2346 6 7 8 9 19517110 742714341 44 45 NWA1121 NI User s Guide Chapter 6 Wireless LAN 70 The following table describes the labels in this screen Table 13 Wireless LAN gt Wireless Settings MBSSID LABEL DESCRIPTION Basic Settings Wireless LAN Select the check box to turn on the wireless LAN on the NWA1121 NI Interface Operation Mode Select MBSSID from the drop down list Wireless Mode Channel Select 802 11b g to allow both IEEE802 11b and IEEE802 11g compliant WLAN devic
131. ing this screen afresh NWA1121 NI User s Guide Chapter 6 Wireless LAN 6 4 3 Wireless Client Mode Use this screen to turn your NWA1121 NI into a wireless client Select Client as the Operation Mode The following screen displays Figure 22 Wireless LAN gt Wireless Settings Wireless Client SSID Security RADIUS MAC Filter Wireless Settings Basic Settings Wireless LAN Interface Y Enabled Operation Mode Client v SSID Profile Profile1 x Channel 6 vj Channel Width 20MHZ v Advanced Settings Output Power Full vi Preamble Type Dynamic Iv RTSICTS Threshold 2346 1 234 Extension Channel Protection Mode None v A MPDU Aggregation v Enabled Short GI v Enabled The following table describes the general wireless LAN labels in this screen Table 12 Wireless LAN gt Wireless Settings Wireless Client LABEL DESCRIPTION Basic Settings Wireless LAN Select the check box to turn on the wireless LAN on the NWA1121 NI Interface Operation Mode Select Client in this field Site Survey Click this to view a list of available wireless access points within the range Select the AP you want to use Note After selecting Client as the Operation Mode in the Basic Settings section you must click Apply to be able to select from the AP list NWA1121 NI User s Guide 67 Chapter 6 Wireless LAN Table 12
132. ingerprint of a Certificate on Your Computer A certificate s fingerprints are message digests calculated using the MD5 or SHA1 algorithms The following procedure describes how to check a certificate s fingerprint to verify that you have the actual certificate 1 Browse to where you have the certificate saved on your computer n2 NWA1121 NI User s Guide Chapter 9 System 2 Make sure that the certificate has a cer or crt file name extension Figure 54 Certificates on Your Computer 1 VeriSign cer CA Certificates 3 Double click the certificate s icon to open the Certificate window Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields Figure 55 Certificate Details General Details Certification Path Show lt All gt E Value Elissuer Secure Server Certification Au Evald from Wednesday November 09 19 valid to Friday January 08 2010 7 59 Subject Secure Server Certification Au E public key RSA 1000 Bits 4463 C531 D7CC C100 6794 612B B656 D3BF 8257 846F Edit Properties Copy to File 4 Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields The secure method may vary according to your situation Possible examples would be over the telephone or through an HTTPS connection NWA1121 NI User s Guide Chapter 9 Sys
133. involved in the RTS Request To Send CTS Clear to Send handshake If the RTS CTS value is greater than the Fragmentation Threshold value see next then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmented before they reach RTS CTS size Note Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size between 256 and 2432 bytes that can be sent in the wireless network before the AP will fragment the packet into smaller data frames A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference NWA1121 NI User s Guide Appendix D Wireless LANs If the Fragmentation Threshold value is smaller than the RTS CTS value see previously you set then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmented before they reach RTS CTS size Preamble Type Preamble is used to signal that data is coming to the receiver Short and long refer to the length of the synchronization field in a packet Short preamble increases performance as less time sending preamble means more time for sending data All IEEE 802 11 compliant wireless adapters
134. ions and Filter Level Play a sound when a pop up is blocked Show Information Bar when a pop up is blocked Filter Level Medium Block most automatic pop ups Pop up Blocker FAQ 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScript If pages of the web configurator do not display properly in Internet Explorer check that JavaScript are allowed NWA1121 NI User s Guide Appendix B Pop up Windows JavaScript and Java Permissions 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 79 Internet Options Security General Security Privacy Content Connections Programs Advanced Select a Web content zone to specify its security settings e 5 o e Internet Local intranet Trusted sites Restricted sites 4 This zone contains all Web sites you ine haven t placed in other zones m Security level for this zone Move the slider to set the security level for this zone E Medium Safe browsing and still functional a Prompts before downloading potentially unsafe content Unsigned ActiveX controls will not be downloaded Appropriate for most Internet sites C Custom Level Default Level OK Cancel Apply 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets mak
135. is discussed in the rest of this document NWA1121 NI User s Guide Dashboard The Dashboard screens display when you log into the NWA1121 NI or click Dashboard in the navigation menu Use the Dashboard screen to look at the current status of the device system resources and interfaces The Dashboard screens also provide detailed information about system statistics associated wireless clients and logs 3 1 The Dashboard Screen Use this screen to get a quick view of system Ethernet WLAN and other information regarding your NWA1121 NI Click Dashboard The following screen displays Figure 10 The Dashboard Screen C Refresh Interval None v Refresh Now DASHBOARD E System Information System Status System Name NWA1121 NI System Up Time 23 57 34 Up 23 57 WLAN Operating Mode Root AP Current Date Time 1970 01 01 23 57 36 Firmware Version NWA1121 NI 1 00 44BJ 0 B4 20120118 System Resource Serial Number CPU Usage 109 Ethernet Information Memory Usage IL 259 LAN MAC Address 00 03 7F 42 82 68 IPv4 Address 192 168 1 2 Subnet Mask 255 255 255 0 415 Interface Status Gateway IP Address Interface Status Channel Rate IPv6 Address LAN DOWN Auto Link Local fe80 203 7ffffeff ffff 64 WLAN UP 6 144 4Mbps Global WLAN Information Channel amp SSID Status Interface SSID BSSID Security VLAN ath ZyXEL 00 03 7F 42 82 68 Disa
136. itor gt Logs screen Alerts are displayed in red and logs are displayed in black Receiving Logs via E mail If you want to receive logs in your e mail account you need to have the necessary details ready such as the Server Name or Simple Mail Transfer Protocol SMTP Address of your e mail account Ensure that you have a valid e mail address Enabling Syslog Logging To enable Syslog Logging obtain your Syslog server s IP address or server name 10 4 Log Settings Screen Use this screen to configure to where and when the NWA1121 NI is to send the logs and which logs and or immediate alerts it is to send NWA1121 NI User s Guide Chapter 10 Log Settings To change your NWA1121 NI s log settings click Configuration gt Log Settings The screen appears as shown Figure 57 Log Settings Log Settings E mail Log Settings Mail Server Outgoing SMTP Server NAME or IP Address Mail Subject Send Log to E Mail Address SMTP Authentication C Enabled User Name Password Syslog Logging Syslog Logging C Enabled Syslog Server IP Address i Server NAME or IP Address Syslog Port Number Send Log Log Schedule When Log is Full x Day for Sending Log Sunday m Time for Sending Log 0 Hour Minute Clear log after sending mail Enabled Log Category v System Maintenance v 802 1x v System Error v Wireless The followin
137. k 8 3 VLAN Screen Use this screen to set up the VLAN for managing the NWA1121 NI Click Network gt VLAN to display the screen as shown Figure 44 Network gt VLAN VLAN Settings 802 10 VLAN Enabled Management VLAN Enabled Management VLAN ID 1 4094 E The following table describes the labels in this screen Figure 45 Network gt VLAN LABEL DESCRIPTION 802 1Q VLAN Select this to enable VLAN tagging on the NWA1121 NI Management VLAN Select this to enable VLAN management Only traffic tagged with the management VLAN ID can access the NWA1121 NI At least one device in your network must belong to the VLAN specified below in order to manage the NWA1121 NI Management VLAN ID Enter a number from 1 to 4094 to define the NWA1121 NI s management VLAN group Apply Click Apply to save your changes Cancel Click Cancel to begin configuring this screen afresh NWA1121 NI User s Guide 99 Chapter 8 VLAN NWA1121 NI User s Guide System 9 1 Overview This chapter shows you how to enable remote management of your NWA1121 NI It provides information on determining which services or protocols can access which of the NWA1121 NI s interfaces Remote Management allows a user to administrate the device over the network You can manage your NWA1121 NI from a remote location via the following interfaces e WLAN e LAN e Both WLAN and LAN e Neither
138. k device has a unique MAC address which identifies it across the network IPv4 Address This field displays the current IPv4 address of the NWA1121 NI on the network Subnet Mask Subnet masks determine the maximum number of possible hosts on a network You can also use subnet masks to divide one network into multiple sub networks Gateway IP Address This is the IP address of the gateway The gateway is a router or switch on the same network segment as the device s LAN port The gateway helps forward packets to their destinations IPv6 Address This field displays the current IPv6 address es of the NWA1121 NI on the network Link Local This is the IPv6 link local address that the NWA1121 NI generates automatically Global This is the NWA1121 NI s IPv6 global address that you specify manually in the Configuration gt LAN screen WLAN Information SSID This field displays the SSID Service Set Identifier This is available only when the WLAN operation mode is Client Channel The channel or frequency used by the NWA1121 NI to send and receive information Status This shows the current status of the wireless LAN This is available only when the WLAN operation mode is Client Security Mode This displays the security mode the NWA1121 NI is using This is available only when the WLAN operation mode is Client Summary Statistics Click this link to view port status and packet
139. kup configuration and restoring configuration see Section 11 8 on page 124 e Use Restart screen to reboot the NWA1121 NI without turning the power off see Section 11 9 on page 125 NWA1121 NI User s Guide Chapter 11 Maintenance 11 3 What You Need To Know You can find the firmware for your device at www zyxel com It is a file that usually uses the system model name with a bin extension for example Model bin The upload process uses HTTP Hypertext Transfer Protocol and may take up to two minutes After a successful upload the system will reboot 11 4 General Screen Use the General screen to identify your NWA1121 NI over the network Click Maintenance gt General The following screen displays Figure 59 Maintenance gt General General System Settings System Name max 15 alphanumeric printable characters and no spaces The following table describes the labels in this screen Table 36 Maintenance General LABEL DESCRIPTION System Settings System Name Type a descriptive name to identify the NWA1121 NI in the Ethernet network This name can be up to 15 alphanumeric characters long Spaces are not allowed but dashes are accepted Apply Click Apply to save your changes Cancel Click Cancel to reload the previous configuration for this screen EJ NWA1121 NI User s Guide Chapter 11 Maintenance 11 5 Password Screen Use this sc
140. l 4 2 1 1 MBSSID 1 Goto Wireless LAN gt Wireless Settings Select MBSSI D from the Operation Mode drop down list box 2 SSIDOI is the standard network so select SSIDO1 as the first profile It is always active 3 Select VoIP SSID as the second profile and Guest SSID as the third profile Select the corresponding Active check boxes 4 Click Apply to save your settings Now the three SSIDs are activated Basic Settings Wireless LAN Interface Wireless Mode Channel Channel Width Select SSID Profile 4 3 5 7 Advanced Settings Beacon Interval DTIM Interval Output Power Preamble Type RTS CTS Threshold A MPDU Aggregation Short GI MCS Rate Enabled v Enabled Extension Channel Protection Mode 16 M 20MHZ vi Profile 8 ssipo1 2 VoIP SSID 4 Guest SSID 6 SSIDO1 v 8 o0 1 Full iv Dynamic vi 2346 None ha Y Enabled Vj Enabled Gon Active Profile ssi x SSID01 x ssipo1 x ssp v _ 25 1000 ms 1 15 1 2346 14 Wireless Setings SSID Securiy RADIUS WAC Fiver lll 15 NWA1121 NI User s Guide Chapter 4 Tutorial 4 2 2 Configure the Standard Network 1 Click Wireless LAN gt SSID Click the Edit icon next to SSI DO1 oOo fF WN on oO Profile Settings Profile Name
141. l interference in a residential installation This device generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation NWA1121 NI User s Guide Appendix E Legal Information If this device does cause harmful interference to radio television reception which can be determined by turning the device off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and the receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment fa FCC Radiation Exposure Statement e This transmitter must not be co located or operating in conjunction with any other antenna or transmitter e IEEE 802 11b 802 11g or 802 11n 20MHz operation of this product in the U S A is firmware limited to channels 1 through 11 IEEE 802 11n 40MHz operation of this product in the U S A is firmware limited to channels 3 through 9
142. led a 5 MacProfile5 Disabled 3 6 MacProfile6 Disabled 4 7 MacProfile7 Disabled 3 8 MacProfile8 Disabled 3 2 Select Allow in the Access Control Mode field Enter the MAC addresses of the wireless clients W Y and Z you want to associate with the NWA1121 NI Click Apply MAC Filter MAC Filter Settings Profile Name MacProfile1 Access Control Mode MAC Address MAC Address 1 2 3 4 Now only the authorized wireless clients W Y and Z can access the FTP server EB NWA1121 NI User s Guide Chapter 4 Tutorial 4 3 5 Testing the Connection and Troubleshooting This section discusses how you can check if you have correctly configured your network setup as described in this tutorial e Try accessing the FTP server from wireless clients W Y or Z Test if you can send or retrieve a file If you cannot establish a connection with the FTP server do the following steps 1 Make sure W Y and Z use the same wireless security settings as A and can access A 2 Make sure B uses the same wireless and wireless security settings as A and can access A 3 Make sure intra BSS traffic is enabled on A e Try accessing the FTP server from X If you are able to access the FTP server do the following 1 Make sure MAC filtering is enabled 2 Make sure X s MAC address is not entered in the list of allowed devices NWA1121 NI User s Guide Chapter 4 Tutorial NWA1121 NI User s Guide PART II T
143. less Client NWA in AP Mode NWA in Wireless Client Mode 4 3 2 Configuring the NWA1121 NI in MBSSID or Root AP Mode connection Before setting up the NWA1121 NI as a wireless client B you need to make sure there is an access point to connect to Use the Ethernet port on NWA1121 NI A to configure it via a wired NWA1121 NI User s Guide Chapter 4 Tutorial Log into the Web Configurator on NWA1121 NI A and go to the Wireless LAN gt Wireless Settings screen Basic Settings Wireless LAN Interface Enabled Operation Mode Root AP Wireless Mode 802 11b g n Channel 6 Channel Width 20MHZ Select SSID Profile Active Profile Profile 1 Proflet v Profile v 3 Profile Profle v Universal Repeater Settings Local MAC Address Universal Repeater SSID Profile Profile1 iv Advanced Settings Beacon Interval 100 25 1000 ms DTIM Interval 1 1 15 Output Power Full v Preamble Type Dynamic iv RTS CTS Threshold 2346 1 2346 Extension Channel Protection Mode None iv A MPDU Aggregation iv Enabled Short GI v Enabled MCS Rate Auto 0 1 2 3 4 5 6 7 8 9 10 11 1271713717 44 1745 Enabled C 1 Set the Operation Mode to Root AP 2 Select the Wireless Mode In this example select 802 11b g n 3 Select Profile1 as the SSID Profile 4 Choose the Channel you want NWA1121 NI A to use 5 Click A
144. less network or wireless station in an Ad Hoc wireless network Channel MAC Address This field displays the MAC address of the AP in an Infrastructure wireless network It is randomly generated so ignore it in an Ad Hoc wireless network Wireless Mode This is the IEEE 802 1x standard used by the wireless network This field displays the strength of the AP s signal If you must choose a channel that is currently in use choose one with low signal strength for minimum interference Signal Strength Security This is the wireless security method used by the wireless network to protect wireless communication between wireless stations access points and the wired network Refresh Click Refresh to reload the screen NWA1121 NI User s Guide Chapter 5 Monitor NWA1121 NI User s Guide Wireless LAN 6 1 Overview This chapter discusses the steps to configure the Wireless Settings screen on the NWA1121 NI It also introduces the wireless LAN WLAN and some basic scenarios Figure 17 Wireless Mode In the figure above the NWA1121 NI allows access to another bridge device A and a notebook computer B upon verifying their settings and credentials It denies access to other devices C and D with configurations that do not match those specified in your NWA1121 NI 6 2 What You Can Do in this Chapter Use the Wireless Settings screen to configure the NWA1121 NI s operation mode see Secti
145. llowing summarizes how to navigate the web configurator from the Dashboard screen Figure 9 Status Screen of the Web Configurator ZyXEL nwa1121 NI DASHBOARD C2 Refresh Interval None Refresh Now E System Information System Status System Name NWA1121 NI System Up Time 23 57 34 Up 23 57 WLAN Operating Mode Root AP Current Date Time 1970 01 01 23 57 36 Firmware Version NWA1121 NI_1 00 AABJ 0 B4_20120118 System Resource Serial Number CPU Usage Ethernet Information LAN MAC Address 00 03 7F 42 82 68 IPv4 Address 192 168 1 2 Subnet Mask 255 255 255 0 A5 Interface Status Gateway IP Address Interface Status Pv6 Address LAN DOWN Auto Link Local fe80 203 7fff feff ffffiG4 WLAN UP 144 4Mbps Global WLAN Information Channel A SSID Status Interface SSID BSSID Security atho ZyXEL 00 03 7F 42 82 68 Disabled ath1 ZyXEL 02 03 7F 42 82 68 Disabled ath2 ZyXEL NWA 12 03 7F 42 82 68 Disabled Memory Usage Summary Statistics Details Association List Details View Log Details As illustrated above the Web Configurator screen is divided into these parts e A title bar e B navigation panel e C main window 2 3 1 Title Bar Click Logout at any time to exit the Web Configurator Click ZAbout to open the about window which provides information of the boot module and driver versions NWA1121 NI User s Guide Chapter 2 Introducing the Web
146. ly being used Therefore they are considered hidden from each other Figure 94 RTS CTS RTS Range Wireless AP Taar Station RTS Data D q Mb CE Stations annot ACK a A _o CTS Range When station A sends data to the AP it might not know that the station B is already using the channel If these two stations send data at the same time collisions may occur when both sets of data arrive at the AP at the same time resulting in a loss of messages for both stations RTS CTS is designed to prevent collisions due to hidden nodes An RTS CTS defines the biggest size data frame you can send before an RTS Request To Send CTS Clear to Send handshake is invoked When a data frame exceeds the RTS CTS value you set between 0 to 2432 bytes the station that wants to transmit this frame must first send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer their transmission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhead
147. mission Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks C Show icon in notification area when connected NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address 5 7 8 The Internet Protocol TCP IP Properties window opens Internet Protocol TCP IP Properties General Alternate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IP address Obtain DNS server address automatically Use the following DNS server addresses Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically Select Use the following I P Address and fill in the IP address Subnet mask and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click OK to close the Internet Protocol TCP I P Properties window Click OK to close the Local Area Connection Properties window Verifying Settings 1 2 Click Start gt All Programs gt Accessories gt Command Prompt In
148. n aus war ad Pan OR Ra 34 42834 090nfiqure the Guesi MBIWDEK iuusesvuddssepbladessttoeutiqseh rabia neqoe eec an dion berpi des beet d qe S RE AR 36 4 25 Tooting die Wireless BONO ciudossraxiennes end xq En dad vec A Nl ra monte Ug ER ER d 38 4 3 NWA1121 NI Setup in AP and Wireless Client Modes c ccccceceeeeeeeeseeeeeeeeeeeeeaaeseeneeeesaeesteneees 38 SOD SOARING e 38 4 3 2 Configuring the NWA1121 NI in MBSSID or Root AP Mode ssseeeeene 39 4 3 3 Configuring the NWA1121 NI in Wireless Client Mode essent 42 Ec N puedgua jn 44 4 3 5 Testing the Connection and Troubleshooting sssssssssssseeseeeeenee ennt 45 Part ik Technical Hefererteliussises tei b aaia a 47 Chapter 5 ilr ncaa 49 WESS E o a ETE 49 Pus ica Edi qct 49 zm gm os ers cscs saceete ite een aad iemesateieud ate es eamaed nia sues lense entities satya aa eeteaanigds 49 ME ECE Leo idm dette ga dane tweed A TA REM deut ares ia pred in Ep aimee ees 50 DP PRB cq Ec M iad 51 EB channel LS OE vss dimonsarkem vidus Sata aed banana T ber uni losin pedea ate da tiri inco 52 Chapter 6 Wireless 55 ARE A P S 55 5 2 Wh Yoox DG TRIB Chapar au
149. netting This appendix introduces IP addresses and subnet masks IP addresses identify individual devices on a network Every networking device including computers servers routers printers etc needs an IP address to communicate across the network These networking devices are also known as hosts Subnet masks determine the maximum number of possible hosts on a network You can also use subnet masks to divide one network into multiple sub networks Introduction to IP Addresses One part of the IP address is the network number and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the network the packets are delivered Structure An IP address is made up of four parts written in dotted decimal notation for example 192 168 1 1 Each of these four parts is known as an octet An octet is an eight digit binary number for example 11000000 which is 192 in decimal notation Therefore each octet has a possible range of 00000000 to 11111111 in binary or 0 to 255 in decimal NWA1121 NI User s Guide 171 Appendix C IP Addresses and Subnetting The following figure shows an example IP
150. ng this screen afresh 9 7 SNMP Screen Use this screen to have a manager station administrate your NWA1121 NI over the network and configure SNMP accounts on the SNMP v3 manager An SNMP administrator user is an SNMP NWA1121 NI User s Guide 107 Chapter 9 System manager To change your NWA1121 NI s SNMP settings click System gt SNMP The following screen displays Figure 52 System gt SNMP Server Access Secured Client IP Address Secured Client MAC Address 9 All Selected 00 00 00 00 00 00 SNMP Configuration Protocol Version Get Community Set Community Trap Community Trap Destination SNMPv3 Admin Settings SNMPv3 Admin User Name Password Confirm Password Access Type Authentication Protocol Privacy Protocol SNMPv3 User Settings SNMPv3 User User Name Password Confirm Password Access Type Authentication Protocol Privacy Protocol Gase v Al Selected 0 0 00 public private 192 168 1 10 v Enabled SNMPY3Admin seccccee 8 32 alphanumeric printable characters and no spaces seecceeee Read Write v SHA Mi DES x x Enabled SNMPv3User eecccces 8 32 alphanumeric printable characters and no spaces Read Only v MD5 v None iv The following table describes the labels in this screen Table 33 System SNMP LABEL DESCRI
151. nnections Repeater SSID Profile Note You can only configure None WPA PSK or WPA2 PSK security mode for the SSID used by a universal repeater connection NWA1121 NI User s Guide Chapter 6 Wireless LAN Table 10 Wireless LAN gt Wireless Settings Root AP continued LABEL DESCRIPTION Advanced Settings Beacon Interval When a wirelessly network device sends a beacon it includes with it a beacon interval This specifies the time period before the device sends the beacon again The interval tells receiving devices on the network how long they can wait in lowpower mode before waking up to handle the beacon A high value helps save current consumption of the access point DTIM Interval Delivery Traffic Indication Message DTIM is the time period after which broadcast and multicast packets are transmitted to mobile clients in the Active Power Management mode A high DTIM value can cause clients to lose connectivity with the network Output Power Set the output power of the NWA1121 NI in this field If there is a high density of APs in an area decrease the output power of the NWA1121 NI to reduce interference with other APs Select one of the following Full Full Power 50 25 or 12 5 See the product specifications for more information on your NWA1121 NI s output power Preamble Type RTS CTS Threshold Select Dynamic to have the AP automatically use short preamble when wireless ada
152. notation Backup Server Port Backup Share Enter the port number of the external accounting server Enter a password up to 64 alphanumeric characters as the key to be shared Secret between the external accounting server and the NWA1121 NI The key must be the same on the external accounting and your NWA1121 NI The key is not sent over the network Back Click Back to return to the previous screen NWA1121 NI User s Guide Chapter 6 Wireless LAN Table 24 Wireless LAN gt RADIUS continued LABEL DESCRIPTION Apply Click Apply to save your changes Cancel Click Cancel to begin configuring this screen afresh 6 8 MAC Filter Screen Every Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to know the MAC address of each device to configure MAC filtering on the NWA1121 NI The MAC filter function allows you to configure the NWA1121 NI to grant access to the NWA1121 NI from other wireless devices Allow Association or exclude devices from accessing the NWA1121 NI Deny Association Figure 38 MAC Filtering e ZZ YY XX 33 22 11 A U AA BB CC 11 22 33 In the figure above wireless client U is able to connect to the Internet because its MAC address is in the allowed association list specified in the NWA1121 NI The MAC addres
153. o any language or transmitted in any form or by any means electronic mechanical magnetic optical chemical photocopying manual or otherwise without the prior written permission of ZyXEL Communications Corporation Published by ZyXEL Communications Corporation All rights reserved Disclaimers ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Your use of the NWA1121 NI is subject to the terms and conditions of any related service providers Trademarks Trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners Certifications Federal Communications Commission FCC Interference Statement The device complies with Part 15 of FCC rules Operation is subject to the following two conditions e This device may not cause harmful interference e This device must accept any interference received including interference that may cause undesired operations This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmfu
154. o the purchaser To obtain the services of this warranty contact your vendor You may also refer to the warranty policy for the region in which you bought the device at http www zyxel com web support_warranty_info php Registration Register your product online to receive e mail notices of firmware upgrades and information at www zyxel com Open Source Licenses This product contains in part some free software distributed under GPL license terms and or GPL like licenses Open source licenses are provided with the firmware package You can download the latest firmware at www zyxel com To obtain the source code covered under those Licenses please contact support zyxel com tw to get it Regulatory Information European Union The following information applies if you use the product within the European Union Declaration of Conformity with Regard to EU Directive 1999 5 EC R amp TTE Directive Compliance Information for 2 4GHz and 5GHz Wireless Products Relevant to the EU and Other Countries Following the EU Directive 1999 5 EC R amp TTE Directive Czech ZyXEL t mto prohla uje ze tento za zen je ve shod se z kladn mi po adavky a dal mi p slu n mi ustanoven mi sm rnice 1999 5 EC Danish Undertegnede ZyXEL erkl rer herved at f lgende udstyr udstyr overholder de v sentlige krav og vrige relevante krav i direktiv 1999 5 EF German Hiermit erkl rt ZyXEL dass sich das Ger t Ausstattung
155. ock to prevent further changes Assist me Apply Now NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address 4 For dynamically assigned settings select Using DHCP from the Configure I Pv4 list in the TCP IP tab ean Network 4 Show All Q Location Automatic Hj Show Built in Ethernet m PPPoE AppleTalk Proxies Ethernet Configure IPv4 Using DHCP HJ IP Address 0 0 0 0 Renew DHCP Lease Subnet Mask DHCP Client ID If required Router DNS Servers Search Domains Optional IPv6 Address Configure IPv6 Qo 1 Click the lock to prevent further changes Assist me 3 Apply Now 5 For statically assigned settings do the following e From the Configure I Pv4 list select Manually e In the IP Address field type your IP address e In the Subnet Mask field type your subnet mask e In the Router field type the IP address of your device ean Network 4 Show All Q Location Automatic i Show Built in Ethernet m PPPoE AppleTalk Proxies Ethernet Configure IPv4 Manually is IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Router 0 0 0 0 DNS Servers Search Domains Optional IPv6 Address Configure IPv6 id Click the lock to prevent further changes Assist me Apply Now 6 Click Apply Now and close the window NWA1121 NI User s Guide
156. ollowing steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab NWA1121 NI User s Guide Appendix B Pop up Windows JavaScript and Java Permissions 2 Select Settings to open the Pop up Blocker Settings screen Figure 77 Internet Options Privacy Internet Options S es z General Security Privacy Content Connections Programs Advanced Settings Move the slider to select a privacy setting for the Internet RE zone Medium Blocks third party cookies that do not have a compact privacy policy Blocks third party cookies that use personally identifiable CJ information without your implicit consent Restricts first party cookies that use personally identifiable information without implicit consent Pop up Blocker Prevent most pop up windows from appearing Block pop ups 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 NWA1121 NI User s Guide Appendix B Pop up Windows JavaScript and Java Permissions 4 Click Add to move the IP address to the list of Allowed sites Figure 78 Pop up Blocker Settings Pop up Blocker Settings Exceptions Pop ups are currently blocked You can allow pop ups from specific Web sites by adding the site to the list below Address of Web site to allow http 4 192 168 1 1 Allowed sites Notificat
157. omputers with wireless adapters A B C Any time two or more wireless adapters are within range of each other they can set up an independent network which is commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 91 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point AP Intra BSS traffic is traffic between wireless clients in the BSS When Intra BSS is enabled wireless client A and B can access the wired network and communicate with each other When Intra BSS is NWA1121 NI User s Guide 179 Appendix D Wireless LANs disabled wireless client A and B can still access the wired network but cannot communicate with each other Figure 92 Basic Service Set ESS An Extended Service Set ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood
158. on 6 4 on page 60 e Uee the SSID screen to configure up to eight SSID profiles for your NWA1121 NI see Section 6 5 on page 72 e Use the Security screen to choose the wireless security mode for your NWA1121 NI see Section 6 6 on page 74 e Use the RADIUS screen if you want to authenticate wireless users using a RADIUS Server and or accounting server see Section 6 7 on page 87 e Use the MAC Filter screen to specify which wireless station is allowed or denied access to the NWA1121 NI see Section 6 8 on page 89 NWA1121 NI User s Guide 55 Chapter 6 Wireless LAN 6 3 What You Need To Know BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point AP Intra BSS traffic is traffic between wireless clients in the BSS ESS An Extended Service Set ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS Operating Mode The NWA1121 NI can run in four operating modes as follows e Root AP The NWA1121 NI is a wireless access point that allows wireless communication to other devices in the network e Repeater The NWA1121 NI acts as a wireless repeater and increase a root AP s wireless coverage area e Client The NWA1121 NI acts as a wireless clien
159. ork you have to reset the device to its factory defaults See Section 2 2 on page 20 I forgot the password 1 The default password is 1234 2 Ifthis does not work you have to reset the device to its factory defaults See Section 2 2 on page 20 I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address e The default IP address is 192 168 1 2 e If you changed the IP address Section 7 4 on page 96 use the new IP address e If you changed the IP address and have forgotten it see the troubleshooting suggestions for I forgot the IP address for the NWA1121 NI 2 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 1 7 on page 17 3 Make sure your Internet browser does not block pop up windows and has JavaScript and Java enabled See Section 12 1 on page 127 4 Make sure your computer is in the same subnet as the NWA1121 NI If you know that there are routers between your computer and the NWA1121 NI skip this step e If there is no DHCP server on your network make sure your computer s IP address is in the same subnet as the NWA1121 NI 5 Reset the device to its factory defaults and try to access the NWA1121 NI with the default IP address See Chapter 2 on page 20 NWA1121 NI User s Guide Chapter 12 Troubleshooting 6 If the problem continues contact the network administrator or vendor or tr
160. ost secure encryption method that all devices on your network support See Section 6 6 on page 74 for directions on configuring encryption If you have a RADIUS server enable IEEE 802 1x or WPA 2 user identification on your network so users must log in This method is more common in business environments Hide your wireless network name SSID The SSID can be regularly broadcast and unauthorized users may use this information to access your network See Section 6 5 on page 72 for directions on using the web configurator to hide the SSID Enable the MAC filter to allow only trusted users to access your wireless network or deny unwanted users access based on their MAC address See Section 6 8 on page 89 for directions on configuring the MAC filter 1 5 Good Habits for Managing the NWA1121 NI Do the following things regularly to make the NWA1121 NI more secure and to manage it more effectively e Change the password Use a password that s not easy to guess and that consists of different types of characters such as numbers and letters e Write down the password and put it in a safe place NWA1121 NI User s Guide Chapter 1 Introducing the NWA1121 NI e Back up the configuration and make sure you know how to restore it Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes If you forget your password you will have to reset the NWA1121 NI to its factory default settings If you
161. our NWA1121 NI Address Universal Select the SSID profile you want to use for universal repeater connections with an AP or Repeater SSID repeater or regular wireless connections with wireless clients Profile Note You can only configure None WPA PSK or WPA2 PSK security mode for the SSID used by a universal repeater connection Root MAC Specify the peer device s MAC address The peer device can be a NWA1121 NI in either Address root AP mode or repeater mode Advanced Settings Beacon Interval When a wirelessly network device sends a beacon it includes with it a beacon interval This specifies the time period before the device sends the beacon again The interval tells receiving devices on the network how long they can wait in lowpower mode before waking up to handle the beacon A high value helps save current consumption of the access point DTIM Interval Delivery Traffic Indication Message DTIM is the time period after which broadcast and multicast packets are transmitted to mobile clients in the Active Power Management mode A high DTIM value can cause clients to lose connectivity with the network Output Power Set the output power of the NWA1121 NI in this field If there is a high density of APs in an area decrease the output power of the NWA1121 NI to reduce interference with other APs Select one of the following Full Full Power 50 25 or 12 596 See the product specifications for more information on your NW
162. owing e On a computer with a wireless client scan for access points You should see the Guest SSID network but not the SSIDO1 and VoIP SSID networks If you can see the SSIDO1 and VoIP SSID networks go to its SSID Edit screen and make sure to select the Hidden SSID check box and click Apply e Try to access each network using the correct security settings and then using incorrect security settings such as the WPA PSK for another active network If the behavior is different from expected for example if you can access the SSIDO1 or VoIP SSID wireless network using the security settings for the Guest SSI D wireless network check that the SSID profile is set to use the correct security profile and that the settings of the security profile are correct 4 3 NWA1121 NI Setup in AP and Wireless Client Modes This example shows you how to restrict wireless access to your NWA1121 NI 4 3 1 Scenario In the figure below there are two NWA1121 NIs A and B in the network A is in MBSSID or root AP mode while station B is in wireless client mode Station B is connected to a File Transfer Protocol FTP server You want only specified wireless clients to be able to access station B You also want NWA1121 NI User s Guide Chapter 4 Tutorial to allow wireless traffic between B and wireless clients connected to A W Y and Z Other wireless devices X must not be able to connect to the FTP server Figure 11 FTP Server Connected to a Wire
163. p Your Computer s IP Address 8 If you know your DNS server IP address es click the Hostname DNS tab in Network Settings and then enter the DNS server information in the fields provided YaST2 linux h20z Enter the name for this computer and the DNS domain that it belongs to Optionally enter the name server list and domain search list Note that the hostname is global it applies to all interfaces not just this one The domain is especially important if this computer is a mail server If you are using DHCP to get an IP address check whether to get a hostname via DHCP The hostname of your host which can be a Network Settings Global Options Overview Hostname DNS jJ Routing m Hostname and Domain Name Hostname Domain Name linux h2oz site _ Change Hostname via DHCP _ Write Hostname to etc hosts X Change etc resolv conf manually Name Servers and Domain Search List Name Server 1 Domain Search 10 0 2 3 Name Server 2 Name Server 3 _ Update DNS data via DHCP seen by issuing the hostname command will be set automatically by the DHCP client You may want to disable this option if you connect to different networks nee 9 Click Finish to save your settings and close the window Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP IP properties
164. phrase functions like a password In WEP security mode it is further converted by the NWA1121 NI into a complicated string that is referred to as the key This key is requested from all devices wishing to connect to a wireless network PSK The Pre Shared Key PSK is a password shared by a wireless access point and a client during a previous secure connection The key can then be used to establish a connection between the two parties Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network Encryption is like a secret code If you do not know the secret code you cannot understand the message Encryption is the process of converting data into unreadable text This secures information in network communications The intended recipient of the data can unlock it with a pre assigned key making the information readable only to him The NWA1121 NI when used as a wireless client employs Temporal Key Integrity Protocol TKIP data encryption EAP Extensible Authentication Protocol EAP is a protocol used by a wireless client an access point and an authentication server to negotiate a connection The EAP methods employed by the NWA1121 NI when in Wireless Client operating mode are Transport Layer Security TLS Protected Extensible Authentication Protocol PEAP Lightweight Extensible Authentication Protocol LEAP and Tunneled Transport Layer Security TTLS The authentication
165. ple to verify whether data was signed by you or by someone else This process works as follows 1 Tim wants to send a message to Jenny He needs her to be sure that it comes from him and that the message content has not been altered by anyone else along the way Tim generates a public key pair one public key and one private key 2 Tim keeps the private key and makes the public key openly available This means that anyone who receives a message seeming to come from Tim can read it and verify whether it is really from him or not 3 Tim uses his private key to sign the message and sends it to Jenny 4 Jenny receives the message and uses Tim s public key to verify it Jenny knows that the message is from Tim and that although other people may have been able to read the message no one can have altered it because they cannot re sign the message with Tim s private key 5 Additionally Jenny uses her own private key to sign a message and Tim uses Jenny s public key to verify the message 9 9 4 Certification Authorities A Certification Authority CA issues certificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities You can use the NWA1121 NI to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority 9 9 5 Checking the F
166. pply NWA1121 NI User s Guide Chapter 4 Tutorial 6 Goto Wireless LAN gt SSID Click the Edit icon next to Profile1 Profile Settings bad Profile Name Profile1 Profile2 Profile3 Profile4 Profile5 Profile Profile7 Profiles c e WwW Na on o SSID ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL Security RADIUS Disabled RadProfile1 Disabled RadProfile1 Disabled RadProfile1 Disabled RadProfile1 Disabled RadProfile1 Disabled RadProfile 1 Disabled RadProfile1 Disabled RadProfile1 QoS WMM WMM WMM WMM WMM WMM WMM WMM MAC Filter Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Sy Uy Uy Uy Lay Lay Ly 7 Change the SSID to AP A 8 Select SecProfile1 in the Security field 9 Select the check box for Intra BSS Traffic blocking Enabled so the client cannot access other clients on the same wireless network 10 Click Apply Profile Settings Profile Name MAC Filtering QoS BSSID VLAN ID Associate Hidden SSID Intra BSS Traffic Blocking Number of Wireless Stations Allowed to Profile AP A SecProfile1 RadProfile1 Disabled WMM 4 64 Enabled Enabled Iv v vl i 1 4094 1 64 NWA1121 NI User s Guide Chapter 4 Tutorial 11 Go to Wireless LAN gt Security Click the Edit icon next to SecProfile1 Security Profiles Profile Name SecProfile1 SecProf
167. protocol may either be Microsoft Challenge Handshake Authentication Protocol Version 2 MSCHAPv2 or Generic Token Card GTC Further information on these terms can be found in Appendix D on page 179 RADIUS Remote Authentication Dial In User Service RADIUS is a protocol that can be used to manage user access to large networks It is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server Figure 19 RADIUS Server Setup NWA1121 NI User s Guide Chapter 6 Wireless LAN In the figure above wireless clients A and B are trying to access the Internet via the NWA1121 NI The NWA1121 NI in turn queries the RADIUS server if the identity of clients A and U are allowed access to the Internet In this scenario only client U s identity is verified by the RADIUS server and allowed access to the Internet The RADIUS server handles the following tasks e Authentication which determines the identity of the users e Authorization which determines the network services available to authenticated users once they are connected to the network e Accounting which keeps track of the client s network activity RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server You should know the IP addresses ports and share secrets of the external RADIUS server and or the e
168. ps Select your preferred language for Opera and Web pages Language English US en US Y Details Enabling Java x ox cme Hp From Opera click Tools then Preferences In the Advanced tab select Content from the left side menu Select the check boxes as shown in the following screen Figure 86 Opera Enabling Java Preferences General Forms Search Web TE Tabs Enable animated images Browsing Notifications Enable sound in Web pages Enable plug ins Style Options Content settings can be adapted to each site Manage Site Preferences Blocked Content Enable JavaScript F JavaScript Options SSS x OK Cancel Help NWA1121 NI User s Guide Appendix B Pop up Windows JavaScript and Java Permissions To customize JavaScript behavior in the Opera browser click JavaScript Options Figure 87 Opera JavaScript Options xi Allow resizing of windows Allow moving of windows Allow raising of windows Allow lowering of windows Allow changing of status field Allow scripts to detect context menu events Allow script to hide address bar Open console on error Mser JavaScript Folder Choose cma Select the items you want Opera s JavaScript to apply NWA1121 NI User s Guide Appendix B Pop up Windows JavaScript and Java Permissions 170 NWA1121 NI User s Guide C IP Addresses and Sub
169. pters support it otherwise the AP uses long preamble Select Long if you are unsure what preamble mode the wireless adapters support and to provide more reliable communications in busy wireless networks Request To Send The threshold number of bytes for enabling RTS CTS handshake Data with its frame size larger than this value will perform the RTS CTS handshake Setting this attribute to be larger than the maximum MSDU MAC service data unit size turns off the RTS CTS handshake Setting this attribute to its smallest value 1 turns on the RTS CTS handshake Fragmentation The threshold number of bytes for the fragmentation boundary for directed messages It is the maximum data fragment size that can be sent Aggregation Extension You can use CTS to self or RTS CTS protection mechanism to reduce conflicts with other Channel wireless networks or hidden wireless clients The throughput of RTS CTS is much lower Protection Mode than CTS to self Using this mode may decrease your wireless performance A MPDU This field is available only when 802 11 b g n is selected as the Wireless Mode Select to enable A MPDU aggregation Message Protocol Data Unit MPDU aggregation collects Ethernet frames along with their 802 11n headers and wraps them in a 802 11n MAC header This method is useful for increasing bandwidth throughput in environments that are prone to high error rates Short GI This field is availabl
170. r it fills NWA1121 NI User s Guide Chapter 5 Monitor Click Monitor gt Logs Figure 13 Logs View Log Log List Display All Logs Timev 1 00 50 48 2 01 00 24 3 01 00 24 4 01 01 24 5 01 03 22 6 01 07 38 7 01 12 37 8 01 15 56 9 01 16 21 10 01 16 34 11 01 17 34 12 01 17 36 13 01 18 36 14 01 18 38 15 01 19 38 16 01 34 21 ij E Mail Log Now Refresh Clear Log Message Source hostapd Stationhasassociated Interface ath0 MAC 00 19 cb 32 be ac hostapd Stationhasdisassociated Interface ath MAC cc 08 e0 86 5f 17 hostapd Stationhasassociated Interface athO MAC cc 08 e0 86 5f 17 hostapd Stationhasdisassociated Interface ath0 MAC cc 08 e0 86 5f 17 hostapd Stationhasdisassociated Interface athO MAC cc 08 e0 86 5f 17 hostapd Stationhasassociated Interface athO MAC 40 a6 d9 cc 03 28 hostapd Stationhasdisassociated Interface athO MAC 40 a6 d9 cc 03 28 hostapd Stationhasassociated Interface athO MAC 40 a6 d9 cc 03 28 hostapd Stationhasdisassociated Interface ath0 MAC 40 36 d9 cc 03 28 hostapd Stationhasassociated Interface ath0 MAC 40 a6 d9 cc 03 28 hostapd Stationhasdisassociated Interface ath0 MAC 40 36 d9 cc 03 28 hostapd Stationhasassociated Interface ath0 MAC 40 36 d9 cc 03 28 hostapd Stationhasdisassociated Interface ath0 MAC 40 36 d9 cc 03 28 hostapd Stationhasassociated Interface ath0 MAC 40 a6 d9 cc 03 28 hostapd Stationhasdisassociated Interface athO MAC 40 a6 d9 cc 03 28 hostapd Stationhasassoci
171. r a room environment With a wide coverage area it is possible to make circular overlapping coverage areas with multiple access points e Directional antennas concentrate the RF signal in a beam like a flashlight does with the light from its bulb The angle of the beam determines the width of the coverage pattern Angles typically range from 20 degrees very directional to 120 degrees less directional Directional antennas are ideal for hallways and outdoor point to point applications Positioning Antennas In general antennas should be mounted as high as practically possible and free of obstructions In point to point application position both antennas at the same height and in a direct line of sight to each other to attain the best performance For omni directional antennas mounted on a table desk and so on point the antenna up For omni directional antennas mounted on a wall or ceiling point the antenna down For a single AP application place omni directional antennas as close to the center of the coverage area as possible NWA1121 NI User s Guide EB Appendix D Wireless LANs For directional antennas point the antenna in the direction of the desired coverage area NWA1121 NI User s Guide Legal Information Copyright Copyright 2012 by ZyXEL Communications Corporation The contents of this publication may not be reproduced in any part or as a whole transcribed stored in a retrieval system translated int
172. ration information and returns the NWA1121 NI to its factory defaults as shown on the screen The following screen will appear Figure 67 Reset Message Configuration File Rebooting AP is rebooting now system will back to factory defaults As there will be no indication of when the process is complete please wait for 52 seconds before attempting to access AP again You can also press the RESET button to reset your NWA1121 NI to its factory default settings Refer to Section 2 2 on page 20 for more information 11 9 Restart Screen Use this screen to reboot the NWA1121 NI without turning the power off Click Maintenance gt Restart The following screen displays Figure 68 Maintenance gt Restart Restart System Restart Click to have the device perform a software The SYS LED blinks as the device restarts and then stays steady off ifthe restart is successful Wait 80 sec before logging into the device again NWA1121 NI User s Guide 125 Chapter 11 Maintenance Click Restart to have the NWA1121 NI reboot This does not affect the NWA1121 NI s configuration NWA1121 NI User s Guide Troubleshooting This chapter offers some suggestions to solve problems you might encounter The potential problems are divided into the following categories e Power Hardware Connections and LEDs e NWA1121 NI Access and Login e Internet Access 12 1 Power Hardware Connections and LEDs The NWA
173. reen to control access to your NWA1121 NI by assigning a password to it Click Maintenance gt Password The following screen displays Figure 60 Maintenance gt Password Password Password Setup Current Password New Password 1 32 characters Retype to Confirm The following table describes the labels in this screen Table 37 Maintenance gt Password LABEL DESCRIPTIONS Current Password Type in your existing system password New Password Type your new system password Note that as you type a password the screen displays a dot for each character you type Retype to Confirm Retype your new system password for confirmation Apply Click Apply to save your changes Cancel Click Cancel to reload the previous configuration for this screen NWA1121 NI User s Guide Chapter 11 Maintenance 11 6 Time Screen Use this screen to change your NWA1121 NI s time and date click Maintenance gt Time The following screen displays Figure 61 Maintenance Time Current Time and Date Current Time hh mm ss Current Date YY MM DD Time and Date Setup NTP Client Update v Enabled NTP Server ntpi cs wiscedu O Manual IP Time Zone Setup Time Zone GMT Greenwich Mean Time Dublin Edinburgh Lisbon London aj isi The following table describes the labels in this screen Table 38 Maintenance Time LABEL DESCRIPTION Current
174. regation Message Protocol Data Unit MPDU aggregation collects Ethernet frames along with their 802 11n headers and wraps them in a 802 11n MAC header This method is useful for increasing bandwidth throughput in environments that are prone to high error rates Short GI This field is available only when 802 11 b g n is selected as the Wireless Mode Select Enabled to use Short GI Guard Interval The guard interval is the gap introduced between data transmission from users in order to reduce interference Reducing the GI increases data transfer rates but also increases interference Increasing the GI reduces data transfer rates but also reduces interference MCS Rate The MCS Rate table is available only when 802 11 b g n is selected in the Wireless Mode field IEEE 802 11n supports many different data rates which are called MCS rates MCS stands for Modulation and Coding Scheme This is an 802 11n feature that increases the wireless network performance in terms of throughput For each MCS Rate 0 15 select either Enabled to have the NWA1121 NI use the data rate Clear the Enabled check box if you do not want the NWA1121 NI to use the data rate Turn on the Auto option to have the NWA1121 NI set the data rates automatically to optimize the throughput Note You can set the NWA1121 NI to use up to four MCS rates at a time Apply Click Apply to save your changes Cancel Click Cancel to begin configur
175. reless security methods available on the NWA1121 NI are data encryption wireless client authentication restricting access by device MAC address and hiding the NWA1121 NI identity NWA1121 NI User s Guide Appendix D Wireless LANs The following figure shows the relative effectiveness of these wireless security methods available on your NWA1121 NI Table 53 Wireless Security Levels SECURITY LEVEL SECURITY TYPE Least Unique SSID Default Secure Unique SSID with Hide SSID Enabled MAC Address Filtering WEP Encryption IEEE802 1x EAP with RADIUS Server Authentication Wi Fi Protected Access WPA WPA2 Most Secure Note You must enable the same wireless security settings on the NWA1121 NI and on all wireless clients that you want to associate with it IEEE 802 1x RADIUS In June 2001 the IEEE 802 1x standard was designed to extend the features of IEEE 802 11 to support extended authentication as well as providing additional accounting and control features It is supported by Windows XP and a number of network devices Some advantages of IEEE 802 1x are e User based identification that allows for roaming e Support for RADIUS Remote Authentication Dial In User Service RFC 2138 2139 for centralized user profile and accounting management on a network RADIUS server e Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to b
176. ring rules you specified below are applied Otherwise select Disable to allow any computer to access the NWA1121 NI through any interface using this service Secured Client IP Address Secured Client MAC Address Apply A secured client is a trusted computer that is allowed to communicate with the NWA1121 NI using this service Select All to allow any computer to access the NWA1121 NI using this service Choose Selected to just allow the computer with the IP address that you specify to access the NWA1121 NI using this service Select All to allow any computer to access the NWA1121 NI using this service Choose Selected to just allow the computer with the MAC address that you specify to access the NWA1121 NIe using this service Click Apply to save your customized settings Cancel Click Cancel to begin configuring this screen afresh 9 9 Technical Reference This section provides some technical background information about the topics covered in this chapter 9 9 1 MIB Managed devices in an SMNP managed network contain object variables or managed objects that define each piece of information to be collected about a device Examples of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed objects SNMP itself is a simple request response protocol based on the manager agent model The manager issues a request and the agen
177. rks to isolate a group of servers from the rest of the company network for security reasons In this example the company network address is 192 168 1 0 The first three octets of the address 192 168 1 are the network number and the remaining octet is the host ID allowing a maximum of 28 2 or 254 possible hosts The following figure shows the company network before subnetting Figure 89 Subnetting Example Before Subnetting a H Y Internet a a A I 0 I D I i I 0 I i y 192 168 1 0 24 a a A um m um um um um Em um Um um um You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 NWA1121 NI User s Guide Appendix C IP Addresses and Subnetting The following figure shows the company network after subnetting There are now two sub networks A and B Figure 90 Subnetting Example After Subnetting a 17 B if i i 3 e D E 2 j emt III 192 168 1 0 25 4192 168 1 128 a amumumumumum um um 9 e oum um um um um um m Ls In a 25 bit subnet the host ID has 7 bits so each sub network has a maximum of 27 2 or 126 possible hosts a host ID of all zeroes is the subnet s address itself all ones is the su
178. rred to as pages using your web browser via HyperText Transfer Protocol HTTP Telnet Telnet is short for Telecommunications Network which is a client side protocol that enables you to access a device over the network FTP File Transfer Protocol FTP allows you to upload or download a file or several files to and from a remote location using a client or the command console SNMP Simple Network Management Protocol SNMP is a member of the TCP IP protocol suite used for exchanging management information between network devices Your NWA1121 NI supports SNMP agent functionality which allows a manager station to manage and monitor the NWA1121 NI through the network The NWA1121 NI supports SNMP version one SNMPv1 version two SNMPv2c and version three SNMPv3 NWA1121 NI User s Guide Chapter 9 System The next figure illustrates an SNMP management operation Figure 47 SNMP Management Mode MANAGER we me Managed Device Managed Device Managed Device An SNMP managed network consists of two main types of component agents and a manager An agent is a management software module that resides in a managed device the NWA1121 NI An agent translates the local management information from the managed device into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and monitor managed devices
179. rver IP Address 88 RADIUS server 58 Backup 88 Primary 88 Rates Configuration 63 66 68 71 registration product 196 related documentation 2 Remote Authentication Dial In User Service 59 remote management 16 remote management limitations 102 Roaming 92 NWA1121 NI User s Guide Index RootAP 14 RTS Request To Send 182 threshold 181 182 RTS CTS Threshold 63 66 68 71 91 S Security Mode Choosing the 93 Security Modes 802 1x Static64 58 IEEE 802 1x Only 58 IEEE 802 1x Static128 58 IEEE 802 1x Static64 58 None 58 WEP 58 WPA 58 WPA2 58 WPA2 MIX 58 WPA2 PSK 58 Service Set IDentifier 56 Service Set Identifier see SSID Simple Mail Transfer Protocol 116 SMTP 116 118 SNMP MIBs 112 Spanning Tree Protocol 91 SSID 11 56 SSID profile pre configured 12 SSID profiles 12 Status Screens 25 802 11 Mode 50 Channel ID 50 Ethernet 25 FCS Error Count 50 Firmware Version 26 Interface Status 27 Poll Interval 50 Retry Count 50 Statistics 51 system statistics 25 WLAN 25 Subnet 171 Subnet Mask 94 172 subnetting 174 Syslog Logging 116 System Screens General 120 Password 121 Time Time and Date Setup 122 Time Zone 122 T telnet 106 Temporal Key Integrity Protocol 59 Temporal Key Integrity Protocol TKIP 187 TFTP restrictions 103 Thumbprint Algorithm 113 TKIP 59 TLS 59 trademarks 193 Transport Layer Security 59 Troubleshooting 127 connection is slow or intermittent 130 DHCP 128 factory
180. s WPA 2 with RADIUS Application Example To set up WPA 2 you need the IP address of the RADIUS server its port number default is 1812 and the RADIUS shared secret A WPA 2 application example with an external RADIUS server looks as follows A is the RADIUS server DS is the distribution system 1 The AP passes the wireless client s authentication request to the RADIUS server 2 The RADIUS server then checks the user s identification against its database and grants or denies network access accordingly 3 A 256 bit Pairwise Master Key PMK is derived from the authentication process by the RADIUS server and the client 4 The RADIUS server distributes the PMK to the AP The AP then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys The keys are used to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients Figure 95 WPA 2 with RADIUS Application Example WPA 2 PSK Application Example A WPA 2 PSK application looks as follows 1 First enter identical passwords into the AP and all wireless clients The Pre Shared Key PSK must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters including spaces and symbols 2 The AP checks each wireless client s password and allows it to join the network only if the password matches 3 The AP and wireless clients generate a common PMK Pairwise Master Key
181. s for a total number of 32 bits 172 NWA1121 NI User s Guide Appendix C IP Addresses and Subnetting Subnet masks can be referred to by the size of the network number part the bits with a 1 value For example an 8 bit mask means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes Subnet masks are expressed in dotted decimal notation just like IP addresses The following examples show the binary and decimal notation for 8 bit 16 bit 24 bit and 29 bit subnet masks Table 42 Subnet Masks BINARY 1ST 2ND 3RD am oar IDECIMAE OCTET OCTET OCTET 8 bit mask 11111111 00000000 00000000 00000000 255 0 0 0 16 bit mask 11111111 11111111 00000000 00000000 255 255 0 0 24 bit mask 11111111 11111111 11111111 00000000 255 255 255 0 29 bit mask 11111111 11111111 11111111 11111000 255 255 255 248 Network Size Notation The size of the network number determines the maximum number of possible hosts you can have on your network The larger the number of network number bits the smaller the number of remaining host ID bits An IP address with host IDs of all zeros is the IP address of the network 192 168 1 0 with a 24 bit subnet mask for example An IP address with host IDs of all ones is the broadcast address for that network 192 168 1 255 with a 24 bit subnet mask for example As these two IP addresses cannot be used for individual hosts calculate
182. s VLAN settings System WWW Use this screen to configure through which interface s and from which IP address es users can use HTTP to manage the NWA1121 NI Certificates Use this screen to import or remove a certificate from the NWA1121 NI Telent Use this screen to configure through which interface s and from which IP address es users can use Telnet to manage the NWA1121 NI SNMP Use this screen to configure the NWA1121 NI for SNMP management FTP Use this screen to configure through which interface s and from which IP address es users can use FTP to access the NWA1121 NI Log Settings Use this screen to change your log settings Maintenance General Use this screen to configure your device s name Password Use this screen to configure your device s password Time Use this screen to change your NWA1121 NI s time and date Firmware Upgrade Use this screen to upload firmware to your device NWA1121 NI User s Guide Chapter 2 Introducing the Web Configurator Table 2 Navigation Panel Summary LINK TAB FUNCTION Configuration File Use this screen to backup and restore your device s configuration settings or reset the factory default settings Restart Use this screen to reboot the NWA1121 NI without turning the power off 2 3 3 Main Window The main window displays information and configuration fields It
183. s currently associated with each SSID profile if you have a RADIUS server configured Qos This field displays the Quality of Service setting for this profile or NONE if QoS is not configured on a profile MAC Filter This field displays which MAC filter profile is currently associated with each SSID profile or Disable if MAC filtering is not configured on an SSID profile Modify Click Edit to go to the SSID configuration screen where you can modify settings in an SSID profile NWA1121 NI User s Guide Chapter 6 Wireless LAN 6 5 1 Configuring SSID Use this screen to configure an SSID profile In the Wireless LAN gt SSID screen click Edit next to the SSID profile you want to configure to display the following screen Figure 25 SSID Edit SSID Profile Settings Profile Name Profile1 SSID ZyXEL Security Disabled x RADIUS RadProfile1 x MAC Filtering Disabled x Qos None iv BSSID VLAN ID 1 1 4094 Number of Wireless Stations Allowed to 64 1 64 Associate Hidden SSID Enabled Intra BSS Traffic Blocking Enabled Back Apply Cancel The following table describes the labels in this screen Table 15 SSID Edit LABEL DESCRIPTION Profile Name This is the name that identifying this profile SSID When a wireless client scans for an AP to associate with this is the name that is broadcast and seen in the wireless client utility Security Select a securit
184. s of client A is either denied association or is not in the list of allowed wireless clients specified in the NWA1121 NI NWA1121 NI User s Guide Chapter 6 Wireless LAN Use this screen to enable MAC address filtering in your NWA1121 NI You can specify MAC addresses to either allow or deny association with your NWA1121 NI Click Wireless LAN gt MAC Filter The screen displays as shown Figure 39 Wireless LAN gt MAC Filter Wireless Settings SSID Security RADIUS MAC Filter MAC Filter Profiles Profile Name Filter Action Modify 1 MacProfile1 Disabled a 2 MacProfile2 Disabled 2 3 MacProfile3 Disabled a 4 MacProfile4 Disabled Ei 5 MacProfile5 Disabled Ci 6 MacProfile6 Disabled P 7 MacProfile7 Disabled E 8 MacProfile8 Disabled 3 Select a profile you want to configure and click Edit Figure 40 MAC Filter Edit MAC Filter MAC Filter Settings Profile Name MacProfile1 Access Control Mode Disabled Apply Cancel NWA1121 NI User s Guide Chapter 6 Wireless LAN The following table describes the labels in this screen Table 25 Wireless LAN gt MAC Filter LABEL DESCRIPTION Profile Name This is the name that identifying this profile Access Control Mode Select Disabled if you do not want to use this feature Select Allow to permit access to the NWA1121 NI MAC addresses not listed will be denied access to the NWA1121 NI Sel
185. s of the guest network to access The following table shows the addresses used in this example Table 4 Tutorial Example Information Network router A MAC address 00 AA 00 AA 00 AA Network printer B MAC address AA 00 AA 00 AA 00 4 2 1 Configure the SSID Profiles 1 Log in to the NWA1121 NI see Section 2 1 on page 19 Click Wireless LAN gt SSID The SSID screen appears 2 Click the Edit icon next to the Profile1 Profile Settings Profile Name SSID Security RADIUS QoS MAC Filter Modify 1 Profile ZyXEL Disabled RadProfile1 WMM Disabled 2 Profile2 ZyXEL Disabled RadProfile1 WMM Disabled 3 3 Profile3 ZyXEL Disabled RadProfile1 WMM Disabled a 4 Profiles ZyXEL Disabled RadProfile1 WMM Disabled a 5 Profile5 ZyXEL Disabled RadProfile1 WMM Disabled g 6 Profile ZyXEL Disabled RadProfile1 WMM Disabled 4 7 Profile7 ZyXEL Disabled RadProfile1 WMM Disabled P 8 Profiles ZyXEL Disabled RadProfile1 WMM Disabled a 3 Rename the Profile Name and SSID as SSIDO1 Click Apply Profile Settings Profile Name siD01 SSID siD01 Security Disabled vi RADIUS RadProfile1 xij MAC Filtering Disabled v Qos WMM vi BSSID VLAN ID 4 1 4094 Number of Wireless Stations Allowed to 64 1 64 Associate Hidden SSID Enabled Intra BSS Traffic Blocking Enabled 4 Repeat Step 2 and 3 to change Profile2 and Profile3 to VoIP SSI D and Guest SSID NWA1121 NI User s Guide Chapter 4 Tutoria
186. ser name of the account created in the RADIUS server Login Name Password Supply the password of the account created in the RADIUS server Certificate User Certificate If you select TLS enter the name of the certificate used to to verify the identity of clients Back Click Back to return to the previous screen Apply Click Apply to save your changes Cancel Click Cancel to begin configuring this screen afresh 6 6 3 Security 802 1x Static WEP This screen varies depending on the operating mode you select in the Wireless LAN gt Wireless Settings screen NWA1121 NI User s Guide 79 Chapter 6 Wireless LAN 6 6 3 1 Access Point Use this screen to use 802 1x static WEP security mode for your NWA1121 NI that is in root AP MBSSID or repeater operating mode Select 802 1X Static WEP in the Security Mode field to display the following screen Figure 31 Security 802 1X Static WEP for Access Point Security Security Settings Profile Name Security Mode Data Encryption Passphrase Note Key 1 O Key 2 Key 3 O Key 4 Note Enter a passphrase to automatically generate a WEP key or leave it blank if you want to manually enter the WEP key 64 bit WEP Enter 5 ASCII characters or 10 hexadecimal characters 0 9 A F 128 bit WEP Enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F Rekey Options Reauthentication Time 300 Seconds max 100 3600
187. ss stations have to resend user names and passwords in order to Time stay connected Enter a time interval between 100 and 3600 seconds Alternatively enter 0 to turn reauthentication off Note If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Enable Group Key Select this option to have the NWA1121 NI automatically disconnect a wireless station Update from the wired network after a period of inactivity The wireless station needs to enter the user name and password again before access to the wired network is allowed Enter a time interval between 100 and 3600 seconds Back Click Back to return to the previous screen Apply Click Apply to save your changes Cancel Click Cancel to begin configuring this screen afresh NWA1121 NI User s Guide Chapter 6 Wireless LAN 6 6 3 2 Wireless Client Use this screen to use 802 1x Only security mode for your NWA1121 NI that is in wireless client operating mode Select 802 1X Static WEP in the Security Mode field to display the following screen Figure 32 Security 802 1X Static WEP for Wireless Client Security Security Settings Profile Name SecProfile1 Security Mode 802 1X Static WEP v Data Encryption 128 bit WEP Passphrase characters Note Generate max 16 alphanumeric printable Enter a passphrase to automatically generate a WEP key or leave it blank
188. ssissa dala c kaaa ER dx eR ac 55 cem lc INN fe ETT 56 Ba Wireless Sanos SEPBBIT 2b p Ide mated Gud sn d obo a e rdi pc pd rad Pez rere rrr d 60 DAT PONTE BOO sca caiact ac ccidy ace aobib utc tict o tenu Ee malta tU MEIN Un MOU CRM EO SU OUR Sed RDU 2S UE BERN 61 04 2 Ropeater p M 64 GAS Wireless Giant i T 67 SRM peste NORE e E 69 cepe B Baru ro EE 72 Bod CoU Ro B See een ones teca a S ret DUE Ga cuu Fo en NUR wa Ra RD oa 73 BB Wireless Secimi SOISBE orrena R A 74 D eel WER aiu ean a EUR opea bet Fac vac A dn Ld p 76 6 NWA1121 NI User s Guide Table of Contents BR eui BUS TC CODE dobosoarsebcodiapptlasiueboagdrdanctase die ceu arta POCO Ciber cand nade 77 CE Saen SUP TERI WEP airiai a ASEESSA Aaa iaa chat cupa 79 6 6 4 Security WPA WPA2 WPA2 MIX sscisascsccstsssuetesccasiadyenidaityatectiautventabines cstasaetansdasiadyahecaievtou 83 6 6 5 Security WPA PSK WPA2 PSK WPA2 PSK MIX scsssissssssssnnssderssnnssisessansisdsensnaisedersnavscseseenaas 86 B c RARIUS a rsd ot caste nin a a sae ieee s hela dt tube ant meats 87 oe Pa aE e EEUU 89 SEEMS CAES NER TET DSTI 91 6 9 1 Additional Wireless TRIS xucuuddtescnedarcesviiddcb ect dite R E D bed esito cede mde 91 e Do NILUS iios tue ead pn i op restat un E 92 6 9 3 Becurny Mode DulldeliliB 25 5 oir ide rane E PEE destin nk ERRRER ean EY KE e FOREN Kr EEEk kani ENUE EEA TOUR KM N
189. syslog server that will log the selected categories of logs Address Syslog Port Enter the port number of the syslog server that will log the selected categories of Number logs Send Log Log Schedule This drop down menu is used to configure the frequency of log messages being sent as E mail e When Log is Full e Hourly e Daily e Weekly e None If the Weekly or the Daily option is selected specify a time of day when the E mail should be sent If the Weekly option is selected then also specify which day of the week the E mail should be sent If the When Log is Full option is selected an alert is sent when the log fills up If you select None no log messages are sent Day for Sending Log This field is only available when you select Weekly in the Log Schedule field Use the drop down list box to select which day of the week to send the logs Time for Sending Log Enter the time of the day in 24 hour format for example 23 00 equals 11 00 pm to send the logs Clear log after sending mail Select the check box to clear all logs after logs and alert messages are sent via e mail Log Category System Maintenance Click this to receive logs related to system maintenance System Error Click this to receive logs related to system errors 802 1x Click this to receive logs related to the 802 1x mode Wireless Click this to receive logs related to the wireless function
190. t Au nahme der folgenden aufgef hrten Staaten In the majority of the EU and other European countries the 2 4 and 5 GHz bands have been made available for the use of wireless local area networks LANs Later in this document you will find an overview of countries inwhich additional restrictions or requirements or both are applicable The requirements for any country may evolve ZyXEL recommends that you check with the local authorities for the latest status of their national regulations for both the 2 4 and 5 GHz wireless LANs The following countries have restrictions and or requirements in addition to those given in the table labeled Overview of Regulatory Requirements for Wireless LANs Overview of Regulatory Requirements for Wireless LANs Frequency Band MHz Max Power Level Indoor ONLY Indoor and Outdoor EIRP mW 2400 2483 5 100 V 5150 5350 200 V 5470 5725 1000 V Belgium The Belgian Institute for Postal Services and Telecommunications BIPT must be notified of any outdoor wireless link having a range exceeding 300 meters Please check http www bipt be for more details Draadloze verbindingen voor buitengebruik en met een reikwijdte van meer dan 300 meter dienen aangemeld te worden bij het Belgisch Instituut voor postdiensten en telecommunicatie BIPT Zie http www bipt be voor meer gegevens Les liaisons sans fil pour une utilisation en ext rieur d une distance sup rieure
191. t returns responses using the following protocol operations e Get Allows the manager to retrieve an object variable from the agent e GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements of a table from an agent it initiates a Get operation followed by a series of GetNext operations e Set Allows the manager to set values for object variables within an agent e Trap Used by the agent to inform the manager of some events NWA1121 NI User s Guide Chapter 9 System 9 9 2 Supported MIBs The NWA1121 NI supports MIB II that is defined in RFC 1213 and RFC 1215 as well as the proprietary ZyXEL private MIB The purpose of the MIBs is to let administrators collect statistical data and monitor status and performance 9 9 3 Private Public Certificates When using public key cryptology for authentication each host has two keys One key is public and can be made openly available The other key is private and must be kept secure These keys work like a handwritten signature in fact certificates are often referred to as digital signatures Only you can write your signature exactly as it should look When people know what your signature looks like they can verify whether something was signed by you or by someone else In the same way your private key writes your digital signature and your public key allows peo
192. t to access a wireless network e MBSSID The Multiple Basic Service Set Identifier MBSSID mode allows you to use one access point to provide several BSSs simultaneously Refer to Chapter 1 on page 11 for illustrations of these wireless applications SSID The SSID Service Set IDentifier is the name that identifies the Service Set with which a wireless station is associated Wireless stations associating to the access point AP must have the same SSID In other words it is the name of the wireless network that clients use to connect to it Normally the NWA1121 NI acts like a beacon and regularly broadcasts the SSID in the area You can hide the SSID instead in which case the NWA1121 NI does not broadcast the SSID In addition you should change the default SSID to something that is difficult to guess This type of security is fairly weak however because there are ways for unauthorized wireless devices to get the SSID In addition unauthorized wireless devices can still see the information that is sent in the wireless network Channel A channel is the radio frequency ies used by wireless devices Channels available depend on your geographical area You may have a choice of channels for your region so you should use a different channel than an adjacent AP access point to reduce interference NWA1121 NI User s Guide Chapter 6 Wireless LAN Wireless Mode The IEEE 802 1x standard was designed to extend the features o
193. tem NWA1121 NI User s Guide Log Settings 10 1 Overview This chapter provides information on viewing and generating logs on your NWA1121 NI Logs are files that contain recorded network activity over a set period They are used by administrators to monitor the health of the system s they are managing Logs enable administrators to effectively monitor events errors progress etc so that when network problems or system failures occur the cause or origin can be traced Logs are also essential for auditing and keeping track of changes made by users Figure 56 Accessing Logs in the Network The figure above illustrates three ways to access logs The user U can access logs directly from the NWA1121 NI A via the Web configurator Logs can also be located in an external log server B An email server C can also send harvested logs to the user s email account 10 2 What You Can Do in this Chapter Use the Log Settings screen to configure where and when the NWA1121 NI will send the logs and which logs it will send Section 10 4 on page 116 Use the Monitor gt Logs screen to display all logs or logs for a certain category NWA1121 NI User s Guide ns Chapter 10 Log Settings 10 3 What You Need To Know Alerts and Logs An alert is a type of log that warrants more serious attention Some categories such as System Error consist of both logs and alerts You can differentiate them by their color in the Mon
194. ternet Protocol Version 4 TCP IPv4 Properties x You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically IP address 192 168 1 7 Subnet mask 255 258 255 0 Default gateway Obt mn DI tu es callv tu IS server address autom Use the following DNS server addresses Preferred DNS server Alternate DNS server Validate settings upon exit Advanced Cancel 7 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically Select Use the following I P Address and fill in the IP address Subnet mask and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Advanced if you want to configure advanced settings for IP DNS and WINS 8 Click OK to close the Internet Protocol TCP I P Properties window 9 Click OK to close the Local Area Connection Properties window Verifying Settings 1 Click Start gt All Programs gt Accessories gt Command Prompt 2 Inthe Command Prompt window type ipconfig and then press ENTER NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address 3
195. tes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients This all happens in the background automatically The Message Integrity Check MIC is designed to prevent an attacker from capturing data packets altering them and resending them The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC If they do not match it is assumed that the data has been tampered with and the packet is dropped By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism MIC with TKIP and AES it is more difficult to decrypt data on a Wi Fi network than WEP and difficult for an intruder to break into the network The encryption mechanisms used for WPA 2 and WPA 2 PSK are the same The only difference between the two is that WPA 2 PSK uses a simple common password instead of user specific credentials The common password approach makes WPA 2 PSK susceptible to brute force password guessing attacks but it s still an improvement over WEP as it employs a consistent single alphanumeric password to derive a PMK which is used to generate unique temporal encryption keys This prevent all wireless devices sharing the same encryption keys
196. the Command Prompt window type ipconfig and then press ENTER You can also go to Start gt Control Panel gt Network Connections right click a network connection click Status and then click the Support tab to view your IP address and connection information NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address Windows Vista This section shows screens from Windows Vista Professional 1 Click Start gt Control Panel Dr eye 7 0 Professional ils eval Media Player Classic Control Panel Default Programs gt All Programs O x DE AN i QGOo Control Panel 1 4 ll 2 File Edit View Tools Help Control Panel Home dee System and Maintenance User Accounts aE VIEW Get started with Windows Change account type Ae Back up your computer Appearance and Personalization Change desktop background Change the color scheme Adjust screen resolution Security Check for updates Allow a program through Windows Y Firewall etwork and Internet Connect to the Internet View network status and tasks Set up file sharing Clock Language and Region Change keyboards or other input methods Change display language 3 Click the Network and Sharing Center icon CION E p Control Panel Network and Internet v 5 Search 2 File Edit View Tools Help Control Panel Home EN Network and Sharing Cent
197. the NWA1121 NI s current configuration to your computer 11 8 2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your NWA1121 NI Table 40 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it Browse Click Browse to find the file you want to upload Remember that you must decompress compressed ZIP files before you can upload them Upload Click Upload to begin the upload process Do not turn off the NWA1121 NI while configuration file upload is in progress You must then wait one minute before logging into the NWA1121 NI again NWA1121 NI User s Guide Chapter 11 Maintenance The NWA1121 NI automatically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 66 Network Temporarily Disconnected D Local Area Connection Network cable unplugged If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default NWA1121 NI IP address 192 168 1 2 See Appendix A on page 131 for details on how to set up your computer s IP address 11 8 3 Back to Factory Defaults Pressing the Reset button in this section clears all user entered configu
198. the password for the incoming Get and GetNext requests from the management station Set Community Enter the Set community which is the password for incoming Set requests from the management station Trap Community Type the trap community which is the password sent with each trap to the SNMP manager Trap Destination Type the IP address of the station to send your SNMP traps to SNMPv3 Admin Settings SNMPv3 Admin Select the check box to enable the SNMP administrator account for authentication with SNMP managers using SNMP v3 User Name Specify the user name of the SNMP administrator account Password Enter the password for SNMP administrator authentication Confirm Password Retype the password for confirmation Access Type Specify the SNMP administrator s access rights to MIBs Read Write The SNMP administrator has read and write rights meaning that the user can create and edit the MIBs on the NWA1121 NI Read Only The SNMP administrator has read rights only meaning the user can collect information from the NWA1121 NI Authentication Protocol Select an authentication algorithm used for SNMP communication with the SNMP administrator MD5 Message Digest 5 and SHA Secure Hash Algorithm are hash algorithms used to authenticate SNMP data SHA authentication is generally considered stronger than MD5 but is slower Privacy Protocol Specify the encryp
199. tion method used for SNMP communication with the SNMP administrator DES Data Encryption Standard is a widely used but breakable method of data encryption It applies a 56 bit key to each 64 bit block of data AES Advanced Encryption Standard is another method for data encryption that also uses a secret key AES applies a 128 bit key to 128 bit blocks of data NWA1121 NI User s Guide Chapter 9 System Table 33 System gt SNMP continued LABEL DESCRIPTION SNMPv3 User Settings SNMPv3 User Select the check box to enable the SNMP user account for authentication with SNMP managers using SNMP v3 User Name Specify the user name of the SNMP user account Password Enter the password for SNMP user authentication Confirm Password Retype the password for confirmation Access Type Specify the SNMP user s access rights to MIBs Read Only The SNMP user has read rights only meaning the user can collect information from the NWA1121 NI Read Write The SNMP user has read and write rights meaning that the user can create and edit the MIBs on the NWA1121 NI Authentication Select an authentication algorithm used for SNMP communication with the SNMP user Protocol MD5 Message Digest 5 and SHA Secure Hash Algorithm are hash algorithms used to authenticate SNMP data SHA authentication is generally considered stronger than MD5 but is slower Privacy Protocol Specify the encryption met
200. to the previous screen Apply Click Apply to save your changes Cancel Click Cancel to begin configuring this screen afresh 6 6 2 2 Wireless Client Use this screen to use 802 1x Only security mode for your NWA1121 NI that is in wireless client operating mode Select 802 1x Only in the Security Mode field to display the following screen Figure 30 Security 802 1x Only for Wireless Client Security Security Settings Profile Name Security Mode Eap Type User Information Login Name Certificate User Certificate Password TEEE802 1X Authentication SecProfile4 802 1X Only iv ms v Back Apply Cancel The following table describes the labels in this screen Table 18 Security 802 1x Only for Wireless Client LABEL DESCRIPTION Security Settings Profile Name This is the name that identifying this profile NWA1121 NI User s Guide Chapter 6 Wireless LAN Table 18 Security 802 1x Only for Wireless Client continued LABEL DESCRIPTION Security Mode Choose the same security mode used by the AP IEEE802 1x Authenti Eap Type cation The options on the left refer to EAP methods You can choose either TLS LEAP PEAP or TTLS If you select TTLS or PEAP the options on the right refer to authentication protocols You can choose between PAP CHAP MSCHAP MSCHAPv2 and or GTC User Information Username Supply the u
201. twork conditions Select 20MHz if you want to lessen radio interference with other wireless devices in your neighborhood or the wireless clients do not support channel bonding Select SSID The SSID Service Set IDentifier identifies the Service Set with which a wireless station is Profile associated Wireless stations associating to the access point AP must have the same SSID You can have up to four SSIDs active at the same time Note If you are configuring the NWA1121 NI from a computer connected to the wireless LAN and you change the NWA1121 NI s SSID or security settings you will lose your wireless connection when you press Apply to confirm You must then change the wireless settings of your computer to match the NWA1121 Nl s new settings This is the index number of each SSID profile Activve Select the check box to enable an SSID profile Otherwise clear the check box Profile Select an SSID Profile from the drop down list box Universal Repeater Settings The Universal repeater function allows the NWA1121 NI in root AP or repeater mode to set up a wireless connection between it and another NWA1121 NI in root AP or repeater mode Note Universal repeater security is independent of the security settings between the NWA1121 NI and any wireless clients Local MAC Local MAC Address is the MAC address of your NWA1121 NI Address Universal Select the SSID profile you want to use for universal repeater co
202. ure 64 Network Temporarily Disconnected D Local Area Connection Network cable unplugged After the upload was finished log in again and check your new firmware version in the Dashboard screen NWA1121 NI User s Guide Chapter 11 Maintenance 11 8 Configuration File Screen Use this screen to backup restore and reset the configuration of your NWA1121 NI Click Maintenance gt Configuration File The screen appears as shown next Figure 65 Maintenance gt Configuration File Configuration File Backup Configuration Restore Configuration File Path Back to Factory Defaults Password will be 1234 Click to save the current configuration of your system to your computer To restore a previously saved configuration file to your system browse to the location of the configuration file and click Upload Click to clear all user entered configuration information and return to factory defaults After resetting the LAN IP address will be 192 168 1 2 Crews Upload 11 8 1 Backup Configuration Backup configuration allows you to back up save the NWA1121 NI s current configuration to a file on your computer Once your NWA1121 NI is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration changes The backup configuration file will be useful in case you need to return to your previous settings Click Backup to save
203. use The embedded Web based configurator enables simple straightforward management and maintenance See the Quick Start Guide for instructions on how to make hardware connections 1 2 Wireless Modes The NWA1121 NI can be configured to use the following WLAN operating modes OPERATING MODE SUPPORTED SSID REPEATER FUNCTION AP FUNCTION MBSSID 8 No Yes Client 1 No No Root AP 5 Yes Yes Repeater 1 Yes Yes Applications for each operating mode are shown below 1 2 1 MBSSID A Basic Service Set BSS is the set of devices forming a single wireless network usually an access point and one or more wireless clients The Service Set IDentifier SSID is the name of a BSS In NWA1121 NI User s Guide KJ Chapter 1 Introducing the NWA1121 NI Multiple BSS MBSSID mode the NWA1121 NI provides multiple virtual APs each forming its own BSS and using its own individual SSID profile You can configure multiple SSID profiles and have all of them active at any one time You can assign different wireless and security settings to each SSID profile This allows you to compartmentalize groups of users set varying access privileges and prioritize network traffic to and from certain BSSs To the wireless clients in the network each SSID appears to be a different access point As in any wireless network clients can associate only with the SSIDs for which they have the correct security settings For
204. use requires a general authorization Please check http www sviluppoeconomico gov it for more details Questo prodotto conforme alla specifiche di Interfaccia Radio Nazionali e rispetta il Piano Nazionale di ripartizione delle frequenze in Italia Se non viene installato all interno del proprio fondo l utilizzo di prodotti Wireless LAN richiede una Autorizzazione Generale Consultare http www sviluppoeconomico gov it per maggiori dettagli Latvia The outdoor usage of the 2 4 GHz band requires an authorization from the Electronic Communications Office Please check http www esd lv for more details 2 4 GHz frekven u joslas izmanto anai arpus telp m nepiecie ama atiauja no Elektronisko sakaru direkcijas Vairak inform cijas http www esd lv Notes 1 Although Norway Switzerland and Liechtenstein are not EU member states the EU Directive 1999 5 EC has also been implemented in those countries 2 The regulatory limits for maximum output power are specified in EIRP The EIRP level in dBm of a device can be calculated by adding the gain of the antenna used specified in dBi to the output power available at the connector specified in dBm Safety Warnings e Do NOT use this product near water for example in a wet basement or near a swimming pool e Do NOT expose your device to dampness dust or corrosive liquids e Do NOT store things on the device e Do NOT install use or service this device during a thund
205. uthentication p oa In the figure above the NWA1121 NI Z checks the identity of the notebook A using a certificate before granting access to the network The certification authority certificate that you can import to your NWA1121 NI should be in PFX PKCS 12 file format This format referred to as the Personal Information Exchange Syntax Standard is comprised of a private key public certificate pair that is further encrypted with a password Before you import a certificate into the NWA1121 NI you should verify that you have the correct certificate Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys 9 4 WWW Screen Use this screen to configure your NWA1121 NI via the World Wide Web WWW using a Web browser This lets you specify which IP addresses or computers are able to communicate with and access the NWA1121 NI NWA1121 NI User s Guide Chapter 9 System To change your NWA1121 NI s WWW settings click System gt WWW The following screen shows Figure 49 System gt WWW www Certificates Telnet SNMP www HTTP Port 80 HTTPS Port 443 Server Access Disable v Secured Client IP Address 9 Al Selected 0 0 0 0 Secured Client MAC Address 9 All Selected 00 00 00 00 00 00 The following table describes the labels in this screen Table 30 System gt WWW Server Access LABEL DESCRIPTI
206. vice on a network Every networking device including computers servers routers printers etc needs an IP address to communicate across the network These networking devices are also known as hosts Figure 41 IPv4 Setup e Subnet Mask 255 255 255 0 E ese ean ee mm The figure above illustrates one possible setup of your NWA1121 NI The gateway IPv4 address is 192 168 1 1 and the IPv4 address of the NWA1121 NI is 192 168 1 2 default The gateway and the device must belong in the same subnet mask to be able to communicate with each other 7 2 What You Can Do in this Chapter Use the LAN IP screen to configure the IP address of your NWA1121 NI see Section 7 4 on page 96 7 3 What You Need to Know The Ethernet parameters of the NWA1121 NI are preset in the factory with the following values 1 IP address of 192 168 1 2 2 Subnet mask of 255 255 255 0 24 bits NWA1121 NI User s Guide Chapter 7 LAN IPv6 IPv6 Internet Protocol version 6 is designed to enhance IP address size and features The increase in IPv6 address size to 128 bits from the 32 bit IPv4 address allows up to 3 4 x 1038 IP addresses IPv6 Addressing The 128 bit IPv6 address is written as eight 16 bit hexadecimal blocks separated by colons This is an example IPv6 address 2001 0db8 1a2b 0015 0000 0000 1la2f 0000 IPv6 addresses can be abbreviated in two ways e Leading zeros in a block can be omitted So 2001 0db8 1a2b 0015 00
207. was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Advanced Click OK to close the Internet Protocol TCP I P Properties window 10 Click OK to close the Local Area Connection Properties window Verifying Settings 1 2 Click Start gt All Programs gt Accessories gt Command Prompt In the Command Prompt window type ipconfig and then press ENTER You can also go to Start gt Control Panel gt Network Connections right click a network connection click Status and then click the Support tab to view your IP address and connection information NWA1121 NI User s Guide Appendix A Setting Up Your Computer s IP Address Windows 7 This section shows screens from Windows 7 Enterprise 1 Click Start gt Control Panel Computer Control Panel m XPS Viewer py Windows Fax and Scan Devices and Printers Default Programs c Magnifier gt All Programs Help and Support shutdown M 2 Inthe Control Panel click View network status and tasks under the Network and I nternet category SB gt Control Panel gt v Adjust your computer s settings Mil System and Security Review your computer s status Back up your computer Find and fix problems N ork and erne x View network status and task cose homegroup and sharing options
208. with RADIUS application example 189 WPA2 58 187 user authentication 188 vs WPA2 PSK 188 wireless client supplicant 188 with RADIUS application example 189 WPA2 MIX 58 WPA2 Pre Shared Key 187 WPA2 PSK 187 188 application example 189 WPA2 PSK MIX 58 WPA PSK 187 188 application example 189 Z ZyXEL Device Ethernet parameters 94 good habits 16 Introduction 11 managing 15 resetting 20 125 Security Features 16 NWA1121 NI User s Guide Index NWA1121 NI User s Guide
209. work QuickTime Sharing System Accounts Date amp Time Parental Software Speech Startup Disk Time Machine X Universal Controls Update Access 3 When the Network preferences pane opens select Ethernet from the list of available connection types e Internal Modem Not Connected Status Not Connected The cable for Ethernet is connected but e PPPoE your computer does not have an IP address Not Connected dicii Configure Using DHCP Hd Not Connected g x g e FireWire Not Connected AirPort e Off err DNS Server Search Domains 802 1X WPA ZyXELO4 1 id Click the lock to prevent further changes 4 From the Configure list select Using DHCP for dynamically assigned settings 5 Forstatically assigned settings do the following NWA1121 NI User s Guide 147 Appendix A Setting Up Your Computer s IP Address e From the Configure list select Manually e In the IP Address field enter your IP address e In the Subnet Mask field enter your subnet mask e In the Router field enter the IP address of your NWA1121 NI Location Automatic H4 e Internal Modem Qe Not Connected Status Not Connected The cable for Ethernet is connected but PPPoE Qe your computer does not have an IP address Not Connected Ethernet 2 1 Ww Congue IP Address a Y Subnet Mask gt e on m D Router CO DNS Server Search Domains A 802 1X WPA ZyXELO4 TU CAavanced 1
210. xternal RADIUS accounting server you want to use with your NWA1121 NI You can configure a primary and backup RADIUS and RADIUS accounting server for your NWA1121 NI 6 4 Wireless Settings Screen Use this screen to choose the operating mode for your NWA1121 NI Click Network Wireless LAN gt Wireless Settings The screen varies depending upon the operating mode you select NWA1121 NI User s Guide Chapter 6 Wireless LAN 6 4 1 Root AP Mode Use this screen to use your NWA1121 NI as an access point Select Root AP as the Operation Mode The following screen displays Figure 20 Wireless LAN gt Wireless Settings Root AP Wireless Settings Basic Settings Wireless LAN Interface Operation Mode Wireless Mode Channel Channel Width Select SSID Profile Active 3 Universal Repeater Settings Local MAC Address Universal Repeater SSID Profile Advanced Settings Beacon Interval DTIM Interval Output Power Preamble Type RTS CTS Threshold Extension Channel Protection Mode A MPDU Aggregation Short GI MCS Rate Auto 0 Enabled Profile2 v v Enabled RootaP isl 80241bign v 20MHZ Profile2 v 100 1 Full Dynamic 2346 None v Enabled v Enabled 2 3 4 a Active Profile 2 o Profile1 x 4 o Profile1 v 25 1000 ms 1 15 Ie Tvl 1 2348 T Iv 1371714115 NWA1121 NI User s Guide Chapter
211. y one of the advanced suggestions Advanced Suggestions e Try to access the NWA1121 NI using another service such as Telnet If you can access the NWA1121 NI check the remote management settings to find out why the NWA1121 NI does not respond to HTTP e If your computer is connected wirelessly use a computer that is connected to a LAN Ethernet port I can see the Login screen but I cannot log in to the NWA1121 NI 1 Make sure you have entered the user name and password correctly The default password is 1234 This fields are case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using the Telnet to access the NWA1121 NI Log out of the NWA1121 NI in the other session or ask the person who is logged in to log out 3 Disconnect and re connect the power adaptor or cord to the NWA1121 NI 4 If this does not work you have to reset the device to its factory defaults See Section 2 2 on page 20 I cannot use FTP to upload new firmware See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator Ignore the suggestions about your browser 12 3 Internet Access I cannot access the Internet 1 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 12 1 on page 127 2 2 Make sure your NWA1121 NI is connected to a networking device that provides Int
212. y profile to use with this SSID profile See Section 6 6 on page 74 for more information If you do not want this profile to use wireless security select Disabled RADIUS Select a RADIUS profile from the drop down list box if you have a RADIUS server configured If you do not need to use RADIUS authentication ignore this field See Section 6 7 on page 87 for more information MAC Filtering Select a MAC filter profile from the drop down list box If you do not want to use MAC filtering on this profile select Disabled Qos Select the Quality of Service priority for this BSS s traffic e If you select WMM from the QoS list the priority of a data packet depends on the packet s IEEE 802 1q or DSCP header If a packet has no WMM value assigned to it it is assigned the default priority e Ifyou select WMM VOICE WMM VIDEO WMM BESTEFFORT or WMM BACKGROUND the NWA1121 NI applies that QoS setting to all of that SSID s traffic e If you select None the NWA1121 NI applies no priority to traffic on this SSID Note When you configure an SSID profile s QoS settings the NWA1121 NI applies the same QoS setting to all of the profile s traffic NWA1121 NI User s Guide 73 Chapter 6 Wireless LAN Table 15 SSID Edit continued LABEL DESCRIPTION BSSID VLAN ID Enter a VLAN ID for the SSID profile Packets coming from the WLAN using this SSID profile are tagged with the VLAN ID number by the NWA1121 NI
Download Pdf Manuals
Related Search