ZyXEL Communications G570S Access Point User Manual Part 2

ZyXEL Communications Corporation Access Point Part 2

Contents

Part 2

ZyXEL G-570S User’s GuideChapter 6 Wireless Screens 816.13 Security Parameters SummaryRefer to this table to see what other security parameters you should configure for each authentication method/ key management protocol type. You enter manual keys by first selecting 64-bit WEP,128-bit WEP or 152-bit WEP from the WEP Encryption field and then typing the keys (in ASCII or hexadecimal format) in the key text boxes. MAC address filters are not dependent on how you configure these security features.6.14 Wireless Client WPA SupplicantsA wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicants are the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data Communications' AEGIS client. The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it. 6.15 Configuring Wireless Security In order to configure and enable wireless security; click SETTINGS > WIRELESS > Security to display the Security screen. This screen varies according to the encryption method you select. Table 16 Wireless Security Relational MatrixAUTHENTICATIONMETHOD/ KEY MANAGEMENTPROTOCOLENCRYPTIONMETHOD ENTER MANUAL KEY IEEE 802.1XOpen None No DisableOpen WEP No Enable with Dynamic WEP KeyYes Enable without Dynamic WEP KeyYes DisableShared WEP No Enable with Dynamic WEP KeyYes Enable without Dynamic WEP KeyYes DisableWPA TKIP No EnableWPA-PSK TKIP Yes EnableWPA2 AES No EnableWPA2-PSK AES Yes Enable
ZyXEL G-570S User’s Guide82 Chapter 6 Wireless Screens6.15.1 Wireless Security: Disable If you do not enable any wireless security on your device, your network is accessible to any wireless networking device that is within range.Figure 47 Wireless Security: DisableThe following table describes the labels in this screen. 6.15.2 Wireless Security: WEP WEP provides a mechanism for encrypting data using encryption keys. Both the AP and the wireless stations must use the same WEP key to encrypt and decrypt data. You can configure up to four 64-bit, 128-bit or 152-bit WEP keys, but only one key can be used at any one time.Table 17 Wireless Security: DisableLABEL DESCRIPTIONEncryption Method Select Disable to have no wireless LAN security configured.Apply Click Apply to save your changes back to the device.Reset Click Reset to begin configuring this screen afresh.
ZyXEL G-570S User’s GuideChapter 6 Wireless Screens 83Figure 48 Wireless Security: WEPThe following table describes the labels in this screen. Table 18 Wireless Security: WEPLABEL DESCRIPTIONEncryption Method Select WEP if you want to configure WEP encryption parameters.Authentication Type Select Auto,Open or Shared from the drop-down list box. WEP Encryption Select 64 bit WEP,128 bit WEP or 152 bit WEP to enable data encryption.Passphrase If you selected 64-bit or 128-bit WEP, you can enter a “passphrase” (password phrase) of up to 32 case-sensitive printable characters and click Generate to have the device create four different WEP keys.Generate After you enter the passphrase, click Generate to have the device generates four different WEP keys automatically.Key 1 to Key 4If you want to manually set the WEP keys, enter the WEP key in the field provided.Select a WEP key to use for data encryption.The WEP keys are used to encrypt data. Both the device and the wireless stations must use the same WEP key for data transmission.If you chose 64 bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). If you chose 128 bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F"). If you chose 152 bit WEP, then enter 16 ASCII characters or 32 hexadecimal characters ("0-9", "A-F").Apply Click Apply to save your changes back to the device.Reset Click Reset to begin configuring this screen afresh.
ZyXEL G-570S User’s Guide84 Chapter 6 Wireless Screens6.15.3 Wireless Security: WPA(2)-PSK Select WPA-PSK,WPA2-PSK or WPA-PSK & WPA2-PSK in the Encryption Method drop down list-box to display the screen displays as next.Figure 49 Wireless Security: WPA(2)-PSKThe following table describes the labels in this screen.6.15.4 Wireless Security: WPA(2) WPA (Wi-Fi Protected Access) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Key differences between WPA(2) and WEP are user authentication and improved data encryption.Table 19 Wireless Security: WPA-PSKLABEL DESCRIPTIONEncryption Method Select WPA-PSK,WPA2-PSK or WPA-PSK & WPA2-PSK if you want to configure a pre-shared key. Choose this option only if your wireless clients support it.Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials.Type a pre-shared key from 8 to 63 ASCII characters (including spaces and symbols). This field is case-sensitive.Apply Click Apply to save your changes back to the device.Reset Click Reset to begin configuring this screen afresh.
ZyXEL G-570S User’s GuideChapter 6 Wireless Screens 85Figure 50 Wireless Security: WPA(2)The following table describes the labels in this screen. Table 20 Wireless Security: WPA(2) LABEL DESCRIPTIONEncryption Method Select WPA,WPA2 or WPA & WPA2 to configure user authentication and improved data encryption.Note: WPA, WPA2 and IEEE 802.1x wireless security are not available when you use Wireless Client, Bridge or AP+Repeater mode. You can only use WEP keys to encrypt traffic between APs.Authentication Server IP Address Enter the IP address of the external authentication server in dotted decimal notation.Port Number Enter the port number of the external authentication server. The default port number is 1812.You need not change this value unless your network administrator instructs you to do so with additional information.Shared Secret Enter a password (up to 63 printable characters) as the key to be shared between the external authentication server and the device.The key must be the same on the external authentication server and your device. The key is not sent over the network.Reauthentication Time Specify how often wireless stations have to resend user names and passwords in order to stay connected. Enter a time interval between 100 and 3600 seconds. If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority.
ZyXEL G-570S User’s Guide86 Chapter 6 Wireless Screens6.15.5 Wireless Security: IEEE 802.1x The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management. Note: Once you enable user authentication, you need to specify an external RADIUS server on the device for authentication.Figure 51 Wireless Security: 802.1xGlobal-Key Update This is how often the AP sends a new group key out to all clients. The re-keying process is the WPA equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis. Specify an interval either in seconds or thousands of packets that the device sends.Apply Click Apply to save your changes back to the device.Reset Click Reset to begin configuring this screen afresh.Table 20 Wireless Security: WPA(2) (continued)LABEL DESCRIPTION
ZyXEL G-570S User’s GuideChapter 6 Wireless Screens 87The following table describes the labels in this screen. 6.16 MAC Filter The MAC filter screen allows you to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the device (Deny Association). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen.The MAC filter works when the device functions as an AP. It allows or denies wireless client access. The MAC filter does not apply to bridge or repeater functions.Table 21 Wireless Security: 802.1xLABEL DESCRIPTIONEncryption Method Select 802.1X to configure authentication of wireless stations and encryption key management.Note: WPA, WPA2 and IEEE 802.1x wireless security are not available when you use Bridge or AP+Repeater mode. You can only use WEP keys to encrypt traffic between APs.Data Encryption Select None to allow wireless stations to communicate with the access points without using dynamic WEP key exchange. Select 64 bits WEP,128 bits WEP or 152 bits WEP to enable data encryption. Up to 32 stations can access the device when you configure dynamic WEP key exchange.Authentication Server IP Address Enter the IP address of the external authentication server in dotted decimal notation.Port Number Enter the port number of the external authentication server. The default port number is 1812.You need not change this value unless your network administrator instructs you to do so with additional information.Shared Secret Enter a password (up to 63 printable characters) as the key to be shared between the external authentication server and the device.The key must be the same on the external authentication server and your device. The key is not sent over the network.Reauthentication Time Specify how often wireless stations have to resend user names and passwords in order to stay connected. Enter a time interval between 100 and 3600 seconds. If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority. Global-Key Update This is how often the AP sends a new group key out to all clients. The re-keying process is the WPA equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis. Specify an interval either in seconds or thousands of packets that the device sends.Apply Click Apply to save your changes back to the device.Reset Click Reset to begin configuring this screen afresh.
ZyXEL G-570S User’s Guide88 Chapter 6 Wireless ScreensThe following applies if you set the device to client mode and want to connect to an AP that uses a MAC filter. After the device turns on in client mode, it clones the MAC address of the first packets that it receives from devices connected to the Ethernet port. It uses this MAC address on the packets that it sends to an AP. All of the packets that the device sends to an AP will appear to be from the first device that connected to the Ethernet port. If you turn the device off and back on, it again clones the MAC address of the first packets that it receives from devices connected to the Ethernet port. You may be able to check the association list on the AP to determine which MAC address the device is currently using. To change your device's MAC filter settings, click WIRELESS > SETTINGS > MAC Filter. The screen appears as shown.Note: Be careful not to list your computer's MAC address and select Deny the following MAC address to associate when managing the device via a wireless connection. This would lock you out.Figure 52 MAC Filter
ZyXEL G-570S User’s GuideChapter 6 Wireless Screens 89The following table describes the labels in this screen.6.17 OTIST In a wireless network, the wireless clients must have the same SSID and security settings as the access point (AP) or wireless router (we will refer to both as “AP” here) in order to associate with it. Traditionally this meant that you had to configure the settings on the AP and then manually configure the exact same settings on each wireless client.OTIST (One-Touch Intelligent Security Technology) allows you to transfer your AP’s SSID and WEP or WPA-PSK security settings to wireless clients that support OTIST and are within transmission range. You can also choose to have OTIST generate a WPA-PSK key for you if you didn’t configure one manually.Note: OTIST replaces the pre-configured wireless settings on the wireless clients.6.17.1 Enabling OTISTYou must enable OTIST on both the AP and wireless client before you start transferring settings.Note: The AP and wireless client(s) MUST use the same Setup key.6.17.1.1 APYou can enable OTIST using the OTIST button or the web configurator. 6.17.1.1.1 OTIST ButtonIf you use the OTIST button, the default (01234567) or previous saved (through the web configurator) Setup key is used to encrypt the settings that you want to transfer. Table 22 MAC FilterLABEL DESCRIPTIONActive Select the check box to enable MAC address filtering and define the filter action for the list of MAC addresses in the MAC address filter table. Select Allow the following MAC address to associate to permit access to the device, MAC addresses not listed will be denied access to the device.Select Deny the following MAC address to associate to block access to the device, MAC addresses not listed will be allowed to access the device.# This is the index number of the MAC address.MAC Address Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the wireless station that are allowed or denied access to the device in these address fields.Apply Click Apply to save your changes back to the device.Reset Click Reset to begin configuring this screen afresh.
ZyXEL G-570S User’s Guide90 Chapter 6 Wireless ScreensHold in the OTIST button for one or two seconds. 6.17.1.1.2 Web ConfiguratorClick WIRELESS > SETTINGS > OTIST to configure and enable OTIST. The screen appears as shown.Note: At the time of writing the device does not support OTIST in the wireless client mode.Figure 53 OTISTThe following table describes the labels in this screen. 6.17.1.2 Wireless ClientStart the ZyXEL utility and click the Adapter tab. Select the OTIST check box, enter the same Setup Key as your AP’s and click Save.Table 23 OTISTLABEL DESCRIPTIONOne-Touch Intelligent Security TechnologySetup Key Enter the setup key of up to eight printable characters. The default OTIST setup key is "01234567".Note: If you change the OTIST setup key here, you must also make the same change on the wireless client(s).Yes! To have OTIST automatically generate a WPA-PSK key, select this check box. If you manually configured a WEP key or a WPA-PSK key and you also select this check box, then the key you manually configured is used.Start Click Start to encrypt the wireless security data using the setup key and have the device set the wireless client to use the same wireless settings as the device. You must also activate and start OTIST on the wireless client at the same time. The process takes three minutes to complete.
ZyXEL G-570S User’s GuideChapter 6 Wireless Screens 91Figure 54 Example Wireless Client OTIST Screen6.17.2 Starting OTISTNote: You must click Start in the AP OTIST web configurator screen and in the wireless client(s) Adapter screen all within three minutes (at the time of writing). You can start OTIST in the wireless clients and AP in any order but they must all be within range and have OTIST enabled.1In the AP, a web configurator screen pops up showing you the security settings to transfer. After reviewing the settings, click OK.Figure 55 Security Key
ZyXEL G-570S User’s Guide92 Chapter 6 Wireless Screens2This screen appears while OTIST settings are being transferred. It closes when the transfer is complete. Figure 57 OTIST in Progress (Client)• In the wireless client, you see this screen if it can't find an OTIST-enabled AP (with the sameSetup key). Click OK to go back to the ZyXEL utility main screen. Figure 58 No AP with OTIST Found• If there is more than one OTIST-enabled AP within range, you see a screen asking you to select one AP to get settings from.6.17.3 Notes on OTIST1If you enabled OTIST in the wireless client, you see this screen each time you start the utility. Click Yes for it to search for an OTIST-enabled AP.Figure 56 OTIST in Progress (AP)
ZyXEL G-570S User’s GuideChapter 6 Wireless Screens 93Figure 59 Start OTIST?2If an OTIST-enabled wireless client loses its wireless connection for more than ten seconds, it will search for an OTIST-enabled AP for up to one minute. (If you manually have the wireless client search for an OTIST-enabled AP, there is no timeout; click Cancel in the OTIST progress screen to stop the search.)3When the wireless client finds an OTIST-enabled AP, you must still click Start in the AP OTIST web configurator screen or hold in the OTIST button (for one or two seconds) for the AP to transfer settings.4If you change the SSID or the keys on the AP after using OTIST, you need to run OTIST again or enter them manually in the wireless client(s).5If you configure OTIST to generate a WPA-PSK key, this key changes each time you run OTIST. Therefore, if a new wireless client joins your wireless network, you need to run OTIST on the AP and ALL wireless clients again.
ZyXEL G-570S User’s Guide94 Chapter 6 Wireless Screens
ZyXEL G-570S User’s GuideChapter 7 Management Screens 95CHAPTER 7Management ScreensThis chapter describes the Maintenance screens.7.1 Maintenance OverviewUse these maintenance screens to change the password, view logs, back up or restore the G-570S configuration and change the web configurator language. 7.2 Password To change your device's password (recommended), click SETTINGS > MANAGEMENT.The screen appears as shown. This screen allows you to change the device's password.If you forget your password (or the device IP address), you will need to reset the device. See the section on resetting the device for details.Figure 60 Management: PasswordThe following table describes the labels in this screen. Table 24 Management: Password LABEL DESCRIPTIONCurrent Password Type in your existing system password (1234 is the default password).New Password Type your new system password (up to 30 printable characters). Spaces are not allowed.Note that as you type a password, the screen displays an asterisk (*) for each character you type.Retype to Confirm Retype your new system password for confirmation.
ZyXEL G-570S User’s Guide96 Chapter 7 Management Screens7.3 Logs Click SETTINGS > MANAGEMENT > Logs to open the Logs screen. You can view logs and alert messages in this screen. Once the log table is full, old logs are deleted as new logs are created.Click a column heading to sort the entries. A triangle indicates the direction of the sort order.Figure 61 Management: LogsThe following table describes the labels in this screen.Apply Click Apply to save your changes back to the device.Cancel Click Cancel to reload the previous configuration for this screen.Table 24 Management: Password (continued)LABEL DESCRIPTIONTable 25 Management: Logs LABEL DESCRIPTIONDisplay Select a category of logs to view.Refresh Click Refresh to renew the log screen.Clear Log Click Clear Log to clear all the logs. # This is the log’s index number.Time This field displays the time the log was recorded. It is the number of seconds since the last time the system turned on.Message This field states the reason for the log.
ZyXEL G-570S User’s GuideChapter 7 Management Screens 977.4 Configuration File The configuration file (often called the romfile or rom-0) contains the factory default settings such as password and TCP/IP Setup, etc. It arrives from ZyXEL with a .rom filename extension. Once you have customized the device's settings, they can be saved back to your computer under a filename of your choosing. Click SETTINGS > MANAGEMENT > Configuration File. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next.Figure 62 Management: Configuration FileSource This field lists the source IP address and the port number of the incoming packet that caused the log.Destination This field lists the destination IP address and the port number of the outgoing packet that caused the log.Note This field displays additional information about the log entry.Table 25 Management: Logs (continued)LABEL DESCRIPTION
ZyXEL G-570S User’s Guide98 Chapter 7 Management Screens7.4.1 Backup ConfigurationBackup configuration allows you to back up (save) the device's current configuration to a file on your computer. Once your device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.Click Backup to save the device's current configuration to your computer.7.4.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your device.Note: Do not turn off the device while configuration file upload is in progress.The following screen displays. You must wait one minute before logging into the device again.Figure 63 Configuration Upload SuccessfulThe device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.Table 26 Management: Configuration File: Restore Configuration LABEL DESCRIPTIONFile Path Type in the location of the file you want to upload in this field or click Browse ... to find it.Browse... Click Browse... to find the file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them.Upload Click Upload to begin the upload process.
ZyXEL G-570S User’s GuideChapter 7 Management Screens 99Figure 64 Network Temporarily DisconnectedIf you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address (192.168.1.2). If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration File screen.Figure 65 Configuration Upload Error7.4.3 Back to Factory DefaultsClicking the RESET button in this section clears all user-entered configuration information and returns the device to its factory defaults. The following warning screen will appear. Figure 66 Reset Warning MessageYou can also press the RESET button on the rear panel to reset the factory defaults of your device. Refer to the section on resetting the device for more information on the RESETbutton.7.5 F/W Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a .rmt extension, for example, "zyxel.rmt". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
ZyXEL G-570S User’s Guide100 Chapter 7 Management ScreensClick SETTINGS > MANAGEMENT > F/W Upload to display the screen as shown. Follow the instructions in this screen to upload firmware to your device.Figure 67 Management: F/W UploadThe following table describes the labels in this screen.Note: Do not turn off the device while firmware upload is in progress!The following screen appears. Wait two minutes before logging into the device again. Figure 68 Firmware Upgrading ScreenThe device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.Table 27 Management: F/W Upload LABEL DESCRIPTIONFile Path Type in the location of the file you want to upload in this field or click Browse ... to find it.Browse... Click Browse... to find the .rmt file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes.
ZyXEL G-570S User’s GuideChapter 7 Management Screens 101Figure 69 Network Temporarily DisconnectedAfter two minutes, log in again and check your new firmware version in the System Statusscreen.If the upload was not successful, the following status message displays at the bottom of the screen. Figure 70 Firmware Upload Error
ZyXEL G-570S User’s Guide102 Chapter 7 Management Screens
ZyXEL G-570S User’s GuideChapter 8 Troubleshooting 103CHAPTER 8TroubleshootingThis chapter covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem.8.1 Problems Starting Up the G-570S8.2 Problems with the PasswordTable 28 Troubleshooting the Start-Up of Your G-570SPROBLEM CORRECTIVE ACTIONNone of the LEDs turn on when I plug in the power adaptor.Make sure you are using the supplied power adaptor and that it is plugged in to an appropriate power source. Check that the power source is turned on. If the problem persists, you may have a hardware problem. In this case, you should contact your local vendor.The G-570S reboots automatically sometimes.The supplied power to the G-570S is too low. Check that the G-570S is receiving enough power.Make sure the power source is working properly.Table 29 Troubleshooting the PasswordPROBLEM CORRECTIVE ACTIONI cannot access the G-570S. The Password field is case-sensitive. Make sure that you enter the correct password using the proper casing.Use the RESET button on the rear panel of the G-570S to restore the factory default configuration file (hold this button in for about 10 seconds or release the button when the PWR LED starts blinking). This will restore all of the factory defaults including the password.
ZyXEL G-570S User’s Guide104 Chapter 8 Troubleshooting8.3 Problems with the WLAN Interface8.4 Problems with the Ethernet InterfaceTable 30 Troubleshooting the WLAN InterfacePROBLEM CORRECTIVE ACTIONCannot access the G-570S from the WLAN.Make sure the wireless adapter on the wireless station is working properly.Check that both the G-570S and your wireless station are using the same ESSID, channel and security settings.I cannot ping any computer on the WLAN.Make sure the wireless adapter on the wireless station(s) is working properly.Check that both the G-570S and wireless station(s) are using the same ESSID, channel and security settings.Table 31 Troubleshooting the Ethernet InterfacePROBLEM CORRECTIVE ACTIONI cannot access the G-570S from the LAN.If the ETHN LED on the front panel is off, check the Ethernet cable connection between your G-570S and the Ethernet device connected to the ETHERNETport.Check for faulty Ethernet cables.Make sure your computer’s Ethernet adapter is installed and working properly.Check the IP address of the Ethernet device. Verify that the IP address and the subnet mask of the G-570S, the Ethernet device and your computer are on the same subnet. I cannot ping any computer on the LAN.If the ETHN LED on the front panel is off, check the Ethernet cable connections between your G-570S and the Ethernet device.Check the Ethernet cable connections between the Ethernet device and the LAN computers.Check for faulty Ethernet cables.Make sure the LAN computer’s Ethernet adapter is installed and working properly.Verify that the IP address and the subnet mask of the G-570S, the Ethernet device and the LAN computers are on the same subnet.
ZyXEL G-570S User’s GuideChapter 8 Troubleshooting 1058.4.1 Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow:• Web browser pop-up windows from your device.• JavaScripts (enabled by default).• Java permissions (enabled by default).Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary.8.4.1.1 Internet Explorer Pop-up BlockersYou may have to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device’s IP address.Cannot access the web configurator. Your computer’s and the G-570S’s IP addresses must be on the same subnet for LAN access.If you changed the G-570S’s IP address, then enter the new one as the URL.If you don’t know the G-570S’s IP address, type the device name of your G-570S as the URL. ZyXELXXXX is the default where “XXXX” is the last four digits of the MAC address. The MAC address is on the bottom of the device). If you just changed the G-570S’s IP address, your computer’s cache of machine names may contain an entry that maps the name of the G-570S to its previous IP address. In Windows, use nbtstat -R at the command prompt to delete all entries in your computer’s cache of machine names.Open a new browser window.See the following section to check that pop-up windows, JavaScripts and Java permissions are allowed.You may also need to clear your Internet browser’s cache.In Internet Explorer, click Tools and then Internet Options to open the Internet Options screen. In the General tab, click Delete Files. In the pop-up window, select the Deleteall offline content check box and click OK. Click OK in the Internet Optionsscreen to close it.If you disconnect your computer from one device and connect it to another device that has the same IP address, your computer’s ARP (Address Resolution Protocol) table may contain an entry that maps the management IP address to the previous device’s MAC address). In Windows, use arp -d at the command prompt to delete all entries in your computer’s ARP table.Open a new browser window.Table 31 Troubleshooting the Ethernet Interface (continued)PROBLEM CORRECTIVE ACTION
ZyXEL G-570S User’s Guide106 Chapter 8 Troubleshooting8.4.1.1.1 Disable pop-up Blockers1In Internet Explorer, select Tools,Pop-up Blocker and then select Turn Off Pop-up Blocker.Figure 71 Pop-up BlockerYou can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1In Internet Explorer, select Tools,Internet Options,Privacy.2Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 72 Internet Options3Click Apply to save this setting.
ZyXEL G-570S User’s GuideChapter 8 Troubleshooting 1078.4.1.1.2 Enable pop-up Blockers with ExceptionsAlternatively, if you only want to allow pop-up windows from your device, see the following steps.1In Internet Explorer, select Tools,Internet Options and then the Privacy tab. 2Select Settings…to open the Pop-up Blocker Settings screen.Figure 73 Internet Options3Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4Click Add to move the IP address to the list of Allowed sites.
ZyXEL G-570S User’s Guide108 Chapter 8 TroubleshootingFigure 74 Pop-up Blocker Settings5Click Close to return to the Privacy screen. 6Click Apply to save this setting. 8.4.1.2 JavaScriptsIf pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1In Internet Explorer, click Tools,Internet Options and then the Security tab.
ZyXEL G-570S User’s GuideChapter 8 Troubleshooting 109Figure 75 Internet Options 2Click the Custom Level... button. 3Scroll down to Scripting.4Under Active scripting make sure that Enable is selected (the default).5Under Scripting of Java applets make sure that Enable is selected (the default). 6Click OK to close the window.
ZyXEL G-570S User’s Guide110 Chapter 8 TroubleshootingFigure 76 Security Settings - Java Scripting8.4.1.3 Java Permissions1From Internet Explorer, click Tools,Internet Options and then the Security tab. 2Click the Custom Level... button. 3Scroll down to Microsoft VM.4Under Java permissions make sure that a safety level is selected.5Click OK to close the window.
ZyXEL G-570S User’s GuideChapter 8 Troubleshooting 111Figure 77 Security Settings - Java 8.4.1.3.1 JAVA (Sun)1From Internet Explorer, click Tools,Internet Options and then the Advanced tab. 2make sure that Use Java 2 for <applet> under Java (Sun) is selected.3Click OK to close the window.
ZyXEL G-570S User’s Guide112 Chapter 8 TroubleshootingFigure 78 Java (Sun)8.5 Testing the Connection to the G-570S1Click Start,(All) Programs,Accessories and then Command Prompt.2In the Command Prompt window, type “ping” followed by a space and the IP address of the G-570S (192.168.1.2 is the default).3Press ENTER. The following screen displays.Figure 79 Pinging the G-650Your computer can now communicate with the G-570S via the ETHERNET port.C:\>ping 192.168.1.2Pinging 192.168.1.2 with 32 bytes of data:Reply from 192.168.1.2: bytes=32 time=10ms TTL=254Reply from 192.168.1.2: bytes=32 time<10ms TTL=254Reply from 192.168.1.2: bytes=32 time<10ms TTL=254Reply from 192.168.1.2: bytes=32 time<10ms TTL=254Ping statistics for 192.168.1.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 10ms, Average = 2m
ZyXEL G-570S User’s GuideChapter 8 Troubleshooting 113
ZyXEL G-570S User’s Guide114 Chapter 8 Troubleshooting
ZyXEL G-570S User’s GuideAppendix A Product Specifications 115APPENDIX AProduct SpecificationsSee also the introduction chapter for a general overview of the key features.Specification TablesTable 32 Device SpecificationsDefault IP Address 192.168.1.2Default Subnet Mask 255.255.255.0 (24 bits)Default Password 1234Dimensions 112 mm (Wide) × 106 mm (Deep) × 28.5 mm (High)Weight 203 gEthernet Port One auto-negotiating, auto MDI/MDI-X 10/100 Mbps RJ-45 Ethernet portAntenna 1 detachable dipole antennaPower Requirements 12VDC @ 1 Amp maximumOperation Temperature 0º C ~ 50º CStorage Temperature -30º ~ 60º COperation Humidity 20% ~ 95% RHStorage Humidity 20% ~ 95% RHTable 33 Feature SpecificationsProtocol Support Transparent bridging for unsupported network layer protocolsDHCP ClientDHCP relayStandard Compliance IEEE 802.3 and 802.3u 10Base-T and 100Base-TX physical layer specificationIEEE 802.11g specification compliance for wireless LANIEEE 802.11b specification compliance for wireless LANIEEE 802.1x security standard supportWi-Fi certificateRoaming IEEE 802.11g compliantIEEE 802.11b compliantIEEE 802.11f partially compliant (without re-authentication)
ZyXEL G-570S User’s Guide116 Appendix A Product SpecificationsOperating Modes Access PointClientBridgeAccess Point and Repeater Wireless Links Up to four bridge links.Two or more repeater links are supported. It is suggested that you only use up to three repeater links.Management Embedded Web Configurator Command-line interfaceTelnet support (Password-protected telnet access to internal configuration manager). FTP//Web for firmware downloading and configuration backup and restore.Limitation of client connections (# is configurable, default: unlimited)Intra BSS Block (enable/disable)Output Power Management (4-levels)Security WPA and IEEE 802.1x security (EAP-TLS, EAP-TTLS, LEAP,. EAP-PEAP and Win XP PEAP included)64/128/152-bits WEPWPA/WPA2 support based on 802.11i standard Dynamic WEP key exchangeMAC address filtering through WLAN (supports up to 32 MAC address entriesAES Support Diagnostics Capabilities Built-in Diagnostic Tools for FLASH memory, RAM, Ethernet port and wireless port.SyslogError logTrace LogPacket LogHardware Features Restore Factory Defaults (reset) ButtonStatus LEDs•PWR•ETHN•OTIST•WLANTable 34 Wireless RF SpecificationsSTANDARD IEEE802.11 COMPLIANCEData Rate Super G/11g: 108M/54M/48M/36M/24M/18M/12M/9/6 Mbps auto fallback11b: 11Mbps/5.5Mbps/2Mbps/1Mbps auto fallbackCommunication Method Half DuplexTransmission/Emission Type Direct Sequence Spread Spectrum (DSSS)Table 33 Feature Specifications (continued)
ZyXEL G-570S User’s GuideAppendix A Product Specifications 117ApprovalsSecurity Wired Equivalent Privacy (WEP) data encryptionDynamic WEP key exchangeWiFi Protected Access (WPA)IEEE 802.1xRF frequency range 2.412~2.462GHz: North America2.412MHz~2.484 GHz: Japan2.412-2.472 GHz: Europe ETSIData modulation type OFDM/BPSK/QPSK/CCK/PBCC/DQPSK/DBPSKPeak Output Power 11b: 17.32 dBm11g: 21.48 dBmTurbo mode: 22.25 dBmSensitivity 54M: -65dBm 11M: -80dBm Coverage Indoor: up to 100meters Outdoor: up to 400metersAntenna 1 external detachable 2.05dBi dipole antenna with R-SMA connectorTable 34 Wireless RF SpecificationsSTANDARD IEEE802.11 COMPLIANCETable 35 ApprovalsSAFETYNorth America ANSI/UL-1950 3rdCSA C22.2 No. 950 3rdEuropean Union (CE mark) EN60950 (1992+A1+A2+A3+A4+A11)IEC 60950 3rdEMINorth America FCC Part 15 Class BEuropean Union (CE mark) EN55022 Class BEN61000-3-2EN61000-3-3EMS European Union (CE mark)ELECTROSTATIC DISCHARGEEN61000-4-2RADIO-FREQUENCY ELECTROMAGNETIC FIELDEN61000-4-3EFT/BURST EN61000-4-4SURGE EN61000-4-5CONDUCTEDSUSCEPTIBILITYEN61000-4-6POWER MAGNETIC EN61000-4-8
ZyXEL G-570S User’s Guide118 Appendix A Product SpecificationsPower Adaptor SpecificationsVOLTAGE DIPS/INTERRUPTIONEN61000-4-11EM FIELD FROM DIGITAL TELEPHONESENV50204LAN COMPATIBILITY SmartBitFOR WIRELESS PC CARD FCC Part15C, Sec15.247ETS300 328ETS300 826CE markTable 35 Approvals (continued)Table 36 Power Adaptor SpecificationsAUSTRALIAN PLUG STANDARDSAC Power Adapter Model AD-121AEInput Power 240 Volts AC 50Hz Output Power 12 Volts DC ±5% 1 AmpPower Consumption 12 WattsSafety Standards C-TickEUROPEAN PLUG STANDARDSAC Power Adapter Model AD-121ABInput Power 230 Volts AC 50Hz Output Power 12 Volts DC ±5%, 1 Amp Power Consumption 12 WattsSafety Standards CE mark, EN60950 (2001)NORTH AMERICAN PLUG STANDARDSAC Power Adapter Model AD-121AInput Power 120 Volts AC 60HzOutput Power 12 Volts DC ±5%, 1 Amp Power Consumption 12 WattsSafety Standards ULUK PLUG STANDARDSAC Power Adapter Model AD-121ADInput Power 240 Volts AC 50Hz Output Power 12 Volts DC ±5% 1 Amp
ZyXEL G-570S User’s GuideAppendix A Product Specifications 119Power Consumption 12 WattsSafety Standards CE mark, EN60950 (2001)Table 36 Power Adaptor Specifications (continued)
ZyXEL G-570S User’s Guide120 Appendix A Product Specifications
ZyXEL G-570S User’s GuideAppendix B Setting up Your Computer’s IP Address 121APPENDIX BSetting up Your Computer’s IP AddressAll computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.TCP/IP should already be installed on computers using Windows NT/2000/XP, Macintosh OS 7 and later operating systems.After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order to "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the G-570S’s LAN port.Windows 95/98/MeClick Start,Settings,Control Panel and double-click the Network icon to open the Network window.
ZyXEL G-570S User’s Guide122 Appendix B Setting up Your Computer’s IP AddressFigure 80 WIndows 95/98/Me: Network: ConfigurationInstalling ComponentsThe Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks.If you need the adapter:1In the Network window, click Add.2Select Adapter and then click Add.3Select the manufacturer and model of your network adapter and then click OK.If you need TCP/IP:1In the Network window, click Add.2Select Protocol and then click Add.3Select Microsoft from the list of manufacturers.4Select TCP/IP from the list of network protocols and then click OK.If you need Client for Microsoft Networks:1Click Add.2Select Client and then click Add.
ZyXEL G-570S User’s GuideAppendix B Setting up Your Computer’s IP Address 1233Select Microsoft from the list of manufacturers.4Select Client for Microsoft Networks from the list of network clients and then click OK.5Restart your computer so the changes you made take effect.Configuring1In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties2Click the IP Address tab.• If your IP address is dynamic, select Obtain an IP address automatically.• If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields.Figure 81 Windows 95/98/Me: TCP/IP Properties: IP Address3Click the DNS Configuration tab.• If you do not know your DNS information, select Disable DNS.• If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in).
ZyXEL G-570S User’s Guide124 Appendix B Setting up Your Computer’s IP AddressFigure 82 Windows 95/98/Me: TCP/IP Properties: DNS Configuration4Click the Gateway tab.• If you do not know your gateway’s IP address, remove previously installed gateways.• If you have a gateway IP address, type it in the New gateway fieldand click Add.5Click OK to save and close the TCP/IP Properties window.6Click OK to close the Network window. Insert the Windows CD if prompted.7Turn on your G-570S and restart your computer when prompted.Verifying Settings1Click Start and then Run.2In the Run window, type "winipcfg" and then click OK to open the IP Configurationwindow.3Select your network adapter. You should see your computer's IP address, subnet mask and default gateway.Windows 2000/NT/XPThe following example figures use the default Windows XP GUI theme.1Click start (Start in Windows 2000/NT), Settings,Control Panel.
ZyXEL G-570S User’s GuideAppendix B Setting up Your Computer’s IP Address 125Figure 83 Windows XP: Start Menu2In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT).Figure 84 Windows XP: Control Panel3Right-click Local Area Connection and then click Properties.
ZyXEL G-570S User’s Guide126 Appendix B Setting up Your Computer’s IP AddressFigure 85 Windows XP: Control Panel: Network Connections: Properties4Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties.Figure 86 Windows XP: Local Area Connection Properties5The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).• If you have a dynamic IP address click Obtain an IP address automatically.
ZyXEL G-570S User’s GuideAppendix B Setting up Your Computer’s IP Address 127• If you have a static IP address click Use the following IP Addressand fill in the IP address,Subnet mask, and Default gateway fields. • Click Advanced.Figure 87 Windows XP: Internet Protocol (TCP/IP) Properties6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.Do one or more of the following if you want to configure additional IP addresses:•In the IP Settings tab, in IP addresses, click Add.•In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add.• Repeat the above two steps for each IP address you want to add.• Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways.•In TCP/IP Gateway Address, type the IP address of the default gateway in Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric.• Click Add.• Repeat the previous three steps for each default gateway you want to add.• Click OK when finished.
ZyXEL G-570S User’s Guide128 Appendix B Setting up Your Computer’s IP AddressFigure 88 Windows XP: Advanced TCP/IP Properties7In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP):• Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).• If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS serverand Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them.
ZyXEL G-570S User’s GuideAppendix B Setting up Your Computer’s IP Address 129Figure 89 Windows XP: Internet Protocol (TCP/IP) Properties8Click OK to close the Internet Protocol (TCP/IP) Properties window.9Click Close (OK in Windows 2000/NT) to close the Local Area Connection Propertieswindow.10 Close the Network Connections window (Network and Dial-up Connections inWindows 2000/NT).11Turn on your G-570S and restart your computer (if prompted).Verifying Settings1Click Start,All Programs,Accessories and then Command Prompt.2In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab.Macintosh OS 8/9 1Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IPControl Panel.
ZyXEL G-570S User’s Guide130 Appendix B Setting up Your Computer’s IP AddressFigure 90 Macintosh OS 8/9: Apple Menu2Select Ethernet built-in from the Connect via list.Figure 91 Macintosh OS 8/9: TCP/IP3For dynamically assigned settings, select Using DHCP Server from the Configure: list.
ZyXEL G-570S User’s GuideAppendix B Setting up Your Computer’s IP Address 1314For statically assigned settings, do the following:•From the Configure box, select Manually.• Type your IP address in the IP Address box.• Type your subnet mask in the Subnet mask box.• Type the IP address of your G-570S in the Router address box.5Close the TCP/IP Control Panel.6Click Save if prompted, to save changes to your configuration.7Turn on your G-570S and restart your computer (if prompted).Verifying SettingsCheck your TCP/IP properties in the TCP/IP Control Panel window.Macintosh OS X1Click the Apple menu, and click System Preferences to open the System Preferenceswindow.Figure 92 Macintosh OS X: Apple Menu2Click Network in the icon bar. • Select Automatic from the Location list.• Select Built-in Ethernet from the Show list. • Click the TCP/IP tab.3For dynamically assigned settings, select Using DHCP from the Configure list.
ZyXEL G-570S User’s Guide132 Appendix B Setting up Your Computer’s IP AddressFigure 93 Macintosh OS X: Network4For statically assigned settings, do the following:•From the Configure box, select Manually.• Type your IP address in the IP Address box.• Type your subnet mask in the Subnet mask box.• Type the IP address of your G-570S in the Router address box.5Click Apply Now and close the window.6Turn on your G-570S and restart your computer (if prompted).Verifying SettingsCheck your TCP/IP properties in the Network window.LinuxThis section shows you how to configure your computer’s TCP/IP settings in Red Hat Linux 9.0. Procedure, screens and file location may vary depending on your Linux distribution and release version.
ZyXEL G-570S User’s GuideAppendix B Setting up Your Computer’s IP Address 133Note: Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE)Follow the steps below to configure your computer IP address using the KDE. 1Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.Figure 94 Red Hat 9.0: KDE: Network Configuration: Devices 2Double-click on the profile of the network card you wish to configure. The EthernetDevice General screen displays as shown. Figure 95 Red Hat 9.0: KDE: Ethernet Device: General
ZyXEL G-570S User’s Guide134 Appendix B Setting up Your Computer’s IP Address• If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click Statically set IP Addresses and fill in the Address,Subnet mask, and Default Gateway Addressfields.3Click OK to save the changes and close the Ethernet Device General screen. 4If you know your DNS server IP address(es), click the DNS tab in the NetworkConfiguration screen. Enter the DNS server information in the fields provided. Figure 96 Red Hat 9.0: KDE: Network Configuration: DNS 5Click the Devices tab. 6Click the Activate button to apply the changes. The following screen displays. Click Yes to save the changes in all screens.Figure 97 Red Hat 9.0: KDE: Network Configuration: Activate 7After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen.Using Configuration FilesFollow the steps below to edit the network configuration files and set your computer IP address.
ZyXEL G-570S User’s GuideAppendix B Setting up Your Computer’s IP Address 1351Assuming that you have only one network card on the computer, locate the ifconfig-eth0 configuration file (where eth0 is the name of the Ethernet card). Open the configuration file with any plain text editor.• If you have a dynamic IP address, enter dhcp in the BOOTPROTO=field. The following figure shows an example. Figure 98 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 • If you have a static IP address, enter static in the BOOTPROTO=field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0. Figure 99 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 2If you know your DNS server IP address(es), enter the DNS server information in the resolv.conf file in the /etc directory. The following figure shows an example where two DNS server IP addresses are specified.Figure 100 Red Hat 9.0: DNS Settings in resolv.conf 3After you edit and save the configuration files, you must restart the network card. Enter ./network restart in the /etc/rc.d/init.d directory. The following figure shows an example.DEVICE=eth0ONBOOT=yesBOOTPROTO=dhcpUSERCTL=noPEERDNS=yesTYPE=EthernetDEVICE=eth0ONBOOT=yesBOOTPROTO=staticIPADDR=192.168.1.10NETMASK=255.255.255.0USERCTL=noPEERDNS=yesTYPE=Ethernetnameserver 172.23.5.1nameserver 172.23.5.2
ZyXEL G-570S User’s Guide136 Appendix B Setting up Your Computer’s IP AddressFigure 101 Red Hat 9.0: Restart Ethernet Card Verifying SettingsEnter ifconfig in a terminal screen to check your TCP/IP properties. Figure 102 Red Hat 9.0: Checking TCP/IP Properties [root@localhost init.d]# network restartShutting down interface eth0: [OK]Shutting down loopback interface: [OK]Setting network parameters: [OK]Bringing up loopback interface: [OK]Bringing up interface eth0: [OK][root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]#
ZyXEL G-570S User’s GuideAppendix C Wireless LANs 137APPENDIX CWireless LANsWireless LAN TopologiesThis section discusses ad-hoc and infrastructure wireless LAN topologies.Ad-hoc Wireless LAN ConfigurationThe simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS). The following diagram shows an example of notebook computers using wireless adapters to form an Ad-hoc wireless LAN. Figure 103 Peer-to-Peer Communication in an Ad-hoc NetworkBSSA Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP). Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS is enabled, wireless station A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless station A and B can still access the wired network but cannot communicate with each other.
ZyXEL G-570S User’s Guide138 Appendix C Wireless LANsFigure 104 Basic Service SetESSAn Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate.
ZyXEL G-570S User’s GuideAppendix C Wireless LANs 139Figure 105 Infrastructure WLANChannelA channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.Adjacent channels partially overlap however. To avoid interference due to overlap, your AP should be on a channel at least five channels away from a channel that an adjacent AP is using. For example, if your region has 11 channels and an adjacent AP is using channel 1, then you need to select a channel between 6 or 11.RTS/CTSA hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other.
ZyXEL G-570S User’s Guide140 Appendix C Wireless LANsFigure 106 RTS/CTSWhen station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the biggest size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send) handshake is invoked.When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station that wants to transmit this frame must first send an RTS (Request To Send) message to the AP for permission to send it. The AP then responds with a CTS (Clear to Send) message to all other stations within its range to notify them to defer their transmission. It also reserves and confirms with the requesting station the time frame for the requested transmission.Stations can send frames smaller than the specified RTS/CTS directly to the AP without the RTS (Request To Send)/CTS (Clear to Send) handshake. You should only configure RTS/CTS if the possibility of hidden nodes exists on your network and the "cost" of resending large frames is more than the extra network overhead involved in the RTS (Request To Send)/CTS (Clear to Send) handshake. If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Note: Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy.Fragmentation ThresholdAFragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the AP will fragment the packet into smaller data frames.
ZyXEL G-570S User’s GuideAppendix C Wireless LANs 141A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.IEEE 802.11g Wireless LANIEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows:IEEE 802.1xIn June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are:• User based identification that allows for roaming.• Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless stations.RADIUSRADIUS is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks:Table 37 IEEE 802.11gDATA RATE (MBPS) MODULATION1 DBPSK (Differential Binary Phase Shift Keyed)2 DQPSK (Differential Quadrature Phase Shift Keying)5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing)
ZyXEL G-570S User’s Guide142 Appendix C Wireless LANs• Authentication Determines the identity of the users.• AuthorizationDetermines the network services available to authenticated users once they are connected to the network.• AccountingKeeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless station and the network RADIUS server. Types of RADIUS MessagesThe following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication:• Access-RequestSent by an access point requesting authentication.• Access-RejectSent by a RADIUS server rejecting access.• Access-AcceptSent by a RADIUS server allowing access. • Access-ChallengeSent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting:• Accounting-RequestSent by the access point requesting accounting.• Accounting-ResponseSent by the RADIUS server to indicate that it has started or stopped accounting. In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access.
ZyXEL G-570S User’s GuideAppendix C Wireless LANs 143EAP AuthenticationEAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, the access point helps a wireless station and a RADIUS server perform authentication.The type of authentication you use depends on the RADIUS server or the AP. The following figure shows an overview of authentication when you specify a RADIUS server on your access point.Figure 107 EAP AuthenticationThe details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix. 1The wireless station sends a “start” message to the device. 2The device sends a “request identity” message to the wireless station for identity information.3The wireless station replies with identity information, including username and password. 4The RADIUS server checks the user information against its user profile database and determines whether or not to authenticate the wireless station.Types of Authentication This section discusses some popular authentication types: EAP-MD5,EAP-TLS,EAP-TTLS,PEAP and LEAP.The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information.EAP-MD5 (Message-Digest Algorithm 5)MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless station. The wireless station ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text.
ZyXEL G-570S User’s Guide144 Appendix C Wireless LANsHowever, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key. You must configure WEP encryption keys for data encryption. EAP-TLS (Transport Layer Security)With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead. EAP-TTLS (Tunneled Transport Layer Service) EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. PEAP (Protected EAP)Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco.LEAPLEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. WEP EncryptionWEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key.
ZyXEL G-570S User’s GuideAppendix C Wireless LANs 145WEP Authentication StepsThree different methods can be used to authenticate wireless stations to the network: OpenSystem,Shared Key, and Auto. The following figure illustrates the steps involved.Figure 108 WEP Authentication StepsOpen system authentication involves an unencrypted two-message procedure. A wireless station sends an open system authentication request to the AP, which will then automatically accept and connect the wireless station to the network. In effect, open system is not authentication at all as any station can gain access to the network.Shared key authentication involves a four-message procedure. A wireless station sends a shared key authentication request to the AP, which will then reply with a challenge text message. The wireless station must then use the AP’s default WEP key to encrypt the challenge text and return it to the AP, which attempts to decrypt the message using the AP’s default WEP key. If the decrypted message matches the challenge text, the wireless station is authenticated. When your device authentication method is set to open system, it will only accept open system authentication requests. The same is true for shared key authentication. However, when it is set to auto authentication, the device will accept either type of authentication request and the device will fall back to use open authentication if the shared key does not match.
ZyXEL G-570S User’s Guide146 Appendix C Wireless LANsDynamic WEP Key ExchangeThe AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed.If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled.Note: EAP-MD5 cannot be used with Dynamic WEP Key ExchangeFor added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types.WPA(2)User Authentication WPA or WPA2 applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless stations using an external RADIUS database. EncryptionBoth WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption.Table 38 Comparison of EAP Authentication TypesEAP-MD5 EAP-TLS EAP-TTLS PEAP LEAPMutual Authentication No Yes Yes Yes YesCertificate – Client No Yes Optional Optional NoCertificate – Server No Yes Yes Yes NoDynamic Key Exchange No Yes Yes Yes YesCredential Integrity None Strong Strong Strong ModerateDeployment Difficulty Easy Hard Moderate Moderate ModerateClient Identity Protection No No Yes Yes No
ZyXEL G-570S User’s GuideAppendix C Wireless LANs 147TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the PMK to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless stations. This all happens in the background automatically.WPA2 AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm called Rijndael.The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped. By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), TKIP makes it much more difficult to decrypt data on a Wi-Fi network than WEP, making it difficult for an intruder to break into the network. The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials. The common-password approach makes WPA-PSK susceptible to brute-force password-guessing attacks but it’s still an improvement over WEP as it employs an easier-to-use, consistent, single, alphanumeric password.RoamingA wireless station is a device with an IEEE 802.11 mode compliant wireless adapter. An access point (AP) acts as a bridge between the wireless and wired networks. An AP creates its own wireless coverage area. A wireless station can associate with a particular access point only if it is within the access point’s coverage area.In a network environment with multiple access points, wireless stations are able to switch from one access point to another as they move between the coverage areas. This is roaming. As the wireless station moves from place to place, it is responsible for choosing the most appropriate access point depending on the signal strength, network utilization or other factors.The roaming feature on the access points allows the access points to relay information about the wireless stations to each other. When a wireless station moves from a coverage area to another, it scans and uses the channel of a new access point, which then informs the access points on the LAN about the change. The new information is then propagated to the other access points on the LAN. An example is shown in Figure 109.
ZyXEL G-570S User’s Guide148 Appendix C Wireless LANsIf the roaming feature is not enabled on the access points, information is not communicated between the access points when a wireless station moves between coverage areas. The wireless station may not be able to communicate with other wireless stations on the network and vice versa.Figure 109 Roaming ExampleThe steps below describe the roaming process.1As wireless station Y moves from the coverage area of access point P1 to that of access point2P2, it scans and uses the signal of access point P2.3Access point P2 acknowledges the presence of wireless station Y and relays this information to access point P1 through the wired LAN. 4Access point P1 updates the new position of wireless station.5Wireless station Y sends a request to access point P2 for re-authentication.Requirements for RoamingThe following requirements must be met in order for wireless stations to roam between the coverage areas. 1All the access points must be on the same subnet and configured with the same ESSID. 2If IEEE 802.1x user authentication is enabled and to be done locally on the access point, the new access point must have the user profile for the wireless station.3The adjacent access points should use different radio channels when their coverage areas overlap. 4All access points must use the same port number to relay roaming information.
ZyXEL G-570S User’s GuideAppendix C Wireless LANs 1495The access points must be connected to the Ethernet and be able to get IP addresses from a DHCP server if using dynamic IP address assignment.
ZyXEL G-570S User’s Guide150 Appendix C Wireless LANs
ZyXEL G-570S User’s GuideAppendix D IP Subnetting 151APPENDIX DIP SubnettingIP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP ClassesAn IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1. IP addresses are categorized into different classes. The class of an address depends on the value of its first octet. • Class “A” addresses have a 0 in the left most bit. In a class “A” address the first octet is the network number and the remaining three octets make up the host ID.• Class “B” addresses have a 1 in the left most bit and a 0 in the next left most bit. In a class “B” address the first two octets make up the network number and the two remaining octets make up the host ID.• Class “C” addresses begin (starting from the left) with 1 1 0. In a class “C” address the first three octets make up the network number and the last octet is the host ID.• Class “D” addresses begin with 1 1 1 0. Class “D” addresses are used for multicasting. (There is also a class “E” address. It is reserved for future use.) Note: Host IDs of all zeros or all ones are not allowed.Therefore:A class “C” network (8 host bits) can have 28 –2 or 254 hosts. A class “B” address (16 host bits) can have 216 –2 or 65534 hosts. A class “A” address (24 host bits) can have 224 –2 hosts (approximately 16 million hosts). Table 39 Classes of IP AddressesIP ADDRESS: OCTET 1 OCTET 2 OCTET 3 OCTET 4Class A 0Network number Host ID Host ID Host IDClass B 10 Network number Network number Host ID Host IDClass C 110 Network number Network number Network number Host ID
ZyXEL G-570S User’s Guide152 Appendix D IP SubnettingSince the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B” address has a valid range of 128 to 191. The first octet of a class “C” address begins with “110”, and therefore has a range of 192 to 223. Subnet MasksA subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). A subnet mask has 32 is a “1” then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is “0” then the corresponding bit in the IP address is part of the host ID. Subnet masks are expressed in dotted decimal notation just as IP addresses are. The “natural” masks for class A, B and C IP addresses are as follows.SubnettingWith subnetting, the class arrangement of an IP address is ignored. For example, a class C address no longer has to have 24 bits of network number and 8 bits of host ID. With subnetting, some of the host ID bits are converted into network number bits. By convention, subnet masks always consist of a continuous sequence of ones beginning from the left most bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits.Table 40 Allowed IP Address Range By ClassCLASS ALLOWED RANGE OF FIRST OCTET (BINARY) ALLOWED RANGE OF FIRST OCTET (DECIMAL)Class A 00000000 to 01111111 0 to 127Class B 10000000 to 10111111 128 to 191Class C 11000000 to 11011111 192 to 223Class D 11100000 to 11101111 224 to 239Table 41 “Natural” MasksCLASS NATURAL MASKA255.0.0.0B255.255.0.0C255.255.255.0
ZyXEL G-570S User’s GuideAppendix D IP Subnetting 153Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with mask 255.255.255.128. The following table shows all possible subnet masks for a class “C” address using both notations.The first mask shown is the class “C” natural mask. Normally if no mask is specified it is understood that the natural mask is being used.Example: Two SubnetsAs an example, you have a class “C” address 192.168.1.0 with subnet mask of 255.255.255.0. The first three octets of the address make up the network number (class “C”). You want to have two separate networks.Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “borrowed” host ID bit can be either “0” or “1” thus giving two subnets; 192.168.1.0 with mask 255.255.255.128 and 192.168.1.128 with mask 255.255.255.128.Table 42 Alternative Subnet Mask NotationSUBNET MASK IP ADDRESS SUBNET MASK “1” BITS LAST OCTET BIT VALUE255.255.255.0 /24 0000 0000255.255.255.128 /25 1000 0000255.255.255.192 /26 1100 0000255.255.255.224 /27 1110 0000255.255.255.240 /28 1111 0000255.255.255.248 /29 1111 1000255.255.255.252 /30 1111 1100Table 43 Two Subnets ExampleNETWORK NUMBER HOST IDIP Address 192.168.1. 0IP Address (Binary) 11000000.10101000.00000001. 00000000Subnet Mask 255.255.255. 0Subnet Mask (Binary) 11111111.11111111.11111111. 00000000
ZyXEL G-570S User’s Guide154 Appendix D IP SubnettingNote: In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have on each subnet.The remaining 7 bits determine the number of hosts each subnet can have. Host IDs of all zeros represent the subnet itself and host IDs of all ones are the broadcast address for that subnet, so the actual number of hosts available on each subnet in the example above is 27 – 2 or 126 hosts for each subnet.192.168.1.0 with mask 255.255.255.128 is the subnet itself, and 192.168.1.127 with mask 255.255.255.128 is the directed broadcast address for the first subnet. Therefore, the lowest IP address that can be assigned to an actual host for the first subnet is 192.168.1.1 and the highest is 192.168.1.126. Similarly the host ID range for the second subnet is 192.168.1.129 to 192.168.1.254.Table 44 Subnet 1NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 0IP Address (Binary) 11000000.10101000.00000001. 00000000Subnet Mask 255.255.255. 128Subnet Mask (Binary) 11111111.11111111.11111111. 10000000Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126Table 45 Subnet 2NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 128IP Address (Binary) 11000000.10101000.00000001. 10000000Subnet Mask 255.255.255. 128Subnet Mask (Binary) 11111111.11111111.11111111. 10000000Subnet Address: 192.168.1.128 Lowest Host ID: 192.168.1.129Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254
ZyXEL G-570S User’s GuideAppendix D IP Subnetting 155Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192. Each subnet contains 6 host ID bits, giving 26-2 or 62 hosts for each subnet (all 0’s is the subnet itself, all 1’s is the broadcast address on the subnet). Table 46 Subnet 1NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 0IP Address (Binary) 11000000.10101000.00000001. 00000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1Broadcast Address: 192.168.1.63 Highest Host ID: 192.168.1.62Table 47 Subnet 2NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 64IP Address (Binary) 11000000.10101000.00000001. 01000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.65Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126Table 48 Subnet 3NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 128IP Address (Binary) 11000000.10101000.00000001. 10000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.128 Lowest Host ID: 192.168.1.129Broadcast Address: 192.168.1.191 Highest Host ID: 192.168.1.190
ZyXEL G-570S User’s Guide156 Appendix D IP SubnettingExample Eight SubnetsSimilarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110). The following table shows class C IP address last octet values for each subnet.The following table is a summary for class “C” subnet planning.Table 49 Subnet 4NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 192IP Address (Binary) 11000000.10101000.00000001. 11000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.193Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254Table 50 Eight SubnetsSUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCASTADDRESS1 0 1 30 31232 33 62 63364 65 94 95496 97 126 1275128 129 158 1596160 161 190 1917192 193 222 2238224 225 254 255Table 51 Class C Subnet PlanningNO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.255.128 (/25) 21262255.255.255.192 (/26) 4623255.255.255.224 (/27) 8304255.255.255.240 (/28) 16 145255.255.255.248 (/29) 32 66255.255.255.252 (/30) 64 27255.255.255.254 (/31) 128 1
ZyXEL G-570S User’s GuideAppendix D IP Subnetting 157Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets available for subnetting and a class “A” address has three host ID octets (see Table 39 on page 151) available for subnetting. The following table is a summary for class “B” subnet planning. Table 52 Class B Subnet PlanningNO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.128.0 (/17) 2327662255.255.192.0 (/18) 4163823255.255.224.0 (/19) 881904255.255.240.0 (/20) 16 40945255.255.248.0 (/21) 32 20466255.255.252.0 (/22) 64 10227255.255.254.0 (/23) 128 5108255.255.255.0 (/24) 256 2549255.255.255.128 (/25) 512 12610 255.255.255.192 (/26) 1024 6211 255.255.255.224 (/27) 2048 3012 255.255.255.240 (/28) 4096 1413 255.255.255.248 (/29) 8192 614 255.255.255.252 (/30) 16384 215 255.255.255.254 (/31) 32768 1
ZyXEL G-570S User’s Guide158 Appendix D IP Subnetting
ZyXEL G-570S User’s GuideIndex 159IndexNumerics110V AC 5230V AC 5AAbnormal Working Conditions 6AC 5Accessories 5Acts of God 6Address Assignment 53Ad-hoc 57Advanced Encryption Standard 146Airflow 5Alternative Subnet Mask Notation 153AP (access point) 139Association List 50Authentication 75,145Authority 3Auto MDI/MDI-X 115Auto-negotiating 115BBasement 5Basic Service Set 57BSS 57,137CCA 144Cables, Connecting 5Certificate Authority 144Certifications 4Changes or Modifications 3Channel 139Interference 139channel 51,59Channel ID 62,69,72Charge 6Circuit 3Class B 3Communications 3Compliance, FCC 3Components 6Condition 6Connecting Cables 5Consequential Damages 6Contact Information 7Contacting Customer Support 7Copyright 2Correcting Interference 3Corrosive Liquids 5Covers 5CTS (Clear to Send) 140Customer Support 7Czech Republic, Contact Information 7DDampness 5Danger 5Data Encryption 75Dealer 3Deep 115Default IP Address 115Default Password 115Default Subnet Mask 115Defective 6Denmark, Contact Information 7DHCP Client 115Diagnostic Tools 116Dimensions 115Disclaimer 2Discretion 6Distribution System 58Dust 5Dynamic WEP Key Exchange 78,146
ZyXEL G-570S User’s Guide160 IndexEEAP 74,77,79EAP Authentication 143Electric Shock 5Electrical Pipes 5Encryption 79,146Equal Value 6ESS 58,138ESS IDentification 58Ethernet Ports 115Europe 5European Plug Standards 118Exposure 5Extended Service Set 58,138Extensible Authentication Protocol 79FFailure 6FCC 3Compliance 3Rules, Part 15 3FCC Rules 3Federal Communications Commission 3Finland, Contact Information 7Fitness 6Fragmentation Threshold 61,140Fragmentation threshold 140France, Contact Information 7Functionally Equivalent 6GGas Pipes 5Germany, Contact Information 7God, act of 6HHarmful Interference 3Hidden node 139High 115High Voltage Points 5Host IDs 151IIBSS 57,137IEEE 802.11g 141Independent Basic Service Set 57,137Indirect Damages 6initialization vector (IV) 147Insurance 6Interference 3Interference Correction Measures 3Interference Statement 3IP Address 53IP Address, Default 115IP Addressing 151IP Classes 151LLabor 6Legal Rights 6Liability 2License 2Lightning 5Liquids, Corrosive 5MMAC filter 74Management 116Materials 6Merchantability 6Message Integrity Check (MIC) 146Modifications 3NNavigation Panel 44New 6North America 5North America Contact Information 7
ZyXEL G-570S User’s GuideIndex 161North American Plug Standards 118Norway, Contact Information 7OOpen System 76Opening 5Operating Condition 6Operation Humidity 115Operation Temperature 115Out-dated Warranty 6Outlet 3PPairwise Master Key (PMK) 147Parts 6Password 115Patent 2Permission 2Photocopying 2Pipes 5Pool 5Postage Prepaid. 6Power Adaptor Specifications 118Power Cord 5Private IP Address 53Product Model 7Product Page 4Product Serial Number 7Products 6Proof of Purchase 6Proper Operating Condition 6Protocol Support 115Purchase, Proof of 6Purchaser 6QQualified Service Personnel 5RRadio Communications 3Radio Frequency Energy 3Radio Interference 3Radio Reception 3Radio Technician 3RADIUS 141Shared Secret Key 142RADIUS Message Types 142RADIUS Messages 142Read Me First 19Receiving Antenna 3Registered 2Registered Trademark 2Regular Mail 7Related Documentation 19Relocate 3Re-manufactured 6Removing 5Reorient 3Repair 6Replace 6Replacement 6Reproduction 2Restore 6Return Material Authorization (RMA) Number 6Returned Products 6Returns 6Rights 2Rights, Legal 6Risk 5Risks 5RJ-45 115RMA 6Roaming 147Example 148Requirements 148RTS (Request To Send) 140RTS Threshold 60,139,140RTS/CTS 60SSafety Warnings 5Security Parameters 81Separation Between Equipment and Receiver 3Serial Number 7
ZyXEL G-570S User’s Guide162 IndexService 5,6Service Personnel 5Service Set Identity 59Shared Key 76Shipping 6Shock, Electric 5signal strength 50,51Spain, Contact Information 8SSID 51,59Statistics 48Storage Humidity 115Storage Temperature 115Subnet Mask 53Subnet Mask, Default 115Subnet Masks 152Subnetting 152Supply Voltage 5Support E-mail 7Supporting Disk 19Sweden, Contact Information 8Swimming Pool 5Syntax Conventions 19System Status 47TTampering 6Telephone 7Television Interference 3Television Reception 3Temporal Key Integrity Protocol (TKIP) 146Thunderstorm 5Trademark 2Trademark Owners 2Trademarks 2Translation 2TV Technician 3UUndesired Operations 3User Authentication 79,146VValue 6Vendor 5Ventilation Slots 5Viewing Certifications 4Voltage Supply 5Voltage, High 5WWall Mount 5Warnings 5Warranty 6Warranty Information 7Warranty Period 6Water 5Water Pipes 5WDS 66Web Site 7Weight 115WEP 75WEP encryption 144Wet Basement 5Wide 115Wired Equivalent Privacy 75Wireless Client WPA Supplicants 81WLANInterference 139Workmanship 6Worldwide Contact Information 7WPA 78WPA with RADIUS Application 80WPA2 78WPA-PSK 79WPA-PSK Application 79Written Permission 2ZZyNOS 2ZyXEL Communications Corporation 2ZyXEL Home Page 4ZyXEL Limited WarrantyNote 6ZyXEL Network Operating System 2

Navigation menu