ZyXEL Communications B500 Wireless LAN Access Point User Manual P650H 17 ADSL Router User s Guide

ZyXEL Communications Corporation Wireless LAN Access Point P650H 17 ADSL Router User s Guide

UserManual.wiki >

ZyXEL Communications >

B500 User Manual >

Contents

1. Users Manual 1
2. Users Manual 2

Users Manual 2

SMT Configuration V Part V: SMT CONFIGURATION This part contains SMT (System Management Terminal) configuration and background information for features only configurable by SMT. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.BETA DRAFT

ZyAIR B-500 Wireless Access Point User’s Guide Introducing the SMT 10-1 Chapter 10 Introducing the SMT This chapter describes how to access the SMT and provides an overview of its menus. 10.1 Connect to your ZyAIR Using Telnet The following procedure details how to telnet into your ZyAIR. Step 1. In Windows, click Start (usually in the bottom left corner), Run and then type “telnet 192.168.1.2” (the default IP address) and click OK. Step 2. For your first login, enter the default password “1234”. As you type the password, the screen displays an asterisk “*” for each character you type. Figure 10-1 Login Screen Step 3. After entering the password you will see the main menu. Please note that if there is no activity for longer than five minutes (default timeout period) after you log in, your ZyAIR will automatically log you out. You will then have to telnet into the ZyAIR again. You can use the web configurator or the CI commands to change the inactivity time out period. 10.2 Changing the System Password Change the ZyAIR default password by following the steps shown next. Step 1. From the main menu, enter 23 to display Menu 23 – System Security. Step 2. Enter 1 to display Menu 23.1 – System Security – Change Password as shown next. Step 3. Type your existing system password in the Old Password field, and press [ENTER]. Password : ****

ZyAIR B-500 Wireless Access Point User’s Guide 10-2 Introducing the SMT Figure 10-2 Menu 23.1 System Security : Change Password Step 4. Type your new system password in the New Password field (up to 30 characters), and press [ENTER]. Step 5. Re-type your new system password in the Retype to confirm field for confirmation and press [ENTER]. Note that as you type a password, the screen displays an asterisk “*” for each character you type. 10.3 ZyAIR SMT Menu Overview Example The following figure gives you an example overview of the various SMT menu screens for your ZyAIR. Menu 23.1 – System Security – Change Password Old Password= **** New Password= ? Retype to confirm= ? Enter here to CONFIRM or ESC to CANCEL:

ZyAIR B-500 Wireless Access Point User’s Guide Introducing the SMT 10-3 ZyAIR B-500Main MenuMenu 1General SetupMenu 3LAN SetupMenu 3.5Wireless LAN SetupMenu 3.2TCP/IP SetupMenu 3.5.1WLAN MAC Address FilterMenu 3.5.2Roaming ConfigurationMenu 14Dial-in User SetupMenu14.1Edit Dial-in UserMenu 22SNMPConfiguration Menu 23System Security Menu 23.1System Security-Change Password Menu 23.2System Security-RADIUS Server Menu 23.4System Security-IEEE802.1x Menu 24System MaintenanceMenu 24.1System Maintenance- Status Menu 24.2System Information and Console Port Speed Menu 24.3System Maintenance- Log and TraceMenu 24.5BackupConfiguration Menu 24.6Restore Configuration Menu 24.2.2System Maintenance- Change Console Port Speed Menu 24.3.1System Maintenance - View Error Log Menu 24.7.2Upload SystemConfiguration File Menu 24.2.1System Maintenance- Information Menu 24.7Upload Firmware Menu 24.7.1Upload SystemFirmwareMenu 24.8Command Interpreter Mode Menu 24.10Time and DateSetting Menu 24.4System Maintenance- Diagnostic Figure 10-3 ZyAIR B-500 SMT Menu Overview Example

ZyAIR B-500 Wireless Access Point User’s Guide 10-4 Introducing the SMT 10.4 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your ZyAIR. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below. Table 10-1 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Move down to another menu [ENTER] To move forward to a submenu, type in the number of the desired submenu and press [ENTER]. Move up to a previous menu [ESC] Press [ESC] to move back to the previous menu. Move to a “hidden” menu Press [SPACE BAR] to change No to Yes then press [ENTER]. Fields beginning with “Edit” lead to hidden menus and have a default setting of No. Press [SPACE BAR] once to change No to Yes, then press [ENTER] to go to the “hidden” menu. Move the cursor [ENTER] or [UP]/[DOWN] arrow keys. Within a menu, press [ENTER] to move to the next field. You can also use the [UP]/[DOWN] arrow keys to move to the previous and the next field, respectively. Entering information Type in or press [SPACE BAR], then press [ENTER]. You need to fill in two types of fields. The first requires you to type in the appropriate information. The second allows you to cycle through the available choices by pressing [SPACE BAR]. Required fields <?> or ChangeMe All fields with the symbol <?> must be filled in order to be able to save the new configuration. All fields with ChangeMe must not be left blank in order to be able to save the new configuration. N/A fields <N/A> Some of the fields in the SMT will show a <N/A>. This symbol refers to an option that is Not Applicable. Save your configuration [ENTER] Save your configuration by pressing [ENTER] at the message “Press ENTER to confirm or ESC to cancel”. Saving the data on the screen will take you, in most cases to the previous menu. Exit the SMT Type 99, then press [ENTER]. Type 99 at the main menu prompt and press [ENTER] to exit the SMT interface. After you enter the password, the SMT displays the main menu, as shown next.

ZyAIR B-500 Wireless Access Point User’s Guide Introducing the SMT 10-5 Figure 10-4 ZyAIR B-500 SMT Main Menu 10.4.1 System Management Terminal Interface Summary Table 10-2 Main Menu Summary # MENU TITLE DESCRIPTION 1 General Setup Use this menu to set up your general information. 3 LAN Setup Use this menu to set up your LAN and WLAN connection. 14 Dial-in User Setup Use this menu to set up local user profiles on the ZyAIR. 22 SNMP Configuration Use this menu to set up SNMP related parameters. 23 System Security Use this menu to change your password and enable network user authentication. 24 System Maintenance This menu provides system status, diagnostics, software upload, etc. 99 Exit Use this to exit from SMT and return to a blank screen. Copyright (c) 1994 - 2003 ZyXEL Communications Corp. ZyAIR B-500 Main Menu Getting Started Advanced Management 1. General Setup 22. SNMP Configuration 3. LAN Setup 23. System Security 24. System Maintenance Advanced Applications 14. Dial-in User Setup 99. Exit Enter Menu Selection Number:

ZyAIR B-500 Wireless Access Point User’s Guide General Setup 11-1 Chapter 11 General Setup The chapter shows you the information on general setup. 11.1 General Setup Menu 1 – General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. It is recommended you type your computer's "Computer name". The Domain Name entry is what is propagated to the DHCP clients on the LAN. This is not a required field. Leave this field blank or enter the domain name here if you know it. 11.1.1 Procedure To Configure Menu 1 Step 1. Enter 1 in the Main Menu to open Menu 1 – General Setup as shown next. Figure 11-1 Menu 1 General Setup Step 2. Fill in the required fields. Refer to the following table for more information about these fields. Menu 1 - General Setup System Name= B-500 Domain Name= First System DNS Server= From DHCP IP Address= N/A Second System DNS Server= None IP Address= N/A Third System DNS Server= None IP Address= N/A Press ENTER to Confirm or ESC to Cancel:

ZyAIR B-500 Wireless Access Point User’s Guide 11-2 General Setup Table 11-1 Menu 1 General Setup FIELD DESCRIPTION EXAMPLE System Name Choose a descriptive name for identification purposes. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted. B-500 Domain Name This is not a required field. Leave this field blank or enter the domain name here if you know it. First/Second/Third System DNS Server Press [SPACE BAR] to select From DHCP, User Defined or None and press [ENTER]. These fields are not available on all models. From DHCP IP Address Enter the IP addresses of the DNS servers. This field is available when you select User-Defined in the field above. N/A When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.

ZyAIR B-500 Wireless Access Point User’s Guide LAN Setup 12-1 Chapter 12 LAN Setup This chapter shows you how to configure the LAN on your ZyAIR.. 12.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup. From the main menu, enter 3 to display menu 3. Figure 12-1 Menu 3 LAN Setup 12.2 TCP/IP Ethernet Setup Use menu 3.2 to configure your ZyAIR for TCP/IP. To edit menu 3.2, enter 3 from the main menu to display Menu 3-LAN Setup. When menu 3 appears, press 2 and press [ENTER] to display Menu 3.2-TCP/IP Setup, as shown next. Figure 12-2 Menu 3.2 TCP/IP Setup Follow the instructions in the following table on how to configure the fields in this menu. Menu 3 - LAN Setup 2. TCP/IP Setup 5. Wireless LAN Setup Enter Menu Selection Number: Menu 3.2 - TCP/IP Setup IP Address Assignment= Static IP Address= 192.168.1.2 IP Subnet Mask= 255.255.255.0 Gateway IP Address= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel:

ZyAIR B-500 Wireless Access Point User’s Guide 12-2 LAN Setup Table 12-1 Menu 3.2 TCP/IP Setup FIELD DESCRIPTION EXAMPLE IP Address Assignment Press [SPACE BAR] and then [ENTER] to select Dynamic to have the ZyAIR obtain an IP address from a DHCP server. You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again. Select Static to give the ZyAIR a fixed, unique IP address. Enter a subnet mask appropriate to your network and the gateway IP address if applicable. IP Address Enter the (LAN) IP address of your ZyAIR in dotted decimal notation 192.168.1.2 IP Subnet Mask Your ZyAIR will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the ZyAIR. 255.255.255.0 Gateway IP Address Type the IP address of the gateway. The gateway is an immediate neighbor of your ZyAIR that will forward the packet to the destination. On the LAN, the gateway must be a router on the same network segment as your ZyAIR. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel. 12.3 Wireless LAN Setup Use menu 3.5 to set up your ZyAIR as the wireless access point. To edit menu 3.5, enter 3 from the main menu to display Menu 3 – LAN Setup. When menu 3 appears, press 5 and then press [ENTER] to display Menu 3.5 – Wireless LAN Setup as shown next.

ZyAIR B-500 Wireless Access Point User’s Guide LAN Setup 12-3 Figure 12-3 Menu 3.5 Wireless LAN Setup The following table describes the fields in this menu. Table 12-2 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXMAPLEESSID The ESSID (Extended Service Set IDentity) identifies the AP the wireless station is to associate to. Wireless stations associating to the AP must have the same ESSID. Enter a descriptive name up to 32 printable 7-bit ASCII characters. Wireless Hide ESSID Press [SPACE BAR] and select Yes to hide the ESSID in the outgoing data frame so an intruder cannot obtain the ESSID through passive scanning. No Channel ID Press [SPACE BAR] to select a channel. This allows you to set the operating frequency/channel depending on your particular region. CH01 2412MHz RTS Threshold Setting this attribute to zero turns on the RTS/CTS handshake. Enter a value between 0 and 2432. 2432 Frag. Threshold This is the maximum data fragment size that can be sent. Enter a value between 256 and 2432. 2432 WEP Encryption Select Disable to allow wireless stations to communicate with the access points without any data encryption. Select 64-bit WEP or 128-bit WEP to enable data encryption. Disable Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A Authen. Method= N/A Edit MAC Address Filter= No Edit Roaming Configuration= No Block Intra-BSS Traffic= No Number of Associated Stations= 32 Output Power= 17dBm Press ENTER to Confirm or ESC to Cancel:

ZyAIR B-500 Wireless Access Point User’s Guide 12-4 LAN Setup Table 12-2 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXMAPLEDefault Key Enter the key number (1 to 4) in this field. Only one key can be enabled at any one time. This key must be the same on the ZyAIR and the wireless stations to communicate. 1 Key 1 to Key 4 The WEP keys are used to encrypt data. Both the ZyAIR and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP in the WEP Encryption field, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). If you chose 128-bit WEP in the WEP Encryption field, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F"). Enter “0x” before the key to denote a hexadecimal key. Don’t enter “0x” before the key to denote an ASCII key. 0x12345abcde Authen. Method Press [SPACE BAR] to select Auto, Open System Only or Shared Key Only and press [ENTER]. This field is N/A if WEP is not activated. If WEP encryption is activated, the default setting is Auto. Auto Edit MAC Address Filter Press [SPACE BAR] to select Yes and press [ENTER] to display menu 3.5.1. See the section on MAC address filter for more information. No Edit Roaming Configuration Press [SPACE BAR] to select Yes and press [ENTER] to display menu 3.5.2. See the section on roaming configuration for more information. No Block Intra-BSS Traffic Press [SPACE BAR] to select Yes or No and press [ENTER]. No Number of Association Stations Enter the number of association stations. The number should be from 1 to 32. 32 Output Power Press [SPACE BAR] to select 11dBm, 14dBm or 17dBm and press [ENTER]. 17dBm When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.

ZyAIR B-500 Wireless Access Point User’s Guide LAN Setup 12-5 12.3.1 Configuring MAC Address Filter Your ZyAIR checks the MAC address of the wireless station device against a list of allowed or denied MAC addresses. However, intruders could fake allowed MAC addresses so MAC-based authentication is less secure than EAP authentication. Follow the steps below to create the MAC address table on your ZyAIR. Step 1. From the main menu, enter 3 to open Menu 3 – LAN Setup. Step 2. Enter 5 to display Menu 3.5 – Wireless LAN Setup. Figure 12-4 Menu 3.5 Wireless LAN Setup Step 3. In the Edit MAC Address Filter field, press [SPACE BAR] to select Yes and press [ENTER]. Menu 3.5.1 – WLAN MAC Address Filter displays as shown next. Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A Authen. Method= N/A Edit MAC Address Filter= Yes Edit Roaming Configuration= No Block Intra-BSS Traffic= No Number of Associated Stations= 32 Output Power= 17dBm Press ENTER to Confirm or ESC to Cancel:

ZyAIR B-500 Wireless Access Point User’s Guide 12-6 LAN Setup Figure 12-5 Menu 3.5.1 WLAN MAC Address Filter The following table describes the fields in this menu. Table 12-3 Menu 3.5.1 WLAN MAC Address Filter FIELD DESCRIPTION Active To enable MAC address filtering, press [SPACE BAR] to select Yes and press [ENTER]. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table. To deny access to the ZyAIR, press [SPACE BAR] to select Deny Association and press [ENTER]. MAC addresses not listed will be allowed to access the ZyAIR. The default action, Allowed Association, permits association with the ZyAIR. MAC addresses not listed will be denied access to the ZyAIR. MAC Address Filter 1..32 Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the client computers that are allowed or denied access to the ZyAIR in these address fields. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. Menu 3.5.1 - WLAN MAC Address Filter Active= No Filter Action= Allowed Association ------------------------------------------------------------------------------ 1= 00:00:00:00:00:00 13= 00:00:00:00:00:00 25= 00:00:00:00:00:00 2= 00:00:00:00:00:00 14= 00:00:00:00:00:00 26= 00:00:00:00:00:00 3= 00:00:00:00:00:00 15= 00:00:00:00:00:00 27= 00:00:00:00:00:00 4= 00:00:00:00:00:00 16= 00:00:00:00:00:00 28= 00:00:00:00:00:00 5= 00:00:00:00:00:00 17= 00:00:00:00:00:00 29= 00:00:00:00:00:00 6= 00:00:00:00:00:00 18= 00:00:00:00:00:00 30= 00:00:00:00:00:00 7= 00:00:00:00:00:00 19= 00:00:00:00:00:00 31= 00:00:00:00:00:00 8= 00:00:00:00:00:00 20= 00:00:00:00:00:00 32= 00:00:00:00:00:00 9= 00:00:00:00:00:00 21= 00:00:00:00:00:00 10= 00:00:00:00:00:00 22= 00:00:00:00:00:00 11= 00:00:00:00:00:00 23= 00:00:00:00:00:00 12= 00:00:00:00:00:00 24= 00:00:00:00:00:00 ------------------------------------------------------------------------------ Enter here to CONFIRM or ESC to CANCEL:

ZyAIR B-500 Wireless Access Point User’s Guide LAN Setup 12-7 12.3.2 Configuring Roaming Enable the roaming feature if you have two or more ZyAIRs on the same subnet. Follow the steps below to allow roaming on your ZyAIR. Step 1. From the main menu, enter 3 to display Menu 3 – LAN Setup. Step 2. Enter 5 to display Menu 3.5 – Wireless LAN Setup. Figure 12-6 Menu 3.5 Wireless LAN Setup Step 3. Move the cursor to the Edit Roaming Configuration field. Press [SPACE BAR] to select Yes and then press [ENTER]. Menu 3.5.2 – Roaming Configuration displays as shown next. Figure 12-7 Menu 3.5.2 Roaming Configuration The following table describes the fields in this menu. Menu 3.5.2 - Roaming Configuration Active= Yes Port #= 16290 Press ENTER to Confirm or ESC to Cancel: Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A Authen. Method= N/A Edit MAC Address Filter= No Edit Roaming Configuration= Yes Block Intra-BSS Traffic= No Number of Associated Stations= 32 Output Power= 17dBm Press ENTER to Confirm or ESC to Cancel:

ZyAIR B-500 Wireless Access Point User’s Guide 12-8 LAN Setup Table 12-4 Menu 3.5.2 Roaming Configuration FIELD DESCRIPTION Active Press [SPACE BAR] and then [ENTER] to select Yes to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet. Port # Type the port number to communicate roaming information between access points. The port number must be the same on all access points. The default is 16290. Make sure this port is not used by other services. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.

ZyAIR B-500 Wireless Access Point User’s Guide SNMP Configuration 14-1 Chapter 14 SNMP Configuration This chapter explains SNMP Configuration menu 22. 14.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyAIR supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyAIR through the network. The ZyAIR supports SNMP version one (SNMPv1) and version two c (SNMPv2c). The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured. Figure 14-1 SNMP Management Model An SNMP managed network consists of two main components: agents and a manager.

ZyAIR B-500 Wireless Access Point User’s Guide 14-2 SNMP Configuration An agent is a management software module that resides in a managed device (the ZyAIR). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices. The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations: • Get - Allows the manager to retrieve an object variable from the agent. • GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations. • Set - Allows the manager to set values for object variables within an agent. • Trap - Used by the agent to inform the manager of some events. 14.2 Supported MIBs The ZyAIR supports RFC-1215 and MIB II as defined in RFC-1213. The focus of the MIBs is to let administrators collect statistic data and monitor status and performance. 14.3 SNMP Configuration To configure SNMP, select option 22 from the main menu to open Menu 22 – SNMP Configuration as shown next. The “community” for Get, Set and Trap fields is SNMP terminology for password.

ZyAIR B-500 Wireless Access Point User’s Guide SNMP Configuration 14-3 Figure 14-2 Menu 22 SNMP Configuration The following table describes the SNMP configuration parameters. Table 14-1 Menu 22 SNMP Configuration FIELD DESCRIPTION EXAMPLE SNMP: Get Community Type the Get Community, which is the password for the incoming Get- and GetNext requests from the management station. public Set Community Type the Set Community, which is the password for incoming Set requests from the management station. public Trusted Host If you enter a trusted host, your ZyAIR will only respond to SNMP messages from this address. A blank (default) field means your ZyAIR will respond to all SNMP messages it receives, regardless of source. 0.0.0.0 Trap: Community Type the trap community, which is the password sent with each trap to the SNMP manager. public Destination Type the IP address of the station to send your SNMP traps to. 0.0.0.0 When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. 14.4 SNMP Traps The ZyAIR will send traps to the SNMP manager when any one of the following events occurs: Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel:

ZyAIR B-500 Wireless Access Point User’s Guide 14-4 SNMP Configuration Table 14-2 SNMP Traps TRAP # TRAP NAME DESCRIPTION 1 coldStart (defined in RFC-1215) A trap is sent after booting (power on). 2 warmStart (defined in RFC-1215) A trap is sent after booting (software reboot). 3 linkUp (defined in RFC-1215) A trap is sent when the port is up. 4 authenticationFailure (defined in RFC-1215) A trap is sent to the manager when receiving any SNMP get or set requirements with wrong community (password). 6 linkDown (defined in RFC-1215) A trap is sent when the port is down. The following table maps the physical port and encapsulation to the interface type. Table 14-3 Ports and Interface Types PHYSICAL PORT/ENCAP INTERFACE TYPE LAN port(s) enet0 Wireless port enet1 PPPoE encap pppoe 1483 encap mpoa Ethernet encap enet-encap PPPoA ppp

ZyAIR B-500 Wireless Access Point User’s Guide System Security 15-1 Chapter 15 System Security This chapter describes how to configure the system security on the ZyAIR. 15.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu. 15.1.1 System Password Figure 15-1 Menu 23 System Security You should change the default password. If you forget your password you have to restore the default configuration file. Refer to the section on changing the system password in the Introducing the SMT chapter and the section on resetting the ZyAIR in the Introducing the Web Configurator chapter. 15.1.2 Configuring External RADIUS Server Enter 23 in the main menu to display Menu 23 – System Security. Figure 15-2 Menu 23 System Security From Menu 23- System Security, enter 2 to display Menu 23.2 – System Security – RADIUS Server as shown next. Menu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1xMenu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1x

ZyAIR B-500 Wireless Access Point User’s Guide 15-2 System Security Figure 15-3 Menu 23.2 System Security : RADIUS Server The following table describes the fields in this menu. Table 15-1 Menu 23.2 System Security : RADIUS Server FIELD DESCRIPTION EXAMPLE Authentication Server Active Press [SPACE BAR] to select Yes and press [ENTER] to enable user authentication through an external authentication server. No Server Address Enter the IP address of the external authentication server in dotted decimal notation. 10.11.12.13 Port The default port of the RADIUS server for authentication is 1812. You need not change this value unless your network administrator instructs you to do so with additional information. 1812 Shared Secret Specify a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the access points. The key is not sent over the network. This key must be the same on the external authentication server and ZyAIR. Accounting Server Active Press [SPACE BAR] to select Yes and press [ENTER] to enable user authentication through an external accounting server. No Server Address Enter the IP address of the external accounting server in dotted decimal notation. 10.11.12.13 Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.11.12.13 Port #= 1812 Shared Secret= ? Accounting Server: Active= No Server Address= 10.11.12.13 Port #= 1813 Shared Secret= ? Press ENTER to Confirm or ESC to Cancel:

ZyAIR B-500 Wireless Access Point User’s Guide System Security 15-3 Table 15-1 Menu 23.2 System Security : RADIUS Server FIELD DESCRIPTION EXAMPLE Port The default port of the RADIUS server for accounting is 1813. You need not change this value unless your network administrator instructs you to do so with additional information. 1813 Shared Secret Specify a password (up to 31 alphanumeric characters) as the key to be shared between the external accounting server and the access points. The key is not sent over the network. This key must be the same on the external accounting server and ZyAIR. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. 15.1.3 802.1x The IEEE 802.1x standards outline enhanced security methods for both the authentication of wireless stations and encryption key management. Follow the steps below to enable EAP authentication on your ZyAIR. Step 1. From the main menu, enter 23 to display Menu23 – System Security. Figure 15-4 Menu 23 System Security Step 2. Enter 4 to display Menu 23.4 – System Security – IEEE802.1x. Menu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1X

ZyAIR B-500 Wireless Access Point User’s Guide 15-4 System Security Figure 15-5 Menu 23.4 System Security : IEEE802.1x The following table describes the fields in this menu. Table 15-2 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION Wireless Port Control Press [SPACE BAR] and select a security mode for the wireless LAN access. Select No Authentication Required to allow any wireless stations access to your wired network without entering usernames and passwords. This is the default setting. Selecting Authentication Required means wireless stations have to enter usernames and passwords before access to the wired network is allowed. Select No Access Allowed to block all wireless stations access to the wired network. ReAuthentica-tion Timer (in seconds) Specify how often a wireless station has to re-enter username and password to stay connected to the wired network. This field is activated only when you select Authentication Required in the Wireless Port Control field. Enter a time interval between 10 and 9999 (in seconds). The default time interval is 1800 seconds (or 30 minutes). Idle Timeout The ZyAIR automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. This field is activated only when you select Authentication Required in the Wireless Port Control field. The default time interval is 3600 seconds (or 1 hour). Menu 23.4 - System Security - IEEE802.1X Wireless Port Control= Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in second)= 3600 Authentication Databases= Local User Database Only Press ENTER to Confirm or ESC to Cancel:

ZyAIR B-500 Wireless Access Point User’s Guide System Security 15-5 Table 15-2 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION Authentication Databases This field is activated only when you select Authentication Required in the Wireless Port Control field. The authentication database contains wireless station login information. The local user database is the built-in database on the ZyAIR. The RADIUS is an external server. Use this field to decide which database the ZyAIR should use (first) to authenticate a wireless station. Before you specify the priority, make sure you have set up the corresponding database correctly first. Select Local User Database Only to have the ZyAIR just check the built-in user database on the ZyAIR for a wireless station's username and password. Select RADIUS Only to have the ZyAIR just check the user database on the specified RADIUS server for a wireless station's username and password. Select Local first, then RADIUS to have the ZyAIR first check the user database on the ZyAIR for a wireless station's username and password. If the user name is not found, the ZyAIR then checks the user database on the specified RADIUS server. Select RADIUS first, then Local to have the ZyAIR first check the user database on the specified RADIUS server for a wireless station's username and password. If the ZyAIR cannot reach the RADIUS server, the ZyAIR then checks the local user database on the ZyAIR. When the user name is not found or password does not match in the RADIUS server, the ZyAIR will not check the local user database and the authentication fails. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. Once you enable user authentication, you need to specify an external RADIUS server or create local user accounts on the ZyAIR for authentication.

ZyAIR B-500 Wireless Access Point User’s Guide System Information and Diagnosis 16-1 Chapter 16 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. 16.1 Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu and press [ENTER] to open Menu 24 – System Maintenance, as shown in the following figure. Figure 16-1 Menu 24 System Maintenance 16.2 System Status The first selection, System Status gives you information on the status and statistics of the ports, as shown next. System Status is a tool that can be used to monitor your ZyAIR. Specifically, it gives you information on your Ethernet and Wireless LAN status, number of packets sent and received. To get to System Status, type 24 to go to Menu 24 – System Maintenance. From this menu, type 1. System Status. There are two commands in Menu 24.1 – System Maintenance – Status. Entering 9 resets the counters; pressing [ESC] takes you back to the previous screen. Menu 24 – System Maintenance 1. System Status 2. System Information and Console Port Speed 3. Log and Trace 4. Diagnostic 5. Backup Configuration 6. Restore Configuration 7. Upload Firmware 8. Command Interpreter Mode 10. Time and Date Setting Enter Menu Selection Number:

ZyAIR B-500 Wireless Access Point User’s Guide 16-2 System Information and Diagnosis The following table describes the fields present in Menu 24.1 – System Maintenance – Status which are read-only and meant for diagnostic purposes. Figure 16-2 Menu 24.1 System Maintenance : Status The following table describes the fields present in this menu. Table 16-1 Menu 24.1 System Maintenance : Status FIELD DESCRIPTION Port This is the port type. Port types are: Ethernet and Wireless Status This shows the status of the remote node. TxPkts This is the number of transmitted packets to this remote node. RxPkts This is the number of received packets from this remote node. Cols This is the number of collisions on this connection. Tx B/s This shows the transmission rate in bytes per second. Rx B/s This shows the receiving rate in bytes per second. Up Time This is the time this channel has been connected to the current remote node. Ethernet Address This shows the MAC address of the port. IP Address This shows the IP address of the network device connected to the port. IP Mask This shows the subnet mask of the network device connected to the port. DHCP This shows the DHCP setting (None or Client) for the port. Menu 24.1 - System Maintenance - Status 00:01:51 Sat. Jan. 01, 2000 Port Status TxPkts RxPkts Cols Tx B/s Rx B/s Up Time Ethernet 100M/Full 38 128 0 268 128 0:01:42 Wireless 16.5M 70 0 0 0 0 0:01:42 Port Ethernet Address IP Address IP Mask DHCP Ethernet 00:A0:C5:00:00:04 192.168.1.2 255.255.255.0 None Wireless 00:A0:C5:00:00:04 System up Time: 0:01:55 Press Command: COMMANDS: 9-Reset Counters ESC-Exit

ZyAIR B-500 Wireless Access Point User’s Guide System Information and Diagnosis 16-3 Table 16-1 Menu 24.1 System Maintenance : Status FIELD DESCRIPTION System Up Time This is the time the ZyAIR is up and running from the last reboot. 16.3 System Information To get to the System Information: Step 1. Enter 24 to display Menu 24 – System Maintenance. Step 2. Enter 2 to display Menu 24.2 – System Information and Console Port Speed. Step 3. From this menu you have two choices as shown in the next figure: Figure 16-3 Menu 24.2 System Information and Console Port Speed The ZyAIR has an internal console port for support personnel only. Do not open the ZyAIR as it will void your warranty. 16.3.1 System Information Enter 1 in menu 24.2 to display the screen shown next. Figure 16-4 Menu 24.2.1 System Information : Information Menu 24.2 - System Information and Console Port Speed 1. System Information 2. Console Port Speed Please enter selection: Menu 24.2.1 - System Maintenance - Information Name: B-500 Routing: BRIDGE ZyNOS F/W Version: V3.50(HL.0)b1 | 09/19/2003 Country Code: 255 LAN Ethernet Address: 00:A0:C5:00:00:04 IP Address: 192.168.1.2 IP Mask: 255.255.255.0 DHCP: None Press ESC or RETURN to Exit:

ZyAIR B-500 Wireless Access Point User’s Guide 16-4 System Information and Diagnosis The following table describes the fields in this menu. Table 16-2 Menu 24.2.1 System Maintenance : Information FIELD DESCRIPTION Name Displays the system name of your ZyAIR. This information can be changed in Menu 1 – General Setup. Routing Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Country Code Refers to the country code of the firmware. LAN Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your ZyAIR. IP Address This is the IP address of the ZyAIR in dotted decimal notation. IP Mask This shows the subnet mask of the ZyAIR. DHCP This field shows the DHCP setting of the ZyAIR. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. 16.3.2 Console Port Speed You can set up different port speeds for the console port through Menu 24.2.2 – System Maintenance – Console Port Speed. Your ZyAIR supports 9600 (default), 19200, 38400, 57600 and 115200 bps console port speeds. Press [SPACE BAR] and then [ENTER] to select the desired speed in menu 24.2.2, as shown in the following figure. Figure 16-5 Menu 24.2.2 System Maintenance : Change Console Port Speed After you changed the console port speed on your ZyAIR, you must also make the same change to the console port speed parameter of your communication software. Menu 24.2.2 – System Maintenance – Change Console Port Speed Console Port Speed: 9600 Press ENTER to Confirm or ESC to Cancel:

ZyAIR B-500 Wireless Access Point User’s Guide System Information and Diagnosis 16-5 16.4 Log and Trace Your ZyAIR provides the error logs and trace records that are stored locally. 16.4.1 Viewing Error Log The first place you should look for clues when something goes wrong is the error log. Follow the procedures to view the local error/trace log: Step 1. Type 24 in the main menu to display Menu 24 – System Maintenance. Step 2. From menu 24, type 3 to display Menu 24.3 – System Maintenance – Log and Trace. Figure 16-6 Menu 24.3 System Maintenance : Log and Trace Step 3. Enter 1 from Menu 24.3 – System Maintenance – Log and Trace and press [ENTER] twice to display the error log in the system. After the ZyAIR finishes displaying the error log, you will have the option to clear it. Samples of typical error and information messages are presented in the next figure. Figure 16-7 Sample Error and Information Messages 16.5 Diagnostic The diagnostic facility allows you to test the different aspects of your ZyAIR to determine if it is working properly. Menu 24.4 allows you to choose among various types of diagnostic tests to evaluate your system, as shown in the following figure. Menu 24.3 - System Maintenance - Log and Trace 1. View Error Log Please enter selection: 13 Sat Jan 1 00:00:00 2000 PP0d INFO LAN promiscuous mode <1> 14 Sat Jan 1 00:00:00 2000 PINI INFO Last errorlog repeat 1 Times 15 Sat Jan 1 00:00:00 2000 PINI INFO main: init completed 16 Sat Jan 1 00:00:02 2000 PP05 -WARN SNMP TRAP 3: link up 17 Sat Jan 1 00:00:02 2000 PP13 INFO sending request to NTP server(6) 20 Sat Jan 1 00:00:30 2000 PSSV -WARN SNMP TRAP 0: cold start Clear Error Log (y/n):

ZyAIR B-500 Wireless Access Point User’s Guide 16-6 System Information and Diagnosis Figure 16-8 Menu 24.4 System Maintenance : Diagnostic Follow the procedure next to get to display this menu: Step 1. From the main menu, type 24 to open Menu 24 – System Maintenance. Step 2. From this menu, type 4. Diagnostic to open Menu 24.4 – System Maintenance – Diagnostic. The following table describes the diagnostic tests available in menu 24.4 for your ZyAIR and the connections. Table 16-3 Menu 24.4 System Maintenance Menu : Diagnostic FIELD DESCRIPTION Ping Host Ping the host to see if the links and TCP/IP protocol on both systems are working. DHCP Release Release the IP address assigned by the DHCP server. DHCP Renewal Get a new IP address from the DHCP server. Reboot System Reboot the ZyAIR. Host IP Address If you typed 1 to Ping Host, now type the address of the computer you want to ping. Menu 24.4 - System Maintenance – Diagnostic TCP/IP 1. Ping Host 2. DHCP Release 3. DHCP Renewal System 11. Reboot System Enter Menu Selection Number: Host IP Address= N/A

ZyAIR B-500 Wireless Access Point User’s Guide Firmware and Configuraiton File Maintenance 17-1 Chapter 17 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files using the SMT screens. 17.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc. It arrives from ZyXEL with a rom filename extension. Once you have customized the ZyAIR's settings, they can be saved back to your computer under a filename of your choosing. ZyNOS (ZyXEL Network Operating System sometimes referred to as the “ras” file) is the system firmware and has a “bin” filename extension. With many FTP and TFTP clients, the filenames are similar to those seen next. ftp> put firmware.bin ras This is a sample FTP session showing the transfer of the computer file " firmware.bin" to the ZyAIR. ftp> get rom-0 config.cfg This is a sample FTP session saving the current configuration to the computer file config.cfg. If your [T]FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the ZyAIR only recognizes “rom-0” and “ras”. Be sure you keep unaltered copies of both files for later use. The following table is a summary. Please note that the internal filename refers to the filename on the ZyAIR and the external filename refers to the filename not on the ZyAIR, that is, on your computer, local network or FTP site and so the name (but not the extension) will vary. After uploading new firmware see the ZyNOS F/W Version field in Menu 24.2.1 – System Maintenance – Information to confirm that you have uploaded the correct firmware version.

ZyAIR B-500 Wireless Access Point User’s Guide 17-2 Firmware and Configuraiton File Maintenance Table 17-1 Filename Conventions FILE TYPE INTERNAL NAME EXTERNAL NAME DESCRIPTION Configuration File Rom-0 *.rom This is the configuration filename on the ZyAIR. Uploading the rom-0 file replaces the entire ROM file system, including your ZyAIR configurations, system-related data (including the default password), the error log and the trace log. Firmware Ras *.bin This is the generic name for the ZyNOS firmware on the ZyAIR. 17.2 Backup Configuration Option 5 from Menu 24 – System Maintenance allows you to backup the current ZyAIR configuration to your computer. Backup is highly recommended once your ZyAIR is functioning properly. FTP is the preferred method, although TFTP can also be used. Please note that the terms “download” and “upload” are relative to the computer. Download means to transfer from the ZyAIR to the computer, while upload means from your computer to the ZyAIR. 17.2.1 Backup Configuration Using FTP Enter 5 in Menu 24 – System Maintenance to get the following screen. Figure 17-1 Menu 24.5 Backup Configuration Menu 24.5 – Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested. 3. Locate the ‘rom-0’ file. 4. Type ‘get rom-0’ to back up the current router configuration to your workstation. For details on FTP commands, please consult the documentation of your FTP client program. For details on backup using TFTP (note that you must remain in the menu to back up using TFTP), please see your router manual. Press ENTER to Exit:

ZyAIR B-500 Wireless Access Point User’s Guide Firmware and Configuraiton File Maintenance 17-3 17.2.2 Using the FTP command from the DOS Prompt Step 1. Launch the FTP client on your computer. Step 2. Enter “open” and the IP address of your ZyAIR. Step 3. Press [ENTER] when prompted for a username. Step 4. Enter “root” and your SMT password as requested. The default is 1234. Step 5. Enter “bin” to set transfer mode to binary. Step 6. Use “get” to transfer files from the ZyAIR to the computer, for example, “get rom-0 config.rom” transfers the configuration file on the ZyAIR to your computer and renames it “config.rom”. See earlier in this chapter for more information on filename conventions. Step 7. Enter “quit” to exit the FTP prompt. Figure 17-2 FTP Session Example The following table describes some of the commands that you may see in third party FTP clients. Table 17-2 General Commands for Third Party FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server. Login Type Anonymous. This is when a user I.D. and password is automatically supplied to the server for anonymous access. Anonymous logins will work only if your ISP or service administrator has enabled this option. Normal. The server requires a unique User ID and Password to login. Transfer Type Transfer files in either ASCII (plain text format) or in binary mode. 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit

ZyAIR B-500 Wireless Access Point User’s Guide 17-4 Firmware and Configuraiton File Maintenance Table 17-2 General Commands for Third Party FTP Clients COMMAND DESCRIPTION Initial Remote Directory Specify the default remote directory (path). Initial Local Directory Specify the default local directory (path). 17.2.3 Backup Configuration Using TFTP The ZyAIR supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next: Step 1. Use telnet from your computer to connect to the ZyAIR and log in. Because TFTP does not have any security checks, the ZyAIR records the IP address of the telnet client and accepts TFTP requests only from this address. Step 2. Put the SMT in command interpreter (CI) mode by entering 8 in Menu 24 – System Maintenance. Step 3. Enter command “sys stdio 0” to disable the SMT timeout, so the TFTP transfer will not be interrupted. Enter command “sys stdio 5” to restore the five-minute SMT timeout (default) when the file transfer is complete. Step 4. Launch the TFTP client on your computer and connect to the ZyAIR. Set the transfer mode to binary before starting data transfer. Step 5. Use the TFTP client (see the example below) to transfer files between the ZyAIR and the computer. The file name for the configuration file is rom-0 (rom-zero, not capital o). Note that the telnet connection must be active and the SMT in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program. For UNIX, use “get” to transfer from the ZyAIR to the computer and “binary” to set binary transfer mode. 17.2.4 Example: TFTP Command The following is an example TFTP command: TFTP [-i] host get rom-0 config.rom

ZyAIR B-500 Wireless Access Point User’s Guide Firmware and Configuraiton File Maintenance 17-5 where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyAIR IP address, “get” transfers the file source on the ZyAIR (rom-0 name of the configuration file on the ZyAIR) to the file destination on the computer and renames it config.rom. The following table describes some of the fields that you may see in third party TFTP clients. Table 17-3 General Commands for Third Party TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the ZyAIR. 192.168.1.2 is the ZyAIR’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the ZyAIR and “Fetch” to back up the file on your computer. Local File Enter the path and name of the firmware file (*.bin extension) or configuration file (*.rom extension) on your computer. Remote File This is the filename on the ZyAIR. The filename for the firmware is “ras” and for the configuration file, is “rom-0”. Binary Transfer the file in binary mode. Abort Stop transfer of the file. 17.3 Restore Configuration Menu 24.6 –- System Maintenance – Restore Configuration allows you to restore the configuration via FTP or TFTP to your ZyAIR. The preferred method is FTP. Note that this function erases the current configuration before restoring the previous backup configuration; please do not attempt to restore unless you have a backup configuration stored on disk. To restore configuration using FTP or TFTP is the same as uploading the configuration file, please refer to the following sections on FTP and TFTP file transfer for more details. The ZyAIR restarts automatically after the file transfer is complete.

ZyAIR B-500 Wireless Access Point User’s Guide 17-6 Firmware and Configuraiton File Maintenance Figure 17-3 Menu 24.6 Restore Configuration 17.4 Uploading Firmware and Configuration Files Menu 24.7 – System Maintenance – Upload Firmware allows you to upgrade the firmware and the configuration file. WARNING! PLEASE WAIT A FEW MINUTES FOR THE ZYAIR TO RESTART AFTER FIRMWARE OR CONFIGURATION FILE UPLOAD. INTERRUPTING THE UPLOAD PROCESS MAY PERMANENTLY DAMAGE YOUR ZYAIR. Figure 17-4 Menu 24.7 System Maintenance : Upload Firmware The configuration data, system-related data, the error log and the trace log are all stored in the configuration file. Please be aware that uploading the configuration file replaces everything contained within. Menu 24.6 – Restore Configuration To transfer the firmware and the configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested. 3. Type “put backupfilename rom-0” where backupfilename is the name of your backup configuration file on your workstation and rom-spt is the Remote file name on the router. This restores the configuration to your router. 4. The system reboots automatically after a successful file transfer. For details on FTP commands, please consult the documentation of your FTP client program. For details on restoring using TFTP (note that you must remain in the menu to back up using TFTP), please see your router manual. Press ENTER to Exit: Menu 24.7 - System Maintenance - Upload Firmware 1. Upload System Firmware 2. Upload System Configuration File Enter Menu Selection Number:

ZyAIR B-500 Wireless Access Point User’s Guide Firmware and Configuraiton File Maintenance 17-7 17.4.1 Firmware Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyAIR, you will see the following screens for uploading firmware and the configuration file using FTP. Figure 17-5 Menu 24.7.1 System Maintenance : Upload System Firmware 17.4.2 Configuration File Upload You see the following screen when you telnet into menu 24.7.2. Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested. 3. Type "put firmwarefilename ras" where "firmwarefilename" is the name of your firmware upgrade file on your workstation and "ras" is the remote file name on the system. 4. The system reboots automatically after a successful firmware upload. For details on FTP commands, please consult the documentation of your FTP client program. For details on uploading system firmware using TFTP (note that you must remain on this menu to upload system firmware using TFTP), please see your manual. Press ENTER to Exit:

ZyAIR B-500 Wireless Access Point User’s Guide 17-8 Firmware and Configuraiton File Maintenance Figure 17-6 Menu 24.7.2 System Maintenance : Upload System Configuration File To transfer the firmware and the configuration file, follow these examples: 17.4.3 Using the FTP command from the DOS Prompt Example Step 1. Launch the FTP client on your computer. Step 2. Enter “open” and the IP address of your ZyAIR. Step 3. Press [ENTER] when prompted for a username. Step 4. Enter “root” and your SMT password as requested. The default is 1234. Step 5. Enter “bin” to set transfer mode to binary. Step 6. Use “put” to transfer files from the computer to the ZyAIR, e.g., put firmware.bin ras transfers the firmware on your computer (firmware.bin) to the ZyAIR and renames it “ras”. Similarly “put config.rom rom-0” transfers the configuration file on your computer (config.rom) to the ZyAIR and renames it “rom-0”. Likewise “get rom-0 config.rom” transfers the configuration file on the ZyAIR to your computer and renames it “config.rom.” See earlier in this chapter for more information on filename conventions. Step 7. Enter “quit” to exit the FTP prompt. Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested. 3. Type "put configurationfilename rom-0" where "configurationfilename" is the name of your system configuration file on your workstation, which will be transferred to the "rom-0" file on the system. 4. The system reboots automatically after the upload system configuration file process is complete. For details on FTP commands, please consult the documentation of your FTP client program. For details on uploading system firmware using TFTP (note that you must remain on this menu to upload system firmware using TFTP), please see your manual. Press ENTER to Exit:

ZyAIR B-500 Wireless Access Point User’s Guide Firmware and Configuraiton File Maintenance 17-9 Figure 17-7 FTP Session Example More commands that you may find in third party FTP clients, are listed earlier in this chapter. 17.4.4 TFTP File Upload The ZyAIR also supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients. To transfer the firmware and the configuration file, follow the procedure shown next: Step 1. Use telnet from your computer to connect to the ZyAIR and log in. Because TFTP does not have any security checks, the ZyAIR records the IP address of the telnet client and accepts TFTP requests only from this address. Step 2. Put the SMT in command interpreter (CI) mode by entering 8 in Menu 24 – System Maintenance. Step 3. Enter the command “sys stdio 0” to disable the SMT timeout, so the TFTP transfer will not be interrupted. Enter command “sys stdio 5” to restore the five-minute SMT timeout (default) when the file transfer is complete. Step 4. Launch the TFTP client on your computer and connect to the ZyAIR. Set the transfer mode to binary before starting data transfer. Step 5. Use the TFTP client (see the example below) to transfer files between the ZyAIR and the computer. The file name for the firmware is “ras” and the configuration file is “rom-0” (rom-zero, not capital o). Note that the telnet connection must be active and the SMT in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program. For UNIX, use “get” to transfer from the ZyAIR to the computer, “put” the other way around, and “binary” to set binary transfer mode. 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit

ZyAIR B-500 Wireless Access Point User’s Guide 17-10 Firmware and Configuraiton File Maintenance 17.4.5 Example: TFTP Command The following is an example TFTP command: TFTP [-i] host put firmware.bin ras where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyAIR’s IP address, “put” transfers the file source on the computer (firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the ZyAIR). Commands that you may see in third party TFTP clients are listed earlier in this chapter.

ZyAIR B-500 Wireless Access Point User’s Guide System Maintenance and Information 18-1 Chapter 18 System Maintenance and Information This chapter leads you through SMT menus 24.8 and 24.10. 18.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions. Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands. Enter 8 from Menu 24 – System Maintenance. A list of valid commands can be found by typing help or ? at the command prompt. Type “exit” to return to the SMT main menu when finished. Figure 18-1 Menu 24 System Maintenance Figure 18-2 Valid CI Commands Menu 24 – System Maintenance 1. System Status 2. System Information and Console Port Speed 3. Log and Trace 4. Diagnostic 5. Backup Configuration 6. Restore Configuration 7. Upload Firmware 8. Command Interpreter Mode 10. Time and Date Setting Enter Menu Selection Number: Copyright (c) 1994 - 2003 ZyXEL Communications Corp. B-500> ? Valid commands are: sys exit device ether config wlan ip ppp bridge hdap cnm radius 8021x B-500>

ZyAIR B-500 Wireless Access Point User’s Guide 18-2 System Maintenance and Information 18.2 Time and Date Setting The ZyAIR keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyAIR. Menu 24.10 allows you to update the time and date settings of your ZyAIR. The real time is then displayed in the ZyAIR error logs and firewall logs. Step 1. Select menu 24 in the main menu to open Menu 24 – System Maintenance. Step 2. Then enter 10 to go to Menu 24.10 – System Maintenance – Time and Date Setting to update the time and date settings of your ZyAIR as shown in the following screen. Figure 18-3 Menu 24.10 System Maintenance : Time and Date Setting The following table describes the fields in this menu. Menu 24.10 - System Maintenance - Time and Date Setting Use Time Server when Bootup= NTP (RFC-1305) Time Server Address= 128.105.39.21 Current Time: 05 : 47 : 19 New Time (hh:mm:ss): 05 : 47 : 17 Current Date: 2000 - 01 - 01 New Date (yyyy-mm-dd): 2000 - 01 - 01 Time Zone= GMT Daylight Saving= No Start Date (mm-dd): 01 - 01 End Date (mm-dd): 01 - 01 Press ENTER to Confirm or ESC to Cancel:

ZyAIR B-500 Wireless Access Point User’s Guide System Maintenance and Information 18-3 Table 18-1 Menu 24.10 System Maintenance : Time and Date Setting FIELD DESCRIPTION Use Time Server when Bootup Enter the time service protocol that your time server sends when you turn on the ZyAIR. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works. The main differences between them are the format. Daytime (RFC 867) format is day/month/year/time zone of the server. Time (RFC-868) format displays a 4-byte integer giving the total number of seconds since 1970/1/1 at 0:0:0. NTP (RFC-1305) is similar to Time (RFC-868). None. The default, enter the time manually. Time Server Address Enter the IP address or domain name of your time server. Check with your ISP/network administrator if you are unsure of this information. Current Time This field displays an updated time only when you reenter this menu. New Time Enter the new time in hour, minute and second format. Current Date This field displays an updated date only when you re-enter this menu. New Date Enter the new date in year, month and day format. Time Zone Press [SPACE BAR] and then [ENTER] to set the time difference between your time zone and Greenwich Mean Time (GMT). Daylight Saving If you use daylight savings time, then choose Yes. Start Date If using daylight savings time, enter the month and day that it starts on. End Date If using daylight savings time, enter the month and day that it ends on Once you have filled in this menu, press [ENTER] at the message “Press ENTER to Confirm or ESC to Cancel“ to save your configuration, or press [ESC] to cancel. 18.2.1 Resetting the Time The ZyAIR resets the time in three instances: i. On leaving menu 24.10 after making changes. ii. When the ZyAIR starts up, if there is a time server configured in menu 24.10. iii. 24-hour intervals after starting.

Appendices VI Part VI: APPENDICES This part provides troubleshooting and background information about setting up your computer’s IP address, wireless LAN, 802.1x and IP subnetting. It also provides information on the command interpreter interface, NetBIOS commands and logs.

ZyAIR B-500 Wireless Access Point User’s Guide Troubleshooting A-1 Appendix A Troubleshooting This appendix covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. Problems Starting Up the ZyAIR Chart A-1 Troubleshooting the Start-Up of Your ZyAIR PROBLEM CORRECTIVE ACTION None of the LEDs turn on when I plug in the power adaptor. Make sure you are using the supplied power adaptor and that it is plugged in to an appropriate power source. Check that the power source is turned on. If the problem persists, you may have a hardware problem. In this case, you should contact your local vendor. The ZyAIR reboots automatically sometimes. The supplied power to the ZyAIR is too low. Check that the ZyAIR is receiving enough power. Make sure the power source is working properly. Problems with the Ethernet Interface Chart A-2 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION Cannot access the ZyAIR from the LAN. If the ETHN LED on the front panel is off, check the Ethernet cable connection between your ZyAIR and the Ethernet device connected to the ETHERNET port. Check for faulty Ethernet cables. Make sure your computer’s Ethernet adapter is installed and working properly. Check the IP address of the Ethernet device. Verify that the IP address and the subnet mask of the ZyAIR, the Ethernet device and your computer are on the same subnet.

ZyAIR B-500 Wireless Access Point User’s Guide A-2 Troubleshooting Chart A-2 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION I cannot ping any computer on the LAN. If the ETHN LED on the front panel is off, check the Ethernet cable connections between your ZyAIR and the Ethernet device. Check the Ethernet cable connections between the Ethernet device and the LAN computers. Check for faulty Ethernet cables. Make sure the LAN computer’s Ethernet adapter is installed and working properly. Verify that the IP address and the subnet mask of the ZyAIR, the Ethernet device and the LAN computers are on the same subnet. Problems with the Password Chart A-3 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access the ZyAIR. The Password and Username fields are case-sensitive. Make sure that you enter the correct password and username using the proper casing. Use the RESET button on the top panel of the ZyAIR to restore the factory default configuration file (hold this button in for about 10 seconds or until the link LED turns red). This will restore all of the factory defaults including the password. Problems with Telnet Chart A-4 Troubleshooting Telnet PROBLEM CORRECTIVE ACTION I cannot access the ZyAIR through Telnet. Refer to the Problems with the Ethernet Interface section for instructions on checking your Ethernet connection.

ZyAIR B-500 Wireless Access Point User’s Guide Troubleshooting A-3 Problems with the WLAN Interface Chart A-5 Troubleshooting the WLAN Interface PROBLEM CORRECTIVE ACTION Cannot access the ZyAIR from the WLAN. Make sure the wireless adapter on the wireless station is working properly. Check that both the ZyAIR and your wireless station are using the same ESSID, channel and WEP keys (if WEP encryption is activated). I cannot ping any computer on the WLAN. Make sure the wireless adapter on the wireless station(s) is working properly. Check that both the ZyAIR and wireless station(s) are using the same ESSID, channel and WEP keys (if WEP encryption is activated).

ZyAIR B-500 Wireless Access Point User’s Guide Brute-Force Password Guessing Protection B-1 Appendix B Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See the Command Interpreter appendix for information on the command structure. Chart B-1 Brute-Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the brute-force guessing password protection settings. sys pwderrtm 0 This command turns off the password's protection from brute-force guessing. sys pwderrtm N This command sets the password protection to block all access attempts for N (a number from 1 to 60) minutes after the third time an incorrect password is entered. Example sys pwderrtm 5 This command sets the password protection to block all access attempts for five minutes after the third time an incorrect password is entered. By default, the brute-force password guessing protection is turned ON with a 3-minute wait time.

ZyAIR B-500 Wireless Access Point User’s Guide Setting Up Your Computer’s IP Address C-1 Appendix C Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package. TCP/IP should already be installed on computers using Windows NT/2000/XP, Macintosh OS 7 and later operating systems. After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order to "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyAIR's LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks.

ZyAIR B-500 Wireless Access Point User’s Guide C-2 Setting Up Your Computer’s IP Address If you need the adapter: a. In the Network window, click Add. b. Select Adapter and then click Add. c. Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: a. In the Network window, click Add. b. Select Protocol and then click Add. c. Select Microsoft from the list of manufacturers. d. Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks: a. Click Add. b. Select Client and then click Add. c. Select Microsoft from the list of manufacturers. d. Select Client for Microsoft Networks from the list of network clients and then click OK. e. Restart your computer so the changes you made take effect. In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties.

ZyAIR B-500 Wireless Access Point User’s Guide Setting Up Your Computer’s IP Address C-3 1. Click the IP Address tab. -If your IP address is dynamic, select Obtain an IP address automatically. -If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. 2. Click the DNS Configuration tab. -If you do not know your DNS information, select Disable DNS. -If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in).

ZyAIR B-500 Wireless Access Point User’s Guide C-4 Setting Up Your Computer’s IP Address 3. Click the Gateway tab. -If you do not know your gateway’s IP address, remove previously installed gateways. -If you have a gateway IP address, type it in the New gateway field and click Add. 4. Click OK to save and close the TCP/IP Properties window. 5. Click OK to close the Network window. Insert the Windows CD if prompted. 6. Turn on your ZyAIR and restart your computer when prompted. Verifying Your Computer’s IP Address 1. Click Start and then Run. 2. In the Run window, type "winipcfg" and then click OK to open the IP Configuration window. 3. Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP

ZyAIR B-500 Wireless Access Point User’s Guide Setting Up Your Computer’s IP Address C-5 1. For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. 2. For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. 3. Right-click Local Area Connection and then click Properties.

ZyAIR B-500 Wireless Access Point User’s Guide C-6 Setting Up Your Computer’s IP Address 4. Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. 5. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). -If you have a dynamic IP address click Obtain an IP address automatically. -If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced.

ZyAIR B-500 Wireless Access Point User’s Guide Setting Up Your Computer’s IP Address C-7 6. -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add. -In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add. -Repeat the above two steps for each IP address you want to add. -Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways. -In TCP/IP Gateway Address, type the IP address of the default gateway in Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. -Click Add. -Repeat the previous three steps for each default gateway you want to add. -Click OK when finished.

ZyAIR B-500 Wireless Access Point User’s Guide C-8 Setting Up Your Computer’s IP Address 7. In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. 8. Click OK to close the Internet Protocol (TCP/IP) Properties window. 9. Click OK to close the Local Area Connection Properties window. 10. Turn on your ZyAIR and restart your computer (if prompted). Verifying Your Computer’s IP Address 1. Click Start, All Programs, Accessories and then Command Prompt. 2. In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. Macintosh OS 8/9

ZyAIR B-500 Wireless Access Point User’s Guide Setting Up Your Computer’s IP Address C-9 1. Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. 2. Select Ethernet built-in from the Connect via list. 3. For dynamically assigned settings, select Using DHCP Server from the Configure: list.

ZyAIR B-500 Wireless Access Point User’s Guide C-10 Setting Up Your Computer’s IP Address 4. For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box. -Type the IP address of your ZyAIR in the Router address box. 5. Close the TCP/IP Control Panel. 6. Click Save if prompted, to save changes to your configuration. 7. Turn on your ZyAIR and restart your computer (if prompted). Verifying Your Computer’s IP Address Check your TCP/IP properties in the TCP/IP Control Panel window. Macintosh OS X 1. Click the Apple menu, and click System Preferences to open the System Preferences window.

ZyAIR B-500 Wireless Access Point User’s Guide Setting Up Your Computer’s IP Address C-11 2. Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. 3. For dynamically assigned settings, select Using DHCP from the Configure list. 4. For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box. -Type the IP address of your ZyAIR in the Router address box. 5. Click Apply Now and close the window. 6. Turn on your ZyAIR and restart your computer (if prompted). Verifying Your Computer’s IP Address Check your TCP/IP properties in the Network window.

ZyAIR B-500 Wireless Access Point User’s Guide D-2 Wireless LAN and IEEE 802.11 unlicensed ISM (Industrial, Scientific and Medical) band. The third method is infrared technology, using very high frequencies, just below visible light in the electromagnetic spectrum to carry data. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS). In the most basic form, a wireless LAN connects a set of computers with wireless adapters. Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS). See the following diagram of an example of an Ad-hoc wireless LAN. Diagram D-1 Peer-to-Peer Communication in an Ad-hoc Network Infrastructure Wireless LAN Configuration For infrastructure WLANs, multiple access points (APs) link the WLAN to the wired network and allow users to efficiently share network resources. The access points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. Multiple access points can provide wireless coverage for an entire building or campus. All communications between stations or between a station and a wired network client go through the access point.

ZyAIR B-500 Wireless Access Point User’s Guide Wireless LAN and IEEE 802.11 D-3 The Extended Service Set (ESS) shown in the next figure consists of a series of overlapping BSSs (each containing an Access Point) connected together by means of a Distribution System (DS). Although the DS could be any type of network, it is almost invariably an Ethernet LAN. Mobile nodes can roam between access points and seamless campus-wide coverage is possible. Diagram D-2 ESS Provides Campus-Wide Coverage

ZyAIR B-500 Wireless Access Point User’s Guide E-2 Wireless LAN with IEEE 802.1x RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Diagram E-1 Sequences for EAP MD5–Challenge Authentication Client computer access authorized. Client computer access not authorized.

ZyAIR B-500 Wireless Access Point User’s Guide Types of EAP Authentication F-1 Appendix F Types of EAP Authentication This appendix discusses the four popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS and PEAP. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless station. The wireless station ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key. You must configure WEP encryption keys for data encryption. EAP-TLS (Transport Layer Security) With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead. EAP-TTLS (Tunneled Transport Layer Service) EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus

ZyAIR B-500 Wireless Access Point User’s Guide F-2 Types of EAP Authentication hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5 and EAP-MSCHAPv2, for client authentication. For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, simple user name and password pair is more practical. The following table is a comparison of the features of four authentication types. Comparison of EAP Authentication Types EAP-MD5 EAP-TLS EAP-TTLS PEAP Mutual Authentication No Yes Yes Yes Certificate – Client No Yes Optional Optional Certificate – Server No Yes Yes Yes Dynamic Key Exchange No Yes Yes Yes Credential Security None Strong Strong Strong Deployment Difficulty Easy Hard Moderate Moderate Wireless Security Poor Best Good Good Client Identity Protection No No Yes Yes

ZyAIR B-500 Wireless Access Point User’s Guide IP Subnetting G-1 Appendix G IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1. IP addresses are categorized into different classes. The class of an address depends on the value of its first octet.  Class “A” addresses have a 0 in the left most bit. In a class “A” address the first octet is the network number and the remaining three octets make up the host ID.  Class “B” addresses have a 1 in the left most bit and a 0 in the next left most bit. In a class “B” address the first two octets make up the network number and the two remaining octets make up the host ID.  Class “C” addresses begin (starting from the left) with 1 1 0. In a class “C” address the first three octets make up the network number and the last octet is the host ID.  Class “D” addresses begin with 1 1 1 0. Class “D” addresses are used for multicasting. (There is also a class “E” address. It is reserved for future use.) Chart G-1 Classes of IP Addresses IP ADDRESS: OCTET 1 OCTET 2 OCTET 3 OCTET 4 Class A 0 Network number Host ID Host ID Host ID Class B 10 Network number Network number Host ID Host ID Class C 110 Network number Network number Network number Host ID Host IDs of all zeros or all ones are not allowed. Therefore:  A class “C” network (8 host bits) can have 28 –2 or 254 hosts.  A class “B” address (16 host bits) can have 216 –2 or 65534 hosts.

ZyAIR B-500 Wireless Access Point User’s Guide G-2 IP Subnetting A class “A” address (24 host bits) can have 224 –2 hosts (approximately 16 million hosts). Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B” address has a valid range of 128 to 191. The first octet of a class “C” address begins with “110”, and therefore has a range of 192 to 223. Chart G-2 Allowed IP Address Range By Class CLASS ALLOWED RANGE OF FIRST OCTET (BINARY) ALLOWED RANGE OF FIRST OCTET (DECIMAL) Class A 00000000 to 01111111 0 to 127 Class B 10000000 to 10111111 128 to 191 Class C 11000000 to 11011111 192 to 223 Class D 11100000 to 11101111 224 to 239 Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). A subnet mask has 32 bits; each bit of the mask corresponds to a bit of the IP address. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is “0” then the corresponding bit in the IP address is part of the host ID. Subnet masks are expressed in dotted decimal notation just as IP addresses are. The “natural” masks for class A, B and C IP addresses are as follows. Chart G-3 “Natural” Masks CLASS NATURAL MASK A 255.0.0.0 B 255.255.0.0 C 255.255.255.0 Subnetting With subnetting, the class arrangement of an IP address is ignored. For example, a class C address no longer has to have 24 bits of network number and 8 bits of host ID. With subnetting, some of the host ID bits are converted into network number bits. By convention, subnet masks always consist of a continuous

ZyAIR B-500 Wireless Access Point User’s Guide IP Subnetting G-3 sequence of ones beginning from the left most bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with mask 255.255.255.128. The following table shows all possible subnet masks for a class “C” address using both notations. Chart G-4 Alternative Subnet Mask Notation SUBNET MASK IP ADDRESS SUBNET MASK “1” BITS LAST OCTET BIT VALUE 255.255.255.0 /24 0000 0000 255.255.255.128 /25 1000 0000 255.255.255.192 /26 1100 0000 255.255.255.224 /27 1110 0000 255.255.255.240 /28 1111 0000 255.255.255.248 /29 1111 1000 255.255.255.252 /30 1111 1100 The first mask shown is the class “C” natural mask. Normally if no mask is specified it is understood that the natural mask is being used. Example: Two Subnets As an example, you have a class “C” address 192.168.1.0 with subnet mask of 255.255.255.0. NETWORK NUMBER HOST ID IP Address 192.168.1. 0 IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask 255.255.255. 0 Subnet Mask (Binary) 11111111.11111111.11111111. 00000000 The first three octets of the address make up the network number (class “C”). You want to have two separate networks.

ZyAIR B-500 Wireless Access Point User’s Guide G-4 IP Subnetting Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “borrowed” host ID bit can be either “0” or “1” thus giving two subnets; 192.168.1.0 with mask 255.255.255.128 and 192.168.1.128 with mask 255.255.255.128. In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have on each subnet. Chart G-5 Subnet 1 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 0 IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask 255.255.255. 128 Subnet Mask (Binary) 11111111.11111111.11111111. 10000000 Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126 Chart G-6 Subnet 2 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 128 IP Address (Binary) 11000000.10101000.00000001. 10000000 Subnet Mask 255.255.255. 128 Subnet Mask (Binary) 11111111.11111111.11111111. 10000000 Subnet Address: 192.168.1.128 Lowest Host ID: 192.168.1.129 Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254 The remaining 7 bits determine the number of hosts each subnet can have. Host IDs of all zeros represent the subnet itself and host IDs of all ones are the broadcast address for that subnet, so the actual number of hosts available on each subnet in the example above is 27 – 2 or 126 hosts for each subnet. 192.168.1.0 with mask 255.255.255.128 is the subnet itself, and 192.168.1.127 with mask 255.255.255.128 is the directed broadcast address for the first subnet. Therefore, the lowest IP address that can be assigned

ZyAIR B-500 Wireless Access Point User’s Guide IP Subnetting G-5 to an actual host for the first subnet is 192.168.1.1 and the highest is 192.168.1.126. Similarly the host ID range for the second subnet is 192.168.1.129 to 192.168.1.254. Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192. Each subnet contains 6 host ID bits, giving 26-2 or 62 hosts for each subnet (all 0’s is the subnet itself, all 1’s is the broadcast address on the subnet). Chart G-7 Subnet 1 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 0 IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: 192.168.1.63 Highest Host ID: 192.168.1.62 Chart G-8 Subnet 2 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 64 IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.65 Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126 Chart G-9 Subnet 3 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 128 IP Address (Binary) 11000000.10101000.00000001. 10000000

ZyAIR B-500 Wireless Access Point User’s Guide G-6 IP Subnetting Chart G-9 Subnet 3 NETWORK NUMBER LAST OCTET BIT VALUE Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.128 Lowest Host ID: 192.168.1.129 Broadcast Address: 192.168.1.191 Highest Host ID: 192.168.1.190 Chart G-10 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 192 IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.193 Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110). The following table shows class C IP address last octet values for each subnet. Chart G-11 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 223 254 255

ZyAIR B-500 Wireless Access Point User’s Guide IP Subnetting G-7 The following table is a summary for class “C” subnet planning. Chart G-12 Class C Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.255.128 (/25) 2 126 2 255.255.255.192 (/26) 4 62 3 255.255.255.224 (/27) 8 30 4 255.255.255.240 (/28) 16 14 5 255.255.255.248 (/29) 32 6 6 255.255.255.252 (/30) 64 2 7 255.255.255.254 (/31) 128 1 Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets available for subnetting and a class “A” address has three host ID octets (see Chart J-1) available for subnetting. The following table is a summary for class “B” subnet planning. Chart G-13 Class B Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.128.0 (/17) 2 32766 2 255.255.192.0 (/18) 4 16382 3 255.255.224.0 (/19) 8 8190 4 255.255.240.0 (/20) 16 4094 5 255.255.248.0 (/21) 32 2046 6 255.255.252.0 (/22) 64 1022 7 255.255.254.0 (/23) 128 510 8 255.255.255.0 (/24) 256 254

ZyAIR B-500 Wireless Access Point User’s Guide G-8 IP Subnetting Chart G-13 Class B Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 9 255.255.255.128 (/25) 512 126 10 255.255.255.192 (/26) 1024 62 11 255.255.255.224 (/27) 2048 30 12 255.255.255.240 (/28) 4096 14 13 255.255.255.248 (/29) 8192 6 14 255.255.255.252 (/30) 16384 2 15 255.255.255.254 (/31) 32768 1

ZyAIR B-500 Wireless Access Point User’s Guide Command Interpreter H-1 Appendix H Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or www.zyxel.com for more detailed information on these commands. Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable. Command Syntax The command keywords are in courier new font. Enter the command keywords exactly as shown, do not abbreviate. The required fields in a command are enclosed in angle brackets <>. The optional fields in a command are enclosed in square brackets []. The |symbol means “or”. For example, sys filter netbios config <type> <on|off> means that you must specify the type of netbios filter and whether to turn it on or off. Command Usage A list of valid commands can be found by typing help or ? at the command prompt. Always type the full command. Type exit to return to the SMT main menu when finished.

ZyAIR B-500 Wireless Access Point User’s Guide Log Description I-1 Appendix I Log Descriptions Chart I-1 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The ZyAIR has adjusted its time based on information from the time server. Time calibration failed The ZyAIR failed to get information from the time server. DHCP client gets %s A DHCP client got a new IP address from the DHCP server. DHCP client IP expired A DHCP client's IP address has expired. DHCP server assigns %s The DHCP server assigned an IP address to a client. SMT Login Successfully Someone has logged on to the ZyAIR 's SMT interface. SMT Login Fail Someone has failed to log on to the ZyAIR s SMT interface. WEB Login Successfully Someone has logged on to the ZyAIR 's web configurator interface. WEB Login Fail Someone has failed to log on to the ZyAIR 's web configurator interface. TELNET Login Successfully Someone has logged on to the ZyAIR via telnet. TELNET Login Fail Someone has failed to log on to the ZyAIR via telnet. FTP Login Successfully Someone has logged on to the ZyAIR via FTP. FTP Login Fail Someone has failed to log on to the ZyAIR via FTP.

ZyAIR B-500 Wireless Access Point User’s Guide I-2 Log Descriptions Chart I-2 ICMP Notes TYPE CODE DESCRIPTION 0 Echo Reply 0 Echo reply message 3 Destination Unreachable 0 Net unreachable 1 Host unreachable 2 Protocol unreachable 3 Port unreachable 4 A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) 5 Source route failed 4 Source Quench 0 A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network. 5 Redirect 0 Redirect datagrams for the Network 1 Redirect datagrams for the Host 2 Redirect datagrams for the Type of Service and Network 3 Redirect datagrams for the Type of Service and Host 8 Echo 0 Echo message 11 Time Exceeded 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the error

ZyAIR B-500 Wireless Access Point User’s Guide Log Description I-3 Chart I-2 ICMP Notes TYPE CODE DESCRIPTION 13 Timestamp 0 Timestamp request message 14 Timestamp Reply 0 Timestamp reply message 15 Information Request 0 Information request message 16 Information Reply 0 Information reply message Chart I-3 Sys log LOG MESSAGE DESCRIPTION Mon dd hr:mm:ss hostname src="<srcIP:srcPort>" dst="<dstIP:dstPort>" msg="<msg>" note="<note>" This message is sent by the "RAS" when this syslog is generated. The messages and notes are defined in this appendix’s other charts. Log Commands Go to the command interpreter interface (the Command Interpreter Appendix explains how to access and use the commands). Configuring What You Want the ZyAIR to Log Use the sys logs load command to load the log setting buffer that allows you to configure which logs the ZyAIR is to record. Use sys logs category followed by a log category and a parameter to decide what to record

ZyAIR B-500 Wireless Access Point User’s Guide I-4 Log Descriptions Chart I-4 Log Categories and Available Settings LOG CATEGORIES AVAILABLE PARAMETERS 8021x 0, 1 access 0, 1, 2, 3 error 0, 1, 2, 3 icmp 0, 1 mten 0, 1 packetfilter 0, 1 remote 0, 1 tcpreset 0, 1 Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category. Use the sys logs save command to store the settings in the ZyAIR (you must do this in order to record logs). Displaying Logs Use the sys logs display command to show all of the logs in the ZyAIR’s log. Use the sys logs category display command to show the log settings for all of the log categories. Use the sys logs display [log category] command to show the logs in an individual ZyAIR log category. Use the sys logs clear command to erase all of the ZyAIR’s logs. Log Command Example This example shows how to set the ZyAIR to record the error logs and alerts and then view the results. ras> sys logs load ras> sys logs category error 3 ras> sys logs save ras> sys logs display access

ZyAIR B-500 Wireless Access Point User’s Guide Log Description I-5 # .time source destination notes message 0|11/11/2002 15:10:12 |172.22.3.80:137 |172.22.255.255:137 |ACCESS BLOCK

ZyAIR B-500 Wireless Access Point User’s Guide Index J-1 Appendix J Index A Address Assignment.........................................3-5, 7-1 Ad-hoc Configuration.............................................D-2 Alternative Subnet Mask Notation ......................... G-3 Applications ............................................................1-4 auto-negotiation.......................................................1-1 B backup ...................................................................17-2 Backup.....................................................................9-8 Basic Service Set....................................................D-2 BSS............................................. See Basic Service Set C CA ...........................................................................F-1 Certificate Authority......................................... See CA Channel ID .....................................................5-6, 12-3 Classes of IP Addresses.......................................... G-1 Collision ................................................................16-2 Command Interpreter ............................................18-1 Community............................................................14-2 Computer’s IP Address .......................................... C-1 Copyright....................................................................ii CPU Load..............................................................16-3 Customer Support....................................................... v D Data encryption .......................................................3-1 Default...................................................................9-11 DHCP ....................................................................16-4 Diagnostic .............................................................16-6 Diagnostic Tools ...................................................16-1 Direct Sequence Spread Spectrum..........................D-2 Distribution System................................................D-3 DS...........................................See Distribution System DSSS ............... See Direct Sequence Spread Spectrum E EAP ........................................................................ 1-3 EAP Authentication ................................................ F-1 MD5 ................................................................... F-1 TLS..................................................................... F-1 TTLS .................................................................. F-1 Error Log .............................................................. 16-5 Error/Information Messages Sample.............................................................. 16-5 ESS .. See Extended Service Set. See Extended Service Set ESS ID.................................................................... 3-1 Extended Service Set ...................................... D-3, 5-2 Extended Service Set IDentification ....................... 5-6 F FCC .......................................................................... iii FHSS ......... See Frequency-Hopping Spread Spectrum Filename Conventions .......................................... 17-1 Firmware File Maintenance................................................ 9-6, 9-8 Fragment Threshold.............................................. 12-3 Fragmentation Threshold........................................ 5-4 Frequency-Hopping Spread Spectrum ....................D-2 FTP File Transfer.................................................. 17-7 G General Setup ......................................... 3-2, 4-1, 11-1 H Hidden Menus....................................................... 10-4 Host ........................................................................ 4-3

ZyAIR B-500 Wireless Access Point User’s Guide J-2 Index Host IDs..................................................................G-1 I IBSS....................... See Independent Basic Service Set IEEE 802.11 ...........................................................D-1 Deployment Issues ............................................. E-1 Security Flaws.................................................... E-1 IEEE 802.1x ....................................................E-1, 1-3 Advantages......................................................... E-1 Independent Basic Service Set................. D-2, 5-1, 9-5 Infrastructure Configuration ...................................D-2 Internet access........................................................12-1 Internet Access ................................................ 1-4, 1-5 Internet Security Gateway .......................................1-1 IP Address .................... 3-5, 7-1, 7-2, 12-2, 16-4, 16-6 IP Addressing .........................................................G-1 IP Classes................................................................G-1 L Link type................................................................16-2 Log and Trace........................................................16-5 Log Descriptions......................................................J-1 Logs .........................................................................8-1 M MAC Address Filter Action........................... 6-6, 12-6 MAC Address Filtering .........................................12-5 Main Menu ............................................................10-4 Management Information Base (MIB)...................14-2 MD5........................................................................ F-1 Message Digest Algorithm 5 .........................See MD5 N Network Management .............................................1-3 Network Topology With RADIUS Server ExampleE-2 P Packets...................................................................16-2 Password............................................... 4-2, 10-1, 14-2 Ping........................................................................16-6 Private IP Address............................................3-5, 7-1 Q Quick Installation Guide .......................................... xv R RADIUS.................................................................. 1-3 RAS....................................................................... 16-4 Rate Receiving.......................................................... 16-2 Transmission..................................................... 16-2 Related Documentation............................................ xv Remote Authentication Dial In User Service ..........See RADIUS Remote Node ........................................................ 16-2 Required fields ...................................................... 10-4 Restore .................................................................... 9-9 Restore Configuration........................................... 17-5 RF signals .............................................................. D-1 Roaming Example.............................................................. 5-7 Requirements...................................................... 5-8 RTS Threshold...............................................5-3, 12-3 S Server...................................................................... 4-5 Service ...................................................................... iv Service Set .............................................................. 5-6 SMT Menu Overview ........................................... 10-2 SNMP Community ....................................................... 14-3 Configuration.................................................... 14-2 Get .................................................................... 14-2 GetNext ............................................................ 14-2 Manager............................................................ 14-2 MIBs................................................................. 14-2 Set..................................................................... 14-2 Trap .................................................................. 14-2 Traps........................................................ 14-3, 14-4 Trusted Host ..................................................... 14-3 Subnet Mask.................................. 3-5, 7-1, 12-2, 16-4 Subnet Masks ......................................................... G-2 Subnetting .............................................................. G-3

ZyAIR B-500 Wireless Access Point User’s Guide Index J-3 Supporting Disk........................................................ xv System Console Port Speed....................................... 16-4 Diagnostic ...................................................... 16-5 Log and Trace................................................ 16-5 System Information...........................................16-3 System Status....................................................16-1 Time and Date...................................................18-2 System Information ...............................................16-3 System Information & Diagnosis ..........................16-1 System Maintenance..16-1, 16-3, 17-2, 17-4, 17-5, 17-6, 17-9, 18-1, 18-2, 18-3 System Management Terminal..............................10-4 System Name...........................................................4-2 T TCP/IP...................................................................16-6 TFTP File Transfer................................................17-9 Time and Date Setting...........................................18-2 Time Server...........................................................18-3 Time Zone .............................................................18-3 TLS..........................................................................F-1 Trace Records........................................................16-5 Transport Layer Security................................ See TLS Troubleshooting Accessing ZyAIR.......................................A-2, A-3 Ethernet Port ...................................................... A-1 Password ............................................................ A-2 Start-Up..............................................................A-1 TTLS....................................................................... F-1 Tunneled Transport Layer Service................See TTLS U Upload Firmware.................................................. 17-6 User Profiles .................................................. 6-9, 13-1 V Valid CI Commands ............................................. 18-1 W Web Configurator ............................................ 2-1, 2-3 WEP........................................................................ 3-1 WEP Encryption............................................ 6-4, 12-3 Wireless LAN............................................... D-1, 12-2 Benefits ..............................................................D-1 Wireless LAN Setup ............................................. 12-2 Wizard Setup .....................................3-1, 3-2, 3-3, 3-4 WLAN ............................................ See Wireless LAN Z ZyNOS......................................................... 17-1, 17-2 ZyNOS F/W Version ............................................ 17-1 ZyXEL Limited Warranty Note.......................................................................iv