Senao Co OA35705001 Outdoor Access Point User Manual ZyBook

Senao International Co Ltd Outdoor Access Point ZyBook

UserManual.wiki >

OA35705001 User Manual >

Contents

1. Manual Pt1
2. Manual Pt2

Manual Pt1

NOA-3570 Outdoor Access Point User’s Guide Version 3.50 12/2005

Certifications 1 Select the certification you wish to view from this page.

Interference Statements and Warnings FCC Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations. FCC Warning This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: • Reorient or relocate the receiving antenna. • Increase the separation between the equipment and the receiver. • Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. • Consult the dealer or an experienced radio/TV technician for help. Notice 1 Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. Note: Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antennas or antenna connector cable. Only use the included antennas or antenna connector cable. This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. FCC Caution: Any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate this equipment.

IMPORTANT NOTE: FCC Radiation Exposure Statement: This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20cm between the radiator & your body. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.

NOA-3570 User’s Guide6Safety WarningsSafety WarningsFor your safety, be sure to read and follow all warning notices and instructions.• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel can service the device. Please contact your vendor for further information.• Use ONLY the dedicated power supply for your device. Connect the power cord or power adaptor to the right supply voltage (110V AC in North America or 230V AC in Europe).• Do NOT use the device if the power supply is damaged as it might cause electrocution. • If the power supply is damaged, remove it from the power outlet. • Do NOT attempt to repair the power supply. Contact your local vendor to order a new power supply.• Place cables carefully so that no one will step on them or stumble over them. Do NOT allow anything to rest on the power cord and do NOT locate the product where anyone can walk on the power cord.• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of electric shock from lightning.• Do NOT expose your device to corrosive liquids. • Do NOT store things on the device.• Connect ONLY suitable accessories to the device.

Table of Contents Copyright .................................................................................................................. 3 Interference Statements and Warnings.................................................................. 4 Safety Warnings ....................................................................................................... 6 Customer Support.................................................................................................... 8 Table of Contents ................................................................................................... 11 List of Figures ........................................................................................................ 19 List of Tables .......................................................................................................... 23 Preface .................................................................................................................... 27 Chapter 1 Getting to Know Your NOA-3570 .......................................................................... 29 1.1 Introducing the NOA-3570 .................................................................................29 1.2 NOA-3570 Features ...........................................................................................29 1.3 Applications for the NOA-3570 ...........................................................................33 1.3.1 Access Point .............................................................................................33 1.3.2 AP + Bridge ..............................................................................................34 1.3.3 Bridge / Repeater ......................................................................................35 Chapter 2 Introducing the Web Configurator........................................................................ 37 2.1 Web Configurator Overview ...............................................................................37 2.2 Accessing the NOA-3570 Web Configurator ......................................................37 2.3 Resetting the NOA-3570 ....................................................................................38 2.4 Navigating the NOA-3570 Web Configurator .....................................................39 Chapter 3 Wizard Setup .......................................................................................................... 43 3.1 Wizard Setup Overview ......................................................................................43 3.2 Wizard Setup: General Setup ............................................................................43 3.3 Wizard Setup: Wireless LAN ..............................................................................44 3.4 Wizard Setup: IP Address Assignment ..............................................................46 3.5 Basic Setup Complete ........................................................................................47

NOA-3570 User’s Guide12 Table of ContentsChapter 4System Screens ..................................................................................................... 494.1 System Overview ...............................................................................................494.2 General Screen ..................................................................................................494.2.1 Domain Name ...........................................................................................494.2.2 DNS Server Address Assignment .............................................................494.3 Configuring General Setup .................................................................................504.4 Configuring Password ........................................................................................514.5 Configuring Time Setting ...................................................................................52Chapter 5 Wireless LAN ......................................................................................................... 555.1 Introduction ........................................................................................................555.2 Wireless Security Overview ...............................................................................555.2.1 Encryption .................................................................................................555.2.2 Authentication ...........................................................................................555.2.3 Restricted Access .....................................................................................565.2.4 Hide NOA-3570 Identity ............................................................................565.2.5 Configuring Wireless LAN on the NOA-3570 ............................................565.3 Spanning Tree Protocol (STP) ...........................................................................575.3.1 Rapid STP ................................................................................................575.3.2 STP Terminology ......................................................................................575.3.3 How STP Works .......................................................................................585.3.4 STP Port States ........................................................................................585.4 WEP Encryption .................................................................................................585.5 Configuring the Wireless Screen ........................................................................585.5.1 Access Point Mode ...................................................................................595.5.2 Bridge/Repeater Mode ..............................................................................625.5.3 AP+Bridge Mode ......................................................................................655.6 Configuring MAC Filters .....................................................................................675.7 Configuring Roaming .........................................................................................695.7.1 Requirements for Roaming .......................................................................705.8 Introduction to WPA ...........................................................................................715.9 WPA-PSK Application Example .........................................................................715.10 WPA with RADIUS Application Example ..........................................................725.11 Wireless Client WPA Supplicants .....................................................................735.12 Configuring 802.1x and WPA ...........................................................................735.13 Authentication Required: 802.1x ......................................................................745.14 Authentication Required: WPA .........................................................................785.15 Authentication Required: WPA-PSK ................................................................79

NOA-3570 User’s GuideTable of Contents 13Chapter 6Internal RADIUS Server ......................................................................................... 816.1 Internal RADIUS Overview .................................................................................816.2 Internal RADIUS Server Setting .........................................................................826.3 Trusted AP Overview .........................................................................................846.4 Configuring Trusted AP ......................................................................................856.5 Trusted Users Overview .....................................................................................866.6 Configuring Trusted Users .................................................................................86Chapter 7VLAN ....................................................................................................................... 897.1 VLAN ..................................................................................................................897.1.1 Management VLAN ID ..............................................................................897.2 Configuring VLAN ..............................................................................................89Chapter 8IP Screen................................................................................................................. 918.1 Factory Ethernet Defaults ..................................................................................918.2 IP Address and Subnet Mask .............................................................................918.2.1 IP Address Assignment ............................................................................928.3 Configuring IP ....................................................................................................92Chapter 9Certificates.............................................................................................................. 959.1 Certificates Overview .........................................................................................959.1.1 Advantages of Certificates ........................................................................969.2 Self-signed Certificates ......................................................................................969.3 Configuration Summary .....................................................................................969.4 My Certificates ...................................................................................................969.5 Certificate File Formats ......................................................................................989.6 Importing a Certificate ........................................................................................999.7 Creating a Certificate .......................................................................................1009.8 My Certificate Details .......................................................................................1039.9 Trusted CAs .....................................................................................................1069.10 Importing a Trusted CA’s Certificate ...............................................................1089.11 Trusted CA Certificate Details ........................................................................109Chapter 10Log Screens.......................................................................................................... 11310.1 Configuring View Log .....................................................................................11310.2 Configuring Log Settings ................................................................................115

NOA-3570 User’s Guide14 Table of ContentsChapter 11Maintenance ......................................................................................................... 11911.1 Maintenance Overview ...................................................................................11911.2 System Status Screen ....................................................................................11911.2.1 System Statistics ...................................................................................12011.3 Association List ..............................................................................................12111.4 Channel Usage ...............................................................................................12211.5 F/W Upload Screen ........................................................................................12311.6 Configuration Screen ......................................................................................12611.6.1 Backup Configuration ............................................................................12711.6.2 Restore Configuration ..........................................................................12811.6.3 Back to Factory Defaults .......................................................................12911.7 Restart Screen ................................................................................................129Chapter 12Introducing the SMT ............................................................................................ 13112.1 Introduction to the SMT ..................................................................................13112.2 Accessing the SMT via the Console Port .......................................................13112.2.1 Initial Screen .........................................................................................13112.2.2 Entering the Password ..........................................................................13212.3 Accessing the SMT via Telnet ........................................................................13312.4 Navigating the SMT Interface .........................................................................13312.4.1 System Management Terminal Interface Summary ..............................13412.4.2 SMT Menus Overview ..........................................................................13512.5 Changing the System Password ....................................................................136Chapter 13General Setup....................................................................................................... 13713.1 General Setup ................................................................................................13713.1.1 Procedure To Configure Menu 1 ...........................................................137Chapter 14LAN Setup............................................................................................................. 13914.1 LAN Setup ......................................................................................................13914.2 TCP/IP Ethernet Setup ...................................................................................13914.3 Wireless LAN Setup .......................................................................................14014.3.1 Configuring MAC Address Filter ...........................................................14314.3.2 Configuring Roaming ............................................................................14414.3.3 Configuring Bridge Link ........................................................................146Chapter 15Dial-in User Setup ................................................................................................ 14915.1 Dial-in User Setup ..........................................................................................149

NOA-3570 User’s GuideTable of Contents 15Chapter 16VLAN Setup .......................................................................................................... 15116.1 VLAN Setup ...................................................................................................151Chapter 17SNMP Configuration ............................................................................................ 15317.1 About SNMP ..................................................................................................15317.2 Supported MIBs ............................................................................................15417.3 SNMP Configuration ......................................................................................15417.4 SNMP Traps ...................................................................................................155Chapter 18System Security ................................................................................................... 15718.1 System Security .............................................................................................15718.1.1 System Password .................................................................................15718.1.2 Configuring External RADIUS Server ...................................................15718.1.3 802.1x ...................................................................................................159Chapter 19System Information and Diagnosis .................................................................... 16319.1 System Status ................................................................................................16319.2 System Information ........................................................................................16519.2.1 System Information ...............................................................................16519.2.2 Console Port Speed ..............................................................................16619.3 Log and Trace ................................................................................................16619.3.1 Viewing Error Log .................................................................................16719.4 Diagnostic ......................................................................................................167Chapter 20Firmware and Configuration File Maintenance ................................................. 16920.1 Filename Conventions ...................................................................................16920.2 Backup Configuration .....................................................................................17020.2.1 Backup Configuration Using FTP .........................................................17020.2.2 Using the FTP command from the DOS Prompt ..................................17120.2.3 Backup Configuration Using TFTP .......................................................17220.2.4 Example: TFTP Command ...................................................................17220.2.5 Backup Via Console Port ......................................................................17320.3 Restore Configuration ...................................................................................17420.3.1 Restore Using FTP ...............................................................................17420.4 Uploading Firmware and Configuration Files .................................................17420.4.1 Firmware Upload ..................................................................................17520.4.2 Configuration File Upload .....................................................................17520.4.3 Using the FTP command from the DOS Prompt Example ...................176

NOA-3570 User’s Guide16 Table of Contents20.4.4 TFTP File Upload ..................................................................................17720.4.5 Example: TFTP Command ...................................................................17720.4.6 Uploading Via Console Port ..................................................................17820.4.7 Uploading Firmware File Via Console Port ...........................................17820.4.8 Example Xmodem Firmware Upload Using HyperTerminal ..................17820.4.9 Uploading Configuration File Via Console Port ....................................17920.4.10 Example Xmodem Configuration Upload Using HyperTerminal .........180Chapter 21System Maintenance and Information ............................................................... 18121.1 Command Interpreter Mode ...........................................................................18121.2 Time and Date Setting ....................................................................................18221.2.1 Resetting the Time ................................................................................183Chapter 22Troubleshooting ................................................................................................... 18522.1 Problems Starting Up the NOA-3570 .............................................................18522.2 Problems with Console Port Access ..............................................................18522.3 Problems with the Ethernet Interface .............................................................18622.4 Problems with the Password ..........................................................................18722.5 Problems with Telnet ......................................................................................18722.6 Problems with the WLAN Interface ................................................................187Appendix A Specifications...................................................................................................... 189Appendix BPackaging Specifications.................................................................................... 197Appendix CPower over Ethernet Specifications................................................................... 199Appendix DSetting up Your Computer’s IP Address............................................................ 201Appendix EIP Subnetting ........................................................................................................ 213Appendix FWireless LAN ........................................................................................................ 221Appendix GOutdoor Site Planning ......................................................................................... 235Appendix HOutdoor Installation Recommendations............................................................ 241

NOA-3570 User’s GuideTable of Contents 17Appendix ICommand Interpreter........................................................................................... 245Appendix JBrute-Force Password Guessing Protection..................................................... 247Appendix KLog Descriptions.................................................................................................. 249Index...................................................................................................................... 253

NOA-3570 User’s Guide18 Table of Contents

NOA-3570 User’s GuideList of Figures 19List of FiguresFigure 1 PoE Installation Example ......................................................................... 30Figure 2 WDS Functionality Example .................................................................... 30Figure 3 Access Point Application .......................................................................... 34Figure 4 AP+Bridge Application ........................................................................... 34Figure 5 Bridge Application .................................................................................... 35Figure 6 Repeater Application ................................................................................ 36Figure 7 Change Password Screen ....................................................................... 38Figure 8 Replace Certificate Screen. ..................................................................... 38Figure 9 Example Xmodem Upload ....................................................................... 39Figure 10 The MAIN MENU Screen of the Web Configurator ................................ 40Figure 11 Wizard: General Setup ........................................................................... 43Figure 12 Wizard: Wireless LAN Setup .................................................................. 45Figure 13 Wizard: IP Address Assignment ............................................................ 46Figure 14 TCP/IP Warning Screen ......................................................................... 47Figure 15 Close Browser Screen ........................................................................... 47Figure 16 Wizard: Setup Complete ........................................................................ 48Figure 17 System General ..................................................................................... 50Figure 18 Password. .............................................................................................. 51Figure 19 Time Setting ........................................................................................... 52Figure 20 Wireless: Access Point .......................................................................... 59Figure 21 Bridging Example ................................................................................... 62Figure 22 Bridge Loop: Two Bridges Connected to Hub ........................................ 63Figure 23 Bridge Loop: Bridge Connected to Wired LAN ...................................... 63Figure 24 Wireless: Bridge/Repeater ..................................................................... 64Figure 25 Wireless: AP+Bridge .............................................................................. 66Figure 26 MAC Address Filter ................................................................................ 68Figure 27 Roaming Example .................................................................................. 70Figure 28 Roaming ................................................................................................. 71Figure 29 WPA - PSK Authentication ..................................................................... 72Figure 30 WPA with RADIUS Application Example ................................................ 73Figure 31 Wireless LAN: 802.1x/WPA ................................................................... 74Figure 32 Wireless LAN: 802.1x/WPA for 802.1x Protocol .................................... 75Figure 33 Wireless LAN: 802.1x/WPA for WPA Protocol ....................................... 78Figure 34 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol ............................... 79Figure 35 NOA-3570 Authenticates Wireless Stations ........................................... 81Figure 36 NOA-3570 Authenticates Trusted APs ................................................... 82Figure 37 Internal RADIUS Server Setting Screen ............................................... 83Figure 38 Trusted AP Overview ............................................................................. 84

NOA-3570 User’s Guide20 List of FiguresFigure 39 Trusted AP Screen ................................................................................. 85Figure 40 Trusted Users Screen ............................................................................ 87Figure 41 VLAN ...................................................................................................... 90Figure 42 IP Setup ................................................................................................ 93Figure 43 Certificate Configuration Overview ........................................................ 96Figure 44 My Certificates ....................................................................................... 97Figure 45 My Certificate Import .............................................................................. 99Figure 46 My Certificate Create ............................................................................. 101Figure 47 My Certificate Details ............................................................................. 104Figure 48 Trusted CAs ........................................................................................... 107Figure 49 Trusted CA Import .................................................................................. 109Figure 50 Trusted CA Details ................................................................................. 110Figure 51 View Log ................................................................................................ 114Figure 52 Log Settings ........................................................................................... 116Figure 53 System Status ........................................................................................ 119Figure 54 System Status: Show Statistics .............................................................. 120Figure 55 Association List ...................................................................................... 121Figure 56 Channel Usage ...................................................................................... 122Figure 57 Firmware Upload .................................................................................... 124Figure 58 Firmware Upload In Process .................................................................. 125Figure 59 Network Temporarily Disconnected ....................................................... 125Figure 60 Firmware Upload Error ........................................................................... 126Figure 61 Configuration .......................................................................................... 127Figure 62 Configuration Upload Successful ........................................................... 128Figure 63 Network Temporarily Disconnected ....................................................... 128Figure 64 Configuration Upload Error .................................................................... 129Figure 65 Reset Warning Message ........................................................................ 129Figure 66 Restart Screen ....................................................................................... 130Figure 67 Initial Screen .......................................................................................... 132Figure 68 Password Screen .................................................................................. 132Figure 69 Login Screen .......................................................................................... 133Figure 70 SMT Main Menu .................................................................................... 134Figure 71 Menu 23.1 System Security: Change Password .................................... 136Figure 72 Menu 1 General Setup ........................................................................... 137Figure 73 Menu 3 LAN Setup ................................................................................ 139Figure 74 Menu 3.2 TCP/IP Setup ......................................................................... 140Figure 75 Menu 3.5 Wireless LAN Setup ............................................................... 141Figure 76 Menu 3.5 Wireless LAN Setup ............................................................... 143Figure 77 Menu 3.5.1 WLAN MAC Address Filter ................................................. 144Figure 78 Menu 3.5 Wireless LAN Setup ............................................................... 145Figure 79 Menu 3.5.2 - Roaming Configuration ..................................................... 145Figure 80 Menu 3.5 Wireless LAN Setup ............................................................... 146Figure 81 Menu 3.5.4 - Bridge Link Configuration ................................................. 147

NOA-3570 User’s GuideList of Figures 21Figure 82 Menu 14- Dial-in User Setup .................................................................. 149Figure 83 Menu 14.1- Edit Dial-in User .................................................................. 149Figure 84 Menu 16 VLAN Setup ............................................................................ 151Figure 85 SNMP Management Model .................................................................... 153Figure 86 Menu 22 SNMP Configuration .............................................................. 154Figure 87 Menu 23 System Security ...................................................................... 157Figure 88 Menu 23 System Security ...................................................................... 157Figure 89 Menu 23.2 System Security: RADIUS Server ........................................ 158Figure 90 Menu 23 System Security ...................................................................... 159Figure 91 Menu 23.4 System Security: IEEE802.1x .............................................. 160Figure 92 Menu 24 System Maintenance .............................................................. 163Figure 93 Menu 24.1 System Maintenance: Status ............................................... 164Figure 94 Menu 24.2 System Information and Console Port Speed ...................... 165Figure 95 Menu 24.2.1 System Information: Information ....................................... 165Figure 96 Menu 24.2.2 System Maintenance: Change Console Port Speed ......... 166Figure 97 Menu 24.3 System Maintenance: Log and Trace .................................. 167Figure 98 Sample Error and Information Messages .............................................. 167Figure 99 Menu 24.4 System Maintenance: Diagnostic ......................................... 168Figure 100 Menu 24.5 Backup Configuration ......................................................... 170Figure 101 FTP Session Example ......................................................................... 171Figure 102 System Maintenance: Backup Configuration ....................................... 173Figure 103 System Maintenance: Starting Xmodem Download Screen ................ 173Figure 104 Backup Configuration Example ............................................................ 173Figure 105 Successful Backup Confirmation Screen ............................................. 174Figure 106 Menu 24.6 Restore Configuration ........................................................ 174Figure 107 Menu 24.7 System Maintenance: Upload Firmware ............................ 175Figure 108 Menu 24.7.1 System Maintenance: Upload System Firmware ............ 175Figure 109 Menu 24.7.2 System Maintenance: Upload System Configuration File 176Figure 110 FTP Session Example .......................................................................... 177Figure 111 Menu 24.7.1 as Seen Using the Console Port ..................................... 178Figure 112 Example Xmodem Upload ................................................................... 179Figure 113 Menu 24.7.2 as Seen Using the Console Port .................................... 179Figure 114 Example Xmodem Upload ................................................................... 180Figure 115 Menu 24 System Maintenance ............................................................. 181Figure 116 Valid CI Commands .............................................................................. 182Figure 117 Menu 24.10 System Maintenance: Time and Date Setting .................. 182Figure 118 Inspection Cosmetic and Function ....................................................... 194Figure 119 WIndows 95/98/Me: Network: Configuration ........................................ 202Figure 120 Windows 95/98/Me: TCP/IP Properties: IP Address ............................ 203Figure 121 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ............... 204Figure 122 Windows XP: Start Menu ..................................................................... 205Figure 123 Windows XP: Control Panel ................................................................. 205Figure 124 Windows XP: Control Panel: Network Connections: Properties .......... 206

NOA-3570 User’s Guide22 List of FiguresFigure 125 Windows XP: Local Area Connection Properties ................................. 206Figure 126 Windows XP: Internet Protocol (TCP/IP) Properties ............................ 207Figure 127 Windows XP: Advanced TCP/IP Properties ......................................... 208Figure 128 Windows XP: Internet Protocol (TCP/IP) Properties ............................ 209Figure 129 Macintosh OS 8/9: Apple Menu ........................................................... 210Figure 130 Macintosh OS 8/9: TCP/IP ................................................................... 210Figure 131 Macintosh OS X: Apple Menu .............................................................. 211Figure 132 Macintosh OS X: Network .................................................................... 212Figure 133 Peer-to-Peer Communication in an Ad-hoc Network ........................... 221Figure 134 Basic Service Set ................................................................................. 222Figure 135 Infrastructure WLAN ............................................................................ 223Figure 136 RTS/CTS ............................................................................................ 224Figure 137 EAP Authentication .............................................................................. 227Figure 138 WEP Authentication Steps ................................................................... 230Figure 139 Roaming Example ................................................................................ 233

NOA-3570 User’s GuideList of Tables 23List of TablesTable 1 IEEE 802.11g ............................................................................................ 31Table 2 IEEE 802.11b ............................................................................................ 31Table 3 Screens Summary .................................................................................... 40Table 4 Wizard: General Setup ............................................................................. 44Table 5 Wizard: Wireless LAN Setup .................................................................... 45Table 6 Wizard: IP Address Assignment ............................................................... 46Table 7 System General Setup ............................................................................. 50Table 8 Password .................................................................................................. 52Table 9 Time Setting .............................................................................................. 53Table 10 NOA-3570 Wireless Security Levels ...................................................... 56Table 11 STP Path Costs ...................................................................................... 57Table 12 STP Port States ...................................................................................... 58Table 13 Wireless: Access Point ........................................................................... 60Table 14 Wireless: Bridge/Repeater ...................................................................... 64Table 15 MAC Address Filter ................................................................................ 68Table 16 Roaming ................................................................................................. 71Table 17 Wireless LAN: 802.1x/WPA .................................................................... 74Table 18 Wireless LAN: 802.1x/WPA for 802.1x Protocol ..................................... 76Table 19 Wireless LAN: 802.1x/WPA for WPA Protocol ........................................ 79Table 20 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol ............................... 80Table 21 Internal RADIUS Server Screens Overview ........................................... 82Table 22 My Certificates ........................................................................................ 83Table 23 Trusted AP .............................................................................................. 85Table 24 Trusted Users ......................................................................................... 87Table 25 VLAN ...................................................................................................... 90Table 26 Private IP Address Ranges .................................................................... 92Table 27 IP Setup .................................................................................................. 93Table 28 My Certificates ........................................................................................ 97Table 29 My Certificate Import .............................................................................. 100Table 30 My Certificate Create .............................................................................. 101Table 31 My Certificate Details .............................................................................. 105Table 32 Trusted CAs ............................................................................................ 107Table 33 Trusted CA Import .................................................................................. 109Table 34 Trusted CA Details .................................................................................. 111Table 35 View Log ................................................................................................. 114Table 36 Log Settings ............................................................................................ 116Table 37 System Status ......................................................................................... 119Table 38 System Status: Show Statistics .............................................................. 120

NOA-3570 User’s Guide24 List of TablesTable 39 Association List ....................................................................................... 122Table 40 Channel Usage ....................................................................................... 123Table 41 Firmware Upload .................................................................................... 124Table 42 Restore Configuration ............................................................................. 128Table 43 Main Menu Commands .......................................................................... 133Table 44 Main Menu Summary ............................................................................. 134Table 45 SMT Menus Overview ............................................................................ 135Table 46 Menu 1 General Setup ........................................................................... 138Table 47 Menu 3.2 TCP/IP Setup .......................................................................... 140Table 48 Menu 3.5 Wireless LAN Setup ............................................................... 141Table 49 Menu 3.5.1 WLAN MAC Address Filter .................................................. 144Table 50 Menu 3.5.2 - Roaming Configuration ..................................................... 146Table 51 Menu 3.5.4 Bridge Link Configuration .................................................... 147Table 52 Menu 14.1- Edit Dial-in User .................................................................. 150Table 53 Menu 16 VLAN Setup ............................................................................. 151Table 54 Menu 22 SNMP Configuration ................................................................ 155Table 55 SNMP Traps ........................................................................................... 155Table 56 Ports and Interface Types ....................................................................... 155Table 57 Menu 23.2 System Security: RADIUS Server ........................................ 158Table 58 Menu 23.4 System Security: IEEE802.1x ............................................... 160Table 59 Menu 24.1 System Maintenance: Status ................................................ 164Table 60 Menu 24.2.1 System Maintenance: Information ..................................... 166Table 61 Menu 24.4 System Maintenance Menu: Diagnostic ............................... 168Table 62 Filename Conventions ............................................................................ 170Table 63 General Commands for Third Party FTP Clients .................................... 171Table 64 General Commands for Third Party TFTP Clients ................................. 172Table 65 System Maintenance: Time and Date Setting ........................................ 183Table 66 Troubleshooting the Start-Up of Your NOA-3570 .................................... 185Table 67 Troubleshooting Console Port Access .................................................... 185Table 68 Troubleshooting the Ethernet Interface .................................................. 186Table 69 Troubleshooting the Password ............................................................... 187Table 70 Troubleshooting Telnet ........................................................................... 187Table 71 Troubleshooting the WLAN Interface ...................................................... 187Table 72 Device Specifications .............................................................................. 189Table 73 Performance ........................................................................................... 189Table 74 Firmware Features ................................................................................. 190Table 75 Environmental Conditions ....................................................................... 191Table 76 Inspection Channel (CH1, CH7, CH13) .................................................. 191Table 77 Hardware Specifications ......................................................................... 191Table 78 Radio Specifications ............................................................................... 192Table 79 Rx Sensitivity (@ FER = 0.08) ................................................................ 192Table 80 Transmitting System ............................................................................... 193Table 81 Receiving System ................................................................................... 193

NOA-3570 User’s GuideList of Tables 25Table 82 Current Consumption ............................................................................. 193Table 83 Approvals ................................................................................................ 194Table 84 Packaging Specifications ........................................................................ 197Table 85 Mounting Hardware Specifications ......................................................... 197Table 86 Power over Ethernet Injector Specifications .......................................... 199Table 87 Power over Ethernet Injector RJ-45 Port Pin Assignments .................... 199Table 88 Classes of IP Addresses ........................................................................ 213Table 89 Allowed IP Address Range By Class ...................................................... 214Table 90 “Natural” Masks ..................................................................................... 214Table 91 Alternative Subnet Mask Notation .......................................................... 215Table 92 Two Subnets Example ............................................................................ 215Table 93 Subnet 1 ................................................................................................. 216Table 94 Subnet 2 ................................................................................................. 216Table 95 Subnet 1 ................................................................................................. 217Table 96 Subnet 2 ................................................................................................. 217Table 97 Subnet 3 ................................................................................................. 217Table 98 Subnet 4 ................................................................................................. 218Table 99 Eight Subnets ......................................................................................... 218Table 100 Class C Subnet Planning ...................................................................... 218Table 101 Class B Subnet Planning ...................................................................... 219Table 102 IEEE802.11g ......................................................................................... 225Table 103 Comparison of EAP Authentication Types ............................................ 231Table 104 Wireless Security Relational Matrix ...................................................... 232Table 105 Brute-Force Password Guessing Protection Commands ..................... 247Table 106 System Maintenance Logs ................................................................... 249Table 107 ICMP Notes .......................................................................................... 249Table 108 Sys log .................................................................................................. 250Table 109 Log Categories and Available Settings ................................................. 251

NOA-3570 User’s Guide26 List of Tables

NOA-3570 User’s GuideChapter 1 Getting to Know Your NOA-3570 29CHAPTER 1Getting to Know Your NOA-3570This chapter introduces the main features and applications of the NOA-3570.1.1 Introducing the NOA-3570 The NOA-3570 is an enterprise level, outdoor IEEE 802.11g compliant business access point, bridge and repeater with excellent wireless performance. Wireless Distribution System (WDS) support provides flexibility in building an extended wireless network with bridge and repeater applications. IEEE 802.1x, Wi-Fi Protected Access, WEP data encryption and MAC address filtering offer highly secured wireless connectivity. Rugged die-cast, watertight construction, built-in lightening protection, and grounding make the NOA-3570 perfect for outdoors applications. It is easy to install and configure the NOA-3570. The web-based configurator allows remote configuration and management of your NOA-3570. The Power over Ethernet (PoE) feature means that power can be delivered to the NOA-3570 over an Ethernet line. This allows you to mount the NOA-3570 in areas where there are no nearby power sources.1.2 NOA-3570 FeaturesThe following sections describe the features of the NOA-3570 10/100M Auto-negotiating Ethernet/Fast Ethernet InterfaceThis auto-negotiating feature allows the NOA-3570 to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network.Power over Ethernet (PoE) Power over Ethernet (PoE) is the ability to provide power to your NOA-3570 via an 8-pin CAT 5 Ethernet cable, eliminating the need for a nearby power source. The NOA-3570 includes a special high current power injector that allows the NOA-3570 to be located farther away. This feature allows increased flexibility in the locating of your NOA-3570.

NOA-3570 User’s Guide30 Chapter 1 Getting to Know Your NOA-3570Figure 1 PoE Installation ExampleWi-Fi Protected AccessWi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. Key differences between WPA and WEP are user authentication and improved data encryption.WDS FunctionalityA Distribution System (DS) is a wired connection between two or more APs, while a Wireless Distribution System (WDS) is a wireless connection. Your NOA-3570 supports WDS, providing a cost-effective solution for wireless network expansion. The NOA-3570 supports up to five wireless links with other APs.Figure 2 WDS Functionality Example

NOA-3570 User’s GuideChapter 1 Getting to Know Your NOA-3570 31IEEE 802.11g Wireless LAN StandardThe NOA-3570 complies with the IEEE 802.11g wireless standard. IEEE 802.11g has several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows. The modulation technique defines how bits are encoded onto radio waves.Note: The NOA-3570 may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs.IEEE 802.11b Wireless LAN StandardThe NOA-3570 also fully complies with the IEEE 802.11b standard. This means an IEEE 802.11b radio card can interface directly with an IEEE 802.11g device (and vice versa) at 11 Mbps or lower depending on range.The IEEE 802.11b data rate and corresponding modulation techniques are shown in the table below. STP (Spanning Tree Protocol) / RSTP (Rapid STP)(R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a bridge to interact with other (R)STP -compliant bridges in your network to ensure that only one path exists between any two stations on the network.SSL PassthroughSSL (Secure Sockets Layer) uses a public key to encrypt data that's transmitted over an SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with “https” instead of “http”. The NOA-3570 allows SSL connections to take place through the NOA-3570.Table 1 IEEE 802.11gDATA RATE (MBPS) MODULATION6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing)Table 2 IEEE 802.11bDATA RATE (MBPS) MODULATION1DBPSK (Differential Binary Phase Shift Keyed)2DQPSK (Differential Quadrature Phase Shift Keying)5.5 / 11 CCK (Complementary Code Keying)

NOA-3570 User’s Guide32 Chapter 1 Getting to Know Your NOA-3570VPN PassthroughVPN (Virtual Private Network) connections use data encryption to provide secure communications over unsecure networks (like the Internet). The NOA-3570 allows VPN connections to go through it.Wireless LAN MAC Address FilteringYour NOA-3570 checks the MAC address of the wireless station against a list of allowed or denied MAC addresses.WEP EncryptionWEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network to help keep network communications private.IEEE 802.1x Network SecurityThe NOA-3570 supports the IEEE 802.1x standard to enhance user authentication. This allows you to use a RADIUS (RFC2138, 2139 - Remote Authentication Dial In User Service) server to authenticate users.Embedded RADIUS ServerThe NOA-3570’s embedded RADIUS server eliminates the need to purchase and maintain a standalone external RADIUS server. Use the embedded RADIUS server to authenticate up to 32 users. You can also use an external RADIUS server to authenticate a potentially unlimited number of users.Backup RADIUS Server You can configure the NOA-3570 to use backup external RADIUS servers and accounting servers in case the primary external RADIUS or accounting server does not respond.SNMPSNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your NOA-3570 supports SNMP agent functionality, which allows a manger station to manage and monitor the NOA-3570 through the network. The NOA-3570 supports SNMP version one (SNMPv1) and version two c (SNMPv2c).Full Network Management The web configurator is an HTML-based management interface that allows easy setup and management via Internet browser. Most functions of the NOA-3570 are also software configurable via the SMT (System Management Terminal) interface. The SMT is a menu-driven interface that you can access from a terminal emulator over a telnet connection.

NOA-3570 User’s GuideChapter 1 Getting to Know Your NOA-3570 33Logging and Tracing• Built-in message logging and packet tracing.• Syslog facility support.Embedded FTP and TFTP ServersThe NOA-3570’s embedded FTP and TFTP servers enable fast firmware upgrades as well as configuration file backups and restoration.Wireless Association List With the wireless association list, you can see the list of the wireless stations that are currently using the NOA-3570 to access your wired network.Wireless LAN Channel UsageThe Wireless Channel Usage screen displays which radio channels are being used by other wireless devices within the transmission range of the NOA-3570. This allows you to select the channel with minimum interference for your NOA-3570.1.3 Applications for the NOA-3570The NOA-3570 can be configured using the following WLAN operating modes1AP2AP+Bridge3Bridge/RepeaterApplications for each operating mode are shown below.1.3.1 Access Point The NOA-3570 is an ideal access solution for wireless Internet connection. A typical Internet access application for your NOA-3570 is shown as follows. Stations A, B and C can access the wired network through the NOA-3570s.

NOA-3570 User’s Guide34 Chapter 1 Getting to Know Your NOA-3570Figure 3 Access Point Application1.3.2 AP + BridgeIn AP+Bridge mode, the NOA-3570 supports both AP connections (A and B can connect to the wired network through X) and bridge connections (X can communicate with Y) at the same time.Figure 4 AP+Bridge Application

NOA-3570 User’s GuideChapter 1 Getting to Know Your NOA-3570 351.3.3 Bridge / RepeaterThe NOA-3570 can act as a wireless network bridge and establish wireless links with other APs. In bridge mode, the NOA-3570s (see A and B in Figure 5 on page 35) are connected to independent wired networks and have a bridge (A can communicate with B) connection at the same time. A NOA-3570 without a wired connection can act as a repeater (see C in Figure 6 on page 36).Figure 5 Bridge Application

NOA-3570 User’s Guide36 Chapter 1 Getting to Know Your NOA-3570Figure 6 Repeater Application

NOA-3570 User’s GuideChapter 2 Introducing the Web Configurator 37CHAPTER 2Introducing the WebConfiguratorThis chapter describes how to access the NOA-3570 web configurator and provides an overview of its screens.2.1 Web Configurator OverviewThe embedded web configurator allows you to manage the NOA-3570 from anywhere through a browser such as Microsoft Internet Explorer. Use Internet Explorer 6.0 and later versions with JavaScript enabled.It is recommended that you set your screen resolution to 1024 by 768 pixels.2.2 Accessing the NOA-3570 Web Configurator1Make sure your NOA-3570 hardware is properly connected (refer to the Quick Start Guide).2Prepare your computer/computer network to connect to the NOA-3570 (refer to Appendix D on page 201).3Launch your web browser.4Type "192.168.1.2" (the default IP address of the NOA-3570) as the URL. 5Type "1234" (default) as the password and click Login. In some versions, the default password appears automatically - if this is the case, click Login. 6You should see a screen asking you to change your password (highly recommended) as shown next. Type a new password (and retype it to confirm) and click Apply or click Ignore to allow access without password change.

NOA-3570 User’s Guide38 Chapter 2 Introducing the Web ConfiguratorFigure 7 Change Password Screen7Click Apply in the Replace Certificate screen to create a certificate using your NOA-3570’s MAC address that will be specific to this device.Figure 8 Replace Certificate Screen.8 You should now see the MAIN MENU screen (see Figure 10 on page 40).Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the NOA-3570 if this happens to you.2.3 Resetting the NOA-3570If you forget your password or cannot access the NOA-3570, you will need to reload the factory-default configuration file. Uploading this configuration file replaces the current configuration file with the factory-default configuration file. This means that you will lose all configurations that you had previously. The password will be reset to “1234” and the IP address will be reset to 192.168.1.2.Do the following to erase the current configuration and restore factory defaults.

NOA-3570 User’s GuideChapter 2 Introducing the Web Configurator 39Obtain the default configuration file, unzip it and save it in a folder. Use a console cable to connect a computer with terminal emulation software to the NOA-3570’s console port. Turn the NOA-3570 off and then on to begin a session. When you turn on the NOA-3570 again, you will see the initial screen. When you see the message “Press any key to enter Debug Mode within 3 seconds” press a key to enter debug mode.To upload the configuration file, do the following:1Type “atlc” after the Enter Debug Mode message.2Wait for the Starting XMODEM upload message before activating XMODEM upload on your terminal.3This is an example Xmodem configuration upload using HyperTerminal. Click Transfer, then Send File to display the following screen.Figure 9 Example Xmodem Upload4After a successful configuration file upload, type “atgo” to restart the NOA-3570.The NOA-3570 is now reinitialized with a default configuration file including the default password of “1234” and IP address of 192.168.1.2.2.4 Navigating the NOA-3570 Web ConfiguratorThe following summarizes how to navigate the web configurator from the MAIN MENU screen.Note: Follow the instructions you see in the MAIN MENU screen or click the icon (located in the top right corner of most screens) to view online help.The icon does not appear in the MAIN MENU screen.Type the configuration file’s location, or click Browse to search for it.Choose the Xmodem protocol.Then click Send.

NOA-3570 User’s Guide40 Chapter 2 Introducing the Web ConfiguratorFigure 10 The MAIN MENU Screen of the Web ConfiguratorUse submenus to configure NOA-3570 features.Click LOGOUT at any time to exit the web configurator.The following table describes the sub-menus.Table 3 Screens SummaryNOA-3570LINK TAB FUNCTIONWIZARD SETUP Click WIZARD SETUP for initial configuration including general setup, wireless LAN setup and IP address assignment.SYSTEM General This screen contains administrative and system-related information. Password Use this screen to change your password.Time Setting Use this screen to change your NOA-3570’s time and date settings.WIRELESS Wireless Use this screen to configure the wireless LAN settings and WLAN authentication/security settings.MAC Filter Use this screen to change MAC filter settings on the NOA-3570Roaming Use this screen to configure the NOA-3570 to allow wireless users to roam seamlessly between APs that are within the same subnet.802.1x/WPA Use this screen to configure wireless LAN security.IP IP Use this screen to configure IP address settings.

NOA-3570 User’s GuideChapter 2 Introducing the Web Configurator 41AUTH. SERVER Setting Configure this screen to use the internal server to authenticate wireless users.Trusted AP Configure this screen to allow specified AP’s to communicate with the NOA-3570.Trusted Users Use this screen to configure the local user account(s) on the NOA-3570.CERTIFICATES My Certificates Use this screen to view a summary list of certificates and manage certificates and certification requests.Trusted CAs Use this screen to view and manage the list of the trusted CAs.LOGS View Log Use this screen to view the logs for the categories that you selected.Log Settings Use this screen to change your NOA-3570’s log settings.MAINTENANCE Status This screen contains administrative and system-related information.Association ListUse this screen to view a list of wireless clients that are connected to the NOA-3570.Channel UsageUse this screen to see which APs are using which wireless channels within range of your NOA-3570.F/W Upload Use this screen to upload firmware to your NOA-3570Configuration Use this screen to backup and restore the configuration or reset the factory defaults to your NOA-3570. Restart This screen allows you to reboot the NOA-3570 without turning the power off.LOGOUT Click LOGOUT to exit the web configurator.Table 3 Screens SummaryNOA-3570LINK TAB FUNCTION

NOA-3570 User’s Guide42 Chapter 2 Introducing the Web Configurator

NOA-3570 User’s GuideChapter 3 Wizard Setup 43CHAPTER 3Wizard SetupThis chapter provides information on the WIZARD SETUP screens in the web configurator.3.1 Wizard Setup OverviewThe web configurator’s setup wizard helps you configure your NOA-3570 for wireless stations to access your wired LAN. Note: Click Next in each screen to continue or click Back to return to the previous screen. Your settings are not saved when you click Back.3.2 Wizard Setup: General SetupGeneral Setup contains administrative and system-related information. Figure 11 Wizard: General SetupThe following table describes the labels in this screen.

NOA-3570 User’s Guide44 Chapter 3 Wizard Setup3.3 Wizard Setup: Wireless LANUse this wizard screen to configure one of the NOA-3570’s two wireless LAN (WLAN) adapters to function as an AP (WLAN 1 is recommended). Use the ADVANCED WIRELESS screens to configure a WLAN adapter for bridge/repeater functions.Note: The wireless clients and NOA-3570 must use the same SSID, channel ID and WEP encryption key (if you enable WEP) for wireless communication.Table 4 Wizard: General SetupLABEL DESCRIPTIONSystem Name It is recommended you type your computer's "Computer name". In Windows 95/98 click Start, Settings, Control Panel, Network. Click the Identification tab, note the entry for the Computer Name field and enter it as the System Name.In Windows 2000, click Start, Settings, Control Panel and then double-click System. Click the Network Identification tab and then the Properties button. Note the entry for the Computer name field and enter it as the System Name.In Windows XP, click Start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the NOA-3570 System Name.This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted.Domain Name This is not a required field. Leave this field blank or enter the domain name here if you know it.Next Click Next to proceed to the next screen.

The channel only can setup in Channel 01 ~ 11. The following table describes the labels in this screen. Table 5 Wizard: Wireless LAN Setup

NOA-3570 User’s Guide46 Chapter 3 Wizard Setup3.4 Wizard Setup: IP Address AssignmentUse this wizard screen to configure IP address assignment for the NOA-3570.Figure 13 Wizard: IP Address AssignmentThe following table describes the labels in this screen.Key 1 to Key 4 The WEP keys are used to encrypt data. Both the NOA-3570 and the wireless stations must use the same WEP key.If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F"). You must configure all four keys, but only one key can be activated at any one time. The default key is key 1.Back Click Back to return to the previous screen.Next Click Next to continue.Table 5 Wizard: Wireless LAN SetupLABEL DESCRIPTIONTable 6 Wizard: IP Address AssignmentLABEL DESCRIPTIONIP Address Assignment Get automatically from DHCPSelect this option to have the NOA-3570 use a dynamically assigned IP address from a DHCP server. Note: You must know the IP address assigned to the NOA-3570 (by the DHCP server) to access the NOA-3570 again. Use fixed IP address Select this option if your NOA-3570 is using a static IP address. When you select this option, fill in the fields below.

NOA-3570 User’s GuideChapter 3 Wizard Setup 473.5 Basic Setup CompleteWhen you click Finish in the Wizard IP Address Assignment screen, a warning window displays as shown. Click OK to close the window. Log into the web configurator again using the new IP address if you change the default IP address (192.168.1.2).Figure 14 TCP/IP Warning ScreenThe following screen displays prompting you to close the web browser. Figure 15 Close Browser ScreenClick Ye s to close the web configurator. Otherwise, click No to use the ADVANCED screens to configure other features (the congratulations screen shows next).IP Address Enter the IP address of your NOA-3570 in dotted decimal notation. Note: If you changed the NOA-3570's IP address, you must use the new IP address if you want to access the web configurator again.IP Subnet Mask Type the subnet mask.Gateway IP Address Type the IP address of the gateway. The gateway is an immediate neighbor of your NOA-3570 that will forward the packet to the destination. The gateway must be a router on the same segment as your NOA-3570's LAN or WAN port.Back Click Back to return to the previous screen. Finish Click Finish to proceed to complete the Wizard setup. Table 6 Wizard: IP Address AssignmentLABEL DESCRIPTION

NOA-3570 User’s Guide48 Chapter 3 Wizard SetupFigure 16 Wizard: Setup CompleteWell done! You have set up your NOA-3570 to operate on your network and access the Internet.

NOA-3570 User’s GuideChapter 4 System Screens 49CHAPTER 4System ScreensThis section provides information on general system setup.4.1 System OverviewThis chapter describes how to configure the NOA-3570’s general, DNS, password and time settings. 4.2 General ScreenThe General screen contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". • In Windows 95/98 click Start, Settings, Control Panel, Network. Click the Identification tab, note the entry for the Computer Name field and enter it as the System Name.• In Windows 2000, click Start, Settings and Control Panel and then double-click System. Click the Network Identification tab and then the Properties button. Note the entry for the Computer name field and enter it as the System Name.• In Windows XP, click Start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the NOA-3570 System Name.4.2.1 Domain NameYou can manually enter a domain name or the NOA-3570 can get it automatically by DHCP.4.2.2 DNS Server Address AssignmentUse DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. You can manually configure DNS server addresses if you know them or the NOA-3570 can receive them automatically through DHCP.

NOA-3570 User’s Guide50 Chapter 4 System Screens4.3 Configuring General Setup Click the SYSTEM link under ADVANCED to open the General screen.Figure 17 System GeneralThe following table describes the labels in this screen.Table 7 System General Setup NOA-3570LABEL DESCRIPTIONGeneral SetupSystem Name Type a descriptive name to identify the NOA-3570 in the Ethernet network. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted. Domain Name This is not a required field. Leave this field blank or enter the domain name here if you know it.Administrator Inactivity TimerType how many minutes a management session (either via the web configurator or SMT) can be left idle before the session times out. The default is 5 minutes. After it times out you have to log in with your password again. Very long idle timeouts may have security risks. A value of "0" means a management session never times out, no matter how long it has been left idle (not recommended). System DNS Servers

NOA-3570 User’s GuideChapter 4 System Screens 514.4 Configuring PasswordTo change your NOA-3570’s password (recommended), click the SYSTEM link under ADVANCED and then the Password tab. The screen appears as shown. This screen allows you to change the NOA-3570’s password.If you forget your password (or the NOA-3570 IP address), you will need to reset the NOA-3570. See Section 2.3 on page 38 for details.Figure 18 Password.The following table describes the labels in this screen.First DNS ServerSecond DNS ServerThird DNS ServerSelect From DHCP if your ISP dynamically assigns DNS server information. The field to the right displays the (read-only) DNS server IP address that the DHCP assigns. Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply. If you set a second choice to User-Defined, and enter the same IP address, the second User-Defined changes to None after you click Apply. Select None if you do not want to configure DNS servers. If you do not configure a DNS server, you must know the IP address of a machine in order to access it.The default setting is None.Apply Click Apply to save your changes back to the NOA-3570.Reset Click Reset to reload the previous configuration for this screen.Table 7 System General Setup NOA-3570LABEL DESCRIPTION

NOA-3570 User’s Guide52 Chapter 4 System Screens4.5 Configuring Time SettingTo change your NOA-3570’s time and date, click the SYSTEM link under ADVANCED and then the Time Setting tab. The screen appears as shown. Use this screen to configure the NOA-3570’s time based on your local time zone.Figure 19 Time SettingTable 8 PasswordLABEL DESCRIPTIONSOld Password Type in your existing system password (1234 is the default password).New Password Type your new system password (up to 31 characters). Note that as you type a password, the screen displays an asterisk (*) for each character you type.Retype to Confirm Retype your new system password for confirmation.Apply Click Apply to save your changes back to the NOA-3570.Reset Click Reset to reload the previous configuration for this screen.

NOA-3570 User’s GuideChapter 4 System Screens 53The following table describes the labels in this screen.Table 9 Time Setting NOA-3570LABEL DESCRIPTIONTime Protocol Select the time service protocol that your time server uses. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.The main difference between them is the format. Daytime (RFC 867) format is day/month/year/time zone of the server. Time (RFC 868) format displays a 4-byte integer giving the total number of seconds since 1970/1/1 at 0:0:0. NTP (RFC 1305), is similar to Time (RFC 868). Select Manual to enter the time and date manually. Time Server Address Enter the IP address or the URL of your time server. Check with your ISP/network administrator if you are unsure of this information.Current Time (hh:mm:ss)This field displays the time of your NOA-3570.Each time you reload this page, the NOA-3570 synchronizes the time with the time server.New Time (hh:mm:ss) This field displays the last updated time from the time server.When you select None in the Time Protocol field, enter the new time in this field and then click Apply. Current Date (yyyy/mm/dd)This field displays the date of your NOA-3570. Each time you reload this page, the NOA-3570 synchronizes the date with the time server.New Date (yyyy/mm/dd)This field displays the last updated date from the time server.When you select None in the Time Protocol field, enter the new date in this field and then click Apply.Time Zone Choose the time zone of your location. This will set the time difference between your time zone and Greenwich Mean Time (GMT). Daylight Savings Select this option if you use daylight saving time. Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.Start Date (mm-dd) Enter the month and day that your daylight-saving time starts on if you selected Daylight Savings.End Date (mm-dd) Enter the month and day that your daylight-saving time ends on if you selected Daylight Savings.Apply Click Apply to save your changes back to the NOA-3570.Reset Click Reset to reload the previous configuration for this screen.

NOA-3570 User’s Guide54 Chapter 4 System Screens

NOA-3570 User’s GuideChapter 5 Wireless LAN 55CHAPTER 5 Wireless LANThis chapter discusses how to configure wireless LAN.5.1 IntroductionA wireless LAN can be as simple as two computers with wireless LAN adapters communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN adapters communicating through access points which bridge network traffic to the wired LAN. Note: See the WLAN appendix for more detailed information on WLANs.5.2 Wireless Security OverviewWireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.Wireless security methods available on the NOA-3570 are data encryption, wireless client authentication, restricting access by device MAC address and hiding the NOA-3570 identity.5.2.1 Encryption• Use WPA security if you have WPA-aware wireless clients and a RADIUS server. WPA has user authentication and improved data encryption over WEP.• Use WPA-PSK if you have WPA-aware wireless clients but no RADIUS server.• If you don’t have WPA-aware wireless clients, then use WEP key encrypting. A higher bit key offers better security at a throughput trade-off. 5.2.2 AuthenticationWPA has user authentication and you can also configure IEEE 802.1x to use the built-in database (Local User Database) or a RADIUS server to authenticate wireless clients before joining your network. • Use RADIUS authentication if you have a RADIUS server. See the appendices for information on protocols used when a client authenticates with a RADIUS server via the NOA-3570.

NOA-3570 User’s Guide56 Chapter 5 Wireless LAN• Use the Local User Database if you have less than 32 wireless clients in your network. The NOA-3570 uses MD5 encryption when a client authenticates with the Local User Database 5.2.3 Restricted AccessThe MAC Filter screen allows you to configure the AP to give exclusive access to devices (Allow Association) or exclude them from accessing the AP (Deny Association). 5.2.4 Hide NOA-3570 IdentityIf you hide the SSID, then the NOA-3570 cannot be seen when a wireless client scans for local APs. The trade-off for the extra security of “hiding” the NOA-3570 may be inconvenience for some valid WLAN clients. If you don’t hide the ESSID, at least you should change the default one.5.2.5 Configuring Wireless LAN on the NOA-35701Configure the ESSID and WEP in the Wireless screen.2Use the MAC Filter screen to restrict access to your wireless network by MAC address. 3Configure WPA or WPA-PSK in the 802.1x/WPA screen. You can also configure 802.1x wireless client authentication in the 802.1x/WPA screen.4Configure the RADIUS settings in the AUTH. SERVER screens.The following table shows the relative effectiveness of these wireless security methods available on your NOA-3570.Note: You must enable the same wireless security settings on the NOA-3570 and on all wireless clients that you want to associate with it. If you do not enable any wireless security on your NOA-3570, your network is accessible to any wireless networking device that is within range. Table 10 NOA-3570 Wireless Security LevelsSecurity Level Security TypeLeast Secure Most SecureUnique SSID (Default)Unique SSID with Hide SSID EnabledMAC Address FilteringWEP EncryptionIEEE802.1x EAP with RADIUS Server AuthenticationWi-Fi Protected Access (WPA)

NOA-3570 User’s GuideChapter 5 Wireless LAN 575.3 Spanning Tree Protocol (STP)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a bridge to interact with other STP-compliant bridges in your network to ensure that only one route exists between any two stations on the network.5.3.1 Rapid STPThe NOA-3570 uses IEEE 802.1w RSTP (Rapid Spanning Tree Protocol) that allow faster convergence of the spanning tree (while also being backwards compatible with STP-only aware bridges). Using RSTP topology change information does not have to propagate to the root bridge and unwanted learned addresses are flushed from the filtering database. In RSTP, the port states are Discarding, Learning, and Forwarding.5.3.2 STP TerminologyThe root bridge is the base of the spanning tree; it is the bridge with the lowest identifier value (MAC address).Path cost is the cost of transmitting a frame onto a LAN through that port. It is assigned according to the speed of the link to which a port is attached. The slower the media, the higher the cost - see the next table.On each bridge, the root port is the port through which this bridge communicates with the root. It is the port on this switch with the lowest path cost to the root (the root path cost). If there is no root port, then this bridge has been accepted as the root bridge of the spanning tree network.For each LAN segment, a designated bridge is selected. This bridge has the lowest cost to the root among the bridges connected to the LAN. Table 11 STP Path CostsLINK SPEED RECOMMENDED VALUERECOMMENDED RANGEALLOWED RANGEPath Cost 4Mbps 250 100 to 1000 1 to 65535Path Cost 10Mbps 100 50 to 600 1 to 65535Path Cost 16Mbps 62 40 to 400 1 to 65535Path Cost 100Mbps 19 10 to 60 1 to 65535Path Cost 1Gbps 43 to 10 1 to 65535Path Cost 10Gbps 21 to 5 1 to 65535

NOA-3570 User’s Guide58 Chapter 5 Wireless LAN5.3.3 How STP WorksAfter a bridge determines the lowest cost-spanning tree with STP, it enables the root port and the ports that are the designated ports for connected LANs, and disables all other ports that participate in STP. Network packets are therefore only forwarded between enabled ports, eliminating any possible network loops.STP-aware bridges exchange Bridge Protocol Data Units (BPDUs) periodically. When the bridged LAN topology changes, a new spanning tree is constructed.Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the root bridge. If a bridge does not get a Hello BPDU after a predefined interval (Max Age), the bridge assumes that the link to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology.5.3.4 STP Port StatesSTP assigns five port states (see next table) to eliminate packet looping. A bridge port is not allowed to go directly from blocking state to forwarding state so as to eliminate transient loops.5.4 WEP EncryptionWEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key. 5.5 Configuring the Wireless Screen Click the WIRELESS link under ADVANCED to display the Wireless screen. The screen varies depending upon the operating mode you select.Table 12 STP Port StatesPORT STATES DESCRIPTIONSDisabled STP is disabled (default).Blocking Only configuration and management BPDUs are received and processed.Listening All BPDUs are received and processed.Learning All BPDUs are received and processed. Information frames are submitted to the learning process but not forwarded.Forwarding All BPDUs are received and processed. All information frames are received and forwarded.

5.5.1 Access Point Mode Select Access Point in the Operating Mode drop-down list box to display the screen as shown next. Channel selection only can choose 1~11ch. Figure 20 Wireless: Access Point 21dBm

NOA-3570 User’s Guide60 Chapter 5 Wireless LANTable 13 Wireless: Access Point NOA-3570LABEL DESCRIPTIONWLAN Adapter Select which WLAN adapter you want to configure. It is recommended that you configure the first WLAN adapter for AP functions and use the second WLAN adapter for bridge functions.Operating Mode Select the operating mode from the drop-down list. The options are Access Point, Bridge/Repeater and AP+Bridge.Name (SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. Note: If you are configuring the NOA-3570 from a computer connected to the wireless LAN and you change the NOA-3570’s SSID or WEP settings, you will lose your wireless connection when you click Apply to confirm. You must then change the wireless settings of your computer to match the NOA-3570’s new settings.Hide Name (SSID)Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through passive scanning using a site survey tool.Choose Channel IDSet the operating frequency/channel depending on your particular region. To manually set the NOA-3570 to use a channel, select a channel from the drop-down list box. Click MAINTENANCE and then the Channel Usage tab to open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer-to-peer wireless network. To have the NOA-3570 automatically select a channel, click Scan instead. Scan Click this button to have the NOA-3570 automatically scan for and select a channel with the least interference.RTS/CTS Threshold(Request To Send) The threshold (number of bytes) for enabling RTS/CTS handshake. Data with its frame size larger than this value will perform the RTS/CTS handshake. Setting this attribute to be larger than the maximum MSDU (MAC service data unit) size turns off the RTS/CTS handshake. Setting this attribute to zero turns on the RTS/CTS handshake. Enter a value between 0 and 2432.Fragmentation ThresholdThe threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent. Enter a value between 800 and 2432.WEP Encryption WEP (Wired Equivalent Privacy) provides data encryption to prevent unauthorized wireless stations from accessing data transmitted over the wireless network. Select Disable to allow wireless stations to communicate with the access points without any data encryption. Select 64-bit WEP or 128-bit WEP to enable data encryption. Authentication MethodIf you use WEP encryption, select Auto, Open System or Shared Key from the drop-down list box.

Table 13 Wireless: Access Point NOA-3570 LABEL DESCRIPTION Key 1 to Key 4 If you chose 64-bit WEP in the WEP Encryption field, then enter any 5 characters(ASCII string) or 10 hexadecimal characters ("0-9", "A-F") preceded by 0x for each key. If you chose 128-bit WEP in the WEP Encryption field, then enter 13 characters (ASCII string) or 26 hexadecimal characters ("0-9", "A-F") preceded by 0x for each key. There are four data encryption keys to secure your data from eavesdropping by unauthorized wireless users. The values for the keys must be set up exactly the same on the access points as they are on the wireless stations. The preceding “0x” is entered automatically. You must configure all four keys, but only one key can be activated at any one time. The default key is key 1. Enable Intra- BSS Traffic Intra-BSS traffic is traffic between wireless stations in the same BSS. Enable Intra-BSS traffic to allow wireless stations connected to the NOA-3570 to communicate with each other. Disable Intra-BSS traffic to only allow wireless stations to communicate with the wired network, not with each other. Enable Spanning Tree Protocol (STP) (R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a bridge to interact with other (R)STP - compliant bridges in your network to ensure that only one path exists between any two stations on the network. Select the check box to activate STP on the NOA-3570. Output Power Set the output power of the NOA-3570 in this field. If there is a high density of APs within an area, decrease the output power of the NOA-3570 to reduce interference with other APs. The options are 21dBm, 19dBm, 17dBm or 15dBm. Preamble Preamble is used to signal that data is coming to the receiver. Short preamble increases performance as less time sending preamble means more time for sending data. All IEEE 802.11b compliant wireless adapters support long preamble, but not all support short preamble. Select Long preamble if you are unsure what preamble mode the wireless adapters support, and to provide more reliable communications in busy wireless networks. Select Short preamble if you are sure the wireless adapters support it, and to provide more efficient communications. Select Dynamic to have the NOA-3570 automatically use short preamble when all wireless clients support it, otherwise the NOA-3570 uses long preamble. Note: The NOA-3570 and the wireless stations MUST use the samepreamble mode in order to communicate. 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the NOA-3570. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the NOA-3570. Select Mixed to allow either IEEE 802.11b or IEEE 802.11g compliant WLAN devices to associate with the NOA-3570. The transmission rate of your NOA-3570 might be reduced. Max. Frame Burst Enable Maximum Frame Burst to help eliminate collisions in mixed-mode networks (networks with both IEEE 802.11g and IEEE 802.11b traffic) and enhance the performance of both pure IEEE 802.11g and mixed IEEE 802.11b/g networks. Maximum Frame Burst sets the maximum time, in microseconds, that the NOA- 3570 transmits IEEE 802.11g wireless traffic only. Type the maximum frame burst between 0 and 1800 (650, 1000 or 1800 recommended). Enter 0 to disable this feature.

NOA-3570 User’s Guide62 Chapter 5 Wireless LAN5.5.2 Bridge/Repeater ModeThe NOA-3570 can act as a wireless network bridge and establish wireless links with other APs. You need to know the MAC address of the peer device, which also must be in bridge mode. The NOA-3570 can establish wireless links with other APs.In the example below, when both NOA-3570s are in Bridge/Repeater mode, they form a WDS (Wireless Distribution System) allowing the computers in LAN 1 to connect to the computers in LAN 2. Figure 21 Bridging ExampleBe careful to avoid bridge loops when you enable bridging in the NOA-3570. Bridge loops cause broadcast traffic to circle the network endlessly, resulting in possible throughput degradation and disruption of communications. The following examples show two network topologies that can lead to this problem: If two or more NOA-3570s (in bridge mode) are connected to the same hub as shown next.VLAN ID The NOA-3570 supports IEEE 802.1 tagged VLAN for partioning a physical network into multiple logical networks. Enter a number from 1 to 4094 to set the VLAN ID tag that the NOA-3570 adds to the Ethernet frames that this WLAN adapter receives from wireless clients or other APs. Use the VLAN screen to enable or disable the NOA-3570’s VLAN feature.Apply Click Apply to save your changes back to the NOA-3570.Reset Click Reset to begin configuring this screen afresh.Table 13 Wireless: Access Point NOA-3570LABEL DESCRIPTION

NOA-3570 User’s GuideChapter 5 Wireless LAN 63Figure 22 Bridge Loop: Two Bridges Connected to HubIf your NOA-3570 (in bridge mode) is connected to a wired LAN while communicating with another wireless bridge that is also connected to the same wired LAN as shown next.Figure 23 Bridge Loop: Bridge Connected to Wired LANTo prevent bridge loops, ensure that you enable STP in the Wireless screen or your NOA-3570 is not set to bridge mode while connected to both wired and wireless segments of the same LAN.Click the WIRELESS link under ADVANCED. Select Bridge/Repeater in the Operating Mode drop-down list box to have the NOA-3570 act as a wireless bridge only.

NOA-3570 User’s Guide64 Chapter 5 Wireless LANFigure 24 Wireless: Bridge/RepeaterThe following table describes the labels in this screen that are specific to bridge/repeater mode.Table 14 Wireless: Bridge/Repeater NOA-3570LABEL DESCRIPTIONSWLAN Adapter Select which WLAN adapter you want to configure. It is recommended that you configure the first WLAN adapter for AP functions and use the second WLAN adapter for bridge functions.Operating Mode Select Bridge/Repeater in this field to display the screen shown above.Enable WDS Security A Wireless Distribution System (WDS) is a wireless connection between two or more APs.Select the check box to use TKIP to encrypt traffic on the WDS between APs.When you enable WDS security, type a Pre-Shared Key (PSK) for each link. Note: Other APs must use the same encryption method in order to communicate with the NOA-3570 when you enable WDS security.

NOA-3570 User’s GuideChapter 5 Wireless LAN 655.5.3 AP+Bridge ModeClick the WIRELESS link under ADVANCED. Select AP+Bridge in the Operating Mode drop-down list box to display the screen as shown next. In this screen, you can configure the NOA-3570 to function as an AP and bridge simultaneously. See the section on NOA-3570 applications for more information.#This is the index number of the bridge connection.Active Select the check box to enable the bridge connection. Otherwise, clear the check box to disable it.Remote Bridge MAC AddressType the MAC address of the peer device in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.PSK Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols).When the NOA-3570 is in Bridge/Repeater mode, you don’t have to enter a pre-shared key, but the traffic between devices won’t be encrypted if you don’t. The peer bridge must use the same pre-shared key and encryption method.Enable Spanning Tree Protocol (STP)Select the check box to activate STP on the NOA-3570.Table 14 Wireless: Bridge/Repeater NOA-3570LABEL DESCRIPTIONS

NOA-3570 User’s Guide66 Chapter 5 Wireless LANFigure 25 Wireless: AP+BridgeSee Table 13 on page 60 and Table 14 on page 64 descriptions of the fields in the Access Point and Bridge/Repeater operating modes for descriptions of the fields in this screen.

NOA-3570 User’s GuideChapter 5 Wireless LAN 67When you enable WEP encryption, you can also specify MAC addresses and pre-shared keys of peer bridges in order to use TKIP (see Appendix F on page 221 for more on TKIP) to encrypt traffic between the bridges. Note: The following screens are configurable only in Access Point and AP+Bridge operating modes.5.6 Configuring MAC FiltersThe MAC filter screen allows you to configure the NOA-3570 to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the NOA-3570 (Deny Association). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC address of the devices to configure this screen.To change your NOA-3570’s MAC filter settings, click the WIRELESS link under ADVANCED and then the MAC Filter tab. The screen appears as shown.Note: Be careful not to list your computer’s MAC address and set the Action field to Deny Association when managing the NOA-3570 via a wireless connection. This would lock you out.

NOA-3570 User’s Guide68 Chapter 5 Wireless LANFigure 26 MAC Address FilterThe following table describes the labels in this screen.Table 15 MAC Address Filter NOA-3570LABEL DESCRIPTIONWLAN Adapter Select the WLAN adapter for which you want to configure MAC address filtering.Active Select Yes from the drop down list box to enable MAC address filtering.

NOA-3570 User’s GuideChapter 5 Wireless LAN 695.7 Configuring RoamingA wireless station is a device with an IEEE 802.11b or an IEEE 802.11g compliant wireless interface. An access point (AP) acts as a bridge between the wireless and wired networks. An AP creates its own wireless coverage area. A wireless station can associate with a particular access point only if it is within the access point’s coverage area.In a network environment with multiple access points, wireless stations are able to switch from one access point to another as they move between the coverage areas. This is roaming. As the wireless station moves from place to place, it is responsible for choosing the most appropriate access point depending on the signal strength, network utilization or other factors.The roaming feature on the access points allows the access points to relay information about the wireless stations to each other. When a wireless station moves from a coverage area to another, it scans and uses the channel of a new access point, which then informs the access points on the LAN about the change. The new information is then propagated to the other access points on the LAN. An example is shown in Figure 27 on page 70.With roaming, a wireless LAN mobile user enjoys a continuous connection to the wired network through an access point while moving around the wireless LAN.Enable roaming to exchange the latest bridge information of all wireless stations between APs when a wireless station moves between coverage areas. Wireless stations can still associate with other APs even if you disable roaming. Enabling roaming ensures correct traffic forwarding (bridge tables are updated) and maximum AP efficiency. The AP deletes records of wireless stations that associate with other APs (Non-ZyXEL APs may not be able to perform this). IEEE 802.1x authentication information is not exchanged (at the time of writing).Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table. Select Deny Association to block access to the router, MAC addresses not listed will be allowed to access the router. Select Allow Association to permit access to the router, MAC addresses not listed will be denied access to the router.MAC Address Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the wireless station that are allowed or denied access to the NOA-3570 in these address fields.Apply Click Apply to save your changes back to the NOA-3570.Reset Click Reset to begin configuring this screen afresh.Table 15 MAC Address Filter NOA-3570LABEL DESCRIPTION

NOA-3570 User’s GuideChapter 5 Wireless LAN 71To enable roaming on your NOA-3570, click the WIRELESS link under ADVANCED and then the Roaming tab. The screen appears as shown.Figure 28 RoamingThe following table describes the labels in this screen.5.8 Introduction to WPAWi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. Key differences between WPA and WEP are user authentication and improved data encryption. 5.9 WPA-PSK Application ExampleA WPA-PSK application looks as follows.1First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols).Table 16 RoamingLABEL DESCRIPTIONActive Select Yes from the drop-down list box to enable roaming on the NOA-3570 if you have two or more APs on the same subnet.Note: All APs on the same subnet and the wireless stations must have the same SSID to allow roaming.Port Enter the port number to communicate roaming information between access points. The port number must be the same on all access points. The default is 3517. Make sure this port is not used by other services. Apply Click Apply to save your changes back to the NOA-3570.Reset Click Reset to begin configuring this screen afresh.

NOA-3570 User’s Guide72 Chapter 5 Wireless LAN2The AP checks each client’s password and (only) allows it to join the network if it matches its password.3The AP derives and distributes keys to the wireless clients.4The AP and wireless clients use the TKIP encryption process to encrypt data exchanged between them.Figure 29 WPA - PSK Authentication5.10 WPA with RADIUS Application ExampleThis example is for using WPA with an external RADIUS server. You need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA application example with an external RADIUS server looks as follows. “A” is the RADIUS server. “DS” is the distribution system.1The AP passes the wireless client’s authentication request to the RADIUS server.2The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly.3The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.

NOA-3570 User’s GuideChapter 5 Wireless LAN 73Figure 30 WPA with RADIUS Application Example5.11 Wireless Client WPA SupplicantsA wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data Communications' AEGIS client. The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it. The Funk Software's Odyssey client is bundled free (at the time of writing) with some of ZyXEL’s client wireless adapter(s). 5.12 Configuring 802.1x and WPATo change your NOA-3570’s authentication settings, click the WIRELESS link under ADVANCED and then the 802.1x/WPA tab. The screen varies by the key management protocol you select. The WPA function is not available on all NOA-3570 models.

NOA-3570 User’s Guide74 Chapter 5 Wireless LANYou see the next screen when you select No Access Allowed or No Authentication Required in the Wireless Port Control field.Figure 31 Wireless LAN: 802.1x/WPAThe following table describes the labels in this screen.5.13 Authentication Required: 802.1xSelect Authentication Required in the Wireless Port Control field and 802.1x in the Key Management Protocol field to display the next screen.Table 17 Wireless LAN: 802.1x/WPA LABEL DESCRIPTIONWireless Port ControlTo control wireless stations access to the wired network, select a control method from the drop-down list box. Choose from No Access Allowed, No Authentication Required and Authentication Required. No Access Allowed blocks all wireless stations access to the wired network.No Authentication Required allows all wireless stations access to the wired network without entering usernames and passwords. This is the default setting. Authentication Required means that all wireless stations have to enter usernames and passwords before access to the wired network is allowed. Select Authentication Required to configure Key Management Protocol and other related fields.Apply Click Apply to save your changes back to the NOA-3570.Reset Click Reset to begin configuring this screen afresh.

NOA-3570 User’s GuideChapter 5 Wireless LAN 75Figure 32 Wireless LAN: 802.1x/WPA for 802.1x Protocol

NOA-3570 User’s Guide76 Chapter 5 Wireless LANThe following table describes the labels in this screen.Table 18 Wireless LAN: 802.1x/WPA for 802.1x Protocol NOA-3570LABEL DESCRIPTIONWireless Port ControlTo control wireless stations access to the wired network, select a control method from the drop-down list box. Choose from No Authentication Required, Authentication Required and No Access Allowed. No Authentication Required allows all wireless stations access to the wired network without entering usernames and passwords. This is the default setting. Authentication Required means that all wireless stations have to enter usernames and passwords before access to the wired network is allowed. No Access Allowed blocks all wireless stations access to the wired network.The following fields are only available when you select Authentication Required.ReAuthentication Timer (In Seconds)Specify how often wireless stations have to reenter usernames and passwords in order to stay connected. This field is activated only when you select Authentication Required in the Wireless Port Control field. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). Note: If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority. Idle Timeout (In Seconds)The NOA-3570 automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. This field is activated only when you select Authentication Required in the Wireless Port Control field. The default time interval is 3600 seconds (or 1 hour).Key Management ProtocolChoose 802.1x from the drop-down list.Dynamic WEP Key ExchangeThis field is activated only when you select Authentication Required in the Wireless Port Control field. Select Disable to allow wireless stations to communicate with the access points without using dynamic WEP key exchange. Select 64-bit WEP or 128-bit WEP to enable data encryption. This field is not available when you set Key Management Protocol to WPA or WPA-PSK.Authentication DatabasesThe authentication database contains wireless station login information. Internal RADIUS ServerSelect this radio button to use the NOA-3570’s Internal RADIUS Server. Select the MD5 radio button to use this EAP authentication type to authenticate other APs or wireless clients in other wireless networks.Select the PEAP radio button to use this EAP authentication type to authenticate other APs or wireless clients in other wireless networks. Use the drop-down list box to select Disable, 64-bit WEP or 128-bit WEP for Dynamic WEP Exchange.Note: MD5 cannot be used with Dynamic WEP Key Exchange.External RADIUS ServerSelect the radio button to use an external radius server to authenticate the NOA-3570’s wireless clients.Configure the server(s) details in the following fields.

NOA-3570 User’s GuideChapter 5 Wireless LAN 77Note: If you enable the NOA-3570’s internal RADIUS server, configure trusted user accounts in the AUTH SERVER Trusted Users screen. Authentication Server /AlternateThe NOA-3570 will make three attempts to authenticate wireless users using the authentication server before attempting to use the alternate authentication server.Requests can be issued from the client interface to use the alternate authentication server. The length of time for each authentication is decided by the wireless client or based on the configuration of the ReAuthentication Timer field. Note: You can use the command line interface to configure the NOA-3570 to use up to four alternate authentication servers.Active Select Active to enable user authentication through this external authentication server.Clear the Active check box to not use this to not perform user authentication through this external authentication server.Server IP Address Enter the IP address of the external authentication server in dotted decimal notation. Port Number Enter the port number of the external authentication server. The default port number is 1812. You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the NOA-3570. The key must be the same on the external authentication server and your NOA-3570. The key is not sent over the network. Accounting Server /AlternateThe NOA-3570 will make three attempts to communicate with the accounting server before attempting to use the alternate accounting server.Note: You can use the command line interface to configure the NOA-3570 to use up to four alternate accounting servers.Active Select Active to enable user accounting through this external accounting server.Clear the Active check box to not use this to not perform user accounting through this external accounting server.Server IP Address Enter the IP address of the external accounting server in dotted decimal notation. Port Number Enter the port number of the external accounting server. The default port number is 1813. You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external accounting server and the NOA-3570. The key must be the same on the external accounting server and your NOA-3570. The key is not sent over the network.Apply Click Apply to save your changes back to the NOA-3570.Reset Click Reset to begin configuring this screen afresh.Table 18 Wireless LAN: 802.1x/WPA for 802.1x Protocol NOA-3570LABEL DESCRIPTION

NOA-3570 User’s Guide78 Chapter 5 Wireless LAN5.14 Authentication Required: WPASelect Authentication Required in the Wireless Port Control field and WPA in the Key Management Protocol field to display the next screen.Figure 33 Wireless LAN: 802.1x/WPA for WPA ProtocolThe following table describes the labels not previously discussed.

NOA-3570 User’s GuideChapter 5 Wireless LAN 795.15 Authentication Required: WPA-PSKSelect Authentication Required in the Wireless Port Control field and WPA-PSK in the Key Management Protocol field to display the next screen.Figure 34 Wireless LAN: 802.1x/WPA for WPA-PSK ProtocolTable 19 Wireless LAN: 802.1x/WPA for WPA ProtocolLABEL DESCRIPTIONSKey Management ProtocolChoose WPA in this field.WPA Mixed Mode The NOA-3570 can operate in WPA Mixed Mode, which supports both clients running WPA and clients running dynamic WEP key exchange with IEEE 802.1x in the same Wi-Fi network.Select Enable to activate WPA mixed mode. Otherwise, select Disable. WPA Group Key Update TimerThe WPA Group Key Update Timer is the rate at which the AP (if using WPA-PSK key management) or RADIUS server (if using WPA key management) sends a new group key out to all clients. The re-keying process is the WPA equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis. Setting of the WPA Group Key Update Timer is also supported in WPA-PSK mode. The NOA-3570 default is 1800 seconds (30 minutes). Apply Click Apply to save your changes back to the NOA-3570.Reset Click Reset to begin configuring this screen afresh.

NOA-3570 User’s Guide80 Chapter 5 Wireless LANThe following table describes the labels not previously discussed.Table 20 Wireless LAN: 802.1x/WPA for WPA-PSK ProtocolLABEL DESCRIPTIONKey Management ProtocolChoose WPA-PSK in this field.Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials.Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols).Apply Click Apply to save your changes back to the NOA-3570.Reset Click Reset to begin configuring this screen afresh.

NOA-3570 User’s GuideChapter 6 Internal RADIUS Server 81CHAPTER 6Internal RADIUS ServerThe NOA-3570 can use its internal RADIUS server to authenticate wireless clients. It can also serve as a RADIUS server to authenticate other APs and their wireless clients. For more background information on RADIUS, see the Introduction to RADIUS section.6.1 Internal RADIUS OverviewThe NOA-3570 has a built-in RADIUS server that can authenticate wireless clients or other APs (that are configured as trusted APs).The NOA-3570 can function as an AP and as a RADIUS server at the same time.PEAP (Protected EAP) and MD5 authentication is implemented on the internal RADIUS server using simple username and password methods over a secure TLS connection. See the appendices for more information on the types of EAP authentication and the internal RADIUS authentication method used in your NOA-3570. Figure 35 NOA-3570 Authenticates Wireless Stations

NOA-3570 User’s Guide82 Chapter 6 Internal RADIUS ServerFigure 36 NOA-3570 Authenticates Trusted APs6.2 Internal RADIUS Server SettingThe INTERNAL RADIUS SERVER Setting screen displays information about certificates. The certificates are used by wireless clients to authenticate the RADIUS server. Information matching the certificate is held on the wireless clients utility, for example, Funk Software’s Odyssey client. A password and user name on the utility must match the Trusted Users list so that the RADIUS server can be authenticated.Note: The internal RADIUS server does not support domain accounts (DOMAIN/user). When you configure your Windows XP SP2 Wireless Zero Configuration PEAP/MS-CHAPv2 settings, deselect the Use Windows logon name and password check box. When authentication begins, a pop-up dialog box requests you to type a Name, Password and Domain of the RADIUS server. Specify a name and password only, do not specify a domain.Click the AUTH SERVER link under ADVANCED and then the Setting tab. The screen appears as shown.Table 21 Internal RADIUS Server Screens OverviewLABEL DESCRIPTIONSetting Use the Setting screen to turn the NOA-3570’s internal RADIUS server off or on and to view information about the NOA-3570’s certificates.Trusted AP Use the Trusted AP screen to specify APs as trusted APs so they can use the NOA-3570’s internal RADIUS server to authenticate wireless clients. You can set up to 31 trusted AP’s.Trusted Users Use the Trusted Users screen to configure a list of wireless client user names and passwords for the NOA-3570 to authenticate. The NOA-3570 internal RADIUS server can authenticate up to 32 wireless clients.NOA-3570 as a RADIUS serverTrusted AP’s

NOA-3570 User’s GuideChapter 6 Internal RADIUS Server 83Figure 37 Internal RADIUS Server Setting ScreenThe following table describes the labels in this screen.Table 22 My CertificatesNOA-3570LABEL DESCRIPTIONActive Select the Active check box to have the NOA-3570 use its internal RADIUS server to authenticate wireless clients or other APs.# This field displays the certificate index number. The certificates are listed in alphabetical order. Use the CERTIFICATES screens to manage certificates. The internal RADIUS server uses one of the certificates listed in this screen to authenticate each wireless client. The exact certificate used, depends on the certificate information configured on the wireless client.Name This field displays the name used to identify this certificate. It is recommended that you give each certificate a unique name. auto_generated_self_signed_cert is the factory default certificate common to all NOA-3570’s that use certificates. Note: ZyXEL recommends that you replace the factory default certificate with one that uses your NOA-3570's MAC address. Do this when you first log in to the NOA-3570 or in the CERTIFICATES My Certificates screen.Type This field displays what kind of certificate this is. REQ represents a certification request and is not yet a valid certificate. Send a certification request to a certification authority, which then issues a certificate. Use the My Certificate Import screen to import the certificate and replace the request. SELF represents a self-signed certificate. *SELF represents the default self-signed certificate, which the NOA-3570 uses to sign imported trusted remote host certificates. CERT represents a certificate issued by a certification authority.Subject This field displays identifying information about the certificate’s owner, such as CN (Common Name), OU (Organizational Unit or department), O (Organization or company) and C (Country). It is recommended that each certificate have unique subject information.

NOA-3570 User’s Guide84 Chapter 6 Internal RADIUS Server6.3 Trusted AP OverviewA trusted AP is an AP that uses the NOA-3570’s internal RADIUS server to authenticate its wireless clients. Each wireless client must have a user name and password configured in the Trusted Users screen.The following figure shows how this is done in two phases.Figure 38 Trusted AP Overview1Configure an IP address and shared secret in the Trusted AP database to authenticate an AP as a trusted AP.Issuer This field displays identifying information about the certificate’s issuing certification authority, such as a common name, organizational unit or department, organization or company and country. With self-signed certificates, this is the same information as in the Subject field.Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable.Valid To This field displays the date that the certificate expires. The text displays in red and includes an Expiring! or Expired! message if the certificate is about to expire or has already expired.Apply Click Apply to have the NOA-3570 use certificates to authenticate wireless clients.Reset Click Reset to start configuring this screen afresh.Table 22 My CertificatesNOA-3570LABEL DESCRIPTIONNOA-3570 RADIUS Server Wireless clients. You can authenticate a maximum of32 wireless clients using the NOA-3570’s RADIUS server,irrespective of the amount ofTrusted AP’strusted AP’s configured on the NOA-3570.

NOA-3570 User’s GuideChapter 6 Internal RADIUS Server 852Configure wireless client user names and passwords in the Trusted Users database to use a trusted AP as a relay between the NOA-3570’s internal RADIUS server and the wireless clients. The wireless clients can then be authenticated by the NOA-3570’s internal RADIUS server.6.4 Configuring Trusted APTo specify APs as trusted APs so they can use the NOA-3570’s internal RADIUS server to authenticate wireless clients, click the AUTH SERVER link under ADVANCED and then the Trusted AP tab. The screen appears as shown.Figure 39 Trusted AP ScreenThe following table describes the labels in this screen.Table 23 Trusted APLABEL DESCRIPTION#This field displays the trusted AP index number. Active Select this check box to have the NOA-3570 use the IP Address and Shared Secret to authenticate a trusted AP.

NOA-3570 User’s Guide86 Chapter 6 Internal RADIUS Server6.5 Trusted Users Overview A trusted user entry consists of a wireless client user name and password 6.6 Configuring Trusted Users To configure trusted user entries, click the AUTH SERVER link under ADVANCED and then the Trusted Users tab. The screen appears as shown.IP Address Type the IP address of the trusted AP in dotted decimal notation.Shared Secret Enter a password (up to 31 alphanumeric characters, no spaces) as the key for encrypting communications between the AP and the NOA-3570. The key is not sent over the network. This key must be the same on the AP and the NOA-3570. Both the NOA-3570’s IP address and this shared secret must also be configured in the “external RADIUS” server fields of the trusted AP.Note: The first trusted AP fields are for the NOA-3570 itself. Use SMT menu 23.2 to configure them. Apply Click Apply to save your changes back to the NOA-3570.Reset Click Reset to begin configuring this screen afresh.Table 23 Trusted APLABEL DESCRIPTION

NOA-3570 User’s Guide88 Chapter 6 Internal RADIUS Server

NOA-3570 User’s GuideChapter 7 VLAN 89CHAPTER 7VLANThis chapter discusses how to configure VLAN on the NOA-35707.1 VLANA VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Stations on a logical network can belong to one or more groups. Only stations within the same group can talk to each other.The NOA-3570 supports IEEE 802.1q VLAN tagging. Tagged VLAN uses an explicit tag (VLAN ID) in the MAC header of a frame to identify VLAN membership. The NOA-3570 can identify VLAN tags for incoming Ethernet frames and add VLAN tags to outgoing Ethernet frames. 7.1.1 Management VLAN IDThe management VLAN ID identifies the “management VLAN”. A computer must be a member of this “management VLAN” in order to access and manage the NOA-3570. A computer that is not a member of this VLAN, then that device cannot manage the NOA-3570. If no devices are in the management VLAN, then you will only be able to access the NOA-3570 through the console port (not through the network).7.2 Configuring VLANClick ADVANCED and then VLAN. The screen appears as shown next.

NOA-3570 User’s Guide90 Chapter 7 VLANFigure 41 VLANThe following table describes the labels in this screen.Table 25 VLANLABEL DESCRIPTIONEnable VLAN Tagging Select this check box to turn on VLAN tagging.Use the Wireless screen to set the VLAN ID tag that the NOA-3570 adds to the Ethernet frames that a WLAN adapter receives from wireless clients or APs. Management VLAN ID Enter a number from 1 to 4094 to define this VLAN group. Your management computer must belong to this VLAN group in order to manage the NOA-3570. This can be done in the following ways:• The management computer could be a wireless client of the NOA-3570 if the NOA-3570’s WLAN adapter is set to add the add the management VLAN ID tag to Ethernet frames received from wireless clients.• The management computer could be on the wired network, behind a VLAN-aware switch that is configured to add the management VLAN ID tag to Ethernet frames from the computer before sending them to NOA-3570.Note: Mail and FTP servers must have the same management VLAN ID to communicate with the NOA-3570.Apply Click Apply to save your changes back to the NOA-3570.Reset Click Reset to begin configuring this screen afresh.

NOA-3570 User’s GuideChapter 8 IP Screen 91CHAPTER 8IP ScreenThis chapter discusses how to configure IP on the NOA-35708.1 Factory Ethernet DefaultsThe Ethernet parameters of the NOA-3570 are preset in the factory with the following values:1IP address of 192.168.1.22Subnet mask of 255.255.255.0 (24 bits)These parameters should work for the majority of installations.8.2 IP Address and Subnet MaskSimilar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network.Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.2, for your NOA-3570, but make sure that no other device on your network is using that IP address.The subnet mask specifies the network number portion of an IP address. Your NOA-3570 will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the NOA-3570 unless you are instructed to do otherwise.

NOA-3570 User’s Guide92 Chapter 8 IP Screen8.2.1 IP Address Assignment Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet, for instance, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks.You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.Note: Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.8.3 Configuring IP Click ADVANCED and then IP to display the screen shown next.Table 26 Private IP Address Ranges10.0.0.0 - 10.255.255.255172.16.0.0 - 172.31.255.255192.168.0.0 - 192.168.255.255

NOA-3570 User’s GuideChapter 8 IP Screen 93Figure 42 IP SetupThe following table describes the labels in this screen.Table 27 IP Setup NOA-3570LABEL DESCRIPTIONIP Address Assignment Get automatically from DHCP Select this option to have the NOA-3570 use a dynamically assigned IP address from a DHCP server. Note: You must know the IP address assigned to the NOA-3570 (by the DHCP server) to access the NOA-3570 again. Use fixed IP address Select this option if your NOA-3570 is using a static IP address. When you select this option, fill in the fields below.IP Address Enter the IP address of your NOA-3570 in dotted decimal notation. Note: If you change the NOA-3570's IP address, you must use the new IP address if you want to access the web configurator again.IP Subnet Mask Type the subnet mask.Gateway IP Address Type the IP address of the gateway. The gateway is a router or switch on the same network segment as the NOA-3570. The gateway helps forward packets to their destinations. Leave this field as 0.0.0.0 if you do not know it.Apply Click Apply to save your changes back to the NOA-3570.Reset Click Reset to begin configuring this screen afresh.

NOA-3570 User’s Guide94 Chapter 8 IP Screen

NOA-3570 User’s GuideChapter 9 Certificates 95CHAPTER 9CertificatesThis chapter gives background information about public-key certificates and explains how to use them.9.1 Certificates OverviewThe NOA-3570 can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. A Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner. There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities. You can use the NOA-3570 to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority. In public-key encryption and decryption, each host has two keys. One key is public and can be made openly available; the other key is private and must be kept secure. Public-key encryption in general works as follows. 1Tim wants to send a private message to Jenny. Tim generates a public key pair. What is encrypted with one key can only be decrypted using the other.2Tim keeps the private key and makes the public key openly available.3Tim uses his private key to encrypt the message and sends it to Jenny.4Jenny receives the message and uses Tim’s public key to decrypt it.5Additionally, Jenny uses her own private key to encrypt a message and Tim uses Jenny’s public key to decrypt the message.The NOA-3570 uses certificates based on public-key cryptology to authenticate users attempting to establish a connection, not to encrypt the data that you send after establishing a connection. The method used to secure the data that you send through an established connection depends on the type of connection.The certification authority uses its private key to sign certificates. Anyone can then use the certification authority’s public key to verify the certificates.A certification path is the hierarchy of certification authority certificates that validate a certificate. The NOA-3570 does not trust a certificate if any certificate on its path has expired or been revoked.

NOA-3570 User’s Guide96 Chapter 9 Certificates9.1.1 Advantages of CertificatesCertificates offer the following benefits.• The NOA-3570 only has to store the certificates of the certification authorities that you decide to trust, no matter how many devices you need to authenticate. • Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys.9.2 Self-signed CertificatesUntil public-key infrastructure becomes more mature, it may not be available in some areas. You can have the NOA-3570 act as a certification authority and sign its own certificates.9.3 Configuration SummaryThis section summarizes how to manage certificates on the NOA-3570.Figure 43 Certificate Configuration OverviewUse the My Certificate screens to generate and export self-signed certificates or certification requests and import the NOA-3570s’ CA-signed certificates.Use the Trusted CA screens to save CA certificates to the NOA-3570.9.4 My CertificatesClick CERTIFICATES, My Certificates to open the NOA-3570’s summary list of certificates and certification requests. Certificates display in black and certification requests display in gray. See the following figure.

NOA-3570 User’s GuideChapter 9 Certificates 97Figure 44 My CertificatesThe following table describes the labels in this screen.Table 28 My CertificatesNOA-3570LABEL DESCRIPTIONPKI Storage Space in UseThis bar displays the percentage of the NOA-3570’s PKI storage space that is currently in use. The bar turns from green to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.Replace This button displays when the NOA-3570 has the factory default certificate. The factory default certificate is common to all NOA-3570s that use certificates. ZyXEL recommends that you use this button to replace the factory default certificate with one that uses your NOA-3570's MAC address.# This field displays the certificate index number. The certificates are listed in alphabetical order. Name This field displays the name used to identify this certificate. It is recommended that you give each certificate a unique name.

NOA-3570 User’s Guide98 Chapter 9 Certificates9.5 Certificate File FormatsThe certification authority certificate that you want to import has to be in one of these file formats:Type This field displays what kind of certificate this is. REQ represents a certification request and is not yet a valid certificate. Send a certification request to a certification authority, which then issues a certificate. Use the My Certificate Import screen to import the certificate and replace the request. SELF represents a self-signed certificate. *SELF represents the default self-signed certificate, which the NOA-3570 uses to sign imported trusted remote host certificates. CERT represents a certificate issued by a certification authority.Subject This field displays identifying information about the certificate’s owner, such as CN (Common Name), OU (Organizational Unit or department), O (Organization or company) and C (Country). It is recommended that each certificate have unique subject information. Issuer This field displays identifying information about the certificate’s issuing certification authority, such as a common name, organizational unit or department, organization or company and country. With self-signed certificates, this is the same information as in the Subject field.Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable.Valid To This field displays the date that the certificate expires. The text displays in red and includes an Expiring! or Expired! message if the certificate is about to expire or has already expired.Details Select a certificate’s radio button and click Details to open a screen with an in-depth list of information about the certificate.Create Click Create to go to the screen where you can have the NOA-3570 generate a certificate or a certification request.Import Click Import to open a screen where you can save the certificate that you have enrolled from a certification authority from your computer to the NOA-3570.Delete Select a certificate’s radio button and click Delete to remove the certificate.A window displays asking you to confirm that you want to delete the certificate.You cannot delete a certificate that one or more features is configured to use.Do the following to delete a certificate that shows *SELF in the Type field. 1. Make sure that no features are configured to use the *SELF certificate.2. Select the radio button of another self-signed certificate and click Details (see the description on the Create button if you need to create a self-signed certificate).3. Select the Default self-signed certificate which signs the imported remote host certificates check box. 4. Click Apply to save the changes and return to the My Certificates screen.5. The certificate that originally showed *SELF displays SELF and you can delete it now.Subsequent certificates move up by one when you take this action.Refresh Click Refresh to display the current validity status of the certificates.Table 28 My CertificatesNOA-3570LABEL DESCRIPTION

NOA-3570 User’s GuideChapter 9 Certificates 99• Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates.• PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses 64 ASCII characters to convert a binary X.509 certificate into a printable form.• Binary PKCS#7: This is a standard that defines the general syntax for data (including digital signatures) that may be encrypted. The NOA-3570 currently allows the importation of a PKS#7 file that contains a single certificate.• PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses 64 ASCII characters to convert a binary PKCS#7 certificate into a printable form.9.6 Importing a CertificateClick CERTIFICATES, My Certificates and then Import to open the My Certificate Import screen. Follow the instructions in this screen to save an existing certificate to the NOA-3570, see the following figure. Note: 1. You can only import a certificate that matches a corresponding certification request that was generated by the NOA-3570.Note: 2. The certificate you import replaces the corresponding request in the My Certificates screen.Note: 3. You must remove any spaces from the certificate’s filename before you can import it.Figure 45 My Certificate ImportThe following table describes the labels in this screen.

NOA-3570 User’s Guide100 Chapter 9 Certificates9.7 Creating a CertificateClick CERTIFICATES, My Certificates and then Create to open the My Certificate Create screen. Use this screen to have the NOA-3570 create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request, see the following figure.Table 29 My Certificate ImportLABEL DESCRIPTIONFile Path Type in the location of the file you want to upload in this field or click Browse to find it.Browse Click Browse to find the certificate file you want to upload. Apply Click Apply to save the certificate on the NOA-3570.Cancel Click Cancel to quit and return to the My Certificates screen.

NOA-3570 User’s GuideChapter 9 Certificates 101Figure 46 My Certificate CreateThe following table describes the labels in this screen.Table 30 My Certificate CreateNOA-3570LABEL DESCRIPTIONCertificate Name Type up to 31 ASCII characters (not including spaces) to identify this certificate. Subject Information Use these fields to record information that identifies the owner of the certificate. You do not have to fill in every field, although the Common Name is mandatory. The certification authority may add fields (such as a serial number) to the subject information when it issues a certificate. It is recommended that each certificate have unique subject information.Common Name Select a radio button to identify the certificate’s owner by IP address, domain name or e-mail address. Type the IP address (in dotted decimal notation), domain name or e-mail address in the field provided. The domain name or e-mail address can be up to 31 ASCII characters. The domain name or e-mail address is for identification purposes only and can be any string.

NOA-3570 User’s Guide102 Chapter 9 CertificatesOrganizational Unit Type up to 127 characters to identify the organizational unit or department to which the certificate owner belongs. You may use any character, including spaces, but the NOA-3570 drops trailing spaces.Organization Type up to 127 characters to identify the company or group to which the certificate owner belongs. You may use any character, including spaces, but the NOA-3570 drops trailing spaces.Country Type up to 127 characters to identify the nation where the certificate owner is located. You may use any character, including spaces, but the NOA-3570 drops trailing spaces.Key Length Select a number from the drop-down list box to determine how many bits the key should use (512 to 2048). The longer the key, the more secure it is. A longer key also uses more PKI storage space.Enrollment Options These radio buttons deal with how and when the certificate is to be generated.Create a self-signed certificateSelect Create a self-signed certificate to have the NOA-3570 generate the certificate and act as the Certification Authority (CA) itself. This way you do not need to apply to a certification authority for certificates.Create a certification request and save it locally for later manual enrollment Select Create a certification request and save it locally for later manual enrollment to have the NOA-3570 generate and store a request for a certificate. Use the My Certificate Details screen to view the certification request and copy it to send to the certification authority. Copy the certification request from the My Certificate Details screen (see Section 9.8 on page 103) and then send it to the certification authority.Create a certification request and enroll for a certificate immediately onlineSelect Create a certification request and enroll for a certificate immediately online to have the NOA-3570 generate a request for a certificate and apply to a certification authority for a certificate. You must have the certification authority’s certificate already imported in the Trusted CAs screen.When you select this option, you must select the certification authority’s enrollment protocol and the certification authority’s certificate from the drop-down list boxes and enter the certification authority’s server address. You also need to fill in the Reference Number and Key if the certification authority requires them. Enrollment Protocol Select the certification authority’s enrollment protocol from the drop-down list box.Simple Certificate Enrollment Protocol (SCEP) is a TCP-based enrollment protocol that was developed by VeriSign and Cisco.Certificate Management Protocol (CMP) is a TCP-based enrollment protocol that was developed by the Public Key Infrastructure X.509 working group of the Internet Engineering Task Force (IETF) and is specified in RFC 2510.CA Server Address Enter the IP address (or URL) of the certification authority server.CA Certificate Select the certification authority’s certificate from the CA Certificate drop-down list box.You must have the certification authority’s certificate already imported in the Trusted CAs screen. Click Trusted CAs to go to the Trusted CAs screen where you can view (and manage) the NOA-3570's list of certificates of trusted certification authorities.Request AuthenticationWhen you select Create a certification request and enroll for a certificate immediately online, the certification authority may want you to include a reference number and key to identify you when you send a certification request. Fill in both the Reference Number and the Key fields if your certification authority uses CMP enrollment protocol. Just fill in the Key field if your certification authority uses the SCEP enrollment protocol. Table 30 My Certificate CreateNOA-3570LABEL DESCRIPTION

NOA-3570 User’s GuideChapter 9 Certificates 103After you click Apply in the My Certificate Create screen, you see a screen that tells you the NOA-3570 is generating the self-signed certificate or certification request. After the NOA-3570 successfully enrolls a certificate or generates a certification request or a self-signed certificate, you see a screen with a Return button that takes you back to the My Certificates screen.If you configured the My Certificate Create screen to have the NOA-3570 enroll a certificate and the certificate enrollment is not successful, you see a screen with a Return button that takes you back to the My Certificate Create screen. Click Return and check your information in the My Certificate Create screen. Make sure that the certification authority information is correct and that your Internet connection is working properly if you want the NOA-3570 to enroll a certificate online.9.8 My Certificate DetailsClick CERTIFICATES, and then My Certificates to open the My Certificates screen (see Figure 44 on page 97). Click the details icon to open the My Certificate Details screen. You can use this screen to view in-depth certificate information and change the certificate’s name. In the case of a self-signed certificate, you can set it to be the one that the NOA-3570 uses to sign the trusted remote host certificates that you import to the NOA-3570. Key Type the key that the certification authority gave you.Apply Click Apply to begin certificate or certification request generation.Cancel Click Cancel to quit and return to the My Certificates screen.Table 30 My Certificate CreateNOA-3570LABEL DESCRIPTION

NOA-3570 User’s Guide104 Chapter 9 CertificatesFigure 47 My Certificate Details

NOA-3570 User’s GuideChapter 9 Certificates 105The following table describes the labels in this screen.Table 31 My Certificate DetailsNOA-3570LABEL DESCRIPTIONName This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certificate. You may use any character (not including spaces).Property Default self-signed certificate which signs the imported remote host certificates.Select this check box to have the NOA-3570 use this certificate to sign the trusted remote host certificates that you import to the NOA-3570. This check box is only available with self-signed certificates. If this check box is already selected, you cannot clear it in this screen, you must select this check box in another self-signed certificate’s details screen. This automatically clears the check box in the details screen of the certificate that was previously set to sign the imported trusted remote host certificates.Certification Path Click the Refresh button to have this read-only text box display the hierarchy of certification authorities that validate the certificate (and the certificate itself).If the issuing certification authority is one that you have imported as a trusted certification authority, it may be the only certification authority in the list (along with the certificate itself). If the certificate is a self-signed certificate, the certificate itself is the only one in the list. The NOA-3570 does not trust the certificate and displays “Not trusted” in this field if any certificate on the path has expired or been revoked.Refresh Click Refresh to display the certification path.Certificate InformationThese read-only fields display detailed information about the certificate. Type This field displays general information about the certificate. CA-signed means that a Certification Authority signed the certificate. Self-signed means that the certificate’s owner signed the certificate (not a certification authority). “X.509” means that this certificate was created and signed according to the ITU-T X.509 recommendation that defines the formats for public-key certificates.Version This field displays the X.509 version number. Serial Number This field displays the certificate’s identification number given by the certification authority or generated by the NOA-3570.Subject This field displays information that identifies the owner of the certificate, such as Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C).Issuer This field displays identifying information about the certificate’s issuing certification authority, such as Common Name, Organizational Unit, Organization and Country. With self-signed certificates, this is the same as the Subject Name field.Signature Algorithm This field displays the type of algorithm that was used to sign the certificate. The NOA-3570 uses rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm). Some certification authorities may use rsa-pkcs1-md5 (RSA public-private key encryption algorithm and the MD5 hash algorithm).Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable.Valid To This field displays the date that the certificate expires. The text displays in red and includes an Expiring! or Expired! message if the certificate is about to expire or has already expired.

NOA-3570 User’s Guide106 Chapter 9 Certificates9.9 Trusted CAsClick CERTIFICATES, Trusted CAs to open the Trusted CAs screen. This screen displays a summary list of certificates of the certification authorities that you have set the NOA-3570 to accept as trusted. The NOA-3570 accepts any valid certificate signed by a certification authority on this list as being trustworthy; thus you do not need to import any certificate that is signed by one of these certification authorities. See the following figure. Key Algorithm This field displays the type of algorithm that was used to generate the certificate’s key pair (the NOA-3570 uses RSA encryption) and the length of the key set in bits (1024 bits for example).Subject Alternative NameThis field displays the certificate owner‘s IP address (IP), domain name (DNS) or e-mail address (EMAIL). Key Usage This field displays for what functions the certificate’s key can be used. For example, “DigitalSignature” means that the key can be used to sign certificates and “KeyEncipherment” means that the key can be used to encrypt text.Basic Constraint This field displays general information about the certificate. For example, Subject Type=CA means that this is a certification authority’s certificate and “Path Length Constraint=1” means that there can only be one certification authority in the certificate’s path.MD5 Fingerprint This is the certificate’s message digest that the NOA-3570 calculated using the MD5 algorithm. SHA1 Fingerprint This is the certificate’s message digest that the NOA-3570 calculated using the SHA1 algorithm. Certificate in PEM (Base-64) Encoded FormatThis read-only text box displays the certificate or certification request in Privacy Enhanced Mail (PEM) format. PEM uses 64 ASCII characters to convert the binary certificate into a printable form. You can copy and paste a certification request into a certification authority’s web page, an e-mail that you send to the certification authority or a text editor and save the file on a management computer for later manual enrollment.You can copy and paste a certificate into an e-mail to send to friends or colleagues or you can copy and paste a certificate into a text editor and save the file on a management computer for later distribution (via floppy disk for example).Export Click this button and then Save in the File Download screen. The Save As screen opens, browse to the location that you want to use and click Save.Note: When you are saving your certificate, use "cer" or "cert" as the file name extension.Apply Click Apply to save your changes back to the NOA-3570. You can only change the name, except in the case of a self-signed certificate, which you can also set to be the default self-signed certificate that signs the imported trusted remote host certificates.Cancel Click Cancel to quit and return to the My Certificates screen.Table 31 My Certificate DetailsNOA-3570LABEL DESCRIPTION

NOA-3570 User’s GuideChapter 9 Certificates 107Figure 48 Trusted CAsThe following table describes the labels in this screen.Table 32 Trusted CAsNOA-3570LABEL DESCRIPTIONPKI Storage Space in UseThis bar displays the percentage of the NOA-3570’s PKI storage space that is currently in use. The bar turns from green to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.# This field displays the certificate index number. The certificates are listed in alphabetical order. Name This field displays the name used to identify this certificate. Subject This field displays identifying information about the certificate’s owner, such as CN (Common Name), OU (Organizational Unit or department), O (Organization or company) and C (Country). It is recommended that each certificate have unique subject information.Issuer This field displays identifying information about the certificate’s issuing certification authority, such as a common name, organizational unit or department, organization or company and country. With self-signed certificates, this is the same information as in the Subject field.Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable.Valid To This field displays the date that the certificate expires. The text displays in red and includes an Expiring! or Expired! message if the certificate is about to expire or has already expired.

NOA-3570 User’s Guide108 Chapter 9 Certificates9.10 Importing a Trusted CA’s CertificateClick CERTIFICATES, Trusted CAs to open the Trusted CAs screen and then click Import to open the Trusted CA Import screen. Follow the instructions in this screen to save a trusted certification authority’s certificate to the NOA-3570, see the following figure.Note: You must remove any spaces from the certificate’s filename before you can import the certificate.CRL Issuer This field displays Yes if the certification authority issues Certificate Revocation Lists for the certificates that it has issued and you have selected the Issues certificate revocation lists (CRL) check box in the certificate’s details screen to have the NOA-3570 check the CRL before trusting any certificates issued by the certification authority. Otherwise the field displays “No”.Details Select a certificate’s radio button and click Details to open a screen with an in-depth list of information about the certificate where you can change the certificate’s name and set whether or not you want the NOA-3570 to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.Import Click Import to open a screen where you can save the certificate of a certification authority that you trust, from your computer to the NOA-3570.Delete Select a certificate’s radio button and click Delete to remove the certificate.A window displays asking you to confirm that you want to delete the certificate.Subsequent certificates move up by one when you take this action.Refresh Click this button to display the current validity status of the certificates.Table 32 Trusted CAsNOA-3570LABEL DESCRIPTION

NOA-3570 User’s GuideChapter 9 Certificates 109Figure 49 Trusted CA ImportThe following table describes the labels in this screen.9.11 Trusted CA Certificate DetailsClick CERTIFICATES, Trusted CAs to open the Trusted CAs screen. Click the details icon to open the Trusted CA Details screen. Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the NOA-3570 to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.Table 33 Trusted CA ImportLABEL DESCRIPTIONFile Path Type in the location of the file you want to upload in this field or click Browse to find it.Browse Click Browse to find the certificate file you want to upload. Apply Click Apply to save the certificate on the NOA-3570.Cancel Click Cancel to quit and return to the Trusted CAs screen.

NOA-3570 User’s Guide110 Chapter 9 CertificatesFigure 50 Trusted CA Details

NOA-3570 User’s GuideChapter 9 Certificates 111The following table describes the labels in this screen.Table 34 Trusted CA DetailsNOA-3570LABEL DESCRIPTIONName This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).Property Check incoming certificates issued by this CA against a CRLSelect this check box to have the NOA-3570 check incoming certificates that are issued by this certification authority against a Certificate Revocation List (CRL).Clear this check box to have the NOA-3570 not check incoming certificates that are issued by this certification authority against a Certificate Revocation List (CRL).Certificate Path Click the Refresh button to have this read-only text box display the end entity’s certificate and a list of certification authority certificates that shows the hierarchy of certification authorities that validate the end entity’s certificate. If the issuing certification authority is one that you have imported as a trusted certification authority, it may be the only certification authority in the list (along with the end entity’s own certificate). The NOA-3570 does not trust the end entity’s certificate and displays “Not trusted” in this field if any certificate on the path has expired or been revoked.Refresh Click Refresh to display the certification path.Certificate InformationThese read-only fields display detailed information about the certificate. Type This field displays general information about the certificate. CA-signed means that a Certification Authority signed the certificate. Self-signed means that the certificate’s owner signed the certificate (not a certification authority). X.509 means that this certificate was created and signed according to the ITU-T X.509 recommendation that defines the formats for public-key certificates.Version This field displays the X.509 version number. Serial Number This field displays the certificate’s identification number given by the certification authority.Subject This field displays information that identifies the owner of the certificate, such as Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C).Issuer This field displays identifying information about the certificate’s issuing certification authority, such as Common Name, Organizational Unit, Organization and Country. With self-signed certificates, this is the same information as in the Subject Name field.Signature Algorithm This field displays the type of algorithm that was used to sign the certificate. Some certification authorities use rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm). Other certification authorities may use rsa-pkcs1-md5 (RSA public-private key encryption algorithm and the MD5 hash algorithm).Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable.Valid To This field displays the date that the certificate expires. The text displays in red and includes an Expiring! or Expired! message if the certificate is about to expire or has already expired.Key Algorithm This field displays the type of algorithm that was used to generate the certificate’s key pair (the NOA-3570 uses RSA encryption) and the length of the key set in bits (1024 bits for example).

NOA-3570 User’s Guide112 Chapter 9 CertificatesSubject Alternative NameThis field displays the certificate’s owner‘s IP address (IP), domain name (DNS) or e-mail address (EMAIL).Key Usage This field displays for what functions the certificate’s key can be used. For example, “DigitalSignature” means that the key can be used to sign certificates and “KeyEncipherment” means that the key can be used to encrypt text.Basic Constraint This field displays general information about the certificate. For example, Subject Type=CA means that this is a certification authority’s certificate and “Path Length Constraint=1” means that there can only be one certification authority in the certificate’s path.CRL Distribution PointsThis field displays how many directory servers with Lists of revoked certificates the issuing certification authority of this certificate makes available. This field also displays the domain names or IP addresses of the servers.MD5 Fingerprint This is the certificate’s message digest that the NOA-3570 calculated using the MD5 algorithm. You can use this value to verify with the certification authority (over the phone for example) that this is actually their certificate. SHA1 Fingerprint This is the certificate’s message digest that the NOA-3570 calculated using the SHA1 algorithm. You can use this value to verify with the certification authority (over the phone for example) that this is actually their certificate.Certificate in PEM (Base-64) Encoded FormatThis read-only text box displays the certificate or certification request in Privacy Enhanced Mail (PEM) format. PEM uses 64 ASCII characters to convert the binary certificate into a printable form. You can copy and paste the certificate into an e-mail to send to friends or colleagues or you can copy and paste the certificate into a text editor and save the file on a management computer for later distribution (via floppy disk for example).Export Click this button and then Save in the File Download screen. The Save As screen opens, browse to the location that you want to use and click Save.Apply Click Apply to save your changes back to the NOA-3570. You can only change the name and/or set whether or not you want the NOA-3570 to check the CRL that the certification authority issues before trusting a certificate issued by the certification authority.Cancel Click Cancel to quit and return to the Trusted CAs screen.Table 34 Trusted CA DetailsNOA-3570LABEL DESCRIPTION

NOA-3570 User’s GuideChapter 10 Log Screens 113CHAPTER 10Log ScreensThis chapter contains information about configuring general log settings and viewing the NOA-3570’s logs. Refer to Appendix K on page 249 for example log message explanations.10.1 Configuring View Log The web configurator allows you to look at all of the NOA-3570’s logs in one location. Click LOGS to open the View Log screen. The View Log screen displays logs for the categories that you selected in the Log Settings screen (see Figure 52 on page 116).You can view logs and alert messages in this screen. Log entries in red indicate alerts. Once the log table is full, old logs are deleted as new logs are created.Click a column heading to sort the entries. A triangle indicates the direction of the sort order.

NOA-3570 User’s Guide114 Chapter 10 Log ScreensFigure 51 View LogThe following table describes the labels in this screen.Table 35 View Log NOA-3570LABEL DESCRIPTIONDisplay Select a log category from the drop down list box to display logs within the selected category. To view all logs, select All Logs. The number of categories shown in the drop down list box depends on the selection in the Log Settings page. Email Log Now Click Email Log Now to send the log screen to the e-mail address specified in the Log Settings page.Refresh Click Refresh to renew the log screen. Clear Log Click Clear Log to clear all the logs. Time This field displays the time the log was recorded.Message This field states the reason for the log.Source This field lists the source IP address and the port number of the incoming packet.

NOA-3570 User’s GuideChapter 10 Log Screens 11510.2 Configuring Log SettingsTo change your NOA-3570’s log settings, click LOGS and then Log Settings. The Log Settings screen opens. Use the Log Settings screen to configure to where the NOA-3570 is to send the logs; the schedule for when the NOA-3570 is to send the logs and which logs and/or immediate alerts the NOA-3570 is to send. An alert is a type of log that warrants more serious attention. Some categories such as System Errors consist of both logs and alerts. You may differentiate them by their color in the View Log screen. Alerts are displayed in red and logs are displayed in black.Destination This field lists the destination IP address and the port number of the incoming packet.Notes This field displays additional information about the log entry. Table 35 View Log NOA-3570LABEL DESCRIPTION

NOA-3570 User’s Guide116 Chapter 10 Log ScreensFigure 52 Log SettingsThe following table describes the labels in this screen.Table 36 Log Settings NOA-3570LABEL DESCRIPTIONAddress InfoMail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail. Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the NOA-3570 sends.

NOA-3570 User’s GuideChapter 10 Log Screens 117Send Log to Logs are sent to the e-mail address specified in this field. If this field is left blank, logs will not be sent via e-mail. Send Alerts to Enter the e-mail address where the alert messages will be sent. If this field is left blank, alert messages will not be sent via e-mail. Syslog Logging Syslog logging sends a log to an external syslog server used to store logs.Active Click Active to enable syslog logging.Syslog IP Address Enter the server name or IP address of the syslog server that will log the selected categories of logs.Log Facility Select a location from the drop down list box. The log facility allows you to log the messages to different files in the syslog server. Refer to the documentation of your syslog program for more details.Send LogLog Schedule This drop-down menu is used to configure the frequency of log messages being sent as E-mail: •Daily• Weekly• Hourly• When Log is Full• None. If the Weekly or the Daily option is selected, specify a time of day when the E-mail should be sent. If the Weekly option is selected, then also specify which day of the week the E-mail should be sent. If the When Log is Full option is selected, an alert is sent when the log fills up. If you select None, no log messages are sent.Day for Sending LogThis field is only available when you select Weekly in the Log Schedule field.Use the drop down list box to select which day of the week to send the logs. Time for Sending LogEnter the time of the day in 24-hour format (for example 23:00 equals 11:00 pm) to send the logs. Clear log after sending mailSelect the check box to clear all logs after logs and alert messages are sent via e-mail.Log Select the categories of logs that you want to record. Send immediate alert Select the categories of alerts for which you want the NOA-3570 to immediately send e-mail alerts.Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to reconfigure all the fields in this screen.Table 36 Log Settings NOA-3570LABEL DESCRIPTION

NOA-3570 User’s Guide118 Chapter 10 Log Screens

NOA-3570 User’s GuideChapter 11 Maintenance 119CHAPTER 11MaintenanceThis chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics.11.1 Maintenance OverviewThe maintenance screens can help you view system information, upload new firmware, manage configuration and restart your NOA-3570. 11.2 System Status ScreenClick MAINTENANCE to open the System Status screen, where you can use to monitor your NOA-3570. Note that these labels are READ-ONLY and are meant to be used for diagnostic purposes.Figure 53 System StatusThe following table describes the labels in this screen.Table 37 System Status NOA-3570LABEL DESCRIPTIONSystem Name This is the System Name you enter in the first Internet Access Wizard screen. It is for identification purposesZyNOS Firmware VersionThis is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's proprietary Network Operating System design.

NOA-3570 User’s Guide120 Chapter 11 Maintenance11.2.1 System StatisticsRead-only information here includes port status, packet specific statistics and bridge link status. Also provided are "system up time" and "poll interval(s)". The Poll Interval field is configurable.Figure 54 System Status: Show StatisticsThe following table describes the labels in this screen.IP Address This is the Ethernet port IP address. IP Subnet Mask This is the Ethernet port subnet mask. DHCP This is the Ethernet port DHCP role - Client or None. Show Statistics Click Show Statistics to see router performance statistics such as number of packets sent and number of packets received for each port.Table 37 System Status NOA-3570LABEL DESCRIPTIONTable 38 System Status: Show Statistics NOA-3570LABEL DESCRIPTIONPort This is the Ethernet port or the built-in wireless card. Status This shows the port speed and duplex setting if you are using Ethernet encapsulation for the Ethernet port.This shows the transmission speed only for wireless port.TxPkts This is the number of transmitted packets on this port.RxPkts This is the number of received packets on this port.

NOA-3570 User’s GuideChapter 11 Maintenance 12111.3 Association ListView the wireless stations that are currently associated to the NOA-3570’s WLAN cards in the Association List screen. Click MAINTENANCE and then the Association List tab to display the screen as shown next.Figure 55 Association ListThe following table describes the labels in this screen.Collisions This is the number of collisions on this port.Tx B/s This shows the transmission speed in bytes per second on this port.Rx B/s This shows the reception speed in bytes per second on this port.Up Time This is total amount of time the line has been up.Bridge Link # This is the index number of the bridge connection.Active This shows whether the bridge connection is activated or not.Remote Bridge MAC AddressThis is the MAC address of the peer device in bridge mode.Status This shows the current status of the bridge connection, which can be Up or Down.TxPkts This is the number of transmitted packets on the wireless bridge.RxPkts This is the number of received packets on the wireless bridge.System Up Time This is the total time the NOA-3570 has been on.Poll Interval(s) Enter the time interval for refreshing statistics.Set Interval Click this button to apply the new poll interval you entered above.Stop Click this button to stop refreshing statistics.Table 38 System Status: Show Statistics NOA-3570LABEL DESCRIPTION

NOA-3570 User’s Guide122 Chapter 11 Maintenance11.4 Channel UsageThe Channel Usage screen shows which channels are being used by other wireless networks within the NOA-3570's transmission range. If a channel is being used, select a channel removed from it by five channels to avoid overlap.Click MAINTENANCE and then the Channel Usage tab to display the screen shown next.Wait a moment while the NOA-3570 compiles the information.Figure 56 Channel UsageThe following table describes the labels in this screen.Table 39 Association List NOA-3570LABEL DESCRIPTIONWLAN 1, 2 This identifies the WLAN adapter to which the list of wireless clients is associated.# This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station.Association Time This field displays the time a wireless station first associated with the NOA-3570.Name (SSID) This field displays the SS identification name to which the wireless station is associated.Refresh Click Refresh to reload the screen.

NOA-3570 User’s GuideChapter 11 Maintenance 12311.5 F/W Upload ScreenFind firmware at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "NOA-3570.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. See Chapter 20 on page 169 for upgrading firmware using FTP/TFTP commands.Click MAINTENANCE and then F/W Upload. Follow the instructions in this screen to upload firmware to your NOA-3570. Table 40 Channel Usage NOA-3570LABEL DESCRIPTIONSSID This is the Service Set IDentification name of the AP in an Infrastructure wireless network or wireless station in an Ad-Hoc wireless network. For our purposes, we define an Infrastructure network as a wireless network that uses an AP and an Ad-Hoc network (also known as Independent Basic Service Set (IBSS)) as one that doesn’t. See Chapter 5 on page 55 for more information on basic service sets (BSS) and extended service sets (ESS).MAC Address This field displays the MAC address of the AP in an Infrastructure wireless network. It is randomly generated (so ignore it) in an Ad-Hoc wireless network.Channel This is the index number of the channel currently used by the associated AP in an Infrastructure wireless network or wireless station in an Ad-Hoc wireless network.Signal This field displays the strength of the AP’s signal. If you must choose a channel that’s currently in use, choose one with low signal strength for minimum interference.Network Mode “Network Mode” in this screen refers to your wireless LAN infrastructure and WEP setup (refer to Chapter 5 on page 55). Network modes are: Infra (Infrastructure which is the same as an extended service set ESS), Infra, WEP (Infrastructure with WEP encryption enabled), Ad-Hoc (same as an independent basic service set IBSS), or Ad-Hoc with WEP.Refresh Click Refresh to reload the screen.

NOA-3570 User’s Guide124 Chapter 11 MaintenanceFigure 57 Firmware UploadThe following table describes the labels in this screen.Note: Do not turn off the NOA-3570 while firmware upload is in progress!After you see the Firmware Upload in Process screen, wait two minutes before logging into the NOA-3570 again. Table 41 Firmware UploadLABEL DESCRIPTIONFile Path Type in the location of the file you want to upload in this field or click Browse ... to find it.Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes.

NOA-3570 User’s GuideChapter 11 Maintenance 125Figure 58 Firmware Upload In ProcessThe NOA-3570 automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.Figure 59 Network Temporarily DisconnectedAfter two minutes, log in again and check your new firmware version in the System Status screen.If the upload was not successful, the following screen will appear. Click Return to go back to the F/W Upload screen.

NOA-3570 User’s Guide126 Chapter 11 MaintenanceFigure 60 Firmware Upload Error11.6 Configuration ScreenSee Chapter 20 on page 169 for transferring configuration files using FTP/TFTP commands.Click MAINTENANCE, and then the Configuration tab. Information related to backing up configuration, restoring configuration and restoring factory defaults appears as shown next.

NOA-3570 User’s GuideChapter 11 Maintenance 127Figure 61 Configuration11.6.1 Backup ConfigurationBackup configuration allows you to back up (save) the NOA-3570’s current configuration to a file on your computer. Once your NOA-3570 is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings. Click Backup to save the NOA-3570’s current configuration to your computer.

NOA-3570 User’s Guide128 Chapter 11 Maintenance11.6.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your NOA-3570.Note: Do not turn off the NOA-3570 while configuration file upload is in progress.After you see a “restore configuration successful” screen, you must then wait one minute before logging into the NOA-3570 again. Figure 62 Configuration Upload SuccessfulThe NOA-3570 automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.Figure 63 Network Temporarily DisconnectedIf you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default NOA-3570 IP address (192.168.1.2). See Appendix D on page 201 for details on how to set up your computer’s IP address.If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. Table 42 Restore ConfigurationLABEL DESCRIPTIONFile Path Type in the location of the file you want to upload in this field or click Browse ... to find it.Browse... Click Browse... to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them. Upload Click Upload to begin the upload process.

NOA-3570 User’s GuideChapter 11 Maintenance 129Figure 64 Configuration Upload Error11.6.3 Back to Factory DefaultsClick the Reset button in this section to clear all user-entered configuration information and returns the NOA-3570 to its factory defaults as shown on the screen. The following warning screen will appear. Figure 65 Reset Warning Message11.7 Restart ScreenSystem restart allows you to reboot the NOA-3570 without turning the power off. Click MAINTENANCE, and then Restart. Click Restart to have the NOA-3570 reboot. This does not affect the NOA-3570's configuration.

NOA-3570 User’s Guide130 Chapter 11 MaintenanceFigure 66 Restart Screen