ZyXEL Communications NWA1100 Access Point User Manual NWA1100 UG v 1 00 Ed 1 July 2008

ZyXEL Communications Corporation Access Point NWA1100 UG v 1 00 Ed 1 July 2008

Contents

Installation guide III

ZyXEL NWA-1100 User’s Guide 141
APPENDIX D
Setting up Your Computers IP
Address
All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed.
Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all
versions of UNIX/LINUX include the software components you need to install and use TCP/
IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application
package.
TCP/IP should already be installed on computers using Windows NT/2000/XP, Macintosh OS
7 and later operating systems.
After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order
to "communicate" with your network.
If you manually assign IP information instead of using dynamic assignment, make sure that
your computers have IP addresses that place them in the same subnet as the ZyXEL Device’s
LAN port.
Windows 95/98/Me
Click Start, Settings, Control Panel and double-click the Network icon to open the Network
window
Appendix D Setting up Your Computer’s IP Address
ZyXEL NWA-1100 User’s Guide
142
Figure 73 WIndows 95/98/Me: Network: Configuration
Installing Components
The Network window Configuration tab displays a list of installed components. You need a
network adapter, the TCP/IP protocol and Client for Microsoft Networks.
If you need the adapter:
1In the Network window, click Add.
2Select Adapter and then click Add.
3Select the manufacturer and model of your network adapter and then click OK.
If you need TCP/IP:
1In the Network window, click Add.
2Select Protocol and then click Add.
3Select Microsoft from the list of manufacturers.
4Select TCP/IP from the list of network protocols and then click OK.
If you need Client for Microsoft Networks:
1Click Add.
2Select Client and then click Add.
3Select Microsoft from the list of manufacturers.
4Select Client for Microsoft Networks from the list of network clients and then click
OK.
5Restart your computer so the changes you made take effect.
Appendix D Setting up Your Computer’s IP Address
ZyXEL NWA-1100 User’s Guide 143
Configuring
1In the Network window Configuration tab, select your network adapter's TCP/IP entry
and click Properties
2Click the IP Address tab.
If your IP address is dynamic, select Obtain an IP address automatically.
If you have a static IP address, select Specify an IP address and type your
information into the IP Address and Subnet Mask fields.
Figure 74 Windows 95/98/Me: TCP/IP Properties: IP Address
3Click the DNS Configuration tab.
If you do not know your DNS information, select Disable DNS.
If you know your DNS information, select Enable DNS and type the information in
the fields below (you may not need to fill them all in).
Appendix D Setting up Your Computer’s IP Address
ZyXEL NWA-1100 User’s Guide
144
Figure 75 Windows 95/98/Me: TCP/IP Properties: DNS Configuration
4Click the Gateway tab.
If you do not know your gateway’s IP address, remove previously installed gateways.
If you have a gateway IP address, type it in the New gateway field and click Add.
5Click OK to save and close the TCP/IP Properties window.
6Click OK to close the Network window. Insert the Windows CD if prompted.
7Turn on your ZyXEL Device and restart your computer when prompted.
Verifying Settings
1Click Start and then Run.
2In the Run window, type "winipcfg" and then click OK to open the IP Configuration
window.
3Select your network adapter. You should see your computer's IP address, subnet mask
and default gateway.
Windows 2000/NT/XP
1For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start,
Settings, Control Panel.
Appendix D Setting up Your Computer’s IP Address
ZyXEL NWA-1100 User’s Guide 145
Figure 76 Windows XP: Start Menu
2For Windows XP, click Network Connections. For Windows 2000/NT, click Network
and Dial-up Connections.
Figure 77 Windows XP: Control Panel
3Right-click Local Area Connection and then click Properties.
Appendix D Setting up Your Computer’s IP Address
ZyXEL NWA-1100 User’s Guide
146
Figure 78 Windows XP: Control Panel: Network Connections: Properties
4Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click
Properties.
Figure 79 Windows XP: Local Area Connection Properties
5The Internet Protocol TCP/IP Properties window opens (the General tab in
Windows XP).
If you have a dynamic IP address click Obtain an IP address automatically.
If you have a static IP address click Use the following IP Address and fill in the IP
address, Subnet mask, and Default gateway fields. Click Advanced.
Appendix D Setting up Your Computer’s IP Address
ZyXEL NWA-1100 User’s Guide 147
Figure 80 Windows XP: Advanced TCP/IP Settings
6If you do not know your gateway's IP address, remove any previously installed gateways
in the IP Settings tab and click OK.
Do one or more of the following if you want to configure additional IP addresses:
•In the IP Settings tab, in IP addresses, click Add.
•In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet
mask, and then click Add.
Repeat the above two steps for each IP address you want to add.
Configure additional default gateways in the IP Settings tab by clicking Add in
Default gateways.
•In TCP/IP Gateway Address, type the IP address of the default gateway in Gateway.
To manually configure a default metric (the number of transmission hops), clear the
Automatic metric check box and type a metric in Metric.
Click Add.
Repeat the previous three steps for each default gateway you want to add.
Click OK when finished.
7In the Internet Protocol TCP/IP Properties window (the General tab in Windows
XP):
Click Obtain DNS server address automatically if you do not know your DNS
server IP address(es).
If you know your DNS server IP address(es), click Use the following DNS server
addresses, and type them in the Preferred DNS server and Alternate DNS server
fields.
If you have previously configured DNS servers, click Advanced and then the DNS
tab to order them.
Appendix D Setting up Your Computer’s IP Address
ZyXEL NWA-1100 User’s Guide
148
Figure 81 Windows XP: Internet Protocol (TCP/IP) Properties
8Click OK to close the Internet Protocol (TCP/IP) Properties window.
9Click OK to close the Local Area Connection Properties window.
10 Turn on your ZyXEL Device and restart your computer (if prompted).
Verifying Settings
1Click Start, All Programs, Accessories and then Command Prompt.
2In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can
also open Network Connections, right-click a network connection, click Status and
then click the Support tab.
Macintosh OS 8/9
1Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP
Control Panel.
Appendix D Setting up Your Computer’s IP Address
ZyXEL NWA-1100 User’s Guide 149
Figure 82 Macintosh OS 8/9: Apple Menu
2Select Ethernet built-in from the Connect via list.
Figure 83 Macintosh OS 8/9: TCP/IP
3For dynamically assigned settings, select Using DHCP Server from the Configure: list.
4For statically assigned settings, do the following:
•From the Configure box, select Manually.
Appendix D Setting up Your Computer’s IP Address
ZyXEL NWA-1100 User’s Guide
150
Type your IP address in the IP Address box.
Type your subnet mask in the Subnet mask box.
Type the IP address of your ZyXEL Device in the Router address box.
5Close the TCP/IP Control Panel.
6Click Save if prompted, to save changes to your configuration.
7Turn on your ZyXEL Device and restart your computer (if prompted).
Verifying Settings
Check your TCP/IP properties in the TCP/IP Control Panel window.
Macintosh OS X
1Click the Apple menu, and click System Preferences to open the System Preferences
window.
Figure 84 Macintosh OS X: Apple Menu
2Click Network in the icon bar.
Select Automatic from the Location list.
Select Built-in Ethernet from the Show list.
Click the TCP/IP tab.
3For dynamically assigned settings, select Using DHCP from the Configure list.
Appendix D Setting up Your Computer’s IP Address
ZyXEL NWA-1100 User’s Guide 151
Figure 85 Macintosh OS X: Network
4For statically assigned settings, do the following:
•From the Configure box, select Manually.
Type your IP address in the IP Address box.
Type your subnet mask in the Subnet mask box.
Type the IP address of your ZyXEL Device in the Router address box.
5Click Apply Now and close the window.
6Turn on your ZyXEL Device and restart your computer (if prompted).
Verifying Settings
Check your TCP/IP properties in the Network window.
Appendix D Setting up Your Computer’s IP Address
ZyXEL NWA-1100 User’s Guide
152
ZyXEL NWA-1100 User’s Guide 153
APPENDIX E
Wireless LANs
Wireless LAN Topologies
This section discusses ad-hoc and infrastructure wireless LAN topologies.
Ad-hoc Wireless LAN Configuration
The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of
computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within
range of each other, they can set up an independent network, which is commonly referred to as
an ad-hoc network or Independent Basic Service Set (IBSS). The following diagram shows an
example of notebook computers using wireless adapters to form an ad-hoc wireless LAN.
Figure 86 Peer-to-Peer Communication in an Ad-hoc Network
BSS
A Basic Service Set (BSS) exists when all communications between wireless clients or
between a wireless client and a wired network client go through one access point (AP).
Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled,
wireless client A and B can access the wired network and communicate with each other. When
Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot
communicate with each other.
Appendix E Wireless LANs
ZyXEL NWA-1100 User’s Guide
154
Figure 87 Basic Service Set
ESS
An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an
access point, with each access point connected together by a wired network. This wired
connection between APs is called a Distribution System (DS).
This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not
only provide communication with the wired network but also mediate wireless network traffic
in the immediate neighborhood.
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their
associated wireless clients within the same ESS must have the same ESSID in order to
communicate.
Appendix E Wireless LANs
ZyXEL NWA-1100 User’s Guide 155
Figure 88 Infrastructure WLAN
Channel
A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels
available depend on your geographical area. You may have a choice of channels (for your
region) so you should use a different channel than an adjacent AP (access point) to reduce
interference. Interference occurs when radio signals from different access points overlap
causing interference and degrading performance.
Adjacent channels partially overlap however. To avoid interference due to overlap, your AP
should be on a channel at least five channels away from a channel that an adjacent AP is using.
For example, if your region has 11 channels and an adjacent AP is using channel 1, then you
need to select a channel between 6 or 11.
RTS/CTS
A hidden node occurs when two stations are within range of the same access point, but are not
within range of each other. The following figure illustrates a hidden node. Both stations (STA)
are within range of the access point (AP) or wireless gateway, but out-of-range of each other,
so they cannot "hear" each other, that is they do not know if the channel is currently being
used. Therefore, they are considered hidden from each other.
Appendix E Wireless LANs
ZyXEL NWA-1100 User’s Guide
156
Figure 89 RTS/CTS
When station A sends data to the AP, it might not know that the station B is already using the
channel. If these two stations send data at the same time, collisions may occur when both sets
of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the
biggest size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send)
handshake is invoked.
When a data frame exceeds the RTS/CTS value you set (between 1 to 2432 bytes), the station
that wants to transmit this frame must first send an RTS (Request To Send) message to the AP
for permission to send it. The AP then responds with a CTS (Clear to Send) message to all
other stations within its range to notify them to defer their transmission. It also reserves and
confirms with the requesting station the time frame for the requested transmission.
Stations can send frames smaller than the specified RTS/CTS directly to the AP without the
RTS (Request To Send)/CTS (Clear to Send) handshake.
You should only configure RTS/CTS if the possibility of hidden nodes exists on your network
and the "cost" of resending large frames is more than the extra network overhead involved in
the RTS (Request To Send)/CTS (Clear to Send) handshake.
If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the
RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will
be fragmented before they reach RTS/CTS size.
"Enabling the RTS Threshold causes redundant network overhead that could
negatively affect the throughput performance instead of providing a remedy.
Appendix E Wireless LANs
ZyXEL NWA-1100 User’s Guide 157
Fragmentation Threshold
A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432
bytes) that can be sent in the wireless network before the AP will fragment the packet into
smaller data frames.
A large Fragmentation Threshold is recommended for networks not prone to interference
while you should set a smaller threshold for busy networks or networks that are prone to
interference.
If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously)
you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as
data frames will be fragmented before they reach RTS/CTS size.
Preamble Type
Preamble is used to signal that data is coming to the receiver. Short and Long refer to the
length of the synchronization field in a packet.
Short preamble increases performance as less time sending preamble means more time for
sending data. All IEEE 802.11b/g compliant wireless adapters support long preamble, but not
all support short preamble.
Select Long preamble if you are unsure what preamble mode the wireless adapters support,
and to provide more reliable communications in busy wireless networks.
Select Dynamic to have the AP automatically use short preamble when wireless adapters
support it, otherwise the AP uses long preamble.
"The AP and the wireless adapters MUST use the same preamble mode in
order to communicate.
IEEE 802.11g Wireless LAN
IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE
802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at
11 Mbps or lower depending on range. IEEE 802.11g has several intermediate rate steps
between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation
are as follows:
Table 53 IEEE 802.11g
DATA RATE (MBPS) MODULATION
1 DBPSK (Differential Binary Phase Shift Keyed)
2 DQPSK (Differential Quadrature Phase Shift Keying)
5.5 / 11 CCK (Complementary Code Keying)
6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing)
Appendix E Wireless LANs
ZyXEL NWA-1100 User’s Guide
158
Wireless Security Overview
Wireless security is vital to your network to protect wireless communication between wireless
clients, access points and the wired network.
Wireless security methods available on the ZyXEL Device are data encryption, wireless client
authentication, restricting access by device MAC address and hiding the ZyXEL Device
identity.
The following figure shows the relative effectiveness of these wireless security methods
available on your ZyXEL Device.
"You must enable the same wireless security settings on the ZyXEL Device and
on all wireless clients that you want to associate with it.
IEEE 802.1x
In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to
support extended authentication as well as providing additional accounting and control
features. It is supported by Windows XP and a number of network devices. Some advantages
of IEEE 802.1x are:
User based identification that allows for roaming.
Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for
centralized user profile and accounting management on a network RADIUS server.
Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional
authentication methods to be deployed with no changes to the access point or the wireless
clients.
Table 54 Wireless Security Levels
SECURITY
LEVEL SECURITY TYPE
Least
S e c u r e
Most Secure
Unique SSID (Default)
Unique SSID with Hide SSID Enabled
MAC Address Filtering
WEP Encryption
IEEE802.1x EAP with RADIUS Server Authentication
Wi-Fi Protected Access (WPA)
WPA2
Appendix E Wireless LANs
ZyXEL NWA-1100 User’s Guide 159
RADIUS
RADIUS is based on a client-server model that supports authentication, authorization and
accounting. The access point is the client and the server is the RADIUS server. The RADIUS
server handles the following tasks:
Authentication
Determines the identity of the users.
• Authorization
Determines the network services available to authenticated users once they are connected
to the network.
• Accounting
Keeps track of the client’s network activity.
RADIUS is a simple package exchange in which your AP acts as a message relay between the
wireless client and the network RADIUS server.
Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the access point and the
RADIUS server for user authentication:
• Access-Request
Sent by an access point requesting authentication.
• Access-Reject
Sent by a RADIUS server rejecting access.
• Access-Accept
Sent by a RADIUS server allowing access.
• Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access. The
access point sends a proper response from the user and then sends another Access-Request
message.
The following types of RADIUS messages are exchanged between the access point and the
RADIUS server for user accounting:
• Accounting-Request
Sent by the access point requesting accounting.
• Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
In order to ensure network security, the access point and the RADIUS server use a shared
secret key, which is a password, they both know. The key is not sent over the network. In
addition to the shared key, password information exchanged is also encrypted to protect the
network from unauthorized access.
Types of EAP Authentication
This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS,
PEAP and LEAP. Your wireless LAN device may not support all authentication types.
Appendix E Wireless LANs
ZyXEL NWA-1100 User’s Guide
160
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the
IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By
using EAP to interact with an EAP-compatible RADIUS server, an access point helps a
wireless station and a RADIUS server perform authentication.
The type of authentication you use depends on the RADIUS server and an intermediary AP(s)
that supports IEEE 802.1x. .
For EAP-TLS authentication type, you must first have a wired connection to the network and
obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs)
can be used to authenticate users and a CA issues certificates and guarantees the identity of
each certificate owner.
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The authentication server
sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password
by encrypting the password with the challenge and sends back the information. Password is
not sent in plain text.
However, MD5 authentication has some weaknesses. Since the authentication server needs to
get the plaintext passwords, the passwords must be stored. Thus someone other than the
authentication server may access the password file. In addition, it is possible to impersonate an
authentication server as MD5 authentication method does not perform mutual authentication.
Finally, MD5 authentication method does not support data encryption with dynamic session
key. You must configure WEP encryption keys for data encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless clients for
mutual authentication. The server presents a certificate to the client. After validating the
identity of the server, the client sends a different certificate to the server. The exchange of
certificates is done in the open before a secured tunnel is created. This makes user identity
vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the
senders identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to
handle certificates, which imposes a management overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the
server-side authentications to establish a secure connection. Client authentication is then done
by sending username and password through the secure connection, thus client identity is
protected. For client authentication, EAP-TTLS supports EAP methods and legacy
authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection,
then use simple username and password methods through the secured connection to
authenticate the clients, thus hiding client identity. However, PEAP only supports EAP
methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card),
for client authentication. EAP-GTC is implemented only by Cisco.
Appendix E Wireless LANs
ZyXEL NWA-1100 User’s Guide 161
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE
802.1x.
Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key expires when
the wireless connection times out, disconnects or reauthentication times out. A new WEP key
is generated each time reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default encryption key in the
Wireless screen. You may still configure and store keys here, but they will not be used while
Dynamic WEP is enabled.
"EAP-MD5 cannot be used with Dynamic WEP Key Exchange
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use
dynamic keys for data encryption. They are often deployed in corporate environments, but for
public deployment, a simple user name and password pair is more practical. The following
table is a comparison of the features of authentication types.
WPA and WPA2
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE
802.11i) is a wireless security standard that defines stronger encryption, authentication and
key management than WPA.
Key differences between WPA or WPA2 and WEP are improved data encryption and user
authentication.
Table 55 Comparison of EAP Authentication Types
EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP
Mutual Authentication No Yes Yes Yes Yes
Certificate – Client No Yes Optional Optional No
Certificate – Server No Yes Yes Yes No
Dynamic Key Exchange No Yes Yes Yes Yes
Credential Integrity None Strong Strong Strong Moderate
Deployment Difficulty Easy Hard Moderate Moderate Moderate
Client Identity Protection No No Yes Yes No
Appendix E Wireless LANs
ZyXEL NWA-1100 User’s Guide
162
If both an AP and the wireless clients support WPA2 and you have an external RADIUS
server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server,
you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical)
password entered into each access point, wireless gateway and wireless client. As long as the
passwords match, a wireless client will be granted access to a WLAN.
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending
on whether you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is
less secure than WPA or WPA2.
Encryption
Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol
(TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced
Encryption Standard (AES) in the Counter mode with Cipher block chaining Message
authentication code Protocol (CCMP) to offer stronger encryption than TKIP.
TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication
server. AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit
mathematical algorithm called Rijndael. They both include a per-packet key mixing function,
a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with
sequencing rules, and a re-keying mechanism.
WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption
key is never used twice.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up
a key hierarchy and management system, using the PMK to dynamically generate unique data
encryption keys to encrypt every data packet that is wirelessly communicated between the AP
and the wireless clients. This all happens in the background automatically.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data
packets, altering them and resending them. The MIC provides a strong mathematical function
in which the receiver and the transmitter each compute and then compare the MIC. If they do
not match, it is assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity
checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a Wi-Fi
network than WEP and difficult for an intruder to break into the network.
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only
difference between the two is that WPA(2)-PSK uses a simple common password, instead of
user-specific credentials. The common-password approach makes WPA(2)-PSK susceptible to
brute-force password-guessing attacks but it’s still an improvement over WEP as it employs a
consistent, single, alphanumeric password to derive a PMK which is used to generate unique
temporal encryption keys. This prevent all wireless devices sharing the same encryption keys.
(a weakness of WEP)
Appendix E Wireless LANs
ZyXEL NWA-1100 User’s Guide 163
User Authentication
WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to
authenticate wireless clients using an external RADIUS database. WPA2 reduces the number
of key exchange messages from six to four (CCMP 4-way handshake) and shortens the time
required to connect to a network. Other WPA2 authentication features that are different from
WPA include key caching and pre-authentication. These two features are optional and may not
be supported in all wireless devices.
Key caching allows a wireless client to store the PMK it derived through a successful
authentication with an AP. The wireless client uses the PMK when it tries to connect to the
same AP and does not need to go with the authentication process again.
Pre-authentication enables fast roaming by allowing the wireless client (already connecting to
an AP) to perform IEEE 802.1x authentication with another AP before connecting to it.
Wireless Client WPA Supplicants
A wireless client supplicant is the software that runs on an operating system instructing the
wireless client how to use WPA. At the time of writing, the most widely available supplicant is
the WPA patch for Windows XP, Funk Software's Odyssey client.
The Windows XP patch is a free download that adds WPA capability to Windows XP's built-
in "Zero Configuration" wireless client. However, you must run Windows XP to use it.
WPA(2) with RADIUS Application Example
You need the IP address of the RADIUS server, its port number (default is 1812), and the
RADIUS shared secret. A WPA(2) application example with an external RADIUS server
looks as follows. "A" is the RADIUS server. "DS" is the distribution system.
1The AP passes the wireless client's authentication request to the RADIUS server.
2The RADIUS server then checks the user's identification against its database and grants
or denies network access accordingly.
3The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then
sets up a key hierarchy and management system, using the pair-wise key to dynamically
generate unique data encryption keys to encrypt every data packet that is wirelessly
communicated between the AP and the wireless clients.
Appendix E Wireless LANs
ZyXEL NWA-1100 User’s Guide
164
Figure 90 WPA(2) with RADIUS Application Example
WPA(2)-PSK Application Example
A WPA(2)-PSK application looks as follows.
1First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key
(PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters
(including spaces and symbols).
2The AP checks each wireless client's password and (only) allows it to join the network if
the password matches.
3The AP and wireless clients use the pre-shared key to generate a common PMK
(Pairwise Master Key).
4The AP and wireless clients use the TKIP or AES encryption process to encrypt data
exchanged between them.
Figure 91 WPA(2)-PSK Authentication
Appendix E Wireless LANs
ZyXEL NWA-1100 User’s Guide 165
Security Parameters Summary
Refer to this table to see what other security parameters you should configure for each
Authentication Method/ key management protocol type. MAC address filters are not
dependent on how you configure these security features.
Antenna Overview
An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF
signal to the antenna, which propagates the signal through the air. The antenna also operates in
reverse by capturing RF signals from the air.
Positioning the antennas properly increases the range and coverage area of a wireless LAN.
Antenna Characteristics
Frequency
An antenna in the frequency of 2.4GHz (IEEE 802.11b) or 5GHz(IEEE 802.11a) is needed to
communicate efficiently in a wireless LAN.
Radiation Pattern
A radiation pattern is a diagram that allows you to visualize the shape of the antenna’s
coverage area.
Table 56 Wireless Security Relational Matrix
AUTHENTICATION
METHOD/ KEY
MANAGEMENT PROTOCOL
ENCRYPTIO
N METHOD
ENTER
MANUAL KEY IEEE 802.1X
Open None No Disable
Enable without Dynamic WEP Key
Open WEP No Enable with Dynamic WEP Key
Yes Enable without Dynamic WEP Key
Yes Disable
Shared WEP No Enable with Dynamic WEP Key
Yes Enable without Dynamic WEP Key
Yes Disable
WPA TKIP/AES No Enable
WPA-PSK TKIP/AES Yes Disable
WPA2 TKIP/AES No Enable
WPA2-PSK TKIP/AES Yes Disable
Appendix E Wireless LANs
ZyXEL NWA-1100 User’s Guide
166
Antenna Gain
Antenna gain, measured in dB (decibel), is the increase in coverage within the RF beam width.
Higher antenna gain improves the range of the signal for better communications.
For an indoor site, each 1 dB increase in antenna gain results in a range increase of
approximately 2.5%. For an unobstructed outdoor site, each 1dB increase in gain results in a
range increase of approximately 5%. Actual results may vary depending on the network
environment.
Antenna gain is sometimes specified in dBi, which is how much the antenna increases the
signal power compared to using an isotropic antenna. An isotropic antenna is a theoretical
perfect antenna that sends out radio signals equally well in all directions. dBi represents the
true gain that the antenna provides.
Types of Antennas for WLAN
There are two types of antennas used for wireless LAN applications.
Omni-directional antennas send the RF signal out in all directions on a horizontal plane.
The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a
room environment. With a wide coverage area, it is possible to make circular overlapping
coverage areas with multiple access points.
Directional antennas concentrate the RF signal in a beam, like a flashlight does with the
light from its bulb. The angle of the beam determines the width of the coverage pattern.
Angles typically range from 20 degrees (very directional) to 120 degrees (less directional).
Directional antennas are ideal for hallways and outdoor point-to-point applications.
Positioning Antennas
In general, antennas should be mounted as high as practically possible and free of
obstructions. In point-to–point application, position both antennas at the same height and in a
direct line of sight to each other to attain the best performance.
For omni-directional antennas mounted on a table, desk, and so on, point the antenna up. For
omni-directional antennas mounted on a wall or ceiling, point the antenna down. For a single
AP application, place omni-directional antennas as close to the center of the coverage area as
possible.
For directional antennas, point the antenna in the direction of the desired coverage area.
ZyXEL NWA-1100 User’s Guide 167
APPENDIX F
Pop-up Windows, JavaScripts
and Java Permissions
In order to use the web configurator you need to allow:
Web browser pop-up windows from your device.
JavaScripts (enabled by default).
Java permissions (enabled by default).
"Internet Explorer 6 screens are used here. Screens for other Internet Explorer
versions may vary.
Internet Explorer Pop-up Blockers
You may have to disable pop-up blocking to log into your device.
Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or
allow pop-up blocking and create an exception for your device’s IP address.
Disable pop-up Blockers
1In Internet Explorer, select To ols , Pop-up Blocker and then select Turn Off Pop-up
Blocker.
Figure 92 Pop-up Blocker
You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the
Privacy tab.
1In Internet Explorer, select To ols , Internet Options, Privacy.
Appendix F Pop-up Windows, JavaScripts and Java Permissions
ZyXEL NWA-1100 User’s Guide
168
2Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This
disables any web pop-up blockers you may have enabled.
Figure 93 Internet Options: Privacy
3Click Apply to save this setting.
Enable pop-up Blockers with Exceptions
Alternatively, if you only want to allow pop-up windows from your device, see the following
steps.
1In Internet Explorer, select To ols , Internet Options and then the Privacy tab.
2Select Settings…to open the Pop-up Blocker Settings screen.
Appendix F Pop-up Windows, JavaScripts and Java Permissions
ZyXEL NWA-1100 User’s Guide 169
Figure 94 Internet Options: Privacy
3Type the IP address of your device (the web page that you do not want to have blocked)
with the prefix “http://”. For example, http://192.168.167.1.
4Click Add to move the IP address to the list of Allowed sites.
Figure 95 Pop-up Blocker Settings
Appendix F Pop-up Windows, JavaScripts and Java Permissions
ZyXEL NWA-1100 User’s Guide
170
5Click Close to return to the Privacy screen.
6Click Apply to save this setting.
JavaScripts
If pages of the web configurator do not display properly in Internet Explorer, check that
JavaScripts are allowed.
1In Internet Explorer, click Tools, Internet Options and then the Security tab.
Figure 96 Internet Options: Security
2Click the Custom Level... button.
3Scroll down to Scripting.
4Under Active scripting make sure that Enable is selected (the default).
5Under Scripting of Java applets make sure that Enable is selected (the default).
6Click OK to close the window.
Appendix F Pop-up Windows, JavaScripts and Java Permissions
ZyXEL NWA-1100 User’s Guide 171
Figure 97 Security Settings - Java Scripting
Java Permissions
1From Internet Explorer, click Tools, Internet Options and then the Security tab.
2Click the Custom Level... button.
3Scroll down to Microsoft VM.
4Under Java permissions make sure that a safety level is selected.
5Click OK to close the window.
Figure 98 Security Settings - Java
Appendix F Pop-up Windows, JavaScripts and Java Permissions
ZyXEL NWA-1100 User’s Guide
172
JAVA (Sun)
1From Internet Explorer, click Tools, Internet Options and then the Advanced tab.
2Make sure that Use Java 2 for <applet> under Java (Sun) is selected.
3Click OK to close the window.
Figure 99 Java (Sun)
ZyXEL NWA-1100 User’s Guide 173
APPENDIX G
IP Addresses and Subnetting
This appendix introduces IP addresses and subnet masks.
IP addresses identify individual devices on a network. Every networking device (including
computers, servers, routers, printers, etc.) needs an IP address to communicate across the
network. These networking devices are also known as hosts.
Subnet masks determine the maximum number of possible hosts on a network. You can also
use subnet masks to divide one network into multiple sub-networks.
Introduction to IP Addresses
One part of the IP address is the network number, and the other part is the host ID. In the same
way that houses on a street share a common street name, the hosts on a network share a
common network number. Similarly, as each house has its own house number, each host on
the network has its own unique identifying number - the host ID. Routers use the network
number to send packets to the correct network, while the host ID determines to which host on
the network the packets are delivered.
Structure
An IP address is made up of four parts, written in dotted decimal notation (for example,
192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary
number (for example 11000000, which is 192 in decimal notation).
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in
decimal.
The following figure shows an example IP address in which the first three octets (192.168.1)
are the network number, and the fourth octet (16) is the host ID.
Appendix G IP Addresses and Subnetting
ZyXEL NWA-1100 User’s Guide
174
Figure 100 Network Number and Host ID
How much of the IP address is the network number and how much is the host ID varies
according to the subnet mask.
Subnet Masks
A subnet mask is used to determine which bits are part of the network number, and which bits
are part of the host ID (using a logical AND operation). The term “subnet” is short for “sub-
network”.
A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the
IP address is part of the network number. If a bit in the subnet mask is “0” then the
corresponding bit in the IP address is part of the host ID.
The following example shows a subnet mask identifying the network number (in bold text)
and host ID of an IP address (192.168.1.2 in decimal).
By convention, subnet masks always consist of a continuous sequence of ones beginning from
the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of
32 bits.
Subnet masks can be referred to by the size of the network number part (the bits with a “1”
value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the
remaining 24 bits are zeroes.
Table 57 Subnet Masks
1ST
OCTET:
(192)
2ND
OCTET:
(168)
3RD
OCTET:
(1)
4TH OCTET
(2)
IP Address (Binary) 11000000 10101000 00000001 00000010
Subnet Mask (Binary) 11111111 11111111 11111111 00000000
Network Number 11000000 10101000 00000001
Host ID 00000010
Appendix G IP Addresses and Subnetting
ZyXEL NWA-1100 User’s Guide 175
Subnet masks are expressed in dotted decimal notation just like IP addresses. The following
examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet
masks.
Network Size
The size of the network number determines the maximum number of possible hosts you can
have on your network. The larger the number of network number bits, the smaller the number
of remaining host ID bits.
An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 with a
24-bit subnet mask, for example). An IP address with host IDs of all ones is the broadcast
address for that network (192.168.1.255 with a 24-bit subnet mask, for example).
As these two IP addresses cannot be used for individual hosts, calculate the maximum number
of possible hosts in a network as follows:
Notation
Since the mask is always a continuous number of ones beginning from the left, followed by a
continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the
number of ones instead of writing the value of each octet. This is usually specified by writing
a “/” followed by the number of bits in the mask after the address.
For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask
255.255.255.128.
The following table shows some possible subnet masks using both notations.
Table 58 Subnet Masks
BINARY
DECIMAL
1ST
OCTET
2ND
OCTET
3RD
OCTET 4TH OCTET
8-bit mask 11111111 00000000 00000000 00000000 255.0.0.0
16-bit mask 11111111 11111111 00000000 00000000 255.255.0.0
24-bit mask 11111111 11111111 11111111 00000000 255.255.255.0
29-bit mask 11111111 11111111 11111111 11111000 255.255.255.248
Table 59 Maximum Host Numbers
SUBNET MASK HOST ID SIZE MAXIMUM NUMBER OF HOSTS
8 bits 255.0.0.0 24 bits 224 – 2 16777214
16 bits 255.255.0.0 16 bits 216 – 2 65534
24 bits 255.255.255.0 8 bits 28 – 2 254
29 bits 255.255.255.248 3 bits 23 – 2 6
Table 60 Alternative Subnet Mask Notation
SUBNET MASK ALTERNATIVE
NOTATION
LAST OCTET
(BINARY)
LAST OCTET
(DECIMAL)
255.255.255.0 /24 0000 0000 0
255.255.255.128 /25 1000 0000 128
Appendix G IP Addresses and Subnetting
ZyXEL NWA-1100 User’s Guide
176
Subnetting
You can use subnetting to divide one network into multiple sub-networks. In the following
example a network administrator creates two sub-networks to isolate a group of servers from
the rest of the company network for security reasons.
In this example, the company network address is 192.168.1.0. The first three octets of the
address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a
maximum of 28 – 2 or 254 possible hosts.
The following figure shows the company network before subnetting.
Figure 101 Subnetting Example: Before Subnetting
You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate
sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25).
The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets;
192.168.1.0 /25 and 192.168.1.128 /25.
The following figure shows the company network after subnetting. There are now two sub-
networks, A and B.
255.255.255.192 /26 1100 0000 192
255.255.255.224 /27 1110 0000 224
255.255.255.240 /28 1111 0000 240
255.255.255.248 /29 1111 1000 248
255.255.255.252 /30 1111 1100 252
Table 60 Alternative Subnet Mask Notation (continued)
SUBNET MASK ALTERNATIVE
NOTATION
LAST OCTET
(BINARY)
LAST OCTET
(DECIMAL)
Appendix G IP Addresses and Subnetting
ZyXEL NWA-1100 User’s Guide 177
Figure 102 Subnetting Example: After Subnetting
In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126
possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s
broadcast address).
192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask
255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned
to an actual host for subnet A is 192.168.1.1 and the highest is 192.168.1.126.
Similarly, the host ID range for subnet B is 192.168.1.129 to 192.168.1.254.
Example: Four Subnets
The previous example illustrated using a 25-bit subnet mask to divide a 24-bit address into two
subnets. Similarly, to divide a 24-bit address into four subnets, you need to “borrow” two host
ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits
(11111111.11111111.11111111.11000000) or 255.255.255.192.
Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all
zeroes is the subnet itself, all ones is the subnet’s broadcast address).
Table 61 Subnet 1
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
IP Address (Decimal) 192.168.1. 0
IP Address (Binary) 11000000.10101000.00000001. 00000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:
192.168.1.0
Lowest Host ID: 192.168.1.1
Broadcast Address:
192.168.1.63
Highest Host ID: 192.168.1.62
Appendix G IP Addresses and Subnetting
ZyXEL NWA-1100 User’s Guide
178
Example: Eight Subnets
Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and
111).
The following table shows IP address last octet values for each subnet.
Table 62 Subnet 2
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
IP Address 192.168.1. 64
IP Address (Binary) 11000000.10101000.00000001. 01000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:
192.168.1.64
Lowest Host ID: 192.168.1.65
Broadcast Address:
192.168.1.127
Highest Host ID: 192.168.1.126
Table 63 Subnet 3
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
IP Address 192.168.1. 128
IP Address (Binary) 11000000.10101000.00000001. 10000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:
192.168.1.128
Lowest Host ID: 192.168.1.129
Broadcast Address:
192.168.1.191
Highest Host ID: 192.168.1.190
Table 64 Subnet 4
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
IP Address 192.168.1. 192
IP Address (Binary) 11000000.10101000.00000001. 11000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:
192.168.1.192
Lowest Host ID: 192.168.1.193
Broadcast Address:
192.168.1.255
Highest Host ID: 192.168.1.254
Table 65 Eight Subnets
SUBNET SUBNET
ADDRESS FIRST ADDRESS LAST
ADDRESS
BROADCAST
ADDRESS
1 0 1 30 31
232 33 62 63
364 65 94 95
496 97 126 127
Appendix G IP Addresses and Subnetting
ZyXEL NWA-1100 User’s Guide 179
Subnet Planning
The following table is a summary for subnet planning on a network with a 24-bit network
number.
The following table is a summary for subnet planning on a network with a 16-bit network
number.
5128 129 158 159
6160 161 190 191
7192 193 222 223
8224 225 254 255
Table 65 Eight Subnets (continued)
SUBNET SUBNET
ADDRESS FIRST ADDRESS LAST
ADDRESS
BROADCAST
ADDRESS
Table 66 24-bit Network Number Subnet Planning
NO. “BORROWED”
HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER
SUBNET
1255.255.255.128 (/25) 2126
2255.255.255.192 (/26) 462
3255.255.255.224 (/27) 830
4255.255.255.240 (/28) 16 14
5255.255.255.248 (/29) 32 6
6255.255.255.252 (/30) 64 2
7255.255.255.254 (/31) 128 1
Table 67 16-bit Network Number Subnet Planning
NO. “BORROWED”
HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER
SUBNET
1255.255.128.0 (/17) 232766
2255.255.192.0 (/18) 416382
3255.255.224.0 (/19) 88190
4255.255.240.0 (/20) 16 4094
5255.255.248.0 (/21) 32 2046
6255.255.252.0 (/22) 64 1022
7255.255.254.0 (/23) 128 510
8255.255.255.0 (/24) 256 254
9255.255.255.128 (/25) 512 126
10 255.255.255.192 (/26) 1024 62
11 255.255.255.224 (/27) 2048 30
12 255.255.255.240 (/28) 4096 14
13 255.255.255.248 (/29) 8192 6
Appendix G IP Addresses and Subnetting
ZyXEL NWA-1100 User’s Guide
180
Configuring IP Addresses
Where you obtain your network number depends on your particular situation. If the ISP or
your network administrator assigns you a block of registered IP addresses, follow their
instructions in selecting the IP addresses and the subnet mask.
If the ISP did not explicitly give you an IP network number, then most likely you have a single
user account and the ISP will assign you a dynamic IP address when the connection is
established. If this is the case, it is recommended that you select a network number from
192.168.0.0 to 192.168.255.0. The Internet Assigned Number Authority (IANA) reserved this
block of addresses specifically for private use; please do not use any other number unless you
are told otherwise. You must also enable Network Address Translation (NAT) on the ZyXEL
Device.
Once you have decided on the network number, pick an IP address for your ZyXEL Device
that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your
network is using that IP address.
The subnet mask specifies the network number portion of an IP address. Your ZyXEL Device
will compute the subnet mask automatically based on the IP address that you entered. You
don't need to change the subnet mask computed by the ZyXEL Device unless you are
instructed to do otherwise.
Private IP Addresses
Every machine on the Internet must have a unique address. If your networks are isolated from
the Internet (running only between two branch offices, for example) you can assign any IP
addresses to the hosts without problems. However, the Internet Assigned Numbers Authority
(IANA) has reserved the following three blocks of IP addresses specifically for private
networks:
10.0.0.0 — 10.255.255.255
172.16.0.0 — 172.31.255.255
192.168.0.0 — 192.168.255.255
You can obtain your IP address from the IANA, from an ISP, or it can be assigned from a
private network. If you belong to a small organization and your Internet access is through an
ISP, the ISP can provide you with the Internet addresses for your local networks. On the other
hand, if you are part of a much larger organization, you should consult your network
administrator for the appropriate IP addresses.
Regardless of your particular situation, do not create an arbitrary IP address; always follow the
guidelines above. For more information on address assignment, please refer to RFC 1597,
Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP
Address Space.
14 255.255.255.252 (/30) 16384 2
15 255.255.255.254 (/31) 32768 1
Table 67 16-bit Network Number Subnet Planning (continued)
NO. “BORROWED”
HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER
SUBNET
ZyXEL NWA-1100 User’s Guide 181
APPENDIX H
Text File Based Auto
Configuration
This chapter describes how administrators can use text configuration files to configure the
wireless LAN settings for multiple APs.
Text File Based Auto Configuration Overview
You can use plain text configuration files to configure the wireless LAN settings on multiple
APs. The AP can automatically get a configuration file from a TFTP server at startup or after
renewing DHCP client information.
Figure 103 Text File Based Auto Configuration
Use one of the following methods to give the AP the IP address of the TFTP server where you
store the configuration files and the name of the configuration file that it should download.
You can have a different configuration file for each AP. You can also have multiple APs use
the same configuration file.
Appendix H Text File Based Auto Configuration
ZyXEL NWA-1100 User’s Guide
182
"If adjacent APs use the same configuration file, you should leave out the
channel setting since they could interfere with each other’s wireless traffic.
Auto Configuration by DHCP
A DHCP response can use options 66 and 67 to assign a TFTP server IP address and a
filename. If the AP is configured as a DHCP client, these settings can be used to perform auto
configuration.
If this feature is enabled and the DHCP response provides a TFTP server IP address and a
filename, the AP will try to download the file from the specified TFTP server. The AP then
uses the file to configure wireless LAN settings.
"Not all DHCP servers allow you to specify options 66 and 67.
Configuration Via SNMP
You can configure and trigger the auto configuration remotely via SNMP.
Use the following procedure to have the AP download the configuration file.
Verifying Your Configuration File Upload Via SNMP
You can use SNMP management software to display the configuration file version currently
on the device by using the following MIB.
Table 68 Auto Configuration by DHCP
COMMAND DESCRIPTION
wcfg autocfg dhcp [enable |
disable]
Turn configuration of TFTP server IP address and
filename through DHCP on or off.
Table 69 Configuration via SNMP
STEPS MIB VARIABLE VALUE
Step 1 pwTftpServer Set the IP address of the TFTP server.
Step 2 pwTftpFileName Set the file name, for example, g3000hcfg.txt.
Step 3 pwTftpFileType Set to 3 (text configuration file).
Step 4 pwTftpOpCommand Set to 2 (download).
Table 70 Displaying the File Version
ITEM OBJECT ID DESCRIPTION
pwCfgVersion 1.3.6.1.4.1.890.1.9.1.2 This displays the current configuration file version.
Appendix H Text File Based Auto Configuration
ZyXEL NWA-1100 User’s Guide 183
Troubleshooting Via SNMP
If you have any difficulties with the configuration file upload, you can try using the following
MIB 10 to 20 seconds after using SNMP to have the AP download the configuration file.
Configuration File Format
The text based configuration file must use the following format.
Figure 104 Configuration File Format
The first line must be !#ZYXEL PROWLAN.
The second line must specify the file version. The AP compares the file version with the
version of the last configuration file that it downloaded. If the version of the downloaded file is
the same or smaller (older), the AP ignores the file. If the version of the downloaded file is
larger (newer), the AP uses the file.
Configuration File Rules
You can only use the wlan and wcfg commands in the configuration file. The AP ignores
other ZyNOS commands but continues to check the next command.
The AP ignores any improperly formatted commands and continues to check the next line.
If there are any errors while processing the configuration file, the AP generates a message with
the line number and reason for the first error (subsequent errors during the processing of an
individual configuration file are not recorded). You can use SNMP management software to
display the message by using the following MIB.
The commands will be executed line by line just like if you entered them in a console or Telnet
CI session. Be careful to ensure the integrity of the whole AP configuration. If there are
existing settings in the AP, the newly loaded configuration file will either coexist with the
previous settings or replace them.
Table 71 Displaying the File Version
ITEM OBJECT ID DESCRIPTION
pwTftpOpStatus 1.3.6.1.4.1.890.1.9.1.6 This displays the current operating status of the TFTP
client.
!#ZYXEL PROWLAN
!#VERSION 12
wcfg security 1 xxx
wcfg security save
wcfg ssid 1 xxx
wcfg ssid save
Table 72 Displaying the Auto Configuration Status
ITEM OBJECT ID DESCRIPTION
pwAutoCfgMessage 1.3.6.1.4.1.890.1.9.1.9 Auto configuration status message string
Appendix H Text File Based Auto Configuration
ZyXEL NWA-1100 User’s Guide
184
You can zip each configuration file. You must use the store compression method and a .zip file
extension. When zipping a configuration file, you can also add password protection using the
same password that you use to log into the AP.
Wcfg Command Configuration File Examples
These example configuration files use the wcfg command to configure security and SSID
profiles.
Figure 105 WEP Configuration File Example
Figure 106 802.1X Configuration File Example
!#ZYXEL PROWLAN
!#VERSION 11
wcfg security 1 name Test-wep
wcfg security 1 security wep
wcfg security 1 wep keysize 64 ascii
wcfg security 1 wep key1 abcde
wcfg security 1 wep key2 bcdef
wcfg security 1 wep key3 cdefg
wcfg security 1 wep key4 defgh
wcfg security 1 wep keyindex 1
wcfg security save
wcfg ssid 1 name ssid-wep
wcfg ssid 1 security Test-wep
wcfg ssid 1 l2iolation disable
wcfg ssid 1 macfilter disable
wcfg ssid save
!#ZYXEL PROWLAN
!#VERSION 12
wcfg security 2 name Test-8021x
wcfg security 2 mode 8021x-static128
wcfg security 2 wep key1 abcdefghijklm
wcfg security 2 wep key2 bcdefghijklmn
wcfg security 2 wep keyindex 1
wcfg security 2 reauthtime 1800
wcfg security 2 idletime 3600
wcfg security save
wcfg radius 2 name radius-rd
wcfg radius 2 primary 172.23.3.4 1812 1234 enable
wcfg radius 2 backup 172.23.3.5 1812 1234 enable
wcfg radius save
wcfg ssid 2 name ssid-8021x
wcfg ssid 2 security Test-8021x
wcfg ssid 2 radius radius-rd
wcfg ssid 2 qos 4
wcfg ssid 2 l2isolation disable
wcfg ssid 2 macfilter disable
wcfg ssid save
Appendix H Text File Based Auto Configuration
ZyXEL NWA-1100 User’s Guide 185
Figure 107 WPA-PSK Configuration File Example
Figure 108 WPA Configuration File Example
Wlan Command Configuration File Example
This example configuration file uses the wlan command to configure the AP to use the
security and SSID profiles from the wcfg command configuration file examples and general
wireless settings. You could actually combine all of this chapters example configuration files
into a single configuration file. Remember that the commands are applied in order. So for
example, you would place the commands that create security and SSID profiles before the
commands that tell the AP to use those profiles.
Figure 109 Wlan Configuration File Example
!#ZYXEL PROWLAN
!#VERSION 13
wcfg security 3 name Test-wpapsk
wcfg security 3 mode wpapsk
wcfg security 3 passphrase qwertyuiop
wcfg security 3 reauthtime 1800
wcfg security 3 idletime 3600
wcfg security 3 groupkeytime 1800
wcfg security save
wcfg ssid 3 name ssid-wpapsk
wcfg ssid 3 security Test-wpapsk
wcfg ssid 3 qos 4
wcfg ssid 3 l2siolation disable
wcfg ssid 3 macfilter disable
wcfg ssid save
!#ZYXEL PROWLAN
!#VERSION 14
wcfg security 4 name Test-wpa
wcfg security 4 mode wpa
wcfg security 4 reauthtime 1800
wcfg security 4 idletime 3600
wcfg security 4 groupkeytime 1800
wcfg security save
wcfg radius 4 name radius-rd1
wcfg radius 4 primary 172.0.20.38 1812 20 enable
wcfg radius 4 backup 172.0.20.39 1812 20 enable
wcfg radius save
wcfg ssid 4 name ssid-wpa
wcfg ssid 4 security Test-wpa
wcfg ssid 4 qos 4
wcfg ssid 4 l2isolation disable
wcfg ssid 4 macfilter disable
wcfg ssid save
Appendix H Text File Based Auto Configuration
ZyXEL NWA-1100 User’s Guide
186
!#ZYXEL PROWLAN
!#VERSION 15
wcfg ssid 1 name ssid-wep
wcfg ssid 1 security Test-wep
wcfg ssid 2 name ssid-8021x
wcfg ssid 2 security Test-8021x
wcfg ssid 2 radius radius-rd
wcfg ssid 3 name ssid-wpapsk
wcfg ssid 3 security Test-wpapsk
wcfg ssid 4 name ssid-wpa2psk
wcfg ssid 4 security Test-wpa2psk
wcfg ssid save
!line starting with '!' is comment
!change to channel 8
wlan chid 8
!change operating mode -> AP mode,
!then select ssid-wep as running WLAN profile
wlan opmode 0
wlan ssidprofile ssid-wep
!change operating mode -> MBSSID mode,
!then select ssid-wpapsk, ssid-wpa2psk as running WLAN profiles
wlan opmode 3
wlan ssidprofile ssid-wpapsk ssid-wpa2psk
! set output power level to 50%
wlan output power 2
ZyXEL NWA-1100 User’s Guide 187
APPENDIX I
How to Access and Use the CLI
This chapter introduces the command line interface (CLI).
Accessing the CLI
Use Telnet to access the CLI.
1Connect your computer to one of the Ethernet ports.
2Open a Telnet session to the ZyXEL Device’s IP address. If this is your first login, use
the default values.
Make sure your computer IP address is in the same subnet, unless you are accessing the
ZyXEL Device through one or more routers. In the latter case, make sure remote
management of the ZyXEL Device is allowed via Telnet.
Logging in
Use the administrator username and password. If this is your first login, use the default values.
in some ZyXEL Device models you may not need to enter the user name.
The ZyXEL Device automatically logs you out of the management interface after five minutes
of inactivity. If this happens, simply log back in again. Use the sys stdio set command
to extend the idle timeout. For example, the ZyXEL Device automatically logs you out of the
management interface after 60 minutes of inactivity after you use the sys stdio set 60
command. Use the sys stdio show command to display the current idle timeout setting.
Table 73 Default Management IP Address
SETTING DEFAULT VALUE
IP Address 192.168.1.1
Subnet Mask 255.255.255.0
Table 74 Default User Name and Password
SETTING DEFAULT VALUE
User Name admin
Password 1234
Appendix I How to Access and Use the CLI
ZyXEL NWA-1100 User’s Guide
188
Command Conventions
Command descriptions follow these conventions:
Commands are in courier new font.
Required input values are in angle brackets <>; for example, ping <ip-address>
means that you must specify an IP address for this command.
Optional fields are in square brackets []; for instance in the show logins
[name]command, the name field is optional.
The following is an example of a required field within an optional field: snmp-server
[contact <system contact>], the contact field is optional. However, if you
use contact, then you must provide the system contact information.
•The | (bar) symbol means “or”.
italic terms represent user-defined input values; for example, in sys datetime
date [year month date], year month date can be replaced by the actual
year month and date that you want to set, for example, 2007 08 15.
A key stroke is denoted by square brackets and uppercase text, for example, [ENTER]
means the “Enter” or “Return” key on your keyboard.
<cr> means press the [ENTER] key.
An arrow (-->) indicates that this line is a continuation of the previous line.
A long list of pre-defined values may be replaced by a command input value ‘variable’ so as to
avoid a very long command in the description table. Refer to the command input values table
if you are unsure of what to enter.
"Commands are case sensitive! Enter commands exactly as seen in the
command interface. Remember to also include underscores if required.
Table 75 Common Command Input Values
LABEL DESCRIPTION
description Used when a command has a description field in order to add more detail.
ip-address An IP address in dotted decimal notation. For example, 192.168.1.3.
mask The subnet mask in dotted decimal notation, for example, 255.255.255.0.
mask-bits The number of bits in an address’s subnet mask. For example type /24 for a
subnet mask of 255.255.255.0.
port A port number.
hostname The hostname can be an IP address or domain name.
name Used for the name of a rule, policy, set, group and so on.
number Used for a number, for example 10, that you have to enter.
Appendix I How to Access and Use the CLI
ZyXEL NWA-1100 User’s Guide 189
Copy and Paste Commands
You can copy and paste commands directly from this document into your terminal emulation
console window (such as HyperTerminal). Use right-click (not [CTRL]-[V]) to paste your
command into the console window as shown next.
Using Shortcuts and Getting Help
This table identifies some shortcuts in the CLI, as well as how to get help.
1Use of undocumented commands or misconfiguration can damage the unit
and possibly render it unusable.
Use the help command to view the executable commands on the ZyXEL Device. Follow
these steps to create a list of supported commands:
1Log into the CLI.
2Type help and press [ENTER]. A list comes up which shows all the commands
available for this device.
Table 76 CLI Shortcuts and Help
COMMAND / KEY(S) DESCRIPTION
yz (up/down arrow keys) Scrolls through the list of recently-used commands. You can edit
any command or press [ENTER] to run it again.
?Displays the keywords and/or input values that are allowed in
place of the ?.
help Displays the (full) commands that are allowed in place of help.
ras> help
alarm chsh config
exit ip statistics switch
sys voip
ras>
Appendix I How to Access and Use the CLI
ZyXEL NWA-1100 User’s Guide
190
Saving Your Configuration
In the ZyXEL Device some commands are saved as you run them and others require you to
run a save command. See the related section of this guide to see if a save command is required.
"Unsaved configuration changes are lost once you restart the ZyXEL Device
Logging Out
Use the exit command to log out of the CLI.
ZyXEL NWA-1100 User’s Guide 191
APPENDIX J
Legal Information
Copyright
Copyright © 2007 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed,
stored in a retrieval system, translated into any language, or transmitted in any form or by any
means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or
software described herein. Neither does it convey any license under its patent rights nor the
patent rights of others. ZyXEL further reserves the right to make changes in any products
described herein without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL
Communications, Inc. Other trademarks mentioned in this publication are used for
identification purposes only and may be properties of their respective owners.
Certifications
Federal Communications Commission (FCC) Interference Statement
The device complies with Part 15 of FCC rules. Operation is subject to the following two
conditions:
This device may not cause harmful interference.
This device must accept any interference received, including interference that may cause
undesired operations.
This device has been tested and found to comply with the limits for a Class B digital device
pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a residential installation. This device generates,
uses, and can radiate radio frequency energy, and if not installed and used in accordance with
the instructions, may cause harmful interference to radio communications. However, there is
no guarantee that interference will not occur in a particular installation.
Appendix J Legal Information
ZyXEL NWA-1100 User’s Guide
192
If this device does cause harmful interference to radio/television reception, which can be
determined by turning the device off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
1Reorient or relocate the receiving antenna.
2Increase the separation between the equipment and the receiver.
3Connect the equipment into an outlet on a circuit different from that to which the
receiver is connected.
4Consult the dealer or an experienced radio/TV technician for help.
FCC Radiation Exposure Statement
This transmitter must not be co-located or operating in conjunction with any other antenna
or transmitter.
IEEE 802.11b or 802.11g operation of this product in the U.S.A. is firmware-limited to
channels 1 through 11.
To comply with FCC RF exposure compliance requirements, a separation distance of at
least 20 cm must be maintained between the antenna of this device and all persons.
注意 !
依據 低功率電波輻射性電機管理辦法
第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用
者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。
第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現
有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。
前項合法通信,指依電信規定作業之無線電信。低功率射頻電機須忍
受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。
本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。
Notices
Changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate the equipment.
This device has been designed for the WLAN 2.4 GHz and 5 GHz networks throughout the EC
region and Switzerland, with restrictions in France.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Viewing Certifications
1Go to http://www.zyxel.com.
2Select your product on the ZyXEL home page to go to that product's page.
Appendix J Legal Information
ZyXEL NWA-1100 User’s Guide 193
3Select the certification you wish to view from this page.
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects
in materials or workmanship for a period of up to two years from the date of purchase. During
the warranty period, and upon proof of purchase, should the product have indications of failure
due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the
defective products or components without charge for either parts or labor, and to whatever
extent it shall deem necessary to restore the product or components to proper operating
condition. Any replacement will consist of a new or re-manufactured functionally equivalent
product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty
shall not apply if the product has been modified, misused, tampered with, damaged by an act
of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the
purchaser. This warranty is in lieu of all other warranties, express or implied, including any
implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in
no event be held liable for indirect or consequential damages of any kind to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return
Material Authorization number (RMA). Products must be returned Postage Prepaid. It is
recommended that the unit be insured when shipped. Any returned products without proof of
purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of
ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products
will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty
gives you specific legal rights, and you may also have other rights that vary from country to
country.
Registration
Register your product online to receive e-mail notices of firmware upgrades and information
at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
Appendix J Legal Information
ZyXEL NWA-1100 User’s Guide
194
ZyXEL NWA-1100 User’s Guide 195
APPENDIX K
Customer Support
In the event of problems that cannot be solved by using this manual, you should contact your
vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in
which you bought the device. Regional offices are listed below (see also http://
www.zyxel.com/web/contact_us.php). Please have the following information ready when you
contact an office.
Required Information
Product model and serial number.
Warranty Information.
Date that you received your device.
Brief description of the problem and the steps you took to solve it.
“+” is the (prefix) number you dial to make an international telephone call.
Corporate Headquarters (Worldwide)
Support E-mail: support@zyxel.com.tw
Sales E-mail: sales@zyxel.com.tw
Telephone: +886-3-578-3942
Fax: +886-3-578-2439
Web: www.zyxel.com
Regular Mail: ZyXEL Communications Corp., 6 Innovation Road II, Science Park,
Hsinchu 300, Taiwan
China - ZyXEL Communications (Beijing) Corp.
Support E-mail: cso.zycn@zyxel.cn
Sales E-mail: sales@zyxel.cn
Telephone: +86-010-82800646
Fax: +86-010-82800587
Address: 902, Unit B, Horizon Building, No.6, Zhichun Str, Haidian District, Beijing
Web: http://www.zyxel.cn
China - ZyXEL Communications (Shanghai) Corp.
Support E-mail: cso.zycn@zyxel.cn
Sales E-mail: sales@zyxel.cn
Telephone: +86-021-61199055
Fax: +86-021-52069033
Appendix K Customer Support
ZyXEL NWA-1100 User’s Guide
196
Address: 1005F, ShengGao International Tower, No.137 XianXia Rd., Shanghai
Web: http://www.zyxel.cn
Costa Rica
Support E-mail: soporte@zyxel.co.cr
Sales E-mail: sales@zyxel.co.cr
Telephone: +506-2017878
Fax: +506-2015098
Web: www.zyxel.co.cr
Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San
José, Costa Rica
Czech Republic
E-mail: info@cz.zyxel.com
Telephone: +420-241-091-350
Fax: +420-241-091-359
Web: www.zyxel.cz
Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 -
Modrany, Ceská Republika
Denmark
Support E-mail: support@zyxel.dk
Sales E-mail: sales@zyxel.dk
Telephone: +45-39-55-07-00
Fax: +45-39-55-07-07
Web: www.zyxel.dk
Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, Denmark
Finland
Support E-mail: support@zyxel.fi
Sales E-mail: sales@zyxel.fi
Telephone: +358-9-4780-8411
Fax: +358-9-4780-8448
Web: www.zyxel.fi
Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland
France
E-mail: info@zyxel.fr
Telephone: +33-4-72-52-97-97
Fax: +33-4-72-52-19-20
Web: www.zyxel.fr
Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France
Appendix K Customer Support
ZyXEL NWA-1100 User’s Guide 197
Germany
Support E-mail: support@zyxel.de
Sales E-mail: sales@zyxel.de
Telephone: +49-2405-6909-69
Fax: +49-2405-6909-99
Web: www.zyxel.de
Regular Mail: ZyXEL Deutschland GmbH., Adenauerstr. 20/A2 D-52146, Wuerselen,
Germany
Hungary
Support E-mail: support@zyxel.hu
Sales E-mail: info@zyxel.hu
Telephone: +36-1-3361649
Fax: +36-1-3259100
Web: www.zyxel.hu
Regular Mail: ZyXEL Hungary, 48, Zoldlomb Str., H-1025, Budapest, Hungary
India
Support E-mail: support@zyxel.in
Sales E-mail: sales@zyxel.in
Telephone: +91-11-30888144 to +91-11-30888153
Fax: +91-11-30888149, +91-11-26810715
Web: http://www.zyxel.in
Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1,
New Delhi 110020, India
Japan
Support E-mail: support@zyxel.co.jp
Sales E-mail: zyp@zyxel.co.jp
Telephone: +81-3-6847-3700
Fax: +81-3-6847-3705
Web: www.zyxel.co.jp
Regular Mail: ZyXEL Japan, 3F, Office T&U, 1-10-10 Higashi-Gotanda, Shinagawa-ku,
Tokyo 141-0022, Japan
Kazakhstan
Support: http://zyxel.kz/support
Sales E-mail: sales@zyxel.kz
Telephone: +7-3272-590-698
Fax: +7-3272-590-689
Web: www.zyxel.kz
Regular Mail: ZyXEL Kazakhstan, 43 Dostyk Ave., Office 414, Dostyk Business Centre,
050010 Almaty, Republic of Kazakhstan
Appendix K Customer Support
ZyXEL NWA-1100 User’s Guide
198
Malaysia
Support E-mail: support@zyxel.com.my
Sales E-mail: sales@zyxel.com.my
Telephone: +603-8076-9933
Fax: +603-8076-9833
Web: http://www.zyxel.com.my
Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F, Bandar
Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia
North America
Support E-mail: support@zyxel.com
Support Telephone: +1-800-978-7222
Sales E-mail: sales@zyxel.com
Sales Telephone: +1-714-632-0882
Fax: +1-714-632-0858
Web: www.zyxel.com
Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806-
2001, U.S.A.
Norway
Support E-mail: support@zyxel.no
Sales E-mail: sales@zyxel.no
Telephone: +47-22-80-61-80
Fax: +47-22-80-61-81
Web: www.zyxel.no
Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, Norway
Poland
E-mail: info@pl.zyxel.com
Telephone: +48-22-333 8250
Fax: +48-22-333 8251
Web: www.pl.zyxel.com
Regular Mail: ZyXEL Communications, ul. Okrzei 1A, 03-715 Warszawa, Poland
Russia
Support: http://zyxel.ru/support
Sales E-mail: sales@zyxel.ru
Telephone: +7-095-542-89-29
Fax: +7-095-542-89-25
Web: www.zyxel.ru
Regular Mail: ZyXEL Russia, Ostrovityanova 37a Str., Moscow 117279, Russia
Appendix K Customer Support
ZyXEL NWA-1100 User’s Guide 199
Singapore
Support E-mail: support@zyxel.com.sg
Sales E-mail: sales@zyxel.com.sg
Telephone: +65-6899-6678
Fax: +65-6899-8887
Web: http://www.zyxel.com.sg
Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy
#03-28, Singapore 609930
Spain
Support E-mail: support@zyxel.es
Sales E-mail: sales@zyxel.es
Telephone: +34-902-195-420
Fax: +34-913-005-345
Web: www.zyxel.es
Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain
Sweden
Support E-mail: support@zyxel.se
Sales E-mail: sales@zyxel.se
Telephone: +46-31-744-7700
Fax: +46-31-744-7701
Web: www.zyxel.se
Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, Sweden
Taiwan
Support E-mail: support@zyxel.com.tw
Sales E-mail: sales@zyxel.com.tw
Telephone: +886-2-27399889
Fax: +886-2-27353220
Web: http://www.zyxel.com.tw
Address: Room B, 21F., No.333, Sec. 2, Dunhua S. Rd., Da-an District, Taipei
Thailand
Support E-mail: support@zyxel.co.th
Sales E-mail: sales@zyxel.co.th
Telephone: +662-831-5315
Fax: +662-831-5395
Web: http://www.zyxel.co.th
Regular Mail: ZyXEL Thailand Co., Ltd., 1/1 Moo 2, Ratchaphruk Road, Bangrak-Noi,
Muang, Nonthaburi 11000, Thailand.
Appendix K Customer Support
ZyXEL NWA-1100 User’s Guide
200
Turkey
Support E-mail: cso@zyxel.com.tr
Telephone: +90 212 222 55 22
Fax: +90-212-220-2526
Web: http:www.zyxel.com.tr
Address: Kaptanpasa Mahallesi Piyalepasa Bulvari Ortadogu Plaza N:14/13 K:6
Okmeydani/Sisli Istanbul/Turkey
Ukraine
Support E-mail: support@ua.zyxel.com
Sales E-mail: sales@ua.zyxel.com
Telephone: +380-44-247-69-78
Fax: +380-44-494-49-32
Web: www.ua.zyxel.com
Regular Mail: ZyXEL Ukraine, 13, Pimonenko Str., Kiev 04050, Ukraine
United Kingdom
Support E-mail: support@zyxel.co.uk
Sales E-mail: sales@zyxel.co.uk
Telephone: +44-1344-303044, 0845 122 0301 (UK only)
Fax: +44-1344-303034
Web: www.zyxel.co.uk
Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road,
Bracknell, Berkshire RG12 2XB, United Kingdom (UK)
Index
ZyXEL NWA-1100 User’s Guide 201
Index
Numbers
802.1x-Only 76
802.1x-Static128 76
802.1x-Static64 76
A
Access Point 25, 45
Accounting Server 91
Ad-hoc 153
Advanced Encryption Standard
See AES.
AES 162
Alerts 116
Alternative subnet mask notation 175
Antenna 73, 135
directional 166
gain 166
omni-directional 166
positioning 165
AP (Access Point) 155
AP + Bridge 29
Applications
Access Point 25
AP + Bridge 29
Bridge 27
Wireless Client 26
Auto Configuration 181
Auto Configuration Status 183
B
Basic Service Set 62
see BSS
beacon 62
Beacon Interval 64
BPDU 72
Bridge 27
Bridge loops 28
bridged APs, security 27
BSS 62, 153
C
CA 160
Certificate
authentication 111
file format 111
Certificate Authority
See CA.
Certificate Screen 111
certificate-based authentications 161
Certificates
Fingerprint 113
MD5 113
public key 111
SHA1 113
Certification Authority 113
Certifications 191
notices 192
viewing 192
Channel 62, 69, 155
interference 155
CLI 30
accessing the CLI 187
Client authentication 160
Command Line Interface 30
Configuration File
examples 184
format 183
Configuration File Rules 183
Contact information 195
Controlling network access, Ways of 25
Copyright 191
CTS (Clear to Send) 156
Customer support 195
D
Date and time start 58
DHCP 55
digital certificate 160
Dimensions 135
Disclaimer 191
Distribution System 62
DNS 53
Index
ZyXEL NWA-1100 User’s Guide
202
Domain Name Server (DNS) 53
DS 62
DTIM Interval 64
Dynamic WEP key exchange 161
E
EAP 77
EAP authentication 159
Enable Antenna Diversity 67, 70
Enable Spanning Tree Control (STP) 67
Enable Spanning Tree Protocol(STP) 70
Encryption 77, 79, 81, 84, 161, 162
ESS 62, 154
Ethernet device 93
Ethernet Port 135
Extended Service Set 62
see ESS
Extensible Authentication Protocol 77
F
Factory Defaults 126
restoring 36
FCC interference statement 191
File Version 182
Firmware 121
Firmware, uploading via web configurator 123
Fragmentation 65, 67, 69
Fragmentation threshold 73, 157
FTP 103
restrictions 103
G
Generic Token Card 77
GTC 77
H
handshake 156
Hardware Connections 32
help (in the CLI) 189
Hidden node 155
Hide SSID 64
Humidity 135
I
IANA 99, 180
IBSS 153
IEEE 802.11g 157
IEEE 802.1x 63
Import Certificate 112
Independent Basic Service Set
see IBSS
Infrastructure WLAN 154
Initialization vector (IV) 162
interference due to overlap 155
Internet Assigned Numbers Authority 99
See IANA
Intra-BSS Traffic 64
IP Address 54, 97, 135
Arbitrary IP address 54
Gateway IP address 97
IANA 54
ISP 54
Private IP Address Ranges 54
Subnet Mask 54
IP Screen 97
DHCP 98
IPSec VPN capability 135
ISP 99
J
jitter 71
K
key 77, 79
L
latency 71
LEAP 77
LEDs 32, 129
Index
ZyXEL NWA-1100 User’s Guide 203
Blinking 33
ETHERNET 33
Flashing 32
Off 32
On 32
SYS 32
WLAN 32
legacy authentication methods 160
Lightweight Extensible Authentication Protocol 77
Log Commands 119
Log Messages 119
Log Screens 115
Login 187
Logs
accessing logs 115
Command List 120
displaying logs 120
receiving logs via e-mail 116
Logs Screen
Mail Server 117
Mail Subject 117
Send Log to 117
Syslog 118
Logs, Uses of 115
loss of messages 156
M
MAC Address Clone 67
MAC Filter
Allow Association 93
Deny Association 93
MAC Filter Screen 93
MAC filtering 136
Maintenance 121
Association List 121
Backup 125
Channel Usage 122
Configuration 124
F/W Upload 123
Restart 127
Restore 125
Management Information Base (MIB) 108
Media Access Control 93
Message Integrity Check (MIC) 162
message relay 90
Microsoft Challenge Handshake Authentication
Protocol Version 2 77
MSCHAPv2 77
MSDU 65
N
NAT 180
Network Time Protocol (NTP) 53
NTP 53
O
Operating Mode 62
Output Power Management 65, 67, 69
P
Pairwise Master Key (PMK) 162, 164
Passphrase 77
Password 130, 135
PEAP 77
Personal Information Exchange Syntax
Standard 111
PFX PKCS#12 111
PoE 137
Power specifications 135, 137
Preamble 73
Preamble mode 157
Preamble Type 65, 67, 69
Pre-Shared Key 77
Private-Public Certificates 113
Product registration 193
Protected Extensible Authentication Protocol 77
PSK 77, 162
Q
QoS 71
Quality of Service 71
R
Radio Enable 65, 67, 69
Radio Frequency 73
RADIUS 89, 159
Accounting 90
Index
ZyXEL NWA-1100 User’s Guide
204
Authentication 89
Authorization 89
message types 159
messages 159
shared secret key 159
RADIUS Screen 89
Accounting Server 91
Accounting Server IP Address 91
Accounting Server Port 91
Backup 90
Primary 90
Server IP Address 90
Server Port 91
Share Secret 91
RADIUS server 76
Rates Configuration 65, 67, 69
registration
product 193
Related documentation 3
Remote Authentication Dial In User Service 89
remote management 31
remote management limitations 102
Reset button 135
Rijndael 162
RJ-45 Port Pin Assignments 137
Roaming 73
root path cost 72
RTS (Request To Send) 156
threshold 155, 156
RTS/CTS Threshold 65, 67, 69, 73
S
Safety warnings 6
Saving configuration 190
Security Mode, Choosing the 87
Security Modes
802.1x-Static64 76
IEEE 802.1x-Only 76
IEEE 802.1x-Static128 76
IEEE 802.1x-Static64 76
None 76
WEP 76
WPA 76
WPA2 76
WPA2-MIX 76
WPA2-PSK 76
Service Set IDentifier 62
Share Secret 91
Shortcuts 189
Simple Mail Transfer Protocol 116
Single user account 54
SMTP 116, 117
SNMP 136
MIBs 108
traps 108
Spanning Tree Protocol 71
Bridge Protocol Data Units 72
How STP Works 72
Port States 72
Rapid STP 71
Terminology 71
topology 71
Specifications 137
SSID 62
SSL Passthrough 136
Status screen 35
Status Screens 39
802.11 Mode 41
Channel ID 41
Ethernet 39
FCS Error Count 41
Firmware Version 40
Interface Status 40
Poll Interval 41
Refresh Interval 39
Retry Count 41
Statistics 41
System Resources 40
system statistics 39
WLAN 39
STP 71
STP (Spanning Tree Protocol) 135
STP-only aware bridges 71
Subnet 173
Subnet Mask 55, 97, 135, 174
subnetting 176
synchronization field 157
Syntax conventions 4
Syslog Logging 116
System Screens 53
General 55
Inactivity Timer 55
System DNS Servers 55
Password 56
Time 56
Daylight Savings 57
NTP client 57
Time and Date Setup 57
Time Server, user-defined 57
Time Zone 57
system timeout 103
Index
ZyXEL NWA-1100 User’s Guide 205
T
telnet 104
Telnet (accessing the CLI) 187
Temperature 135
Temporal Key Integrity Protocol 77
Temporal Key Integrity Protocol (TKIP) 162
Text file based auto configuration 136, 181
TFTP restrictions 103
Thumbprint Algorithm 114
Time Servers List 58
timeout 31
TKIP 77
TLS 77
Tracing 136
Trademarks 191
Transport Layer Security 77
Troubleshooting 129
connection is slow or intermittent 132
DHCP 130
factory defaults 131
firmware 131
Internet 131
LAN/ETHERNET port 130
QoS 132
WAN port 130
Web Configurator 130
TTLS 77
Tunneled Transport Layer Security 77
Tutorial 43
U
User Authentication 76
W
WAN IP 99
Warranty 193
note 193
WCFG command 184
WDS Settings 69
Web Configurator 35
Logout 37
password 35
WEP 76
WEP key encrypting 87
Wi-Fi MultiMedia 71
Wi-Fi Protected Access 76, 161
Wired Equivalent Privacy 76
Wireless Association List 136
Wireless Client 26, 46
Wireless client WPA supplicants 163
Wireless LAN, Configuration Overview 43
Wireless Mode 63
Wireless Mode, Choosing the
Access Point 43
AP + Bridge 43
Bridge 43
Wireless Client 43
Wireless Security 31, 158
how to improve 31
Levels 76
Wireless Security Screen 75
802.1x Only 79
Access Point 79
Wireless Client 80
802.1x Static 64-bit, 802.1x Static 128-bit 81
WEP 78
WPA 83
Access Point 83
Wireless Client 84
WPA2 or WPA2-MIX 85
Access Point 85
Wireless Client 86
WPA-PSK, WPA2-PSK, WPA2-PSK-MIX 87
Wireless Settings Screen 61
Access Point Mode 63
Antenna 73
AP + Bridge Mode 70
Bridge Mode 68
BSS 62
Channel 62
ESS 62
Fragmentation Threshold 73
Intra-BSS Traffic 73
Operating Mode 62
Preamble 73
Quality of Service 71
Roaming 73
RTS/CTS Threshold 73
SSID 62
Wi-Fi MultiMedia 71
Wireless Client Mode 65
Wireless Mode 63
WMM QoS 71
WLAN
interference 155
security parameters 165
WMM 64
WMM QoS 64, 71
WPA 76, 161
key caching 163
Index
ZyXEL NWA-1100 User’s Guide
206
pre-authentication 163
user authentication 163
vs WPA-PSK 162
wireless client supplicant 163
with RADIUS application example 163
WPA capability to Windows XP 163
WPA2 76, 161
user authentication 163
vs WPA2-PSK 162
wireless client supplicant 163
with RADIUS application example 163
WPA2-MIX 76
WPA2-Pre-Shared Key 162
WPA2-PSK 162
application example 164
WPA2-PSK-MIX 77
WPA-PSK 162
application example 164
Z
ZyXEL Device
Ethernet parameters 97
good habits 31
Introduction 25
managing 30
resetting 36, 126
Security Features 30
What to Log 119

Navigation menu