ZyXEL Communications NWA1100 Access Point User Manual NWA1100 UG v 1 00 Ed 1 July 2008

ZyXEL Communications Corporation Access Point NWA1100 UG v 1 00 Ed 1 July 2008

Contents

Installation guide II

Chapter 6 Wireless Settings ScreenZyXEL NWA-1100 User’s Guide 71See the tables describing the fields in the Access Point and Bridge operating modes for descriptions of the fields in this screen.6.5 Technical ReferenceThis section provides technical background information about the topics covered in this chapter. Refer to Appendix E on page 153 for further readings on Wireless LAN.6.5.1 WMM QoSWMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless networks. It controls WLAN transmission priority on packets to be transmitted over the wireless network.WMM QoS prioritizes wireless traffic according to the delivery requirements of the individual and applications. WMM QoS is a part of the IEEE 802.11e QoS enhancement to certified Wi-Fi wireless networks.On APs without WMM QoS, all traffic streams are given the same access priority to the wireless network. If the introduction of another traffic stream creates a data transmission demand that exceeds the current network capacity, then the new traffic stream reduces the throughput of the other traffic streams.The ZyXEL Device uses WMM QoS to prioritize traffic streams according to the IEEE 802.1q or DSCP information in each packet’s header. The ZyXEL Device automatically determines the priority to use for an individual traffic stream. This prevents reductions in data transmission for applications that are sensitive to latency and jitter (variations in delay).6.5.2 Spanning Tree Protocol (STP)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a bridge to interact with other STP-compliant bridges in your network to ensure that only one route exists between any two stations on the network.6.5.2.1 Rapid STPThe ZyXEL Device uses IEEE 802.1w RSTP (Rapid Spanning Tree Protocol) that allow faster convergence of the spanning tree (while also being backwards compatible with STP-only aware bridges). Using RSTP topology change information does not have to propagate to the root bridge and unwanted learned addresses are flushed from the filtering database. In RSTP, the port states are Discarding, Learning, and Forwarding.6.5.2.2 STP TerminologyThe root bridge is the base of the spanning tree; it is the bridge with the lowest identifier value (MAC address).
Chapter 6 Wireless Settings ScreenZyXEL NWA-1100 User’s Guide72Path cost is the cost of transmitting a frame onto a LAN through that port. It is assigned according to the speed of the link to which a port is attached. The slower the media, the higher the cost - see the following table.On each bridge, the root port is the port through which this bridge communicates with the root. It is the port on this switch with the lowest path cost to the root (the root path cost). If there is no root port, then this bridge has been accepted as the root bridge of the spanning tree network.For each LAN segment, a designated bridge is selected. This bridge has the lowest cost to the root among the bridges connected to the LAN. 6.5.2.3 How STP WorksAfter a bridge determines the lowest cost-spanning tree with STP, it enables the root port and the ports that are the designated ports for connected LANs, and disables all other ports that participate in STP. Network packets are therefore only forwarded between enabled ports, eliminating any possible network loops.STP-aware bridges exchange Bridge Protocol Data Units (BPDUs) periodically. When the bridged LAN topology changes, a new spanning tree is constructed.Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the root bridge. If a bridge does not get a Hello BPDU after a predefined interval (Max Age), the bridge assumes that the link to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology.6.5.2.4 STP Port StatesSTP assigns five port states (see next table) to eliminate packet looping. A bridge port is not allowed to go directly from blocking state to forwarding state so as to eliminate transient loops. Table 12 STP Path CostsLINK SPEED RECOMMENDED VALUERECOMMENDED RANGEALLOWED RANGEPath Cost 4Mbps 250 100 to 1000 1 to 65535Path Cost 10Mbps 100 50 to 600 1 to 65535Path Cost 16Mbps 62 40 to 400 1 to 65535Path Cost 100Mbps 19 10 to 60 1 to 65535Path Cost 1Gbps 43 to 10 1 to 65535Path Cost 10Gbps 21 to 5 1 to 65535Table 13 STP Port StatesPORT STATES DESCRIPTIONSDisabled STP is disabled (default).Blocking Only configuration and management BPDUs are received and processed.Listening All BPDUs are received and processed.Learning All BPDUs are received and processed. Information frames are submitted to the learning process but not forwarded.Forwarding All BPDUs are received and processed. All information frames are received and forwarded.
Chapter 6 Wireless Settings ScreenZyXEL NWA-1100 User’s Guide 736.5.3 Additional Wireless TermsTable 14 Additional Wireless TermsTERM DESCRIPTIONIntra-BSS Traffic This describes direct communication (not through the ZyXEL Device) between two wireless devices within a wireless network. You might disable this kind of communication to enhance security within your wireless network.RTS/CTS Threshold In a wireless network which covers a large area, wireless devices are sometimes not aware of each other’s presence. This may cause them to send information to the AP at the same time and result in information colliding and not getting through.By setting this value lower than the default value, the wireless devices must sometimes get permission to send information to the ZyXEL Device. The lower the value, the more often the devices must get permission.If this value is greater than the fragmentation threshold value (see below), then wireless devices never have to get permission to send information to the ZyXEL Device.Preamble A preamble affects the timing in your wireless network. There are two preamble modes: long and short. If a device uses a different preamble mode than the ZyXEL Device does, it cannot communicate with the ZyXEL Device.Fragmentation ThresholdA small fragmentation threshold is recommended for busy networks, while a larger threshold provides faster performance if the network is not very busy.Roaming If you have two or more ZyXEL Devices (or other wireless access points) on your wireless network, you can enable this option so that wireless devices can change locations without having to log in again. This is useful for devices, such as notebooks, that move around a lot.Antenna An antenna couples Radio Frequency (RF) signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN.
Chapter 6 Wireless Settings ScreenZyXEL NWA-1100 User’s Guide74
ZyXEL NWA-1100 User’s Guide 75CHAPTER 7 Wireless Security Screen7.1 OverviewThis chapter describes how to use the Wireless Security screen. This screen allows you to configure the security mode for your ZyXEL Device.Wireless security is vital to your network. It protects communications between wireless stations, access points and the wired network. Figure 31 Securing the Wireless NetworkIn the figure above, the ZyXEL Device checks the identity of devices before giving them access to the network. In this scenario, Computer A is denied access to the network, while Computer B is granted connectivity.The ZyXEL Device secure communications via data encryption, wireless client authentication and MAC address filtering. It can also hide its identity in the network.7.2 What You Can Do in the Wireless Security ScreenUse the Wireless > Security screen (see Section 7.4 on page 77) to choose the security mode for your ZyXEL Device.
Chapter 7 Wireless Security ScreenZyXEL NWA-1100 User’s Guide767.3 What You Need To Know About Wireless SecurityUser AuthenticationAuthentication is the process of verifying whether a wireless device is allowed to use the wireless network. You can make every user log in to the wireless network before they can use it. However, every device in the wireless network has to support IEEE 802.1x to do this.For wireless networks, you can store the user names and passwords for each user in a RADIUS server. This is a server used in businesses more than in homes. If you do not have a RADIUS server, you cannot set up user names and passwords for your users.Unauthorized wireless devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network.The following table shows the relative effectiveness of wireless security methods:.The available security modes in your ZyXEL Device are as follows:•None. No data encryption.•WEP. Wired Equivalent Privacy (WEP) encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private.•802.1x-Only. This is a standard that extends the features of IEEE 802.11 to support extended authentication. It provides additional accounting and control features. This option does not support data encryption.•802.1x-Static64. This provides 802.1x-Only authentication with a static 64bit WEP key and an authentication server.•802.1x-Static128. This provides 802.1x-Only authentication with a static 128bit WEP key and an authentication server.•WPA. Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. •WPA2. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA.•WPA2-MIX. This commands the ZyXEL Device to use either WPA2 or WPA depending on which security mode the wireless client uses.•WPA2-PSK. This adds a pre-shared key on top of WPA2 standard.Table 15 Wireless Security LevelsSECURITY LEVEL SECURITY TYPELeast S e c u r e Most SecureUnique SSID (Default)Unique SSID with Hide SSID EnabledMAC Address FilteringWEP EncryptionIEEE802.1x EAP with RADIUS Server AuthenticationWi-Fi Protected Access (WPA)WPA2
Chapter 7 Wireless Security ScreenZyXEL NWA-1100 User’s Guide 77•WPA2-PSK-MIX. This commands the ZyXEL Device to use either WPA-PSK or WPA2-PSK depending on which security mode the wireless client uses."In Bridge and Bridge + AP operating modes, the only available security modes are WEP and WPA2-PSK.PassphraseA passphrase functions like a password. In WEP security mode, it is further converted by the ZyXEL Device into a complicated string that is referred to as the “key”. This key is requested from all devices wishing to connect to a wireless network.PSKThe Pre-Shared Key (PSK) is a password shared by a wireless access point and a client during a previous secure connection. The key can then be used to establish a connection between the two parties.EncryptionWireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message. Encryption is the process of converting data into unreadable text. This secures information in network communications. The intended recipient of the data can “unlock” it with a pre-assigned key, making the information readable only to him. The ZyXEL Device when used as a wireless client employs Temporal Key Integrity Protocol (TKIP) data encryption.EAPExtensible Authentication Protocol (EAP) is a protocol used by a wireless client, an access point and an authentication server to negotiate a connection. The EAP methods employed by the ZyXEL Device when in Wireless Client operating mode are Transport Layer Security (TLS), Protected Extensible Authentication Protocol (PEAP), Lightweight Extensible Authentication Protocol (LEAP) and Tunneled Transport Layer Security (TTLS). The authentication protocol may either be Microsoft Challenge Handshake Authentication Protocol Version 2 (MSCHAPv2) or Generic Token Card (GTC).Further information on these terms can be found in Appendix E on page 153. 7.4 The Security ScreenUse this screen to choose the security mode for your ZyXEL Device. Click Wireless > Security. The screen varies depending upon the security mode you select.
Chapter 7 Wireless Security ScreenZyXEL NWA-1100 User’s Guide78Figure 32 Security: NoneThe default security mode is set to None.Note that some screens display differently depending on the operating mode selected in the Wireless > Wireless Settings screen. "You must enable the same wireless security settings on the ZyXEL Device and on all wireless clients that you want to associate with it. 7.4.1 Security: WEPUse this screen to use WEP as the security mode for your ZyXEL Device. Select WEP in the Security Mode field to display the following screen.Figure 33 Security: WEP
Chapter 7 Wireless Security ScreenZyXEL NWA-1100 User’s Guide 79The following table describes the labels in this screen.7.4.2 Security: 802.1x OnlyThis screen varies depending on whether you select Access Point or Wireless Client in the Wireless > Wireless Settings screen.7.4.2.1 Access PointUse this screen to use 802.1x-Only security mode for your ZyXEL Device that is in Access Point operating mode. Select 802.1x-Only in the Security Mode field to display the following screen.Table 16 Security: WEPLABEL DESCRIPTIONSecurity Mode Choose WEP in this field.Authentication MethodSelect Open or Shared Key from the drop-down list box. The default setting is Auto. Data Encryption Select Disable to allow wireless stations to communicate with the access points without any data encryption. Select 64-bit WEP, 128-bit WEP or 152-bit WEP to enable data encryption. Passphrase Enter the passphrase or string of text used for automatic WEP key generation on wireless client adapters. Generate Click this to get the keys from the Passphrase you entered.Key 1 to Key 4The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission.If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F"). If you chose 152-bit WEP, then enter 16 ASCII characters or 32 hexadecimal characters ("0-9", "A-F").You must configure all four keys, but only one key can be activated at any one time. The default key is key 1. Apply Click Apply to save your changes.Reset Click Reset to begin configuring this screen afresh.
Chapter 7 Wireless Security ScreenZyXEL NWA-1100 User’s Guide80Figure 34 Security: 802.1x Only for Access PointThe following table describes the labels in this screen.7.4.2.2 Wireless ClientUse this screen to use 802.1x-Only security mode for your ZyXEL Device that is in Wireless Client operating mode. Select 802.1x-Only in the Security Mode field to display the following screen.Table 17 Security: 802.1x Only for Access PointLABEL DESCRIPTIONSecurity Mode Choose 802.1x Only in this field.ReAuthentication Time Specify how often wireless stations have to resend user names and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). Alternatively, enter “0” to turn reauthentication off. Note: If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority. Group-Key UpdateThe ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the user name and password again before access to the wired network is allowed. The default time interval is 3600 seconds (or 1 hour).Apply Click Apply to save your changes.Reset Click Reset to begin configuring this screen afresh.
Chapter 7 Wireless Security ScreenZyXEL NWA-1100 User’s Guide 81Figure 35 Security: 802.1x Only for Wireless ClientThe following table describes the labels in this screen.7.4.3 Security: 802.1x Static 64-bit, 802.1x Static 128-bit Use this screen to use 802.1x Static 64 or 802.1x Static 128 security mode for your ZyXEL Device. Select 802.1x Static 64 or 802.1x Static 128 in the Security Mode field to display the following screen.Table 18 Security: 802.1x Only for Wireless ClientLABEL DESCRIPTIONSecurity Mode Choose the same security mode used by the AP.Data Encryption Select between None and Dynamic WEP. Refer to Section on page 161 for information on using Dynamic WEP.IEEE802.1x AuthenticationEAP Type The options on the left refer to EAP methods. You can choose either TLS, LEAP, PEAP or TTLS. The default value is PEAP.The options on the right refer to authentication protocols. You can choose between MSCHAPv2 and GTC.The default value is MSCHAPv2.User InformationUsername Supply the username of the account created in the RADIUS server.Password Supply the password of the account created in the RADIUS server.Apply Click Apply to save your changes.Reset Click Reset to begin configuring this screen afresh.
Chapter 7 Wireless Security ScreenZyXEL NWA-1100 User’s Guide82Figure 36 Security: 802.1x Static 64-bit, 802.1x Static 128-bit (AP mode)The following table describes the labels in this screen.Table 19 Security: 802.1x Static 64-bit, 802.1x Static 128-bitLABEL DESCRIPTIONSecurity Mode Choose 802.1x Static 64 or 802.1x Static 128 in this field.Passphrase Enter the passphrase or string of text used for automatic WEP key generation on wireless client adapters (AP mode). Generate Click this to get the keys from the Passphrase you entered (AP mode).Key 1 to Key 4 If you chose 802.1x Static 64, then enter any 5 characters (ASCII string) or 10 hexadecimal characters ("0-9", "A-F") preceded by 0x for each key.If you chose 802.1x Static 128-bit, then enter 13 characters (ASCII string) or 26 hexadecimal characters ("0-9", "A-F") preceded by 0x for each key.There are four data encryption keys to secure your data from eavesdropping by unauthorized wireless users. The values for the keys must be set up exactly the same on the access points as they are on the wireless stations.The preceding “0x” is entered automatically. You must configure all four keys, but only one key can be activated at any one time. The default key is key 1. ReAuthentication TimerSpecify how often wireless stations have to resend user names and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). Alternatively, enter “0” to turn reauthentication off. Note: If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority.
Chapter 7 Wireless Security ScreenZyXEL NWA-1100 User’s Guide 837.4.4 Security: WPAThis screen varies depending on whether you select Access Point or Wireless Client in the Wireless > Wireless Settings screen.7.4.4.1 Access PointUse this screen to employ WPA as the security mode for your ZyXEL Device that is in Access Point operating mode. Select WPA in the Security Mode field to display the following screen.Figure 37 Security: WPA for Access Point The following table describes the labels in this screen.Group-Key UpdateThe ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the user name and password again before access to the wired network is allowed. The default time interval is 3600 seconds (or 1 hour).Apply Click Apply to save your changes.Reset Click Reset to begin configuring this screen afresh.Table 19 Security: 802.1x Static 64-bit, 802.1x Static 128-bitLABEL DESCRIPTIONTable 20 Security: WPA for Access PointLABEL DESCRIPTIONSecurity Mode Choose WPA in this field.ReAuthentication Timer Specify how often wireless stations have to resend user names and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). Alternatively, enter “0” to turn reauthentication off. Note: If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority.
Chapter 7 Wireless Security ScreenZyXEL NWA-1100 User’s Guide847.4.4.2 Wireless ClientUse this screen to employ WPA as the security mode for your ZyXEL Device that is in Wireless Client operating mode. Select WPA in the Security Mode field to display the following screen.Figure 38 Security: WPA for Wireless ClientThe following table describes the labels in this screen.Group Key UpdateThe Group Key Update Timer is the rate at which the AP sends a new group key out to all clients. The re-keying process is the WPA equivalent of automatically changing the group key for an AP and all stations in a WLAN on a periodic basis. Setting of the Group Key Update Timer is also supported in WPA-PSK mode. The ZyXEL Device default is 3800 seconds (or 1 hour). Apply Click Apply to save your changes.Reset Click Reset to begin configuring this screen afresh.Table 20 Security: WPA for Access PointLABEL DESCRIPTIONTable 21 Security: WPA for Wireless ClientLABEL DESCRIPTIONSecurity Mode Choose the same security mode used by the AP.Data Encryption Select between None and TKIP.IEEE802.1x AuthenticationEAP Type The options on the left refer to EAP methods. You can choose either TLS, LEAP, PEAP or TTLS. The default value is PEAP.The options on the right refer to authentication protocols. You can choose between MSCHAPv2 and GTC.The default value is MSCHAPv2.User InformationUsername Supply the username of the account created in the RADIUS server.Password Supply the password of the account created in the RADIUS server.
Chapter 7 Wireless Security ScreenZyXEL NWA-1100 User’s Guide 857.4.5 Security: WPA2 or WPA2-MIXThis screen varies depending on whether you select Access Point or Wireless Client in the Wireless > Wireless Settings screen.7.4.5.1 Access PointUse this screen to use WAP2 or WPA2-MIX as the security mode for your ZyXEL Device that is in Access Point operating mode. Select WPA2 or WPA2-MIX in the Security Mode field to display the following screen.Figure 39 Security:WPA2 or WPA2-MIX for Access PointThe following table describes the labels not previously discussedApply Click Apply to save your changes.Reset Click Reset to begin configuring this screen afresh.Table 21 Security: WPA for Wireless ClientLABEL DESCRIPTIONTable 22 Security: WPA2 or WPA2-MIX for Access PointLABEL DESCRIPTIONSSecurity Mode Choose WPA2 or WPA2-MIX in this field.ReAuthentication TimerSpecify how often wireless stations have to resend usernames and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). Alternatively, enter “0” to turn reauthentication off. Note: If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority. Group Key Update TimerThe Group Key Update Timer is the rate at which the AP sends a new group key out to all clients. The re-keying process is the WPA equivalent of automatically changing the group key for an AP and all stations in a WLAN on a periodic basis. Setting of the Group Key Update Timer is also supported in WPA-PSK mode. The ZyXEL Device‘s default is 3600 seconds (or 1 hour).
Chapter 7 Wireless Security ScreenZyXEL NWA-1100 User’s Guide867.4.5.2 Wireless ClientUse this screen to employ WPA2 or WPA2-MIX as the security mode of your ZyXEL Device that is in Wireless Client operating mode. Select WPA2 or WPA2-MIX in the Security Mode field to display the following screen.Figure 40 Security: WPA2 or WPA2-MIX for Wireless ClientThe following table describes the labels in this screen.Apply Click Apply to save your changes.Reset Click Reset to begin configuring this screen afresh.Table 22 Security: WPA2 or WPA2-MIX for Access PointLABEL DESCRIPTIONSTable 23 Security: WPA2 or WPA2-MIX for Wireless ClientLABEL DESCRIPTIONSecurity Mode Choose the same security mode used by the AP.IEEE802.1x AuthenticationEAP Type The options on the left refer to EAP methods. You can choose either TLS, LEAP, PEAP or TTLS. The default value is PEAP.The options on the right refer to authentication protocols. You can choose between MSCHAPv2 and GTC.The default value is MSCHAPv2.User InformationUsername Supply the username of the account created in the RADIUS server.Password Supply the password of the account created in the RADIUS server.Apply Click Apply to save your changes.Reset Click Reset to begin configuring this screen afresh.
Chapter 7 Wireless Security ScreenZyXEL NWA-1100 User’s Guide 877.4.6 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIXUse this screen to employ WPA-PSK, WPA2-PSK or WPA2-PSK-MIX as the security mode of your ZyXEL Device. Select WPA-PSK, WPA2-PSK or WPA2-PSK-MIX in the Security Mode field to display the following screen.Figure 41 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIXThe following table describes the labels not previously discussed7.5 Technical ReferenceThis section provides technical background information on the topics discussed in this chapter.The following is a general guideline in choosing the security mode for your ZyXEL Device. • Use WPA(2)-PSK if you have WPA(2)-aware wireless clients but no RADIUS server.Use WPA(2) security if you have WPA(2)-aware wireless clients and a RADIUS server. WPA has user authentication and improved data encryption over WEP.• Use WPA(2)-PSK if you have WPA(2)-aware wireless clients but no RADIUS server. • If you don’t have WPA(2)-aware wireless clients, then use WEP key encrypting. A higher bit key offers better security. You can manually enter 64-bit, 128-bit or 152-bit WEP keys.More information on Wireless Security can be found in Appendix E on page 153. Table 24 Security: WPA-PSK, WPA2-PSK or WPA2-PSK-MIXLABEL DESCRIPTIONSecurity Mode Choose WPA-PSK, WPA2-PSK or WPA2-PSK-MIX in this field.Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials.Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols).Apply Click Apply to save your changes.Reset Click Reset to begin configuring this screen afresh.
Chapter 7 Wireless Security ScreenZyXEL NWA-1100 User’s Guide88
ZyXEL NWA-1100 User’s Guide 89CHAPTER 8 RADIUS Screen8.1 OverviewThis chapter describes how you can use the Wireless > RADIUS screen.Remote Authentication Dial In User Service (RADIUS) is a protocol that can be used to manage user access to large networks. It is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. Figure 42 RADIUS Server SetupIn the figure above, wireless clients A and B are trying to access the Internet via the ZyXEL Device. The ZyXEL Device in turn queries the RADIUS server if the identity of clients A and U are allowed access to the Internet. In this scenario, only client U’s identity is verified by the RADIUS server and allowed access to the Internet. 8.2 What You Can Do in the RADIUS ScreenUse the Security > RADIUS screen (see Section 7.4.1 on page 78) if you want to authenticate wireless users using a RADIUS Server and/or Accounting Server.8.3 What You Need to Know About RADIUSThe RADIUS server handles the following tasks:•Authentication which determines the identity of the users.•Authorization which determines the network services available to authenticated users once they are connected to the network.Authentication
Chapter 8 RADIUS ScreenZyXEL NWA-1100 User’s Guide90•Accounting which keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server. You should know the IP addresses, ports and share secrets of the external RADIUS server and/or the external RADIUS accounting server you want to use with your ZyXEL Device. You can configure a primary and backup RADIUS and RADIUS accounting server for your ZyXEL Device.8.4 The RADIUS ScreenUse this screen to set up your ZyXEL Device’s RADIUS server settings. Click Wireless > RADIUS. The screen appears as shown.Figure 43 Wireless > RADIUSThe following table describes the labels in this screen.Table 25 Wireless > RADIUSLABEL DESCRIPTIONPrimary Configure the fields below to set up user authentication and accounting.Backup If the ZyXEL Device cannot communicate with the Primary accounting server, you can have the ZyXEL Device use a Backup RADIUS server. Make sure the Active check boxes are selected if you want to use backup servers.The ZyXEL Device will attempt to communicate three times before using the Backup servers. Requests can be issued from the client interface to use the backup server. The length of time for each authentication is decided by the wireless client or based on the configuration of the ReAuthentication Timer field in the Security Settings screen.RADIUS OptionActive Select the check box to enable user authentication through an external authentication server. This check box is not available when you select Internal.RADIUS Server IP AddressEnter the IP address of the external authentication server in dotted decimal notation. This field is not available when you select Internal.
Chapter 8 RADIUS ScreenZyXEL NWA-1100 User’s Guide 91RADIUS Server Port Enter the port number of the external authentication server. The default port number is 1812. You need not change this value unless your network administrator instructs you to do so. This field is not available when you select Internal.Share Secret Enter a password (up to 128 alphanumeric characters) as the key to be shared between the external authentication server and the ZyXEL Device. The key must be the same on the external authentication server and your ZyXEL Device. The key is not sent over the network. This field is not available when you select Internal.Active Select the check box to enable user accounting through an external authentication server.Accounting Server IP AddressEnter the IP address of the external accounting server in dotted decimal notation. Accounting Server PortEnter the port number of the external accounting server. The default port number is 1813. You need not change this value unless your network administrator instructs you to do so with additional information. Share Secret Enter a password (up to 128 alphanumeric characters) as the key to be shared between the external accounting server and the ZyXEL Device. The key must be the same on the external accounting server and your ZyXEL Device. The key is not sent over the network.Apply Click Apply to save your changes.Reset Click Reset to begin configuring this screen afresh.Table 25 Wireless > RADIUSLABEL DESCRIPTION
Chapter 8 RADIUS ScreenZyXEL NWA-1100 User’s Guide92
ZyXEL NWA-1100 User’s Guide 93CHAPTER 9 MAC Filter Screen9.1 OverviewThis chapter discusses how you can use the Wireless > MAC Filter screen.The MAC filter function allows you to configure the ZyXEL Device to grant access to the ZyxEL Device from other wireless devices (Allow Association) or exclude devices from accessing the ZyXEL Device (Deny Association). Figure 44 MAC Filtering In the figure above, wireless client U is able to connect to the Internet because its MAC address is in the allowed association list specified in the ZyXEL Device. The MAC address of client A is either denied association or is not in the list of allowed wireless clients specified in the ZyXEL Device.9.2 What You Can Do in the MAC Filter Use the Wireless > MAC Filter screen (see Section 9.4 on page 94) to specify which wireless station is allowed or denied access to the ZyXEL Device.9.3 What You Need To Know About MAC FilterEvery Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC address of each device to configure MAC filtering on the ZyXEL Device.
Chapter 9 MAC Filter ScreenZyXEL NWA-1100 User’s Guide949.4 MAC Filter ScreenUse this screen to enable MAC address filtering in your ZyXEL Device.You can specify up to 64 MAC addresses to either allow or deny association with your ZyXEL Device. Click Wireless > MAC Filter. The screen displays as shown.Figure 45 Wireless > MAC FilterThe following table describes the labels in this screen.Table 26 Wireless > MAC FilterLABEL DESCRIPTIONActive Click this to enable this feature.Allow the following MAC Address to associateDefine the filter action for the list of MAC addresses in the MAC address filter table.Select this to permit access to the ZyXEL Device. MAC addresses not listed will be denied access to the ZyXEL Device. Deny the following MAC Address to associateSelect this to block access to theZyXEL Device. MAC addresses not listed will be allowed to access the ZyXEL Device.MAC Address Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the wireless station to be allowed or denied access to the ZyXEL Device.Description Type a name to identify this wireless station.
Chapter 9 MAC Filter ScreenZyXEL NWA-1100 User’s Guide 95Apply Click Apply to save your changes.Reset Click Reset to begin configuring this screen afresh.Table 26 Wireless > MAC FilterLABEL DESCRIPTION
Chapter 9 MAC Filter ScreenZyXEL NWA-1100 User’s Guide96
ZyXEL NWA-1100 User’s Guide 97CHAPTER 10 IP Screen10.1 OverviewThis chapter describes how you can configure the IP address of your ZyXEL Device.The Internet Protocol (IP) address identifies a device on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts.Figure 46 IP SetupThe figure above illustrates one possible setup of your ZyXEL Device. The gateway IP address is 192.168.1.2 and the IP address of the ZyXEL Device is 192.168.1.2 (default). The gateway and the device must belong in the same subnet mask to be able to communicate with each other.10.2 What You Can Do in the IP ScreenUse the IP screen (see Section 10.4 on page 98) to configure the IP address of your ZyXEL Device.10.3 What You Need to Know About IPThe Ethernet parameters of the ZyXEL Device are preset in the factory with the following values:1IP address of 192.168.1.22Subnet mask of 255.255.255.0 (24 bits)
Chapter 10 IP ScreenZyXEL NWA-1100 User’s Guide9810.4 IP Screen Use this screen to configure the IP address for your ZyXEL Device. Click IP to display the following screen.Figure 47 IP SetupThe following table describes the labels in this screen.Table 27 IP SetupLABEL DESCRIPTIONIP Address Assignment Get automatically from DHCP Select this option if your ZyXEL Device is using a dynamically assigned IP address from a DHCP server each time. Note: You must know the IP address assigned to the ZyXEL Device (by the DHCP server) to access the ZyXEL Device again. Use fixed IP address Select this option if your ZyXEL Device is using a static IP address. When you select this option, fill in the fields below.IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation. Note: If you change the ZyXEL Device's IP address, you must use the new IP address if you want to access the web configurator again.Subnet Mask Type the subnet mask.Gateway IP Address Type the IP address of the gateway. The gateway is an immediate neighbor of your ZyXEL Device that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your ZyXEL Device; over the WAN, the gateway must be the IP address of one of the remote nodes.Apply Click Apply to save your changes.Reset Click Reset to begin configuring this screen afresh.
Chapter 10 IP ScreenZyXEL NWA-1100 User’s Guide 9910.5 Technical ReferenceThis section provides the technical background information about the topics covered in this chapter.10.5.1 WAN IP Address AssignmentEvery computer on the Internet must have a unique IP address. If your networks are isolated from the Internet (only between your two branch offices, for instance) you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks.You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses."Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.Table 28 Private IP Address Ranges10.0.0.0 - 10.255.255.255172.16.0.0 - 172.31.255.255192.168.0.0 - 192.168.255.255
Chapter 10 IP ScreenZyXEL NWA-1100 User’s Guide100
ZyXEL NWA-1100 User’s Guide 101CHAPTER 11 Remote Management11.1 OverviewThis chapter shows you how to enable remote management of your ZyXEL Device. It provides information on determining which services or protocols can access which of the ZyXEL Device’s interfaces.Remote Management allows a user to administrate the device over the network. You can manage your ZyXEL Device from a remote location via the following interfaces:•WLAN•LAN• Both WLAN and LAN• Neither (Disable)Figure 48 Remote Management ExampleIn the figure above, the ZyXEL Device (A) is being managed by a desktop computer (B) connected via LAN (Land Area Network). It is also being accessed by a notebook (C) connected via WLAN (Wireless LAN).
Chapter 11 Remote ManagementZyXEL NWA-1100 User’s Guide10211.2 What You Can Do in the Remote Management Screens•Use the Telnet screen (see Section 11.4 on page 104) to configure through which interface(s) and from which IP address(es) you can use Telnet to manage the ZyXEL Device. A Telnet connection is prioritized by the ZyXEL Device over other remote management sessions. • Use the FTP screen (see Section 11.5 on page 104) to configure through which interface(s) and from which IP address(es) you can use File Transfer Protocol (FTP) to manage the ZyXEL Device. You can use FTP to upload the latest firmware for example.• Use the WWW screen (see Section 11.6 on page 105) to configure through which interface(s) and from which IP address(es) you can use the Web Browser to manage the ZyXEL Device. • Use the SNMP screen (see Section 11.7 on page 106) to configure through which interface(s) and from which IP address(es) a network systems manager can access the ZyXEL Device. 11.3 What You Need To Know About Remote ManagementTelnet Telnet is short for Telecommunications Network, which is a client-side protocol that enables you to access a device over the network. FTPFile Transfer Protocol (FTP) allows you to upload or download a file or several files to and from a remote location using a client or the command console. WWWThe World Wide Web allows you to access files hosted in a remote server. For example, you can view text files (usually referred to as ‘pages’) using your web browser via HyperText Transfer Protocol (HTTP).SNMPSimple Network Management Protocol (SNMP) is a member of the TCP/IP protocol suite used for exchanging management information between network devices. Your ZyXEL Device supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyXEL Device through the network. The ZyXEL Device supports SNMP version one (SNMPv1) and version two (SNMPv2c). The next figure illustrates an SNMP management operation. ."SNMP is only available if TCP/IP is configured.
Chapter 11 Remote ManagementZyXEL NWA-1100 User’s Guide 103Figure 49 SNMP Management ModeAn SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices. SNMP allows a manager and agents to communicate for the purpose of accessing information such as packets received, node port status, etc.Remote Management LimitationsRemote management over LAN or WLAN will not work when:• You have disabled that service in one of the remote management screens.• The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately.• You may only have one remote management session running at one time. The ZyXEL Device automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts. The priorities for the different types of remote management sessions are as follows:1. Telnet2. HTTPSystem TimeoutThere is a default system management idle timeout of five minutes (three hundred seconds). The ZyXEL Device automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling. You can change the timeout period in the SYSTEM screen.
Chapter 11 Remote ManagementZyXEL NWA-1100 User’s Guide10411.4 The Telnet ScreenUse this screen to configure your ZyXEL Device for remote Telnet access. You can use Telnet to access the ZyXEL Device’s Command Line Interface (CLI).Click REMOTE MGNT > TELNET. The following screen displays.Figure 50 Remote Management: TelnetThe following table describes the labels in this screen.11.5 The FTP ScreenUse this screen to upload and download the ZyXEL Device’s firmware using FTP. To use this feature, your computer must have an FTP client.To change your ZyXEL Device’s FTP settings, click REMOTE MGMT > FTP. The following screen displays.Table 29 Remote Management: TelnetLABEL DESCRIPTIONTELNETServer Port You can change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.Server AccessSelect the interface(s) through which a computer may access the ZyXEL Device using Telnet.Secured Client IP AddressA secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service.Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.Secured Client MAC AddressSelect All to allow any computer to access the ZyXEL Device using this service.Choose Selected to just allow the computer with the MAC address that you specify to access the ZyXEL Device using this service.Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh.
Chapter 11 Remote ManagementZyXEL NWA-1100 User’s Guide 105Figure 51 Remote Management: FTPThe following table describes the labels in this screen.11.6 The WWW ScreenUse this screen to configure your ZyXEL Device via the World Wide Web (WWW) using a Web browser. This lets you specify which IP addresses or computers are able to communicate with and access the ZyXEL Device. To change your ZyXEL Device’s WWW settings, click REMOTE MGNT > WWW. The following screen shows.Table 30 Remote Management: FTPLABEL DESCRIPTIONServer Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.Server Access Select the interface(s) through which a computer may access the ZyXEL Device using this service.Secured Client IP AddressA secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service.Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.Secured Client MAC AddressSelect All to allow any computer to access the ZyXEL Device using this service.Choose Selected to just allow the computer with the MAC address that you specify to access the ZyXEL Device using this service.Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh.
Chapter 11 Remote ManagementZyXEL NWA-1100 User’s Guide106Figure 52 Remote Management: WWWThe following table describes the labels in this screen.11.7 The SNMP ScreenUse this screen to have a manager station administrate your ZyXEL Device over the network. To change your ZyXEL Device’s SNMP settings, click REMOTE MGMT > SNMP. The following screen displays.Table 31 Remote Management: WWWLABEL DESCRIPTIONWWWServer Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.Server Access Select the interface(s) through which a computer may access the ZyXEL Device using this service.Secured Client IP AddressA secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service.Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.Secured Client MAC AddressSelect All to allow any computer to access the ZyXEL Device using this service.Choose Selected to just allow the computer with the MAC address that you specify to access the ZyXEL Device using this service.Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh.
Chapter 11 Remote ManagementZyXEL NWA-1100 User’s Guide 107Figure 53 Remote Management: SNMPThe following table describes the labels in this screen.Table 32 Remote Management: SNMPLABEL DESCRIPTIONSNMP ConfigurationGet Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station. The default is public and allows all requests.Set Community Enter the Set community, which is the password for incoming Set requests from the management station. The default is public and allows all requests.Trap Destination Type the IP address of the station to send your SNMP traps to.Trap Community Type the trap community, which is the password sent with each trap to the SNMP manager. The default is “public” and allows all requests.This field is available only when SNMPv1 or SNMPv2 is selected in the SNMP Version field.Configure SNMPv3 User ProfileClick this to go to the SNMPv3 User Profile screen, where you can configure administration and user login details.SNMPService Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.Service Access Select the interface(s) through which a computer may access the ZyXEL Device using this service.Secured Client IP AddressA secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service.Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
Chapter 11 Remote ManagementZyXEL NWA-1100 User’s Guide10811.8 Technical ReferenceThis section provides some technical background information about the topics covered in this chapter. 11.8.1 MIBManaged devices in an SMNP managed network contain object variables or managed objects that define each piece of information to be collected about a device. Examples of variables include such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations:• Get - Allows the manager to retrieve an object variable from the agent. • GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations. • Set - Allows the manager to set values for object variables within an agent. • Trap - Used by the agent to inform the manager of some events.11.8.2 Supported MIBsThe ZyXEL Device supports MIB II that is defined in RFC-1213 and RFC-1215 as well as the proprietary ZyXEL private MIB. The purpose of the MIBs is to let administrators collect statistical data and monitor status and performance.11.8.3 SNMP Traps SNMP traps are messages sent by the agents of each managed device to the SNMP manager. These messages inform the administrator of events in data networks handled by the device. The ZyXEL Device can send the following traps to the SNMP manager. Secured Client MAC AddressSelect All to allow any computer to access the ZyXEL Device using this service.Choose Selected to just allow the computer with the MAC address that you specify to access the ZyXEL Device using this service.Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh.Table 32 Remote Management: SNMPLABEL DESCRIPTIONTable 33 SNMP TrapsTRAP NAME OBJECT IDENTIFIER # (OID) DESCRIPTIONGeneric TrapscoldStart 1.3.6.1.6.3.1.1.5.1 This trap is sent after booting (power on). This trap is defined in RFC-1215.
Chapter 11 Remote ManagementZyXEL NWA-1100 User’s Guide 109Some traps include an SNMP interface index. The following table maps the SNMP interface indexes to the ZyXEL Device’s physical and virtual ports.warmStart 1.3.6.1.6.3.1.1.5.2 This trap is sent after booting (software reboot). This trap is defined in RFC-1215.linkDown 1.3.6.1.6.3.1.1.5.3 This trap is sent when the Ethernet link is down.linkUp 1.3.6.1.6.3.1.1.5.4 This trap is sent when the Ethernet link is up.authenticationFailure (defined in RFC-1215)1.3.6.1.6.3.1.1.5.5 The device sends this trap when it receives any SNMP get or set requirements with the wrong community (password).Note: snmpEnableAuthenTraps, OID 1.3.6.1.2.1.11.30 (defined in RFC 1214 and RFC 1907) must be enabled on in order for the device to send authenticationFailure traps. Use a MIB browser to enable or disable snmpEnableAuthenTraps.Traps defined in the ZyXEL Private MIB.whyReboot 1.3.6.1.4.1.890.1.5.13.0.1 This trap is sent with the reason for restarting before the system reboots (warm start). "System reboot by user!" is added for an intentional reboot (for example, download new files, CI command "sys reboot"). If the system reboots because of fatal errors, a code for the error is listed.pwTFTPStatus 1.3.6.1.4.1.890.1.9.2.3.3.1This trap is sent to indicate the status and result of a TFTP client session that has ended. Table 34 SNMP Interface Index to Physical and Virtual Port MappingTYPE INTERFACE PORTPhysical enet0 Wireless LAN adaptor WLAN1enet1 Ethernet port (LAN)enet2 Wireless LAN adaptor WLAN2Virtual enet3 ~ enet9 WLAN1 in MBSSID modeenet10 ~ enet16 WLAN2 in MBSSID modeenet17 ~ enet21 WLAN1 in WDS modeenet22 ~ enet26 WLAN2 in WDS modeTable 33 SNMP TrapsTRAP NAME OBJECT IDENTIFIER # (OID) DESCRIPTION
Chapter 11 Remote ManagementZyXEL NWA-1100 User’s Guide110
ZyXEL NWA-1100 User’s Guide 111CHAPTER 12 Certificate Screen12.1 OverviewThis chapter describes how your ZyXEL Device can use certificates as a means of authenticating wireless clients. It gives background information about public-key certificates and explains how to use them.A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication.Figure 54 Certificates ExampleIn the figure above, the ZyXEL Device (Z) checks the identity of the notebook (A) using a certificate before granting access to the network.12.2 What You Can Do in the Certificate ScreenUse the CERTIFICATES > Certificate screen (seen Section 12.4 on page 112) to view, delete and import certificates.12.3 What You Need To Know About CertificatesThe certification authority certificate that you can import to your ZyXEL Device should be in PFX PKCS#12 file format. This format referred to as the Personal Information Exchange Syntax Standard is comprised of a private key-public certificate pair that is further encrypted with a password. Before you import a certificate into the ZyXEL Device, you should verify that you have the correct certificate.Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys.
Chapter 12 Certificate ScreenZyXEL NWA-1100 User’s Guide11212.4 Certificate ScreenUse this screen to view, delete and import certificates.Click CERTIFICATE to open the ZyXEL Device’s summary list of certificates and to import a new certificate. See the following figure.Figure 55 CertificateThe following table describes the labels in this screen.12.5 Technical ReferenceThis section provides technical background information about the topics covered in this chapter.Table 35 CertificateLABEL DESCRIPTIONDelete CertificateYou can delete a certificateSelect the certificate from the list that you want to delete.Delete Click this to delete the selected certificate.Import CertificateFile Path Enter the location of a previously-saved certificate to upload to the ZyXEL Device. Alternatively, click the Browse button to locate a list.Browse Click this button to locate a previously-saved certificate to upload to the ZyXEL Device.Import Click this button to upload the previously-saved certificate displayed in the File Path field to the ZyXEL Device.
Chapter 12 Certificate ScreenZyXEL NWA-1100 User’s Guide 11312.5.1 Private-Public CertificatesWhen using public-key cryptology for authentication, each host has two keys. One key is public and can be made openly available. The other key is private and must be kept secure. These keys work like a handwritten signature (in fact, certificates are often referred to as “digital signatures”). Only you can write your signature exactly as it should look. When people know what your signature looks like, they can verify whether something was signed by you, or by someone else. In the same way, your private key “writes” your digital signature and your public key allows people to verify whether data was signed by you, or by someone else. This process works as follows.1Tim wants to send a message to Jenny. He needs her to be sure that it comes from him, and that the message content has not been altered by anyone else along the way. Tim generates a public key pair (one public key and one private key). 2Tim keeps the private key and makes the public key openly available. This means that anyone who receives a message seeming to come from Tim can read it and verify whether it is really from him or not. 3Tim uses his private key to sign the message and sends it to Jenny.4Jenny receives the message and uses Tim’s public key to verify it. Jenny knows that the message is from Tim, and that although other people may have been able to read the message, no-one can have altered it (because they cannot re-sign the message with Tim’s private key).5Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny’s public key to verify the message.12.5.2 Certification AuthoritiesA Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner. There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities. You can use the ZyXEL Device to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority.12.5.3 Checking the Fingerprint of a Certificate on Your ComputerA certificate’s fingerprints are message digests calculated using the MD5 or SHA1 algorithms. The following procedure describes how to check a certificate’s fingerprint to verify that you have the actual certificate. 1Browse to where you have the certificate saved on your computer. 2Make sure that the certificate has a “.cer” or “.crt” file name extension.Figure 56 Certificates on Your Computer
Chapter 12 Certificate ScreenZyXEL NWA-1100 User’s Guide1143Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields.Figure 57 Certificate Details 4Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields. The secure method may vary according to your situation. Possible examples would be over the telephone or through an HTTPS connection.
ZyXEL NWA-1100 User’s Guide 115CHAPTER 13 Log Screens13.1 OverviewThis chapter provides information on viewing and generating logs on your ZyXEL Device.Logs are files that contain recorded network activity over a set period. They are used by administrators to monitor the health of the system(s) they are managing. Logs enable administrators to effectively monitor events, errors, progress, etc. so that when network problems or system failures occur, the cause or origin can be traced. Logs are also essential for auditing and keeping track of changes made by users. Figure 58 Accessing Logs in the NetworkThe figure above illustrates three ways to access logs. The user (U) can access logs directly from the ZyXEL Device (A) via the Web configurator. Logs can also be located in an external log server (B). An email server (C) can also send harvested logs to the user’s email account. 13.2 What You Can Do in the Log Screens•Use the View Log screen (Section 13.4 on page 116) to display all logs or logs for a certain category. You can view logs and alert messages in this page. Once the log entries are all used, the log will wrap around and the old logs will be deleted.•Use the Log Settings screen (Section 13.5 on page 117) to configure where and when the ZyXEL Device will send the logs, and which logs and/or immediate alerts it will send.
Chapter 13 Log ScreensZyXEL NWA-1100 User’s Guide11613.3 What You Need To Know About LogsAlerts and LogsAn alert is a type of log that warrants more serious attention. Some categories such as System Errors consist of both logs and alerts. You can differentiate them by their color in the View Log screen. Alerts are displayed in red and logs are displayed in black.Receiving Logs via E-mailIf you want to receive logs in your e-mail account, you need to have the necessary details ready, such as the Server Name or Simple Mail Transfer Protocol (SMTP) Address of your e-mail account. Ensure that you have a valid e-mail address.Enabling Syslog LoggingTo enable Syslog Logging, obtain your Syslog server’s IP address (or server name).13.4 View Log ScreenUse this screen to view all the ZyXEL Device’s logs in one location. Click Logs > View Log. Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen (see Figure 60 on page 117). Options include logs about system maintenance, system errors and access control.Click a column heading to sort the entries. A triangle indicates the direction of the sort order. Figure 59 View LogThe following table describes the labels in this screen.Table 36 View LogLABEL DESCRIPTIONTime This field displays the time the log was recorded.Source This field lists the source IP address and the port number of the incoming packet.Message This field states the reason for the log.Refresh Click Refresh to renew the log screen. Clear Log Click Clear Log to clear all the logs.
Chapter 13 Log ScreensZyXEL NWA-1100 User’s Guide 11713.5 Log Settings ScreenUse this screen to configure to where and when the ZyXEL Device is to send the logs and which logs and/or immediate alerts it is to send. To change your ZyXEL Device’s log settings, click LOGS > Log Settings. The screen appears as shown. Figure 60 Log SettingsThe following table describes the labels in this screen.Table 37 Log SettingsLABEL DESCRIPTIONAddress InfoMail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail. Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the ZyXEL Device sends. Send Log to Logs are sent to the e-mail address specified in this field. If this field is left blank, logs will not be sent via e-mail. SMTP Authentication If you use SMTP authentication, the mail receiver should be the owner of the SMTP account.
Chapter 13 Log ScreensZyXEL NWA-1100 User’s Guide11813.6 Technical ReferenceThis section provides some technical background information about the topics covered in this chapter.User Name If your e-mail account requires SMTP authentication, enter the username here.Password Enter the password associated with the above username.Syslog Logging Syslog logging sends a log to an external syslog server used to store logs.Active Click Active to enable syslog logging.Syslog IP Address Enter the IP address of the syslog server that will log the selected categories of logs.Syslog Port NumberEnter the port number of the syslog server that will log the selected categories of logs.Send LogLog Schedule This drop-down menu is used to configure the frequency of log messages being sent as E-mail: • Daily• Weekly• Hourly• When Log is Full• None. If the Weekly or the Daily option is selected, specify a time of day when the E-mail should be sent. If the Weekly option is selected, then also specify which day of the week the E-mail should be sent. If the When Log is Full option is selected, an alert is sent when the log fills up. If you select None, no log messages are sent.Day for Sending LogThis field is only available when you select Weekly in the Log Schedule field.Use the drop down list box to select which day of the week to send the logs. Time for Sending LogEnter the time of the day in 24-hour format (for example 23:00 equals 11:00 pm) to send the logs. Clear log after sending mailSelect the check box to clear all logs after logs and alert messages are sent via e-mail.Email log now Select the categories of alerts for which you want the ZyXEL Device to immediately send e-mail alerts.LogSystem MaintenanceClick this to receive logs related to system maintenance.System Errors Click this to receive logs related to system errors.802.1x Click this to receive logs related to the 802.1x mode.Wireless Click this to receive logs related to the wireless function.Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to reconfigure all the fields in this screen.Table 37 Log SettingsLABEL DESCRIPTION
Chapter 13 Log ScreensZyXEL NWA-1100 User’s Guide 11913.6.1 Example Log MessagesThe following tables provide descriptions of some example log messages that the ZyXEL Device generates.13.7 Log CommandsGo to the command interpreter interface (refer to Appendix I on page 187 for the Command Interpreter appendix explains how to access and use the commands).13.7.1 Configuring What You Want the ZyXEL Device to LogUse the sys logs load command to load the log setting buffer that allows you to configure which logs the ZyXEL Device is to record.Table 38 System Maintenance LogsLOG MESSAGE DESCRIPTIONWLAN: Radar interference 2412 MHz.Wireless driver receives radar pulse at center frequency 2412 MHz.WLAN: CW interference 2412 MHz.Wireless driver receives noise interference pulse at center frequency 2412 MHz.WLAN service started. Wireless port ath0 started.WLAN service stopped. Wireless port ath0 stopped.AP MIC failed. Wireless driver MIC checked failed.AP MIC attacked. Wireless driver received MIC attack packet.Station authenticated. AP received the request for authentication from station and authenticated the station successfully.Station authentication failed.AP received the request for authentication from station but the authentication failed.Station deauthenticated. AP receive the deauthenticated packet from the STA which connected with AP.Station associated. AP receive the association request packet from the STA which connected with AP.Station disassociated. AP receive the disassociation request packet from the STA, which connected with AP.Station refused. A STA wanted to connect to the AP but was refused.Remote Bridge AP configured.Remote AP MAC address was configured.Remote Bridge AP deleted.Remote AP MAC address was deleted.CLI: Authorized user from IP.A device succesfully logs into the AP via Telnet (the device’s IP address shows in the log message.)CLI: Unauthorized user from IP.A device fails to log into the AP via Telnet (the device’s IP address shows in the log message.)WEB: Authorized user from IP.A device successfully logs into the AP via WWW (the device’s IP address shows in the log message.)WEB: Unauthorized user from IP.A device fails to log into the AP via WWW (the device’s IP address shows in the log message.)
Chapter 13 Log ScreensZyXEL NWA-1100 User’s Guide120Use sys logs category followed by a log category and a parameter to decide what to record Use the sys logs save command to store the settings in the ZyXEL Device (you must do this in order to record logs).13.7.2 Displaying LogsUse the sys logs display command to show all of the logs in the ZyXEL Device’s log.Use the sys logs category display command to show the log settings for all of the log categories.Use the sys logs display [log category] command to show the logs in an individual ZyXEL Device log category.Use the sys logs clear command to erase all of the ZyXEL Device’s logs.13.7.3 Command ListThe following table provides the commands that can be used for your ZyXEL Device to configure the log settings.Table 40 Log Command ListTable 39 Log Categories and Available SettingsLOG CATEGORIES AVAILABLE PARAMETERSerror 0, 1, 2, 3mten 0, 1Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category.KEYWORD DESCRIPTIONclient Enable SYSLOG clientipaddr SYSLOG server IP addressport SYSLOG server port Email server E-mail server addressEmail subject E-mail subjectEmail Address E-mail addressEmail SmtpAuthEnable SMPTP auth enable when e-mail logEmail User E-mail user nameEmail Password E-mail passwordEmail Schedule E-mail schedule modeEmail Day E-mail schedule dayEmail Hour E-mail schedule hourEmail Minute E-mail schedule minuteEmail Clear Clear log after e-mailEmail Now Send e-mail now
ZyXEL NWA-1100 User’s Guide 121CHAPTER 14 Maintenance14.1 OverviewThis chapter describes the maintenance screens. It discusses how you can view the association list and channel usage, upload new firmware, manage configuration and restart your ZyXEL Device without turning it off and on. 14.2 What You Can Do in the Maintenance Screens• Use the Association List screen (see Section 14.4 on page 121) to view the wireless stations that are currently associated with the ZyXEL Device.•Use the Channel Usage screen (see Section 14.5 on page 122) to view whether a channel is used by another wireless network or not. If a channel is being used, you should select a channel removed from it by five channels to completely avoid overlap.• Use the F/W Upload screen (see Section 14.6 on page 123) to upload the latest firmware for your ZyXEL Device.• Use the Configuration screen (see Section 14.7 on page 124) to view information related to factory defaults, backup configuration, and restoring configuration.•Use Restart screen (see Section 14.8 on page 127) to reboot the ZyXEL Device without turning the power off. 14.3 What You Need To Know About the Maintenance ScreensYou can find the firmware for your device at www.zyxel.com. It is a file that (usually) uses the system model name with a "*.bin" extension, for example "NWA-1100.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.14.4 Association List ScreenUse this screen to view the wireless stations that are currently associated with the ZyXEL Device. Click Maintenance > Association List. The following screen displays.
Chapter 14 MaintenanceZyXEL NWA-1100 User’s Guide122Figure 61 Association ListThe following table describes the labels in this screen.14.5 Channel Usage ScreenUse this screen to know whether a channel is used by another wireless network or not. If a channel is being used, you should select a channel removed from it by five channels to completely avoid overlap. Click Maintenance > Channel Usage to display the screen shown next.Wait a moment while the ZyXEL Device compiles the information.Figure 62 Channel UsageTable 41 Association ListLABEL DESCRIPTION# This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station.IP Address This identifies the individual devices on a network.Association Time This field displays the time a wireless station first associated with the ZyXEL Device.Signal Strength This field displays the RSSI (Received Signal Strength Indicator) of the wireless connection.Rescan Click Rescan to reload the screen.
Chapter 14 MaintenanceZyXEL NWA-1100 User’s Guide 123The following table describes the labels in this screen.14.6 F/W Upload ScreenUse this screen to upload a firmware to your ZyXEL Device. Click Maintenance > F/W Upload. Follow the instructions in this section to upload firmware to your ZyXEL Device. Figure 63 Firmware UploadThe following table describes the labels in this screen.Table 42 Channel UsageLABEL DESCRIPTIONSSID This is the Service Set IDentification name of the AP in an Infrastructure wireless network or wireless station in an Ad-Hoc wireless network. For our purposes, we define an Infrastructure network as a wireless network that uses an AP and an Ad-Hoc network (also known as Independent Basic Service Set (IBSS)) as one that doesn’t. See the chapter on wireless configuration for more information on basic service sets (BSS) and extended service sets (ESS).BSSID This field displays the MAC address of the AP in an Infrastructure wireless network. It is randomly generated (so ignore it) in an Ad-Hoc wireless network.Channel This is the index number of the channel currently used by the associated AP in an Infrastructure wireless network or wireless station in an Ad-Hoc wireless network.Wireless Mode This is the IEEE 802.1x standard used by your ZyXEL Device to apply enhanced security methods for both the authentication of wireless stations and encryption key management.Security This is the wireless security method used by your ZyXEL Device protect wireless communication between wireless stations, access points and the wired network.Restart Click Restart to reload the screen. Table 43 Firmware UploadLABEL DESCRIPTIONFile Path Type in the location of the file you want to upload in this field or click Browse ... to find it.Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes.
Chapter 14 MaintenanceZyXEL NWA-1100 User’s Guide1241Do not turn off the ZyXEL Device while firmware upload is in progress!After you see the Firmware Upload in Process screen, wait two minutes before logging into the ZyXEL Device again. Figure 64 Firmware Upload In ProcessThe ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.Figure 65 Network Temporarily DisconnectedAfter two minutes, log in again and check your new firmware version in the System Status screen.If the upload was not successful, the following screen will appear. Click Return to go back to the F/W Upload screen.Figure 66 Firmware Upload Error14.7 Configuration ScreenUse this screen to backup, restore and reset the configuration of your ZyXEL Device.Click Maintenance > Configuration. The screen appears as shown next.
Chapter 14 MaintenanceZyXEL NWA-1100 User’s Guide 125Figure 67 Configuration14.7.1 Backup ConfigurationBackup configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings. Click Backup to save the ZyXEL Device’s current configuration to your computer.14.7.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device.1Do not turn off the ZyXEL Device while configuration file upload is in progress.Table 44 Restore ConfigurationLABEL DESCRIPTIONFile Path Type in the location of the file you want to upload in this field or click Browse ... to find it.Browse... Click Browse... to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them. Upload Click Upload to begin the upload process.
Chapter 14 MaintenanceZyXEL NWA-1100 User’s Guide126After you see a “restore configuration successful” screen, you must then wait one minute before logging into the ZyXEL Device again. Figure 68 Configuration Upload SuccessfulThe ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.Figure 69 Network Temporarily DisconnectedIf you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default ZyXEL Device IP address (192.168.1.2). See your Quick Start Guide for details on how to set up your computer’s IP address.If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. Figure 70 Configuration Upload Error14.7.3 Back to Factory DefaultsPressing the Reset button in this section clears all user-entered configuration information and returns the ZyXEL Device to its factory defaults as shown on the screen. The following warning screen will appear.
Chapter 14 MaintenanceZyXEL NWA-1100 User’s Guide 127Figure 71 Reset Warning MessageYou can also press the RESET button to reset your ZyXEL Device to its factory default settings. Refer to Section 2.2 on page 36 for more information.14.8 Restart ScreenUse this screen to reboot the ZyXEL Device without turning the power off. Click Maintenance > Restart. The following screen displays.Figure 72 Restart ScreenClick Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration.
Chapter 14 MaintenanceZyXEL NWA-1100 User’s Guide128
ZyXEL NWA-1100 User’s Guide 129CHAPTER 15 TroubleshootingThis chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories.•Power, Hardware Connections, and LEDs•ZyXEL Device Access and Login•Internet Access15.1 Power, Hardware Connections, and LEDsVThe ZyXEL Device does not turn on. None of the LEDs turn on.1Make sure you are using the power adaptor or cord included with the ZyXEL Device.2Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source. Make sure the power source is turned on.3Disconnect and re-connect the power adaptor or cord to the ZyXEL Device. 4If the problem continues, contact the vendor.VOne of the LEDs does not behave as expected.1Make sure you understand the normal behavior of the LED. See Section 1.7 on page 32.2Check the hardware connections. See the Quick Start Guide.3Inspect your cables for damage. Contact the vendor to replace any damaged cables.4Disconnect and re-connect the power adaptor to the ZyXEL Device. 5If the problem continues, contact the vendor.15.2 ZyXEL Device Access and LoginVI forgot the IP address for the ZyXEL Device.
Chapter 15 TroubleshootingZyXEL NWA-1100 User’s Guide1301The default IP address is 192.168.1.2.2If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter “cmd”, and then enter “ipconfig”. The IP address of the Default Gateway might be the IP address of the ZyXEL Device (it depends on the network), so enter this IP address in your Internet browser. 3If this does not work, you have to reset the device to its factory defaults. See Section 2.2 on page 36.VI forgot the password.1The default password is 1234.2If this does not work, you have to reset the device to its factory defaults. See Section 2.2 on page 36.VI cannot see or access the Login screen in the web configurator.1Make sure you are using the correct IP address.• The default IP address is 192.168.1.2.• If you changed the IP address (Section 10.4 on page 98), use the new IP address.• If you changed the IP address and have forgotten it, see the troubleshooting suggestions for I forgot the IP address for the ZyXEL Device.2Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.7 on page 32.3Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java enabled. See Section 15.1 on page 129.4Make sure your computer is in the same subnet as the ZyXEL Device. (If you know that there are routers between your computer and the ZyXEL Device, skip this step.) • If there is no DHCP server on your network, make sure your computer’s IP address is in the same subnet as the ZyXEL Device.5Reset the device to its factory defaults, and try to access the ZyXEL Device with the default IP address. See your Quick Start Guide. 6If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions.Advanced Suggestions• Try to access the ZyXEL Device using another service, such as Telnet. If you can access the ZyXEL Device, check the remote management settings to find out why the ZyXEL Device does not respond to HTTP. • If your computer is connected to the WA N port or is connected wirelessly, use a computer that is connected to a LAN/ETHERNET port.
Chapter 15 TroubleshootingZyXEL NWA-1100 User’s Guide 131VI can see the Login screen, but I cannot log in to the ZyXEL Device.1Make sure you have entered the user name and password correctly. The default password is 1234. This fields are case-sensitive, so make sure [Caps Lock] is not on.2You cannot log in to the web configurator while someone is using the Telnet to access the ZyXEL Device. Log out of the ZyXEL Device in the other session, or ask the person who is logged in to log out.3Disconnect and re-connect the power adaptor or cord to the ZyXEL Device.4If this does not work, you have to reset the device to its factory defaults. See Section 2.2 on page 36.VI cannot use FTP to upload new firmware. See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser.15.3 Internet AccessVI cannot access the Internet.1Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 15.1 on page 129.22. Make sure your ZyXEL Device is connected to a networking device that provides Internet access.3If you are trying to access the Internet wirelessly, make sure the wireless settings on the wireless client are the same as the settings on the AP.4Disconnect all the cables from your device, and follow the directions in the Quick Start Guide again.5If the problem continues, contact your ISP. VI cannot access the Internet anymore. I had access to the Internet (with the ZyXEL Device), but my Internet connection is not available anymore.1Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.7 on page 32. 2Reboot the ZyXEL Device.
Chapter 15 TroubleshootingZyXEL NWA-1100 User’s Guide1323If the problem continues, contact your ISP or network administrator. VThe Internet connection is slow or intermittent.1There might be a lot of traffic on the network. Look at the LEDs, and check Section 1.7 on page 32. If the ZyXEL Device is sending or receiving a lot of information, try closing some programs that use the Internet, especially peer-to-peer applications. 2Check the signal strength. If the signal is weak, try moving the ZyXEL Device (in wireless client mode) closer to the AP (if possible), and look around to see if there are any devices that might be interfering with the wireless network (microwaves, other wireless networks, and so on).3Reboot the ZyXEL Device. 4If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions.Advanced Suggestions• Check the settings for QoS. If it is disabled, you might consider activating it.
133PART IIIAppendices and IndexProduct Specifications (135)Power over Ethernet (PoE) Specifications (137)Power Adaptor Specifications (139)Setting up Your Computer’s IP Address (141)Wireless LANs (153)Pop-up Windows, JavaScripts and Java Permissions (167)IP Addresses and Subnetting (173)Text File Based Auto Configuration (181)How to Access and Use the CLI (187)Legal Information (191)Customer Support (195)Index (201)
134
ZyXEL NWA-1100 User’s Guide 135APPENDIX A Product SpecificationsThe following tables summarize the ZyXEL Device’s hardware and firmware features.Table 45 Hardware SpecificationsPower Specification 12 V DC, 1 AReset button Returns all settings to their factory defaults.Ethernet Port • Auto-negotiating: 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode.• Auto-crossover: Use either crossover or straight-through Ethernet cables.Power over Ethernet (PoE)IEEE 802.3af compliant.Antenna SMA antenna connectors, equipped by default with 3dBi omni antenna, 60°Operation Temperature 0 ~ 50 º CStorage Temperature -30 ~ 60 º COperation Humidity 20 ~ 90 % (non-condensing)Storage Humidity 10 ~ 90 % (non-condensing)Dimensions 152mm x 92mm x 45mmTable 46 Firmware Specifications Default IP Address 192.168.1.2Default Subnet Mask 255.255.255.0 (24 bits)Default Password 1234Wireless LAN Standards IEEE 802.11b, IEEE 802.11gWireless security WEP, WPA(2), WPA(2)-PSK, 802.1xSTP (Spanning Tree Protocol) / RSTP (Rapid STP)(R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a bridge to interact with other (R)STP-compliant bridges in your network to ensure that only one path exists between any two stations on the network.WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) allows you to prioritize wireless traffic. Certificates The ZyXEL Device can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. Certificates provide a way to exchange public keys for use in authentication.
Appendix A Product SpecificationsZyXEL NWA-1100 User’s Guide136SSL Passthrough SSL (Secure Sockets Layer) uses a public key to encrypt data that's transmitted over an SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with “https” instead of “http”. The ZyXEL Device allows SSL connections to take place through the ZyXEL Device.MAC Address Filter Your ZyXEL Device checks the MAC address of the wireless station against a list of allowed or denied MAC addresses.Wireless Association List With the wireless association list, you can see the list of the wireless stations that are currently using the ZyXEL Device to access your wired network.Logging and Tracing Built-in message logging and packet tracing.Embedded FTP and TFTP ServersThe embedded FTP and TFTP servers enable fast firmware upgrades as well as configuration file backups and restoration.Auto Configuration Administrators can use text configuration files to configure the wireless LAN settings for multiple APs. The AP can automatically get a configuration file from a TFTP server at start up or after renewing DHCP client information. SNMP SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyXEL Device supports SNMP agent functionality, which allows a manger station to manage and monitor the ZyXEL Device through the network. The ZyXEL Device supports SNMP version one (SNMPv1) and version two c (SNMPv2c).Table 46 Firmware Specifications
ZyXEL NWA-1100 User’s Guide 137APPENDIX B Power over Ethernet (PoE)SpecificationsYou can use a power over Ethernet injector to power this device. The injector must comply to IEEE 802.3af.-7 Table 47 Power over Ethernet Injector Specifications Power Output 15.4 Watts maximumPower Current 400 mA maximumTable 48 Power over Ethernet Injector RJ-45 Port Pin AssignmentsPIN NO RJ-45 SIGNAL ASSIGNMENT1Output Transmit Data +2Output Transmit Data -3Receive Data +4Power +5Power +6Receive Data -7Power -8Power -12345678
Appendix B Power over Ethernet (PoE) SpecificationsZyXEL NWA-1100 User’s Guide138
ZyXEL NWA-1100 User’s Guide 139APPENDIX C Power Adaptor SpecificationsTable 49 North American Plug StandardsAC Power Adaptor Model ADS6818-1812-W 1215Input Power 100~240 Volts AC, 50~60 Hz, 0.5 AOutput Power 12 Volts DC, 1.5A, 18WPower Consumption 6 W MaxSafety Standards UL, CUL (UL60950 Third Edition, CSA C22.2 No. 60950)Table 50 European Plug StandardsAC Power Adaptor Model ADS6818-1812-B 1215Input Power 100~240 Volts AC, 50~60 Hz, 0.5 AOutput Power 12 Volts DC, 1.5 A, 18 WPower Consumption 6 W MaxSafety Standards TUV-GS, CE (EN 60950)Table 51 United Kingdom Plug StandardsAC Power Adaptor Model ADS6818-1812-D 1215Input Power 100~240 Volts AC, 50~60 Hz,0.5 AOutput Power 12 Volts DC, 1.5 A, 18 WPower Consumption 6 W MaxSafety Standards TUV-GS (BS EN 60950)Table 52 Australia and New Zealand Plug StandardsAC Power Adaptor Model ADS6818-1812-A 1215Input Power 100~240 Volts AC, 50~60 Hz, 0.5 AOutput Power 12 Volts DC, 1.5 A, 18 WPower Consumption 6 W MaxSafety Standards DOFT (AS/NZS 60950, AS/NZSB 3112:1-2)
Appendix C Power Adaptor SpecificationsZyXEL NWA-1100 User’s Guide140

Navigation menu