ZyXEL Communications NWA1121NI 802.11 b/g/n PoE Access Point, 802.11 b/g/n Managed Access Point User Manual Book

Download:
Mirror Download [FCC.gov]
Document ID	2034991
Application ID	tpn1tzGrpv+fmSQAV3u/VA==
Document Description	User Manual.pdf
Short Term Confidential	No
Permanent Confidential	No
Supercede	No
Document Type	User Manual
Display Format	Adobe Acrobat PDF - pdf
Filesize	422.76kB (5284538 bits)
Date Submitted	2013-08-06 00:00:00
Date Available	2013-08-06 00:00:00
Creation Date	2017-10-26 09:26:59
Producing Software	GPL Ghostscript 9.18
Document Lastmod	2017-10-26 09:26:59
Document Title	Book.book
Document Creator	FrameMaker 9.0
Document Author:	ZT01651

Contents Overview
Contents Overview
User’s Guide .........................................................................................................................................9
Introducing the NWA1121-NI ................................................................................................................... 11
Introducing the Web Configurator ...........................................................................................................19
Dashboard ...............................................................................................................................................25
Tutorial ....................................................................................................................................................29
Technical Reference ..........................................................................................................................47
Monitor ....................................................................................................................................................49
Wireless LAN ..........................................................................................................................................55
LAN .........................................................................................................................................................94
VLAN .......................................................................................................................................................98
System ..................................................................................................................................................101
Log Settings .......................................................................................................................................... 115
Maintenance .......................................................................................................................................... 119
Troubleshooting ....................................................................................................................................129
NWA1121-NI User’s Guide
Contents Overview
NWA1121-NI User’s Guide
Table of Contents
Table of Contents
Contents Overview ..............................................................................................................................3
Table of Contents .................................................................................................................................5
Part I: User’s Guide ........................................................................................... 9
Chapter 1
Introducing the NWA1121-NI.............................................................................................................. 11
1.1 Introducing the NWA1121-NI ............................................................................................................. 11
1.2 Wireless Modes ................................................................................................................................. 11
1.2.1 MBSSID ...................................................................................................................................12
1.2.2 Wireless Client .........................................................................................................................13
1.2.3 Root AP ...................................................................................................................................14
1.2.4 Repeater ..................................................................................................................................14
1.3 Ways to Manage the NWA1121-NI ...................................................................................................15
1.4 Configuring Your NWA1121-NI’s Security Features ..........................................................................16
1.4.1 Control Access to Your Device ................................................................................................16
1.4.2 Wireless Security .....................................................................................................................16
1.5 Good Habits for Managing the NWA1121-NI ....................................................................................16
1.6 Hardware Connections ......................................................................................................................17
1.7 LED ...................................................................................................................................................17
Chapter 2
Introducing the Web Configurator ....................................................................................................19
2.1 Accessing the Web Configurator .......................................................................................................19
2.2 Resetting the NWA1121-NI ...............................................................................................................20
2.2.1 Methods of Restoring Factory-Defaults ...................................................................................21
2.3 Navigating the Web Configurator ......................................................................................................22
2.3.1 Title Bar ...................................................................................................................................22
2.3.2 Navigation Panel .....................................................................................................................23
2.3.3 Main Window ...........................................................................................................................24
Chapter 3
Dashboard ...........................................................................................................................................25
3.1 The Dashboard Screen .....................................................................................................................25
Chapter 4
Tutorial .................................................................................................................................................29
NWA1121-NI User’s Guide
Table of Contents
4.1 How to Configure the Wireless LAN ..................................................................................................29
4.1.1 Choosing the Wireless Mode ...................................................................................................29
4.1.2 Further Reading .......................................................................................................................29
4.2 How to Configure Multiple Wireless Networks ..................................................................................29
4.2.1 Configure the SSID Profiles .....................................................................................................31
4.2.2 Configure the Standard Network .............................................................................................33
4.2.3 Configure the VoIP Network ....................................................................................................34
4.2.4 Configure the Guest Network ..................................................................................................36
4.2.5 Testing the Wireless Networks ................................................................................................38
4.3 NWA1121-NI Setup in AP and Wireless Client Modes ......................................................................38
4.3.1 Scenario ..................................................................................................................................38
4.3.2 Configuring the NWA1121-NI in MBSSID or Root AP Mode ...................................................39
4.3.3 Configuring the NWA1121-NI in Wireless Client Mode ............................................................42
4.3.4 MAC Filter Setup .....................................................................................................................44
4.3.5 Testing the Connection and Troubleshooting ..........................................................................45
Part II: Technical Reference............................................................................ 47
Chapter 5
Monitor.................................................................................................................................................49
5.1 Overview ...........................................................................................................................................49
5.2 What You Can Do .............................................................................................................................49
5.3 View Logs .........................................................................................................................................49
5.4 Statistics ............................................................................................................................................50
5.5 Association List .................................................................................................................................51
5.6 Channel Usage .................................................................................................................................52
Chapter 6
Wireless LAN.......................................................................................................................................55
6.1 Overview ...........................................................................................................................................55
6.2 What You Can Do in this Chapter .....................................................................................................55
6.3 What You Need To Know ..................................................................................................................56
6.4 Wireless Settings Screen ..................................................................................................................60
6.4.1 Root AP Mode .........................................................................................................................61
6.4.2 Repeater Mode ........................................................................................................................64
6.4.3 Wireless Client Mode ...............................................................................................................67
6.4.4 MBSSID Mode .........................................................................................................................69
6.5 SSID Screen .....................................................................................................................................72
6.5.1 Configuring SSID .....................................................................................................................73
6.6 Wireless Security Screen ..................................................................................................................74
6.6.1 Security: WEP .........................................................................................................................76
NWA1121-NI User’s Guide
Table of Contents
6.6.2 Security: 802.1x Only ..............................................................................................................77
6.6.3 Security: 802.1x Static WEP ....................................................................................................79
6.6.4 Security: WPA, WPA2, WPA2-MIX ..........................................................................................83
6.6.5 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX .................................................................86
6.7 RADIUS Screen ................................................................................................................................87
6.8 MAC Filter Screen .............................................................................................................................89
6.9 Technical Reference ..........................................................................................................................91
6.9.1 Additional Wireless Terms .......................................................................................................91
6.9.2 WMM QoS ...............................................................................................................................92
6.9.3 Security Mode Guideline .........................................................................................................93
Chapter 7
LAN ......................................................................................................................................................94
7.1 Overview ...........................................................................................................................................94
7.2 What You Can Do in this Chapter .....................................................................................................94
7.3 What You Need to Know ...................................................................................................................94
7.4 LAN IP Screen ..................................................................................................................................96
Chapter 8
VLAN ....................................................................................................................................................98
8.1 Overview ...........................................................................................................................................98
8.1.1 What You Can Do in This Chapter ...........................................................................................98
8.2 What You Need to Know ...................................................................................................................98
8.3 VLAN Screen ....................................................................................................................................99
Chapter 9
System ...............................................................................................................................................101
9.1 Overview .........................................................................................................................................101
9.2 What You Can Do in this Chapter ...................................................................................................101
9.3 What You Need To Know ................................................................................................................102
9.4 WWW Screen ..................................................................................................................................104
9.5 Certificates Screen ..........................................................................................................................105
9.6 Telnet Screen ..................................................................................................................................106
9.7 SNMP Screen .................................................................................................................................107
9.8 FTP Screen ..................................................................................................................................... 110
9.9 Technical Reference ........................................................................................................................ 111
9.9.1 MIB ........................................................................................................................................ 111
9.9.2 Supported MIBs ..................................................................................................................... 111
9.9.3 SNMP Traps .......................................................................................................................... 112
9.9.4 Private-Public Certificates ..................................................................................................... 113
9.9.5 Certification Authorities .......................................................................................................... 113
9.9.6 Checking the Fingerprint of a Certificate on Your Computer ................................................. 113
NWA1121-NI User’s Guide
Table of Contents
Chapter 10
Log Settings ...................................................................................................................................... 115
10.1 Overview ....................................................................................................................................... 115
10.2 What You Can Do in this Chapter ................................................................................................. 115
10.3 What You Need To Know .............................................................................................................. 116
10.4 Log Settings Screen ...................................................................................................................... 116
Chapter 11
Maintenance ...................................................................................................................................... 119
11.1 Overview ....................................................................................................................................... 119
11.2 What You Can Do in this Chapter .................................................................................................. 119
11.3 What You Need To Know ...............................................................................................................120
11.4 General Screen .............................................................................................................................120
11.5 Password Screen ..........................................................................................................................121
11.6 Time Screen ..................................................................................................................................122
11.7 Firmware Upgrade Screen ............................................................................................................123
11.8 Configuration File Screen ..............................................................................................................124
11.8.1 Backup Configuration ...........................................................................................................124
11.8.2 Restore Configuration ..........................................................................................................125
11.8.3 Back to Factory Defaults ......................................................................................................126
11.9 Restart Screen ..............................................................................................................................126
Chapter 12
Troubleshooting................................................................................................................................129
12.1 Power, Hardware Connections, and LEDs ....................................................................................129
12.2 NWA1121-NI Access and Login ....................................................................................................130
12.3 Internet Access .............................................................................................................................131
Appendix A Setting Up Your Computer’s IP Address ......................................................................133
Appendix B Pop-up Windows, JavaScript and Java Permissions ...................................................161
Appendix C IP Addresses and Subnetting.......................................................................................173
Appendix D Wireless LANs..............................................................................................................181
Appendix E Legal Information..........................................................................................................195
Index ..................................................................................................................................................203
NWA1121-NI User’s Guide
P ART I
User’s Guide
10
C HAPT ER
Introducing the NWA1121-NI
This chapt er int roduces t he m ain applicat ions and feat ures of t he NWA1121- NI . I t also discusses
t he ways you can m anage your NWA1121- NI .
1.1 Introducing the NWA1121-NI
Your NWA1121- NI is an I Pv6 wireless AP ( Access Point ) t hat can funct ion in several wireless m odes.
I t ext ends t he range of your exist ing wired net work wit hout addit ional wiring, providing easy
net work access t o m obile users.
The NWA1121- NI cont rols net work access wit h MAC address filt ering and RADI US server
aut hent icat ion. I t also provides a high level of net work t raffic securit y, support ing I EEE 802.1x, WiFi Prot ect ed Access ( WPA) , WPA2 and WEP dat a encrypt ion. I t s Qualit y of Service ( QoS) feat ures
allow you t o priorit ize t im e- sensit ive or highly im port ant applicat ions such as VoI P.
Your NWA1121- NI is easy t o inst all, configure and use. The em bedded Web- based configurat or
enables sim ple, st raight forward m anagem ent and m aint enance.
See t he Quick St art Guide for inst ruct ions on how t o m ake hardware connect ions.
1.2 Wireless Modes
The NWA1121- NI can be configured t o use t he following WLAN operat ing m odes:
OPERATING MODE
NUMBER OF
SUPPORTED SSID
UNIVERSAL
REPEATER FUNCTION
AP FUNCTION
MBSSI D
No
Yes
Client
No
No
Root AP
Yes
Yes
Repeat er
Yes
Yes
MBSSI D
Client
Root AP
Repeat er
Applicat ions for each operat ing m ode are shown below.
NWA1121-NI User’s Guide
11
Chapter 1 Introducing the NWA1121-NI
1.2.1 MBSSID
A Basic Service Set ( BSS) is t he set of devices form ing a single wireless net work ( usually an access
point and one or m ore wireless client s) . The Service Set I Dent ifier ( SSI D) is t he nam e of a BSS. I n
Mult iple BSS ( MBSSI D) m ode, t he NWA1121- NI provides m ult iple virt ual APs, each form ing it s own
BSS and using it s own individual SSI D profile.
You can configure up t o eight m ult iple SSI D profiles, and have all of t hem act ive at any one t im e.
You can assign different wireless and securit y set t ings t o each SSI D profile. This allows you t o
com part m ent alize groups of users, set varying access privileges, and priorit ize net work t raffic t o
and from cert ain BSSs.
To t he wireless client s in t he net work, each SSI D appears t o be a different access point . As in any
wireless net work, client s can associat e only wit h t he SSI Ds for which t hey have t he correct securit y
set t ings.
For exam ple, you m ight want t o set up a wireless net work in your office where I nt ernet t elephony
( VoI P) users have priorit y. You also want a regular wireless net work for st andard users, as well as a
‘guest ’ wireless net work for visit ors. I n t he following figure, VoI P_ SSI D users have QoS priorit y,
SSI D 0 1 is t he wireless net work for st andard users, and Gu e st _ SSI D is t he wireless net work for
guest users. I n t his exam ple, t he guest user is forbidden access t o t he wired Land Area Net work
( LAN) behind t he AP and can access only t he I nt ernet .
Figure 1 Mult iple BSSs
12
NWA1121-NI User’s Guide
Chapter 1 Introducing the NWA1121-NI
1.2.2 Wireless Client
The NWA1121- NI can be used as a wireless client t o com m unicat e wit h an exist ing net work. I n t he
figure below, t he print er can receive request s from t he wired com put er client s A and B via t he
NWA1121- NI in Client m ode ( Z) .
Figure 2 Wireless Client Applicat ion
NWA1121-NI User’s Guide
13
Chapter 1 Introducing the NWA1121-NI
1.2.3 Root AP
I n Root AP m ode, t he NWA1121- NI ( Z) can act as t he root AP in a wireless net work and also allow
repeat ers ( X and Y) t o ext end t he range of it s wireless net work at t he sam e t im e. I n t he figure
below, bot h client s A, B and C can access t he wired net work t hrough t he root AP.
Figure 3 Root AP Applicat ion
On t he NWA1121- NI in Root AP m ode, you can have up t o four m ult iple SSI Ds act ive for reqular
wireless connect ions and one SSI D for t he connect ion wit h a repeat er ( universal repeat er SSI D) .
Wireless client s can use eit her SSI D t o associat e wit h t he NWA1121- NI in Root AP m ode. A repeat er
m ust use t he universal repeat er SSI D t o connect t o t he NWA1121- NI in Root AP m ode.
When t he NWA1121- NI is in Root AP m ode, universal repeat er securit y bet ween t he NWA1121- NI
and ot her repeat er is independent of t he securit y bet ween t he wireless client s and t he AP or
repeat er. I f you do not enable universal repeat er securit y, t raffic bet ween APs is not encrypt ed.
When universal repeat er securit y is enabled, bot h APs and repeat ers m ust use t he sam e pre- shared
key. See Sect ion 6.6 on page 74 for m ore det ails.
Unless specified, t he t erm “ securit y set t ings” refers t o t he t raffic bet ween t he wireless client s and
t he AP. At t he t im e of writ ing, universal repeat er securit y is com pat ible wit h t he NWA1121- NI only.
1.2.4 Repeater
The NWA can act as a wireless net work repeat er t o ext end a root AP’s wireless net work range, and
also est ablish wireless connect ions wit h wireless client s.
Using Repeat er m ode, your NWA1121- NI can ext end t he range of t he WLAN. I n t he figure below,
t he NWA1121- NI in Repeat er m ode ( Z) has a wireless connect ion t o t he NWA1121- NI in Root AP
m ode ( X) which is connect ed t o a wired net work and also has a wireless connect ion t o anot her
NWA1121- NI in Repeat er m ode ( Y) at t he sam e t im e. Z and Y act as repeat ers t hat forward t raffic
14
NWA1121-NI User’s Guide
Chapter 1 Introducing the NWA1121-NI
bet ween associat ed wireless client s and t he wired LAN. Client s A, B and C access t he AP and t he
wired net work behind t he AP t hrought repeat ers Z and Y.
Figure 4 Repeat er Applicat ion
When t he NWA1121- NI is in Repeat er m ode, universal repeat er securit y bet ween t he NWA1121- NI
and ot her repeat er is independent of t he securit y bet ween t he wireless client s and t he AP or
repeat er. I f you do not enable universal repeat er securit y, t raffic bet ween APs is not encrypt ed.
When universal repeat er securit y is enabled, bot h APs and repeat ers m ust use t he sam e pre- shared
key. See Sect ion 6.6 on page 74 for m ore det ails.
Once t he securit y set t ings of peer sides m at ch one anot her, t he connect ion bet ween devices is
m ade.
At t he t im e of writ ing, universal repeat er securit y is com pat ible wit h t he NWA1121- NI only.
1.3 Ways to Manage the NWA1121-NI
Use any of t he following m et hods t o m anage t he NWA1121- NI .
• Web Configurat or. This is recom m ended for everyday m anagem ent of t he NWA1121- NI using a
( support ed) web browser.
• Com m and Line I nt erface. Line com m ands are m ost ly used for t roubleshoot ing by service
engineers.
• FTP ( File Transfer Prot ocol) for firm ware upgrades.
• SNMP ( Sim ple Net work Managem ent Prot ocol) . The device can be m onit ored by an SNMP
m anager.
NWA1121-NI User’s Guide
15
Chapter 1 Introducing the NWA1121-NI
1.4 Configuring Your NWA1121-NI’s Security Features
Your NWA1121- NI com es wit h a variet y of securit y feat ures. This sect ion sum m arizes t hese
feat ures and provides links t o sect ions in t he User ’s Guide t o configure securit y set t ings on your
NWA1121- NI . Follow t he suggest ions below t o im prove securit y on your NWA1121- NI and net work.
1.4.1 Control Access to Your Device
Ensure only people wit h perm ission can access your NWA1121- NI .
• Cont rol physical access by locat ing devices in secure areas, such as locked room s. Most
NWA1121- NI s have a reset but t on. I f an unaut horized person has access t o t he reset but t on,
t hey can t hen reset t he device’s password t o it s default password, log in and reconfigure it s
set t ings.
• Change any default passwords on t he NWA1121- NI , such as t he password used for accessing t he
NWA1121- NI ’s web configurat or ( if it has a web configurat or) . Use a password wit h a
com binat ion of let t ers and num bers and change your password regularly. Writ e down t he
password and put it in a safe place.
• Avoid set t ing a long t im eout period before t he NWA1121- NI ’s web configurat or aut om at ically
t im es out . A short t im eout reduces t he risk of unaut horized person accessing t he web
configurat or while it is left idle.
• See Sect ion 11.5 on page 121 for inst ruct ions on changing your password and set t ing t he
t im eout period.
• Configure rem ot e m anagem ent t o cont rol who can m anage your NWA1121- NI . See Chapt er 9 on
page 101 for m ore inform at ion. I f you enable rem ot e m anagem ent , ensure you have enabled
rem ot e m anagem ent only on t he I P addresses, services or int erfaces you int ended and t hat ot her
rem ot e m anagem ent set t ings are disabled.
1.4.2 Wireless Security
Wireless devices are especially vulnerable t o at t ack. I f your NWA1121- NI has a wireless funct ion,
t ake t he following m easures t o im prove wireless securit y.
• Enable wireless securit y on your NWA1121- NI . Choose t he m ost secure encrypt ion m et hod t hat
all devices on your net work support . See Sect ion 6.6 on page 74 for direct ions on configuring
encrypt ion. I f you have a RADI US server, enable I EEE 802.1x or WPA( 2) user ident ificat ion on
your net work so users m ust log in. This m et hod is m ore com m on in business environm ent s.
• Hide your wireless net work nam e ( SSI D) . The SSI D can be regularly broadcast and unaut horized
users m ay use t his inform at ion t o access your net work. See Sect ion 6.5 on page 72 for direct ions
on using t he web configurat or t o hide t he SSI D.
• Enable t he MAC filt er t o allow only t rust ed users t o access your wireless net work or deny
unwant ed users access based on t heir MAC address. See Sect ion 6.8 on page 89 for direct ions on
configuring t he MAC filt er.
1.5 Good Habits for Managing the NWA1121-NI
Do t he following t hings regularly t o m ake t he NWA1121- NI m ore secure and t o m anage it m ore
effect ively.
16
NWA1121-NI User’s Guide
Chapter 1 Introducing the NWA1121-NI
1.6 Hardware Connections
See your Quick St art Guide for inform at ion on m aking hardware connect ions.
1.7 LED
Figure 5 LED
Table 1 LED
COLOR
STATUS
DESCRIPTION
Am ber
On
There is syst em error and t he NWA1121- NI cannot boot up, or t he
NWA1121- NI doesn’t have an Et hernet connect ion wit h t he LAN.
Flashing
The NWA1121- NI is st art ing up.
Off
The NWA1121- NI is receiving power and ready for use.
Blinking
The WLAN is act ive, and t ransm it t ing or receiving dat a.
Off
The WLAN is not act ive.
Green
NWA1121-NI User’s Guide
17
Chapter 1 Introducing the NWA1121-NI
18
NWA1121-NI User’s Guide
C HAPT ER
Introducing the Web Configurator
This chapt er describes how t o access t he NWA1121- NI ’s web configurat or and provides an overview
of it s screens.
2.1 Accessing the Web Configurator
Make sure your hardware is properly connect ed and prepare your com put er or com put er net work t o
connect t o t he NWA1121- NI ( refer t o t he Quick St art Guide) .
Launch your web browser.
Type " 192.168.1.2" as t he URL ( default ) . The login screen appears.
Figure 6 The Login Screen
Type “ adm in” as t he ( default ) usernam e and “ 1234” as t he ( default ) password. Click Login.
You should see a screen asking you t o change your password ( highly recom m ended) as shown
next . Type a new password ( and ret ype it t o confirm ) t hen click Apply. Alt ernat ively, click I gnor e .
NWA1121-NI User’s Guide
19
Chapter 2 Introducing the Web Configurator
Not e: I f you do not change t he password, t he following screen appears every t im e you
login.
Figure 7 Change Password Screen
You should now see t he
20
NWA1121-NI User’s Guide
Chapter 2 Introducing the Web Configurator
fact ory- default configurat ion file. This m eans t hat you will lose all t he set t ings you previously
configured. The password will be reset t o “ 1234”.
Figure 8 The RESET But t on
2.2.1 Methods of Restoring Factory-Defaults
You can erase t he current configurat ion and rest ore fact ory default s in t wo ways:
Use t he RESET but t on t o upload t he default configurat ion file. Hold t his but t on in for about 3
seconds ( t he light will begin t o blink) . Use t his m et hod for cases when t he password or I P address
of t he NWA1121- NI is not known.
Use t he web configurat or t o rest ore default s ( refer t o Sect ion 11.8 on page 124) .
NWA1121-NI User’s Guide
21
Chapter 2 Introducing the Web Configurator
2.3 Navigating the Web Configurator
The following sum m arizes how t o navigat e t he web configurat or from t he D a shboa r d screen.
Figure 9 St at us Screen of t he Web Configurat or
As illust rat ed above, t he Web Configurat or screen is divided int o t hese part s:
• A - t it le bar
• B - navigat ion panel
• C - m ain window
2.3.1 Title Bar
Click Logou t at any t im e t o exit t he Web Configurat or.
Click ZAbout t o open t he about window, which provides inform at ion of t he boot m odule and driver
versions.
22
NWA1121-NI User’s Guide
Chapter 2 Introducing the Web Configurator
2.3.2 Navigation Panel
Use t he m enu it em s on t he navigat ion panel t o open screens t o configure NWA1121- NI feat ures.
The following t ables describe each m enu it em .
Table 2 Navigat ion Panel Sum m ary
LINK
TAB
Dashboard
FUNCTION
This screen shows t he NWA1121- NI ’s general device and net work
st at us inform at ion. Use t his screen t o access t he st at ist ics and client
list .
Monit or
Logs
View Log
Use t his screen t o view t he logs for t he cat egories t hat you select ed.
St at ist ics
Use t his screen t o view port st at us, packet specific st at ist ics, t he
" syst em up t im e" and so on.
Associat ion List
Use t his screen t o view t he wireless st at ions t hat are current ly
associat ed t o t he NWA1121- NI .
Channel Usage
Use t his screen t o know whet her a channel is used by anot her
wireless net work or not .
Configurat ion
Net work
Wireless LAN
Wireless
Set t ings
Use t his screen t o configure t he wireless LAN set t ings and NWA1121NI ’s operat ion m ode.
SSI D
Use t his screen t o configure up t o eight SSI D profiles for your
NWA1121- NI .
Securit y
Use t his screen t o configure wireless securit y profiles on t he
NWA1121- NI .
RADI US
Use t his screen t o configure up t o four RADI US profiles.
MAC Filt er
Use t his screen t o configure MAC filt ering profiles.
LAN
Use t his screen t o configure t he NWA1121- NI ’s LAN I P address.
VLAN
Use t his screen t o configure t he NWA1121- NI ’s VLAN set t ings.
Syst em
Log Set t ings
WWW
Use t his screen t o configure t hrough which int erface( s) and from
which I P address( es) users can use HTTP t o m anage t he NWA1121NI .
Cert ificat es
Use t his screen t o im port or rem ove a cert ificat e from t he NWA1121NI .
Telent
Use t his screen t o configure t hrough which int erface( s) and from
w hich I P address( es) users can use Telnet t o m anage t he NWA1121NI .
SNMP
Use t his screen t o configure t he NWA1121- NI for SNMP m anagem ent .
FTP
Use t his screen t o configure t hrough which int erface( s) and from
w hich I P address( es) users can use FTP t o access t he NWA1121- NI .
Use t his screen t o change your log set t ings.
Maint enance
General
Use t his screen t o configure your device’s nam e.
Password
Use t his screen t o configure your device’s password.
Tim e
Use t his screen t o change your NWA1121- NI ’s t im e and dat e.
Firm ware Upgrade
Use t his screen t o upload firm ware t o your device.
NWA1121-NI User’s Guide
23
Chapter 2 Introducing the Web Configurator
Table 2 Navigat ion Panel Sum m ary
LINK
TAB
FUNCTION
Configurat ion File
Use t his screen t o backup and rest ore your device’s configurat ion
( set t ings) or reset t he fact ory default set t ings.
Rest art
Use t his screen t o reboot t he NWA1121- NI wit hout t urning t he power
off.
2.3.3 Main Window
The m ain window displays inform at ion and configurat ion fields. I t is discussed in t he rest of t his
docum ent .
24
NWA1121-NI User’s Guide
C HAPT ER
Dashboard
The D a shboa r d screens display when you log int o t he NWA1121- NI , or click D a shboa r d in t he
navigat ion m enu.
Use t he D a shboa r d screen t o look at t he current st at us of t he device, syst em resources, and
int erfaces. The D a shboa r d screens also provide det ailed inform at ion about syst em st at ist ics,
associat ed wireless client s, and logs.
3.1 The Dashboard Screen
Use t his screen t o get a quick view of syst em , Et hernet , WLAN and ot her inform at ion regarding
your NWA1121- NI .
Click D a shboa r d. The following screen displays.
Figure 10 The Dashboard Screen
NWA1121-NI User’s Guide
25
Chapter 3 Dashboard
The following t able describes t he labels in t his screen.
Table 3 The Dashboard Screen
LABEL
DESCRIPTION
Refresh I nt erval
Select how oft en you want t he NWA1121- NI t o updat e t his screen.
Refresh Now
Click t his t o updat e t his screen im m ediat ely.
Syst em I nform at ion
Syst em Nam e
This field displays t he NWA1121- NI syst em nam e. I t is used for ident ificat ion. You
can change t his in t he M a in t e n a n ce > Ge n e r a l screen’s Syst e m N a m e field.
WLAN Operat ing
Mode
This field displays t he current operat ing m ode of t he first wireless m odule
( Root AP, Re pe a t e r, Clie nt , or M BSSI D ) . You can change t he operat ing m ode in
t he Con figu r a t ion > W ir e le ss LAN > W ir e le ss Se t t in gs screen.
Firm ware Version
This field displays t he current version of t he firm ware inside t he device. I t also
shows t he dat e t he firm ware version was creat ed. You can change t he firm ware
version by uploading new firm ware in M a in t e n a n ce > Fir m w a r e Upgr a de .
Serial Num ber
This field displays t he serial num ber of t he NWA1121- NI .
Et hernet I nform at ion
LAN MAC Address
This displays t he MAC ( Media Access Cont rol) address of t he NWA1121- NI on t he
LAN. Every net work device has a unique MAC address which ident ifies it across t he
net work.
I Pv4 Address
This field displays t he current I Pv4 address of t he NWA1121- NI on t he net work.
Subnet Mask
Subnet m asks det erm ine t he m axim um num ber of possible host s on a net work.
You can also use subnet m asks t o divide one net work int o m ult iple sub- net works.
Gat eway I P Address
This is t he I P address of t he gat eway. The gat eway is a rout er or swit ch on t he
sam e net work segm ent as t he device's LAN port . The gat eway helps forward
packet s t o t heir dest inat ions.
I Pv6 Address
This field displays t he current I Pv6 address( es) of t he NWA1121- NI on t he
net work.
Link Local
This is t he I Pv6 link- local address t hat t he NWA1121- NI generat es aut om at ically.
Global
This is t he NWA1121- NI ’s I Pv6 global address t hat you specify m anually in t he
Configur a t ion > LAN screen.
WLAN I nform at ion
SSI D
This field displays t he SSI D ( Service Set I dent ifier) . This is available only when t he
WLAN operat ion m ode is Clie n t .
Channel
The channel or frequency used by t he NWA1121- NI t o send and receive
inform at ion.
St at us
This shows t he current st at us of t he wireless LAN. This is available only when t he
WLAN operat ion m ode is Clie n t .
Securit y Mode
This displays t he securit y m ode t he NWA1121- NI is using. This is available only
when t he WLAN operat ion m ode is Clie n t .
Sum m ary
St at ist ics
Click t his link t o view port st at us and packet specific st at ist ics. See Sect ion 5.4 on
page 50.
Associat ion List
Click t his t o see a list of wireless client s current ly associat ed t o each of t he
NWA1121- NI ’s wireless m odules. See Sect ion 5.5 on page 51.
View Log
Click t his t o see a list of logs produced by t he NWA1121- NI . See Sect ion 5.3 on
page 49.
Syst em St at us
Syst em Up Tim e
26
This field displays t he elapsed t im e since t he NWA1121- NI was t urned on.
NWA1121-NI User’s Guide
Chapter 3 Dashboard
Table 3 The Dashboard Screen ( cont inued)
LABEL
Current Dat e/ Tim e
DESCRIPTION
This field displays t he dat e and t im e configured on t he NWA1121- NI . You can
change t his in t he M a in t e n a n ce > Tim e screen.
Syst em Resource
CPU Usage
This field displays what percent age of t he NWA1121- NI ’s processing abilit y is
current ly being used. The higher t he CPU usage, t he m ore likely t he NWA1121- NI
is t o slow down.
Mem ory Usage
This field displays what percent age of t he NWA1121- NI ’s volat ile m em ory is
current ly in use. The higher t he m em ory usage, t he m ore likely t he NWA1121- NI is
t o slow down. Som e m em ory is required j ust t o st art t he NWA1121- NI and t o run
t he web configurat or.
I nt erface St at us
I nt erface
St at us
This colum n displays each int erface of t he NWA1121- NI .
This field indicat es whet her or not t he NWA1121- NI is using t he int erface.
For each int erface, t his field displays Up when t he NWA1121- NI is using t he
int erface and D ow n when t he NWA1121- NI is not using t he int erface.
Channel
Rat e
This shows t he channel num ber which t he NWA1121- NI is current ly using over t he
wireless LAN.
For t he LAN port t his displays t he port speed and duplex set t ing.
For t he WLAN int erface, it displays t he downst ream and upst ream t ransm ission
rat e or N / A if t he int erface is not in use.
SSI D St at us
This sect ion is not available when t he WLAN operat ion m ode is Clie n t .
I nt erface
This colum n displays each of t he NWA1121- NI ’s wireless int erfaces.
SSI D
This field displays t he SSI D( s) current ly used by each wireless m odule.
BSSI D
This field displays t he MAC address of t he wireless m odule.
Securit y
This field displays t he t ype of wireless securit y used by each SSI D.
VLAN
This field displays t he VLAN I D of each SSI D in use, or D isa ble d if t he SSI D does
not use VLAN.
NWA1121-NI User’s Guide
27
Chapter 3 Dashboard
28
NWA1121-NI User’s Guide
C HAPT ER
Tutorial
This chapt er first provides an overview of how t o configure t he wireless LAN on your NWA1121- NI ,
and t hen gives st ep- by- st ep guidelines showing how t o configure your NWA1121- NI for som e
exam ple scenarios.
4.1 How to Configure the Wireless LAN
This sect ion illust rat es how t o choose which wireless operat ing m ode t o use on t he NWA1121- NI
and how t o set up t he wireless LAN in each wireless m ode. See Sect ion 4.1.2 on page 29 for links t o
m ore inform at ion on each st ep.
4.1.1 Choosing the Wireless Mode
• Use M BSSI D ( Mult iple Basic Service Set I dent ifier) operat ing m ode if you want t o use t he
NWA1121- NI as an access point wit h som e groups of users having different securit y or QoS
set t ings from ot her groups of users. See Sect ion 1.2.1 on page 12 for det ails.
• Use Clie n t operat ing m ode if you want t o use t he NWA1121- NI t o access a wireless net work. See
Sect ion 1.2.2 on page 13 for det ails.
• Use Root AP operat ing m ode if you want t o allow wireless client s t o access your wired net work
t hrough t he NWA1121- NI and also have repeat ers com m unicat e wit h t he NWA1121- NI t o expand
wireleass coverage. See Sect ion 1.2.3 on page 14 for det ails.
• Use Re pe a t e r operat ing m ode if you want t o use t he NWA1121- NI t o com m unicat e wit h t he root
AP or ot her repeat ers. See Sect ion 1.2.4 on page 14 for det ails.
4.1.2 Further Reading
Use t hese links t o find m ore inform at ion on t he st eps:
• Choosing 8 0 2 .1 1 M ode : see Sect ion 6.4 on page 60.
• Choosing a wireless Cha nne l I D : see Sect ion 6.4 on page 60.
• Choosing a Se cur it y m ode: see Sect ion 6.6 on page 74.
• Configuring an ext ernal RAD I US server: see Sect ion 6.7 on page 87.
• Configuring M AC Filt e r in g: see Sect ion 6.8 on page 89.
4.2 How to Configure Multiple Wireless Networks
I n t his exam ple, you have been using your NWA1121- NI as an access point for your office net work.
Now your net work is expanding and you want t o m ake use of t he MBSSI D feat ure ( see Sect ion
NWA1121-NI User’s Guide
29
Chapter 4 Tutorial
6.4.4 on page 69) t o provide m ult iple wireless net works. Each wireless net work will cat er t o a
different t ype of user.
You want t o m ake t hree wireless net works: one st andard office wireless net work wit h all t he sam e
set t ings you already have, anot her wireless net work wit h high priorit y QoS set t ings for Voice over
I P ( VoI P) users, and a guest net work t hat allows visit ors t o access only t he I nt ernet and t he
net work print er.
To do t his, you will t ake t he following st eps:
Edit t he SSI D profiles.
Change t he operat ing m ode from Root AP t o M BSSI D and react ivat e t he st andard net work.
Configure different securit y m odes for t he net works.
Configure a wireless net work for st andard office use.
Configure a wireless net work for VoI P users.
Configure a wireless net work for guest s t o your office.
The following figure shows t he m ult iple net works you want t o set up. Your NWA1121- NI is m arked
Z, t he m ain net work rout er is m arked A, and your net work print er is m arked B.
The st andard net work ( SSI D 0 1 ) has access t o all resources. The VoI P net work ( VoI P_ SSI D ) has
access t o all resources and a high QoS priorit y. The guest net work ( Gu e st _ SSI D ) has access t o t he
I nt ernet and t he net work print er only, and a low QoS priorit y.
30
NWA1121-NI User’s Guide
Chapter 4 Tutorial
To configure t hese set t ings, you need t o know t he Media Access Cont rol ( MAC) addresses of t he
devices you want t o allow users of t he guest net work t o access. The following t able shows t he
addresses used in t his exam ple.
Table 4 Tut orial: Exam ple I nform at ion
Net work rout er ( A) MAC address
00: AA: 00: AA: 00: AA
Net work print er ( B) MAC address
AA: 00: AA: 00: AA: 00
4.2.1 Configure the SSID Profiles
Log in t o t he NWA1121- NI ( see Sect ion 2.1 on page 19) . Click W ir e le ss LAN > SSI D. The SSI D
screen appears.
Click t he Edit icon next t o t he Pr ofile 1 .
Renam e t he Pr ofile N a m e and SSI D as SSI D 0 1 . Click Apply.
Repeat St ep 2 and 3 t o change Pr ofile 2 and Pr ofile 3 t o VoI P_ SSI D and Gu e st _ SSI D.
NWA1121-NI User’s Guide
31
Chapter 4 Tutorial
4.2.1.1 MBSSID
32
Go t o W ir e le ss LAN > W ir e le ss Se t t ings. Select M BSSI D from t he Ope r a t ion M ode drop- down
list box.
SSI D 0 1 is t he st andard net work, so select SSI D 0 1 as t he first profile. I t is always act ive.
Select VoI P_ SSI D as t he second profile, and Gu e st _ SSI D as t he t hird profile. Select t he
corresponding Act ive check- boxes.
Click Apply t o save your set t ings. Now t he t hree SSI Ds are act ivat ed.
NWA1121-NI User’s Guide
Chapter 4 Tutorial
4.2.2 Configure the Standard Network
Click W ir e le ss LAN > SSI D. Click t he Edit icon next t o SSI D 0 1 .
Select Se cPr ofile 1 as SSI D 0 1 ’s securit y profile. Select t he H idde n SSI D checkbox as you want
only aut horized com pany em ployees t o use t his net work, so t here is no need t o broadcast t he SSI D
t o wireless client s scanning t he area.
Also, t he client s on SSI D 0 1 m ight need t o access ot her client s on t he sam e wireless net work. Do
not select t he I nt r a - BSS Tr a ffic block ing check- box.
Click Apply.
NWA1121-NI User’s Guide
33
Chapter 4 Tutorial
Next , click W ir e le ss LAN > Se cu r it y. Click t he Edit icon next t o Se cPr ofile 1 .
Since SSI D 0 1 is t he st andard net work t hat has access t o all resources, assign a m ore secure
securit y m ode. Select W PA2 - PSK- M I X as t he Se cur it y M ode , and ent er t he Pr e - Sha r e d Ke y. I n
t his exam ple, use ThisisSSI D 0 1 Pr e Sha r e dKe y. Click Apply.
You have finished configuring t he st andard net work, SSI D 0 1 .
4.2.3 Configure the VoIP Network
34
Go t o W ir e le ss LAN > SSI D. Click t he Edit icon next t o VoI P_ SSI D.
Select Se cPr ofile 2 as t he Se cur it y Pr ofile for t he VoI P net work. Select t he H idde n SSI D checkbox.
NWA1121-NI User’s Guide
Chapter 4 Tutorial
Select W M M _ VOI CE in t he QoS field t o give VoI P t he highest priorit y in t he wireless net work. Click
Apply.
Next , click W ir e le ss LAN > Se cu r it y. Click t he Edit icon next t o Se cPr ofile 2 .
NWA1121-NI User’s Guide
35
Chapter 4 Tutorial
Select W PA2 - PSK as t he Se cur it y M ode , and ent er t he Pr e - Sha r e d Ke y. I n t his exam ple, use
Th isisVoI PPr e Sh a r e dKe y. Click Apply.
Your VoI P wireless net work is now ready t o use. Any t raffic using t he VoI P_ SSI D profile will be
given t he highest priorit y across t he wireless net work.
4.2.4 Configure the Guest Network
When you are set t ing up t he wireless net work for guest s t o your office, your prim ary concern is t o
keep your net work secure while allowing access t o cert ain resources ( such as a net work print er, or
t he I nt ernet ) . For t his reason, t he pre- configured Gu e st _ SSI D profile has int ra- BSS t raffic blocking
enabled by default . “ I nt ra- BSS t raffic blocking” m eans t hat t he client cannot access ot her client s on
t he sam e wireless net work.
36
Click W ir e le ss LAN > SSI D. Click t he Edit icon next t o Gu e st _ SSI D.
Select Se cPr ofile 3 in t he Se cur it y field. Do not select t he H idde n SSI D check- box so t he guest s
can easily find t he wireless net work.
Select W M M _ BESTEFFORT in t he QoS field t o give t he guest a lower QoS priorit y.
NWA1121-NI User’s Guide
Chapter 4 Tutorial
Select t he check- box of I nt r a - BSS Tr a ffic block ing Ena ble d. Click Apply.
Next , click W ir e le ss LAN > Se cu r it y. Click t he Edit icon next t o Se cPr ofile 3 .
Select W PA- PSK in t he Se cu r it y M ode field. WPA- PSK provides st rong securit y t hat is support ed
by m ost wireless client s. Even t hough your Gue st _ SSI D client s do not have access t o sensit ive
inform at ion on t he net work, you should not leave t he net work wit hout securit y. An at t acker could
st ill cause dam age t o t he net work or int ercept unsecured com m unicat ions or use your I nt ernet
access for illegal act ivit ies.
NWA1121-NI User’s Guide
37
Chapter 4 Tutorial
Ent er t he PSK you want t o use in your net work in t he Pr e Sha r e d Ke y field. I n t his exam ple, t he
PSK is Thisism yGue st W PApr e - sh a r e dk e y. Click Apply.
Your guest wireless net work is now ready t o use.
4.2.5 Testing the Wireless Networks
To m ake sure t hat t he t hree net works are correct ly configured, do t he following.
• On a com put er wit h a wireless client , scan for access point s. You should see t he Gu e st _ SSI D
net work, but not t he SSI D 0 1 and VoI P_ SSI D net works. I f you can see t he SSI D 0 1 and
VoI P_ SSI D net works, go t o it s SSI D Edit screen and m ake sure t o select t he H idde n SSI D
check- box and click Apply.
• Try t o access each net work using t he correct securit y set t ings, and t hen using incorrect securit y
set t ings, such as t he WPA- PSK for anot her act ive net work. I f t he behavior is different from
expect ed ( for exam ple, if you can access t he SSI D 0 1 or VoI P_ SSI D wireless net work using t he
securit y set t ings for t he Gue st _ SSI D wireless net work) check t hat t he SSI D profile is set t o use
t he correct securit y profile, and t hat t he set t ings of t he securit y profile are correct .
4.3 NWA1121-NI Setup in AP and Wireless Client Modes
This exam ple shows you how t o rest rict wireless access t o your NWA1121- NI .
4.3.1 Scenario
I n t he figure below, t here are t wo NWA1121- NI s ( A and B) in t he net work. A is in MBSSI D or root
AP m ode while st at ion B is in wireless client m ode. St at ion B is connect ed t o a File Transfer Prot ocol
( FTP) server. You want only specified wireless client s t o be able t o access st at ion B. You also want
38
NWA1121-NI User’s Guide
Chapter 4 Tutorial
t o allow wireless t raffic bet ween B and wireless client s connect ed t o A ( W, Y and Z) . Ot her wireless
devices ( X ) m ust not be able t o connect t o t he FTP server.
Figure 11 FTP Server Connect ed t o a Wireless Client
4.3.2 Configuring the NWA1121-NI in MBSSID or Root AP Mode
Before set t ing up t he NWA1121- NI as a wireless client ( B) , you need t o m ake sure t here is an
access point t o connect t o. Use t he Et hernet port on NWA1121- NI ( A) t o configure it via a wired
connect ion.
NWA1121-NI User’s Guide
39
Chapter 4 Tutorial
Log int o t he Web Configurat or on NWA1121- NI ( A) and go t o t he W ir e le ss LAN > W ir e le ss
Se t t in gs screen.
40
Set t he Ope r a t ion M ode t o Root AP.
Select t he W ir e le ss M ode . I n t his exam ple, select 8 0 2 .1 1 b/ g/ n .
Select Pr ofile 1 as t he SSI D Pr ofile .
Choose t he Cha nne l you want NWA1121- NI ( A) t o use.
Click Apply.
NWA1121-NI User’s Guide
Chapter 4 Tutorial
Go t o W ir e le ss LAN > SSI D. Click t he Edit icon next t o Pr ofile 1 .
Change t he SSI D t o AP- A.
Select Se cPr ofile 1 in t he Se cur it y field.
Select t he check- box for I nt r a - BSS Tr a ffic block ing Ena ble d so t he client cannot access ot her
client s on t he sam e wireless net work.
10 Click Apply.
NWA1121-NI User’s Guide
41
Chapter 4 Tutorial
11 Go t o W ir e le ss LAN > Se cur it y. Click t he Edit icon next t o Se cPr ofile 1 .
12 Configure W PA- PSK as t he Se cur it y M ode and ent er Th isisM yPr e Sh a r e dKe y in t he Pr e Sha r e d Ke y field.
13 Click Apply t o finish configurat ion for NWA1121- NI ( A) .
4.3.3 Configuring the NWA1121-NI in Wireless Client Mode
The NWA1121- NI ( B) should have a wired connect ion before it can be set t o wireless client
operat ing m ode. Connect your NWA1121- NI t o t he FTP server. Login t o NWA1121- NI (B) ’s Web
Configurat or and go t o t he W ir e le ss LAN > W ir e le ss Se t t ings screen. Follow t hese st eps t o
configure st at ion B.
42
NWA1121-NI User’s Guide
Chapter 4 Tutorial
Select Clie n t as Ope r a t ion M ode. Click Apply.
Click on t he Sit e Su r ve y but t on. A window should pop up which cont ains a list of all available
wireless devices wit hin your NWA1121- NI ’s range.
Find and select NWA1121- NI ( A) ’s SSI D: AP- A.
NWA1121-NI User’s Guide
43
Chapter 4 Tutorial
Go t o W ir e le ss LAN > Se cur it y t o configure t he NWA1121- NI t o use t he sam e securit y m ode and
Pre- Shared Key as NWA1121- NI ( A) : W PA- PSK/ ThisisM yPr e Sh a r e dKe y. Click Apply.
Figure 12
4.3.4 MAC Filter Setup
One way t o ensure t hat only specified wireless client s can access t he FTP server is by enabling MAC
filt ering on NWA1121- NI ( B) ( See Sect ion 6.8 on page 89 for m ore inform at ion on MAC Filt er) .
Go t o W ir e le ss LAN > M AC Filt e r. Click t he Edit icon next t o M a cPr ofile 1 .
Select Allow in t he Acce ss Cont r ol M ode field. Ent er t he MAC addresses of t he wireless client s
( W , Y and Z) you want t o associat e wit h t he NWA1121- NI . Click Apply.
Now, only t he aut horized wireless client s ( W , Y and Z) can access t he FTP server.
44
NWA1121-NI User’s Guide
Chapter 4 Tutorial
4.3.5 Testing the Connection and Troubleshooting
This sect ion discusses how you can check if you have correct ly configured your net work set up as
described in t his t ut orial.
• Try accessing t he FTP server from wireless client s W , Y or Z. Test if you can send or ret rieve a
file. I f you cannot est ablish a connect ion wit h t he FTP server, do t he following st eps.
Make sure W , Y and Z use t he sam e wireless securit y set t ings as A and can access A.
Make sure B uses t he sam e wireless and wireless securit y set t ings as A and can access A.
Make sure int ra- BSS t raffic is enabled on A.
• Try accessing t he FTP server from X. I f you are able t o access t he FTP server, do t he following.
Make sure MAC filt ering is enabled.
Make sure X’s MAC address is not ent ered in t he list of allowed devices.
NWA1121-NI User’s Guide
45
Chapter 4 Tutorial
46
NWA1121-NI User’s Guide
P ART II
Technical Reference
The appendices provide general inform at ion. Som e det ails m ay not apply t o your NWA1121- NI .
47
48
C HAPT ER
Monitor
5.1 Overview
This chapt er discusses read- only inform at ion relat ed t o t he device st at e of t he NWA1121- NI .
Not e: To access t he M on it or screens, you can also click t he links in t he Sum m ary t able of
t he D a sh boa r d screen t o view t he wireless packet s sent / r eceived as well as t he
st at us of client s connect ed t o t he NWA1121- NI .
5.2 What You Can Do
• Use t he Logs screen t o see t he logs for t he cat egories t hat you select ed in t he Configur a t ion >
Log Se t t ings screen ( see Sect ion 5.3 on page 49) . You can view logs in t his page. Once t he log
ent ries are all used, t he log will wrap around and t he old logs will be delet ed.
• use t he St a t ist ics screen t o view 802.11 m ode, channel num ber, wireless packet specific
st at ist ics and so on ( see Sect ion 5.4 on page 50) .
• Use t he Associa t ion List screen t o view t he wireless devices t hat are current ly associat ed t o t he
NWA1121- NI ( see Sect ion 5.5 on page 51) .
• Use t he Cha nn e l Usa ge screen t o view whet her a channel is used by anot her wireless net work
or not . I f a channel is being used, you should select a channel rem oved from it by five channels
t o com plet ely avoid overlap ( see Sect ion 5.6 on page 52) .
5.3 View Logs
Use t he Logs screen t o see t he logged m essages for t he NWA1121- NI .
Log ent ries in red indicat e syst em error logs. The log wraps around and delet es t he old ent ries aft er
it fills.
NWA1121-NI User’s Guide
49
Chapter 5 Monitor
Click M onit or > Logs.
Figure 13 Logs
The following t able describes t he labels in t his screen.
Table 5 Logs
LABEL
DESCRIPTION
Display
Select a cat egory of logs t o view. Select All Log t o view logs from all of t he log
cat egories t hat you select ed in t he Con figu r a t ion > Log Se t t in gs screen.
E- Mail Log Now
Click E- M a il Log N ow t o send t he log screen t o t he e- m ail address specified in t he Log
Set t ings page ( m ake sure t hat you have first filled in t he E- m ail Log Set t ings fields in
Configur a t ion > Log Se t t ings) .
Refresh
Click Re fr e sh t o renew t he log screen.
Clear Log
Click Cle a r Log t o delet e all t he logs.
This field is a sequent ial value and is not associat ed wit h a specific ent ry.
Tim e
This field displays t he t im e t he log was recorded.
Message
This field st at es t he reason for t he log.
Source
This field list s t he source I P address and t he port num ber of t he incom ing packet .
5.4 Statistics
Use t his screen t o view read- only inform at ion, including 802.11 Mode, Channel I D, Ret ry Count and
FCS Error Count . Also provided is t he " poll int erval" . The Poll I nt e r va l field is configurable and is
used for refreshing t he screen.
50
NWA1121-NI User’s Guide
Chapter 5 Monitor
Click M onit or > St a t ist ics. The following screen pops up.
Figure 14 St at ist ics
The following t able describes t he labels in t his screen.
Table 6 St at ist ics
LABEL
DESCRIPTION
Descript ion
This is t he wireless int erface on t he NWA1121- NI .
802.11 Mode
This field shows which 802.11 m ode t he NWA1121- NI is using.
Channel I D
This shows t he channel num ber which t he NWA1121- NI is current ly using over t he
wireless LAN.
RX Pkt s
This is t he num ber of received packet s on t his port .
TX Pkt s
This is t he num ber of t ransm it t ed packet s on t his port .
Ret ry Count
This is t he t ot al num ber of ret ries for t ransm it t ed packet s ( TX) .
FCS Error Count
This is t he rat io percent age showing t he t ot al num ber of checksum error of received
packet s ( RX) over t ot al RX.
Poll I nt erval
Ent er t he t im e int erval for refreshing st at ist ics.
Set I nt erval
Click t his but t on t o apply t he new poll int erval you ent ered above.
St op
Click t his but t on t o st op refreshing st at ist ics.
5.5 Association List
View t he wireless devices t hat are current ly associat ed wit h t he NWA1121- NI in t he Associa t ion
List screen. Associat ion m eans t hat a wireless client ( for exam ple, your net work or com put er wit h
a wireless net work card) has connect ed successfully t o t he AP ( or wireless rout er) using t he sam e
SSI D, channel and securit y set t ings.
NWA1121-NI User’s Guide
51
Chapter 5 Monitor
Click M onit or > Associa t ion List t o display t he screen as shown next .
Figure 15 Associat ion List
The following t able describes t he labels in t his screen.
Table 7 Associat ion List
LABEL
DESCRIPTION
This is t he index num ber of an associat ed wireless device.
MAC Address
This field displays t he MAC address of an associat ed wireless device.
SSI D
This field displays t he SSI D t o which t he wireless device is associat ed.
Associat ion Tim e
This field displays t he t im e a wireless device first associat ed wit h t he NWA1121- NI ’s
wireless net work.
Signal St rengt h
This field displays t he RSSI ( Received Signal St rengt h I ndicat or) of t he wireless
connect ion.
Refresh
Click Re fr e sh t o reload t he list .
5.6 Channel Usage
Use t his screen t o know whet her a channel is used by anot her wireless net work or not . I f a channel
is being used, you should select a channel rem oved from it by five channels t o com plet ely avoid
overlap.
Click M onit or > Cha nn e l Usa ge t o display t he screen shown next .
52
NWA1121-NI User’s Guide
Chapter 5 Monitor
Wait a m om ent while t he NWA1121- NI com piles t he inform at ion.
Figure 16 Channel Usage
The following t able describes t he labels in t his screen.
Table 8 Channel Usage
LABEL
DESCRIPTION
SSI D
This is t he Service Set I Dent ificat ion ( SSI D) nam e of t he AP in an I nfrast ruct ure
wireless net work or wireless st at ion in an Ad- Hoc wireless net work. For our purposes,
we define an I nfrast ruct ure net work as a wireless net work t hat uses an AP and an AdHoc net work ( also known as I ndependent Basic Service Set ( I BSS) ) as one t hat
doesn’t . See t he chapt er on wireless configurat ion for m ore inform at ion on basic
service set s ( BSS) and ext ended service set s ( ESS) .
Channel
This is t he index num ber of t he channel current ly used by t he associat ed AP in an
I nfrast ruct ure wireless net work or wireless st at ion in an Ad- Hoc wireless net work.
MAC Address
This field displays t he MAC address of t he AP in an I nfrast ruct ure wireless net work. I t
is random ly generat ed ( so ignore it ) in an Ad- Hoc wireless net work.
Wireless Mode
This is t he I EEE 802.1x st andard used by t he wireless net work.
Signal St rengt h
This field displays t he st rengt h of t he AP’s signal. I f you m ust choose a channel t hat is
current ly in use, choose one wit h low signal st rengt h for m inim um int erference.
Securit y
This is t he wireless securit y m et hod used by t he wireless net work t o prot ect wireless
com m unicat ion bet ween wireless st at ions, access point s and t he wired net work.
Refresh
Click Re fr e sh t o reload t he screen.
NWA1121-NI User’s Guide
53
Chapter 5 Monitor
54
NWA1121-NI User’s Guide
C HAPT ER
Wireless LAN
6.1 Overview
This chapt er discusses t he st eps t o configure t he Wireless Set t ings screen on t he NWA1121- NI . I t
also int roduces t he wireless LAN ( WLAN) and som e basic scenarios.
Figure 17 Wireless Mode
I n t he figure above, t he NWA1121- NI allows access t o anot her bridge device ( A) and a not ebook
com put er ( B) upon verifying t heir set t ings and credent ials. I t denies access t o ot her devices ( C and
D ) wit h configurat ions t hat do not m at ch t hose specified in your NWA1121- NI .
6.2 What You Can Do in this Chapter
• Use t he W ir e le ss Se t t ings screen t o configure t he NWA1121- NI ’s operat ion m ode ( see Sect ion
6.4 on page 60) .
• Uee t he SSI D screen t o configure up t o eight SSI D profiles for your NWA1121- NI ( see Sect ion
6.5 on page 72) .
• Use t he Se cu r it y screen t o choose t he wireless securit y m ode for your NWA1121- NI ( see Sect ion
6.6 on page 74) .
• Use t he RAD I US screen if you want t o aut hent icat e wireless users using a RADI US Server and/ or
account ing server ( see Sect ion 6.7 on page 87) .
• Use t he M AC Filt e r screen t o specify which wireless st at ion is allowed or denied access t o t he
NWA1121- NI ( see Sect ion 6.8 on page 89) .
NWA1121-NI User’s Guide
55
Chapter 6 Wireless LAN
6.3 What You Need To Know
BSS
A Basic Service Set ( BSS) exist s when all com m unicat ions bet ween wireless client s or bet ween a
wireless client and a wired net work client go t hrough one access point ( AP) . I nt ra- BSS t raffic is
t raffic bet ween wireless client s in t he BSS.
ESS
An Ext ended Service Set ( ESS) consist s of a series of overlapping BSSs, each cont aining an access
point , wit h each access point connect ed t oget her by a wired net work. This wired connect ion
bet ween APs is called a Dist ribut ion Syst em ( DS) .
Operating Mode
The NWA1121- NI can run in four operat ing m odes as follows:
• Root AP. The NWA1121- NI is a wireless access point t hat allows wireless com m unicat ion t o
ot her devices in t he net work.
• Re pe a t e r. The NWA1121- NI act s as a wireless repeat er and increase a root AP’s wireless
coverage area.
• Clie nt . The NWA1121- NI act s as a wireless client t o access a wireless net work.
• M BSSI D. The Mult iple Basic Service Set I dent ifier ( MBSSI D) m ode allows you t o use one
access point t o provide several BSSs sim ult aneously.
Refer t o Chapt er 1 on page 11 for illust rat ions of t hese wireless applicat ions.
SSID
The SSI D ( Service Set I Dent ifier) is t he nam e t hat ident ifies t he Service Set wit h which a wireless
st at ion is associat ed. Wireless st at ions associat ing t o t he access point ( AP) m ust have t he sam e
SSI D. I n ot her words, it is t he nam e of t he wireless net work t hat client s use t o connect t o it .
Norm ally, t he NWA1121- NI act s like a beacon and regularly broadcast s t he SSI D in t he area. You
can hide t he SSI D inst ead, in which case t he NWA1121- NI does not broadcast t he SSI D. I n
addit ion, you should change t he default SSI D t o som et hing t hat is difficult t o guess.
This t ype of securit y is fairly weak, however, because t here are ways for unaut horized wireless
devices t o get t he SSI D. I n addit ion, unaut horized wireless devices can st ill see t he inform at ion t hat
is sent in t he wireless net work.
Channel
A channel is t he radio frequency( ies) used by I EEE 802.11a/ b/ g wireless devices. Channels
available depend on your geographical area. You m ay have a choice of channels ( for your region) so
you should use a different channel t han an adj acent AP ( access point ) t o reduce int erference.
56
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
Wireless Mode
The I EEE 802.1x st andard was designed t o ext end t he feat ures of I EEE 802.11 t o support ext ended
aut hent icat ion as well as providing addit ional account ing and cont rol feat ures. Your NWA1121- NI
can support 8 0 2 .1 1 b/ g, 8 0 2 .1 1 n and 8 0 2 .1 1 b/ g/ n .
MBSSID
Tradit ionally, you needed t o use different APs t o configure different Basic Service Set s ( BSSs) . As
well as t he cost of buying ext ra APs, t here was also t he possibilit y of channel int erference. The
NWA1121- NI ’s MBSSI D ( Mult iple Basic Service Set I Dent ifier) funct ion allows you t o use one access
point t o provide several BSSs sim ult aneously. You can t hen assign varying levels of privilege t o
different SSI Ds.
Wireless st at ions can use different BSSI Ds t o associat e wit h t he sam e AP.
The following are som e not es on m ult iple BSS.
• A m axim um of four BSSs are allowed on one AP sim ult aneously.
• You m ust use different WEP keys for different BSSs. I f t wo st at ions have different BSSI Ds ( t hey
are in different BSSs) , but have t he sam e WEP keys, t hey m ay hear each ot her ’s com m unicat ions
( but not com m unicat e wit h each ot her) .
• MBSSI D should not replace but rat her be used in conj unct ion wit h 802.1x securit y.
Wireless Security
Wireless securit y is vit al t o your net work. I t prot ect s com m unicat ions bet ween wireless st at ions,
access point s and t he wired net work.
Figure 18 Securing t he Wireless Net work
I n t he figure above, t he NWA1121- NI checks t he ident it y of devices before giving t hem access t o
t he net work. I n t his scenario, Com put er A is denied access t o t he net work, while Com put er B is
grant ed connect ivit y.
The NWA1121- NI secure com m unicat ions via dat a encrypt ion, wireless client aut hent icat ion and
MAC address filt ering. I t can also hide it s ident it y in t he net work.
NWA1121-NI User’s Guide
57
Chapter 6 Wireless LAN
User Authentication
Aut hent icat ion is t he process of verifying whet her a wireless device is allowed t o use t he wireless
net work. You can m ake every user log in t o t he wireless net work before t hey can use it . However,
every device in t he wireless net work has t o support I EEE 802.1x t o do t his.
For wireless net works, you can st ore t he user nam es and passwords for each user in a RADI US
server. This is a server used in businesses m ore t han in hom es. I f you do not have a RADI US server,
you cannot set up user nam es and passwords for your users.
Unaut horized wireless devices can st ill see t he inform at ion t hat is sent in t he wireless net work,
even if t hey cannot use t he wireless net work. Furt herm ore, t here are ways for unaut horized
wireless users t o get a valid user nam e and password. Then, t hey can use t hat user nam e and
password t o use t he wireless net work.
The following t able shows t he relat ive effect iveness of wireless securit y m et hods: .
Table 9 Wireless Securit y Levels
SECURITY
LEVEL
Least
Secure
SECURITY TYPE
Unique SSI D ( Default )
Unique SSI D wit h Hide SSI D Enabled
MAC Address Filt ering
WEP Encrypt ion
I EEE802.1x EAP wit h RADI US Server Aut hent icat ion
Wi- Fi Prot ect ed Access ( WPA)
Most Secure
WPA2
The available securit y m odes in your NWA1121- NI are as follows:
• N one . No dat a encrypt ion.
• W EP. Wired Equivalent Privacy ( WEP) encrypt ion scram bles t he dat a t ransm it t ed bet ween t he
wireless st at ions and t he access point s t o keep net work com m unicat ions privat e.
• 8 0 2 .1 x - On ly. This is a st andard t hat ext ends t he feat ures of I EEE 802.11 t o support ext ended
aut hent icat ion. I t provides addit ional account ing and cont rol feat ures. This opt ion does not
support dat a encrypt ion.
• 8 0 2 .1 x - St a t ic W EP. This provides 802.1x- Only aut hent icat ion wit h a st at ic 64bit or 128bit
WEP key and an aut hent icat ion server.
• W PA. Wi- Fi Prot ect ed Access ( WPA) is a subset of t he I EEE 802.11i st andard.
• W PA2 . WPA2 ( I EEE 802.11i) is a wireless securit y st andard t hat defines st ronger encrypt ion,
aut hent icat ion and key m anagem ent t han WPA.
• W PA2 - M I X. This com m ands t he NWA1121- NI t o use eit her WPA2 or WPA depending on which
securit y m ode t he wireless client uses.
• W PA2 - PSK. This adds a pre- shared key on t op of WPA2 st andard.
• W PA2 - PSK- M I X. This com m ands t he NWA1121- NI t o use eit her WPA- PSK or WPA2- PSK
depending on which securit y m ode t he wireless client uses.
Not e: To guarant ee 802.11n wireless speed, please only use WPA2 or WPA2- PSK securit y
m ode. Ot her securit y m odes m ay degrat e t he w ireless speed perform ance t o
802.11g.
58
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
Passphrase
A passphrase funct ions like a password. I n WEP securit y m ode, it is furt her convert ed by t he
NWA1121- NI int o a com plicat ed st ring t hat is referred t o as t he “ key”. This key is request ed from all
devices wishing t o connect t o a wireless net work.
PSK
The Pre- Shared Key ( PSK) is a password shared by a wireless access point and a client during a
previous secure connect ion. The key can t hen be used t o est ablish a connect ion bet ween t he t wo
part ies.
Encryption
Wireless net works can use encrypt ion t o prot ect t he inform at ion t hat is sent in t he wireless
net work. Encrypt ion is like a secret code. I f you do not know t he secret code, you cannot
underst and t he m essage. Encrypt ion is t he process of convert ing dat a int o unreadable t ext . This
secures inform at ion in net work com m unicat ions. The int ended recipient of t he dat a can “ unlock” it
wit h a pre- assigned key, m aking t he inform at ion readable only t o him . The NWA1121- NI when used
as a wireless client em ploys Tem poral Key I nt egrit y Prot ocol ( TKI P) dat a encrypt ion.
EAP
Ext ensible Aut hent icat ion Prot ocol ( EAP) is a prot ocol used by a wireless client , an access point and
an aut hent icat ion server t o negot iat e a connect ion.
The EAP m et hods em ployed by t he NWA1121- NI when in Wireless Client operat ing m ode are
Transport Layer Securit y ( TLS) , Prot ect ed Ext ensible Aut hent icat ion Prot ocol ( PEAP) , Light weight
Ext ensible Aut hent icat ion Prot ocol ( LEAP) and Tunneled Transport Layer Securit y ( TTLS) . The
aut hent icat ion prot ocol m ay eit her be Microsoft Challenge Handshake Aut hent icat ion Prot ocol
Version 2 ( MSCHAPv2) or Generic Token Card ( GTC) .
Furt her inform at ion on t hese t erm s can be found in Appendix D on page 181.
RADIUS
Rem ot e Aut hent icat ion Dial I n User Service ( RADI US) is a prot ocol t hat can be used t o m anage user
access t o large net works. I t is based on a client- server m odel t hat support s aut hent icat ion,
aut horizat ion and account ing. The access point is t he client and t he server is t he RADI US server.
Figure 19 RADI US Server Set up
NWA1121-NI User’s Guide
59
Chapter 6 Wireless LAN
I n t he figure above, wireless client s A and B are t rying t o access t he I nt ernet via t he NWA1121- NI .
The NWA1121- NI in t urn queries t he RADI US server if t he ident it y of client s A and U are allowed
access t o t he I nt ernet . I n t his scenario, only client U’s ident it y is verified by t he RADI US server and
allowed access t o t he I nt ernet .
The RADI US server handles t he following t asks:
• Aut he nt ica t ion which det erm ines t he ident it y of t he users.
• Au t h or iza t ion which det erm ines t he net work services available t o aut hent icat ed users once
t hey are connect ed t o t he net work.
• Accou nt in g which keeps t rack of t he client ’s net work act ivit y.
RADI US is a sim ple package exchange in which your AP act s as a m essage relay bet ween t he
wireless client and t he net work RADI US server.
You should know t he I P addresses, port s and share secret s of t he ext ernal RADI US server and/ or
t he ext ernal RADI US account ing server you want t o use wit h your NWA1121- NI . You can configure
a prim ary and backup RADI US and RADI US account ing server for your NWA1121- NI .
6.4 Wireless Settings Screen
Use t his screen t o choose t he operat ing m ode for your NWA1121- NI . Click N e t w or k > W ir e le ss
LAN > W ir e le ss Se t t ings. The screen varies depending upon t he operat ing m ode you select .
60
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
6.4.1 Root AP Mode
Use t his screen t o use your NWA1121- NI as an access point . Select Root AP as t he Ope r a t ion
M ode . The following screen displays.
Figure 20 Wireless LAN > Wireless Set t ings: Root AP
NWA1121-NI User’s Guide
61
Chapter 6 Wireless LAN
The following t able describes t he general wireless LAN labels in t his screen.
Table 10 Wireless LAN > Wireless Set t ings: Root AP
LABEL
DESCRIPTION
Basic Set t ings
Wireless LAN
I nt erface
Select t he check box t o t urn on t he wireless LAN on t he NWA1121- NI .
Operat ion Mode
Select Root AP from t he drop- down list .
Wireless Mode
Select 8 0 2 .1 1 b/ g t o allow bot h I EEE802.11b and I EEE802.11g com pliant WLAN devices
t o associat e wit h t he NWA1121- NI . The t ransm ission rat e of your NWA1121- NI m ight be
reduced.
Select 8 0 2 .1 1 b/ g/ n t o allow I EEE802.11b, I EEE802.11g and I EEE802.11n com pliant
WLAN devices t o associat e wit h t he NWA1121- NI . The t ransm ission rat e of t he NWA1121NI m ight be reduced.
Select 8 0 2 .1 1 n t o allow only I EEE802.11n com pliant WLAN devices t o associat e wit h t he
NWA1121- NI .
Channel
Select t he operat ing frequency/ channel depending on your part icular region from t he
drop- down list box.
Channel Widt h
This field displays only when you select 8 0 2 .1 1 n or 8 0 2 .1 1 b/ g/ n in t he W ir e le ss M ode
field.
A st andard 20MHz channel offers t ransfer speeds of up t o 150Mbps whereas a 40MHz
channel uses t wo st andard channels and offers speeds of up t o 300Mbps. However, not all
devices support 40MHz channels.
Select t he channel bandwidt h you want t o use for your wireless net work.
I t is recom m ended t hat you select 2 0 / 4 0 M H z . This allows t he NWA1121- NI t o adj ust t he
channel bandwidt h depending on net work condit ions.
Select 2 0 M H z if you want t o lessen radio int erference wit h ot her wireless devices in your
neighborhood or t he wireless client s do not support channel bonding.
Select SSI D
Profile
The SSI D ( Service Set I Dent ifier) ident ifies t he Service Set wit h which a wireless st at ion is
associat ed. Wireless st at ions associat ing t o t he access point ( AP) m ust have t he sam e
SSI D. You can have up t o four SSI Ds act ive at t he sam e t im e.
Note: If you are configuring the NWA1121-NI from a computer connected to the wireless
LAN and you change the NWA1121-NI’s SSID or security settings, you will lose your
wireless connection when you press Apply to confirm. You must then change the
wireless settings of your computer to match the NWA1121-NI’s new settings.
This is t he index num ber of each SSI D profile.
Act ivve
Select t he check box t o enable an SSI D profile. Ot herwise, clear t he check box.
Profile
Select an SSI D Pr ofile from t he drop- down list box.
Universal Repeat er Set t ings
The Universal repeat er funct ion allows t he NWA1121- NI in root AP or repeat er m ode t o set up a wireless
connect ion bet ween it and anot her NWA1121- NI in root AP or repeat er m ode.
Note: Universal repeater security is independent of the security settings between the NWA1121-NI and any
wireless clients.
62
Local MAC
Address
Loca l M AC Addr e ss is t he MAC address of your NWA1121- NI .
Universal
Repeat er SSI D
Profile
Select t he SSI D profile you want t o use for universal repeat er connect ions.
Note: You can only configure None, WPA-PSK or WPA2-PSK security mode for the SSID
used by a universal repeater connection.
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
Table 10 Wireless LAN > Wireless Set t ings: Root AP ( cont inued)
LABEL
DESCRIPTION
Advanced Set t ings
Beacon I nt erval
When a wirelessly net work device sends a beacon, it includes wit h it a beacon int erval.
This specifies t he t im e period before t he device sends t he beacon again. The int erval t ells
receiving devices on t he net work how long t hey can wait in lowpower m ode before waking
up t o handle t he beacon. A high value helps save current consum pt ion of t he access point .
DTI M I nt erval
Delivery Traffic I ndicat ion Message ( DTI M) is t he t im e period aft er which broadcast and
m ult icast packet s are t ransm it t ed t o m obile client s in t he Act ive Pow er Managem ent
m ode. A high DTI M value can cause client s t o lose connect ivit y wit h t he net work.
Out put Pow er
Set t he out put power of t he NWA1121- NI in t his field. I f t here is a high densit y of APs in
an area, decrease t he out put power of t he NWA1121- NI t o reduce int erference wit h ot her
APs. Select one of t he following Fu ll ( Full Power) , 5 0 % , 2 5 % , or 1 2 .5 % . See t he
product specificat ions for m ore inform at ion on your NWA1121- NI ’s out put power.
Pream ble Type
Select D yn a m ic t o have t he AP aut om at ically use short pream ble when wireless adapt ers
support it , ot herwise t he AP uses long pream ble.
Select Lon g if you are unsure what pream ble m ode t he wireless adapt ers support , and t o
provide m ore reliable com m unicat ions in busy wireless net works.
RTS/ CTS
Threshold
( Request To Send) The t hreshold ( num ber of byt es) for enabling RTS/ CTS handshake.
Dat a wit h it s fram e size larger t han t his value will perform t he RTS/ CTS handshake.
Set t ing t his at t ribut e t o be larger t han t he m axim um MSDU ( MAC service dat a unit ) size
t urns off t he RTS/ CTS handshake. Set t ing t his at t ribut e t o it s sm allest value ( 1) t urns on
t he RTS/ CTS handshake.
Fragm ent at ion
The t hreshold ( num ber of byt es) for t he fragm ent at ion boundary for direct ed m essages. I t
is t he m axim um dat a fragm ent size t hat can be sent .
Ext ension
Channel
Prot ect ion Mode
You can use CTS t o se lf or RTS- CTS prot ect ion m echanism t o reduce conflict s wit h ot her
wireless net works or hidden wireless client s. The t hroughput of RTS- CTS is m uch lower
t han CTS t o se lf. Using t his m ode m ay decrease your wireless perform ance.
A- MPDU
Aggregat ion
This field is available only when 8 0 2 .1 1 b/ g/ n is select ed as t he W ir e le ss M ode .
Select t o enable A- MPDU aggregat ion.
Message Prot ocol Dat a Unit ( MPDU) aggregat ion collect s Et hernet fram es along wit h t heir
802.11n headers and wraps t hem in a 802.11n MAC header. This m et hod is useful for
increasing bandwidt h t hroughput in environm ent s t hat are prone t o high error rat es.
Short GI
This field is available only when 8 0 2 .1 1 b/ g/ n is select ed as t he W ir e le ss M ode . Select
En a ble d t o use Sh or t GI ( Guard I nt erval) . The guard int erval is t he gap int roduced
bet ween dat a t ransm ission from users in order t o reduce int erference. Reducing t he GI
increases dat a t ransfer rat es but also increases int erference. I ncreasing t he GI reduces
dat a t ransfer rat es but also reduces int erference.
MCS Rat e
The M CS Ra t e t able is available only when 8 0 2 .1 1 b/ g/ n is select ed in t he W ir e le ss
M ode field.
I EEE 802.11n support s m any different dat a rat es which are called MCS rat es. MCS st ands
for Modulat ion and Coding Schem e. This is an 802.11n feat ure t hat increases t he wireless
net work perform ance in t erm s of t hroughput .
For each MCS Rat e ( 0- 15) , select eit her Ena ble d t o have t he NWA1121- NI use t he dat a
rat e.
Clear t he En a ble d check box if you do not want t he NWA1121- NI t o use t he dat a rat e.
Turn on t he Au t o opt ion t o have t he NWA1121- NI set t he dat a rat es aut om at ically t o
opt im ize t he t hroughput .
Note: You can set the NWA1121-NI to use up to four MCS rates at a time.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1121-NI User’s Guide
63
Chapter 6 Wireless LAN
6.4.2 Repeater Mode
Use t his screen t o have t he NWA1121- NI act as a wireless repeat er. You need t o know t he MAC
address of t he peer device, which also m ust be in Repeat er or Root AP m ode.
Figure 21 Wireless LAN > Wireless Set t ings: Repeat er
The following t able describes t he bridge labels in t his screen.
Table 11 Wireless LAN > Wireless Set t ings: Repeat er
LABEL
DESCRIPTION
Basic Set t ings
64
Wireless LAN
I nt erface
Select t he check box t o t urn on t he wireless LAN on t he NWA1121- NI .
Operat ion Mode
Select Re pe a t e r from t he drop- down list .
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
Table 11 Wireless LAN > Wireless Set t ings: Repeat er ( cont inued)
LABEL
DESCRIPTION
Wireless Mode
Select 8 0 2 .1 1 b/ g t o allow bot h I EEE802.11b and I EEE802.11g com pliant WLAN devices
t o associat e wit h t he NWA1121- NI . The t ransm ission rat e of your NWA1121- NI m ight be
reduced.
Select 8 0 2 .1 1 b/ g/ n t o allow I EEE802.11b, I EEE802.11g and I EEE802.11n com pliant
WLAN devices t o associat e wit h t he NWA1121- NI . The t ransm ission rat e of t he NWA1121NI m ight be reduced.
Select 8 0 2 .1 1 n t o allow only I EEE802.11n com pliant WLAN devices t o associat e wit h t he
NWA1121- NI .
Channel
Select t he operat ing frequency/ channel depending on your part icular region from t he
drop- down list box.
Channel Widt h
This field displays only when you select 8 0 2 .1 1 n or 8 0 2 .1 1 b/ g/ n in t he W ir e le ss M ode
field.
A st andard 20MHz channel offers t ransfer speeds of up t o 150Mbps whereas a 40MHz
channel uses t wo st andard channels and offers speeds of up t o 300Mbps. However, not all
devices support 40MHz channels.
Select t he channel bandwidt h you want t o use for your wireless net work.
I t is recom m ended t hat you select 2 0 / 4 0 M H z . This allows t he NWA1121- NI t o adj ust t he
channel bandwidt h depending on net work condit ions.
Select 2 0 M H z if you want t o lessen radio int erference wit h ot her wireless devices in your
neighborhood or t he wireless client s do not support channel bonding.
Universal Repeat er Set t ings
The Universal repeat er funct ion allows t he NWA1121- NI in root AP or repeat er m ode t o set up a wireless
connect ion bet ween it and anot her NWA1121- NI in root AP or repeat er m ode.
Note: Universal repeater security is independent of the security settings between the NWA1121-NI and any
wireless clients.
Local MAC
Address
Loca l M AC Addr e ss is t he MAC address of your NWA1121- NI .
Universal
Repeat er SSI D
Profile
Select t he SSI D profile you want t o use for universal repeat er connect ions wit h an AP or
repeat er or regular wireless connect ions wit h wireless client s.
Note: You can only configure None, WPA-PSK or WPA2-PSK security mode for the SSID
used by a universal repeater connection.
Root MAC
Address
Specify t he peer device’s MAC address. The peer device can be a NWA1121- NI in eit her
root AP m ode or repeat er m ode.
Advanced Set t ings
Beacon I nt erval
When a wirelessly net work device sends a beacon, it includes wit h it a beacon int erval.
This specifies t he t im e period before t he device sends t he beacon again. The int erval t ells
receiving devices on t he net work how long t hey can wait in lowpower m ode before waking
up t o handle t he beacon. A high value helps save current consum pt ion of t he access point .
DTI M I nt erval
Delivery Traffic I ndicat ion Message ( DTI M) is t he t im e period aft er which broadcast and
m ult icast packet s are t ransm it t ed t o m obile client s in t he Act ive Pow er Managem ent
m ode. A high DTI M value can cause client s t o lose connect ivit y wit h t he net work.
Out put Pow er
Set t he out put power of t he NWA1121- NI in t his field. I f t here is a high densit y of APs in
an area, decrease t he out put power of t he NWA1121- NI t o reduce int erference wit h ot her
APs. Select one of t he following Fu ll ( Full Power) , 5 0 % , 2 5 % or 1 2 .5 % . See t he product
specificat ions for m ore inform at ion on your NWA1121- NI ’s out put power.
NWA1121-NI User’s Guide
65
Chapter 6 Wireless LAN
Table 11 Wireless LAN > Wireless Set t ings: Repeat er ( cont inued)
LABEL
DESCRIPTION
Pream ble Type
Select D yn a m ic t o have t he AP aut om at ically use short pream ble when wireless adapt ers
support it , ot herwise t he AP uses long pream ble.
Select Lon g if you are unsure what pream ble m ode t he wireless adapt ers support , and t o
provide m ore reliable com m unicat ions in busy wireless net works.
RTS/ CTS
Threshold
( Request To Send) The t hreshold ( num ber of byt es) for enabling RTS/ CTS handshake.
Dat a wit h it s fram e size larger t han t his value will perform t he RTS/ CTS handshake.
Set t ing t his at t ribut e t o be larger t han t he m axim um MSDU ( MAC service dat a unit ) size
t urns off t he RTS/ CTS handshake. Set t ing t his at t ribut e t o it s sm allest value ( 1) t urns on
t he RTS/ CTS handshake.
Fragm ent at ion
The t hreshold ( num ber of byt es) for t he fragm ent at ion boundary for direct ed m essages. I t
is t he m axim um dat a fragm ent size t hat can be sent .
Ext ension
Channel
Prot ect ion Mode
You can use CTS t o se lf or RTS- CTS prot ect ion m echanism t o reduce conflict s wit h ot her
wireless net works or hidden wireless client s. The t hroughput of RTS- CTS is m uch lower
t han CTS t o se lf. Using t his m ode m ay decrease your wireless perform ance.
A- MPDU
Aggregat ion
This field is available only when 8 0 2 .1 1 b/ g/ n is select ed as t he W ir e le ss M ode .
Select t o enable A- MPDU aggregat ion.
Message Prot ocol Dat a Unit ( MPDU) aggregat ion collect s Et hernet fram es along wit h t heir
802.11n headers and wraps t hem in a 802.11n MAC header. This m et hod is useful for
increasing bandwidt h t hroughput in environm ent s t hat are prone t o high error rat es.
Short GI
This field is available only when 8 0 2 .1 1 b/ g/ n is select ed as t he W ir e le ss M ode . Select
En a ble d t o use Sh or t GI ( Guard I nt erval) . The guard int erval is t he gap int roduced
bet ween dat a t ransm ission from users in order t o reduce int erference. Reducing t he GI
increases dat a t ransfer rat es but also increases int erference. I ncreasing t he GI reduces
dat a t ransfer rat es but also reduces int erference.
MCS Rat e
The M CS Ra t e t able is available only when 8 0 2 .1 1 b/ g/ n is select ed in t he W ir e le ss
M ode field.
I EEE 802.11n support s m any different dat a rat es which are called MCS rat es. MCS st ands
for Modulat ion and Coding Schem e. This is an 802.11n feat ure t hat increases t he wireless
net work perform ance in t erm s of t hroughput .
For each MCS Rat e ( 0- 15) , select eit her Ena ble d t o have t he NWA1121- NI use t he dat a
rat e.
Clear t he En a ble d check box if you do not want t he NWA1121- NI t o use t he dat a rat e.
Turn on t he Au t o opt ion t o have t he NWA1121- NI set t he dat a rat es aut om at ically t o
opt im ize t he t hroughput .
Note: You can set the NWA1121-NI to use up to four MCS rates at a time.
66
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
6.4.3 Wireless Client Mode
Use t his screen t o t urn your NWA1121- NI int o a wireless client . Select Clie nt as t he Ope r a t ion
M ode . The following screen displays.
Figure 22 Wireless LAN > Wireless Set t ings: Wireless Client
The following t able describes t he general wireless LAN labels in t his screen.
Table 12 Wireless LAN > Wireless Set t ings: Wireless Client
LABEL
DESCRIPTION
Basic Set t ings
Wireless LAN
I nt erface
Select t he check box t o t urn on t he wireless LAN on t he NWA1121- NI .
Operat ion Mode
Select Clie n t in t his field.
Sit e Survey
Click t his t o view a list of available wireless access point s wit hin t he range. Select t he AP
you want t o use.
Note: After selecting Client as the Operation Mode in the Basic Settings section, you must
click Apply to be able to select from the AP list.
NWA1121-NI User’s Guide
67
Chapter 6 Wireless LAN
Table 12 Wireless LAN > Wireless Set t ings: Wireless Client ( cont inued)
LABEL
DESCRIPTION
SSI D Profile
The SSI D ( Service Set I Dent ifier) ident ifies t he Service Set wit h which a wireless st at ion is
associat ed. Wireless st at ions associat ing t o t he access point ( AP) m ust have t he sam e
SSI D.
I n t his field, select t he SSI D profile of t he AP you want t o use. Click Apply.
The SSI D used in t he select ed SSI D profile aut om at ically changes t o be t he one you select
in t he Sit e Sur ve y screen.
Set t he securit y configurat ion for t his operat ing m ode in t he W ir e le ss LAN > Se cu r it y
screen. Check t he D a sh boa r d screen t o check if t he set t ings you set show in t he WLAN
inform at ion.
Note: If you are configuring the NWA1121-NI from a computer connected to the wireless LAN
and you change the NWA1121-NI’s SSID or security settings, you will lose your
wireless connection when you press Apply to confirm. You must then change the
wireless settings of your computer to match the NWA1121-NI’s new settings.
Channel
This shows t he operat ing frequency/ channel in use. This field is read- only when you select
Clie n t as your operat ion m ode.
Channel Widt h
A st andard 20MHz channel offers t ransfer speeds of up t o 150Mbps whereas a 40MHz
channel uses t wo st andard channels and offers speeds of up t o 300Mbps. However, not all
devices support 40MHz channels.
Select t he channel bandwidt h you want t o use for your wireless net work.
I t is recom m ended t hat you select 2 0 / 4 0 M H z . This allows t he NWA1121- NI t o adj ust t he
channel bandwidt h depending on net work condit ions.
Select 2 0 M H z if you want t o lessen radio int erference wit h ot her wireless devices in your
neighborhood or t he AP do not support channel bonding.
Advanced Set t ings
Out put Pow er
Set t he out put power of t he NWA1121- NI in t his field. I f t here is a high densit y of APs in an
area, decrease t he out put power of t he NWA1121- NI t o reduce int erference wit h ot her APs.
Select one of t he following Fu ll ( Full Power) , 5 0 % , 2 5 % or 1 2 .5 % . See t he product
specificat ions for m ore inform at ion on your NWA1121- NI ’s out put power.
Pream ble Type
Select D yn a m ic t o have t he NWA1121- NI aut om at ically use short pream ble when t he
wireless net work your NWA1121- NI is connect ed t o support s it , ot herwise t he NWA1121- NI
uses long pream ble.
Select Lon g pream ble if you are unsure what pream ble m ode t he wireless device your
NWA1121- NI is connect ed t o support s, and t o provide m ore reliable com m unicat ions in
busy wireless net works.
68
RTS/ CTS
Threshold
( Request To Send) The t hreshold ( num ber of byt es) for enabling RTS/ CTS handshake. Dat a
wit h it s fram e size larger t han t his value will perform t he RTS/ CTS handshake. Set t ing t his
at t ribut e t o be larger t han t he m axim um MSDU ( MAC service dat a unit ) size t urns off t he
RTS/ CTS handshake. Set t ing t his at t ribut e t o it s sm allest value ( 1) t urns on t he RTS/ CTS
handshake.
Fragm ent at ion
The t hreshold ( num ber of byt es) for t he fragm ent at ion boundary for direct ed m essages. I t
is t he m axim um dat a fragm ent size t hat can be sent .
Ext ension
channel
prot ect ion m ode
You can use CTS t o se lf or RTS- CTS prot ect ion m echanism t o reduce conflict s wit h ot her
wireless net works or hidden wireless client s. The t hroughput of RTS- CTS is m uch lower
t han CTS t o se lf. Using t his m ode m ay decrease your wireless perform ance.
A- MPDU
Aggregat ion
Select t o enable A- MPDU aggregat ion.
Message Prot ocol Dat a Unit ( MPDU) aggregat ion collect s Et hernet fram es along wit h t heir
802.11n headers and wraps t hem in a 802.11n MAC header. This m et hod is useful for
increasing bandwidt h t hroughput in environm ent s t hat are prone t o high error rat es.
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
Table 12 Wireless LAN > Wireless Set t ings: Wireless Client ( cont inued)
LABEL
DESCRIPTION
Short GI
Select Ena ble d t o use Sh or t GI ( Guard I nt erval) . The guard int erval is t he gap int roduced
bet ween dat a t ransm ission from users in order t o reduce int erference. Reducing t he GI
increases dat a t ransfer rat es but also increases int erference. I ncreasing t he GI reduces dat a
t ransfer rat es but also reduces int erference.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
6.4.4 MBSSID Mode
Use t his screen t o have t he NWA1121- NI funct ion in MBSSI D m ode. Select M BSSI D as t he
Ope r a t ion M ode . The following screen diplays.
Figure 23 Wireless LAN > Wireless Set t ings: MBSSI D
NWA1121-NI User’s Guide
69
Chapter 6 Wireless LAN
The following t able describes t he labels in t his screen.
Table 13 Wireless LAN > Wireless Set t ings: MBSSI D
LABEL
DESCRIPTION
Basic Set t ings
Wireless LAN
I nt erface
Select t he check box t o t urn on t he wireless LAN on t he NWA1121- NI .
Operat ion Mode
Select M BSSI D from t he drop- down list .
Wireless Mode
Select 8 0 2 .1 1 b/ g t o allow bot h I EEE802.11b and I EEE802.11g com pliant WLAN devices
t o associat e wit h t he NWA1121- NI . The t ransm ission rat e of your NWA1121- NI m ight be
reduced.
Select 8 0 2 .1 1 b/ g/ n t o allow I EEE802.11b, I EEE802.11g and I EEE802.11n com pliant
WLAN devices t o associat e wit h t he NWA1121- NI . The t ransm ission rat e of t he NWA1121NI m ight be reduced.
Select 8 0 2 .1 1 n t o allow only I EEE802.11n com pliant WLAN devices t o associat e wit h t he
NWA1121- NI .
Channel
Select t he operat ing frequency/ channel depending on your part icular region from t he
drop- down list box.
Channel Widt h
This field displays only when you select 8 0 2 .1 1 n or 8 0 2 .1 1 b/ g/ n in t he W ir e le ss M ode
field.
A st andard 20MHz channel offers t ransfer speeds of up t o 150Mbps whereas a 40MHz
channel uses t wo st andard channels and offers speeds of up t o 300Mbps. However, not all
devices support 40MHz channels.
Select t he channel bandwidt h you want t o use for your wireless net work.
Select 2 0 M H z if you want t o lessen radio int erference wit h ot her wireless devices in your
neighborhood or t he wireless client s do not support channel bonding.
Select SSI D
Profile
The SSI D ( Service Set I Dent ifier) ident ifies t he Service Set wit h which a wireless st at ion is
associat ed. Wireless st at ions associat ing t o t he access point ( AP) m ust have t he sam e
SSI D. You can have up t o eight SSI Ds act ive at t he sam e t im e.
Note: If you are configuring the NWA1121-NI from a computer connected to the wireless
LAN and you change the NWA1121-NI’s SSID or security settings, you will lose your
wireless connection when you press Apply to confirm. You must then change the
wireless settings of your computer to match the NWA1121-NI’s new settings.
This is t he index num ber of each SSI D profile.
Act ivve
Select t he check box t o enable an SSI D profile. Ot herwise, clear t he check box.
Profile
Select an SSI D Pr ofile from t he drop- down list box.
Advanced Set t ings
70
Beacon I nt erval
When a wirelessly net work device sends a beacon, it includes wit h it a beacon int erval.
This specifies t he t im e period before t he device sends t he beacon again. The int erval t ells
receiving devices on t he net work how long t hey can wait in lowpower m ode before waking
up t o handle t he beacon. A high value helps save current consum pt ion of t he access point .
DTI M I nt erval
Delivery Traffic I ndicat ion Message ( DTI M) is t he t im e period aft er which broadcast and
m ult icast packet s are t ransm it t ed t o m obile client s in t he Act ive Pow er Managem ent
m ode. A high DTI M value can cause client s t o lose connect ivit y wit h t he net work.
Out put Pow er
Set t he out put power of t he NWA1121- NI in t his field. I f t here is a high densit y of APs in
an area, decrease t he out put power of t he NWA1121- NI t o reduce int erference wit h ot her
APs. Select one of t he following Fu ll ( Full Power) , 5 0 % , 2 5 % or 1 2 .5 % . See t he product
specificat ions for m ore inform at ion on your NWA1121- NI ’s out put power.
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
Table 13 Wireless LAN > Wireless Set t ings: MBSSI D ( cont inued)
LABEL
DESCRIPTION
Pream ble Type
Select D yn a m ic t o have t he AP aut om at ically use short pream ble when wireless adapt ers
support it , ot herwise t he AP uses long pream ble.
Select Lon g if you are unsure what pream ble m ode t he wireless adapt ers support , and t o
provide m ore reliable com m unicat ions in busy wireless net works.
RTS/ CTS
Threshold
( Request To Send) The t hreshold ( num ber of byt es) for enabling RTS/ CTS handshake.
Dat a wit h it s fram e size larger t han t his value will perform t he RTS/ CTS handshake.
Set t ing t his at t ribut e t o be larger t han t he m axim um MSDU ( MAC service dat a unit ) size
t urns off t he RTS/ CTS handshake. Set t ing t his at t ribut e t o it s sm allest value ( 1) t urns on
t he RTS/ CTS handshake.
Ext ension
Channel
Prot ect ion Mode
You can use CTS t o se lf or RTS- CTS prot ect ion m echanism t o reduce conflict s wit h ot her
wireless net works or hidden wireless client s. The t hroughput of RTS- CTS is m uch lower
t han CTS t o se lf. Using t his m ode m ay decrease your wireless perform ance.
A- MPDU
Aggregat ion
This field is available only when 8 0 2 .1 1 b/ g/ n is select ed as t he W ir e le ss M ode .
Select t o enable A- MPDU aggregat ion.
Message Prot ocol Dat a Unit ( MPDU) aggregat ion collect s Et hernet fram es along wit h t heir
802.11n headers and wraps t hem in a 802.11n MAC header. This m et hod is useful for
increasing bandwidt h t hroughput in environm ent s t hat are prone t o high error rat es.
Short GI
This field is available only when 8 0 2 .1 1 b/ g/ n is select ed as t he W ir e le ss M ode . Select
En a ble d t o use Sh or t GI ( Guard I nt erval) . The guard int erval is t he gap int roduced
bet ween dat a t ransm ission from users in order t o reduce int erference. Reducing t he GI
increases dat a t ransfer rat es but also increases int erference. I ncreasing t he GI reduces
dat a t ransfer rat es but also reduces int erference.
MCS Rat e
The M CS Ra t e t able is available only when 8 0 2 .1 1 b/ g/ n is select ed in t he W ir e le ss
M ode field.
I EEE 802.11n support s m any different dat a rat es which are called MCS rat es. MCS st ands
for Modulat ion and Coding Schem e. This is an 802.11n feat ure t hat increases t he wireless
net work perform ance in t erm s of t hroughput .
For each MCS Rat e ( 0- 15) , select eit her Ena ble d t o have t he NWA1121- NI use t he dat a
rat e.
Clear t he En a ble d check box if you do not want t he NWA1121- NI t o use t he dat a rat e.
Turn on t he Au t o opt ion t o have t he NWA1121- NI set t he dat a rat es aut om at ically t o
opt im ize t he t hroughput .
Note: You can set the NWA1121-NI to use up to four MCS rates at a time.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1121-NI User’s Guide
71
Chapter 6 Wireless LAN
6.5 SSID Screen
Use t his screen t o view and m odify t he set t ings of t he SSI D profiles on t he NWA1121- NI . Click
W ir e le ss LAN > SSI D t o display t he screen as shown.
Figure 24 Wireless LAN > SSI D
The following t able describes t he labels in t his screen.
Figure 25 Wireless LAN > SSI D
LABEL
DESCRI PTI ON
Profile Set t ings
72
This field displays t he index num ber of each SSI D profile.
Profile Nam e
This field displays t he ident ificat ion nam e of each SSI D profile on t he NWA1121- NI .
SSI D
This field displays t he nam e of t he wireless profile on t he net work. When a wireless
client scans for an AP t o associat e wit h, t his is t he nam e t hat is broadcast and seen in
t he wireless client ut ilit y.
Securit y
This field indicat es which securit y profile is current ly associat ed wit h each SSI D
profile. See Sect ion 6.6 on page 74 for m ore inform at ion.
RADI US
This field displays which RADI US profile is current ly associat ed wit h each SSI D
profile, if you have a RADI US server configured.
QoS
This field displays t he Qualit y of Service set t ing for t his profile or N ON E if QoS is not
configured on a profile.
MAC Filt er
This field displays which MAC filt er profile is current ly associat ed wit h each SSI D
profile, or D isa ble if MAC filt ering is not configured on an SSI D profile.
Modify
Click Edit t o go t o t he SSI D configurat ion screen where you can m odify set t ings in an
SSI D profile.
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
6.5.1 Configuring SSID
Use t his screen t o configure an SSI D profile. I n t he W ir e le ss LAN > SSI D screen, click Edit next
t o t he SSI D profile you want t o configure t o display t he following screen.
Figure 26 SSI D: Edit
The following t able describes t he labels in t his screen.
Table 14 SSI D: Edit
LABEL
DESCRI PTI ON
Profile Nam e
This is t he nam e t hat ident ifying t his profile.
SSI D
When a wireless client scans for an AP t o associat e wit h, t his is t he nam e t hat is
broadcast and seen in t he wireless client ut ilit y.
Securit y
Select a securit y profile t o use wit h t his SSI D profile. See Sect ion 6.6 on page 74 for
m ore inform at ion. I f you do not want t his profile t o use wireless securit y, select
D isa ble d.
RADI US
Select a RADI US profile from t he drop- down list box, if you have a RADI US server
configured. I f you do not need t o use RADI US aut hent icat ion, ignore t his field. See
Sect ion 6.7 on page 87 for m ore inform at ion.
MAC Filt ering
Select a MAC filt er profile from t he drop- down list box. I f you do not want t o use MAC
filt ering on t his profile, select D isa ble d.
QoS
Select t he Qualit y of Service priorit y for t his BSS’s t raffic.
•
•
•
I f you select W M M from t he QoS list , t he priorit y of a dat a packet depends on t he
packet ’s I EEE 802.1q or DSCP header. I f a packet has no WMM value assigned t o
it , it is assigned t he default priorit y.
I f you select W M M _ VOI CE, W M M _ VI D EO, W M M _ BESTEFFORT or
W M M _ BACKGROUN D, t he NWA1121- NI applies t hat QoS set t ing t o all of t hat
SSI D’s t raffic.
I f you select N on e , t he NWA1121- NI applies no priorit y t o t raffic on t his SSI D.
Note: When you configure an SSID profile’s QoS settings, the NWA1121-NI applies the
same QoS setting to all of the profile’s traffic.
NWA1121-NI User’s Guide
73
Chapter 6 Wireless LAN
Table 14 SSI D: Edit ( cont inued)
LABEL
DESCRI PTI ON
BSSI D VLAN I D
Ent er a VLAN I D for t he SSI D profile.
Packet s com ing from t he WLAN using t his SSI D profile are t agged wit h t he VLAN I D
num ber by t he NWA1121- NI .
Num ber of Wireless
St at ions Allowed t o
Associat e
Use t his field t o set a m axim um num ber of wireless st at ions t hat m ay connect t o t he
device.
Hidden SSI D
I f you do not select t he checkbox, t he NWA1121- NI broadcast s t his SSI D ( a wireless
client scanning for an AP will find t his SSI D) . Alt ernat ively, if you select t he checkbox,
t he NWA1121- NI hides t his SSI D ( a wireless client scanning for an AP will not find
t his SSI D) .
I nt ra- BSS Traffic
Blocking
Select t he check box t o prevent wireless client s in t his profile’s BSS from
com m unicat ing wit h one anot her.
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
6.6 Wireless Security Screen
Use t his screen t o choose t he securit y m ode for your NWA1121- NI .
Click W ir e le ss LAN > Se cu r it y. Select t he profile t hat you want t o configure and click Edit .
Figure 27 Wireless > Securit y
74
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
The Se cur it y Se t t in gs screen varies depending upon t he securit y m ode you select .
Figure 28 Securit y: None
Not e t hat som e screens display different ly depending on t he operat ing m ode select ed in t he
W ir e le ss LAN > W ir e le ss Se t t ings screen.
Not e: You m ust enable t he sam e wireless securit y set t ings on t he NWA1121- NI and on all
wireless client s t hat you want t o associat e wit h it .
NWA1121-NI User’s Guide
75
Chapter 6 Wireless LAN
6.6.1 Security: WEP
Use t his screen t o use WEP as t he securit y m ode for your NWA1121- NI . Select W EP in t he
Se cur it y M ode field t o display t he following screen.
Figure 29 Securit y: WEP
The following t able describes t he labels in t his screen.
Table 15 Securit y: WEP
76
LABEL
DESCRIPTION
Profile Nam e
This is t he nam e t hat ident ifying t his profile.
Securit y Mode
Choose W EP in t his field.
Aut hent icat ion
Type
Select Ope n or Sh a r e d from t he drop- down list box.
Dat a Encrypt ion
Select 6 4 - bit W EP or 1 2 8 - bit W EP t o enable dat a encrypt ion.
Passphrase
Ent er t he passphrase or st ring of t ext used for aut om at ic WEP key generat ion on wireless
client adapt ers.
Generat e
Click t his t o get t he keys from t he Pa ssph r a se you ent ered.
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
Table 15 Securit y: WEP ( cont inued)
LABEL
DESCRIPTION
Key 1 t o
The WEP keys are used t o encrypt dat a. Bot h t he NWA1121- NI and t he wireless st at ions
m ust use t he sam e WEP key for dat a t ransm ission.
Key 4
I f you chose 6 4 - bit W EP, t hen ent er any 5 ASCI I charact ers or 10 hexadecim al
charact ers ( " 0- 9" , " A- F" ) .
I f you chose 1 2 8 - bit W EP, t hen ent er 13 ASCI I charact ers or 26 hexadecim al charact ers
( " 0- 9" , " A- F" ) .
You m ust configure all four keys, but only one key can be act ivat ed at any one t im e.
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
6.6.2 Security: 802.1x Only
This screen varies depending on t he operat ing m ode you select in t he W ir e le ss LAN > W ir e le ss
Se t t in gs screen.
6.6.2.1 Access Point
Use t his screen t o use 802.1x- Only securit y m ode for your NWA1121- NI t hat is in root AP, MBSSI D
or repeat er operat ing m ode. Select 8 0 2 .1 x - On ly in t he Se cur it y M ode field t o display t he
following screen.
Figure 30 Securit y: 802.1x Only for Access Point
The following t able describes t he labels in t his screen.
Table 16 Securit y: 802.1x Only for Access Point
LABEL
DESCRIPTION
Securit y Set t ings
Profile Nam e
This is t he nam e t hat ident ifying t his profile.
Securit y Mode
Choose 8 0 2 .1 x - Only in t his field.
Rekey Opt ions
NWA1121-NI User’s Guide
77
Chapter 6 Wireless LAN
Table 16 Securit y: 802.1x Only for Access Point ( cont inued)
LABEL
DESCRIPTION
Reaut hent icat ion
Tim e
Specify how oft en wireless st at ions have t o resend user nam es and passwords in order
t o st ay connect ed.
Ent er a t im e int erval bet ween 100 and 3600 seconds. Alt ernat ively, ent er “ 0” t o t urn
reaut hent icat ion off.
Note: If wireless station authentication is done using a RADIUS server, the
reauthentication timer on the RADIUS server has priority.
Enable Group- Key
Updat e
Select t his opt ion t o have t he NWA1121- NI aut om at ically disconnect a wireless st at ion
from t he wired net work aft er a period of inact ivit y. The wireless st at ion needs t o ent er
t he user nam e and password again before access t o t he wired net w ork is allowed.
Ent er a t im e int erval bet ween 100 and 3600 seconds.
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
6.6.2.2 Wireless Client
Use t his screen t o use 802.1x- Only securit y m ode for your NWA1121- NI t hat is in wireless client
operat ing m ode. Select 8 0 2 .1 x - Only in t he Se cur it y M ode field t o display t he following screen.
Figure 31 Securit y: 802.1x Only for Wireless Client
The following t able describes t he labels in t his screen.
Table 17 Securit y: 802.1x Only for Wireless Client
LABEL
DESCRIPTION
Securit y Set t ings
Profile Nam e
78
This is t he nam e t hat ident ifying t his profile.
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
Table 17 Securit y: 802.1x Only for Wireless Client ( cont inued)
LABEL
DESCRIPTION
Securit y Mode
Choose t he sam e securit y m ode used by t he AP.
I EEE802.1x Aut hent icat ion
Eap Type
The opt ions on t he left refer t o EAP m et hods. You can choose eit her TLS, LEAP, PEAP or
TTLS.
I f you select TTLS or PEAP, t he opt ions on t he right refer t o aut hent icat ion prot ocols.
You can choose bet ween PAP, CH AP, M SCH AP, M SCH APv2 and/ or GTC.
User I nform at ion
Usernam e
Supply t he user nam e of t he account creat ed in t he RADI US server.
Login Nam e
Password
Supply t he password of t he account creat ed in t he RADI US server.
Cert ificat e
User Cert ificat e
I f you select TLS, ent er t he nam e of t he cert ificat e used t o t o verify t he ident it y of
client s.
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
6.6.3 Security: 802.1x Static WEP
This screen varies depending on t he operat ing m ode you select in t he W ir e le ss LAN > W ir e le ss
Se t t in gs screen.
NWA1121-NI User’s Guide
79
Chapter 6 Wireless LAN
6.6.3.1 Access Point
Use t his screen t o use 802.1x st at ic WEP securit y m ode for your NWA1121- NI t hat is in root AP,
MBSSI D or repeat er operat ing m ode. Select 8 0 2 .1 X- St a t ic W EP in t he Se cur it y M ode field t o
display t he following screen.
Figure 32 Securit y: 802.1X- St at ic WEP for Access Point
The following t able describes t he labels in t his screen.
Table 18 Securit y: 802.1X- St at ic WEP for Access Point
LABEL
DESCRIPTION
Securit y Set t ings
80
Profile Nam e
This is t he nam e t hat ident ifying t his profile.
Securit y Mode
Choose 8 0 2 .1 X - St a t ic W EP in t his field.
Dat a Encrypt ion
Select 6 4 - bit W EP or 1 2 8 - bit W EP t o enable dat a encrypt ion.
Passphrase
Ent er t he passphrase or st ring of t ext used for aut om at ic WEP key generat ion on wireless
client adapt ers.
Generat e
Click t his t o get t he keys from t he Pa ssph r a se you ent ered.
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
Table 18 Securit y: 802.1X- St at ic WEP for Access Point ( cont inued)
LABEL
DESCRIPTION
Key 1 t o
The WEP keys are used t o encrypt dat a. Bot h t he NWA1121- NI and t he wireless st at ions
m ust use t he sam e WEP key for dat a t ransm ission.
Key 4
I f you chose 6 4 - bit W EP, t hen ent er any 5 ASCI I charact ers or 10 hexadecim al
charact ers ( " 0- 9" , " A- F" ) .
I f you chose 1 2 8 - bit W EP, t hen ent er 13 ASCI I charact ers or 26 hexadecim al charact ers
( " 0- 9" , " A- F" ) .
You m ust configure all four keys, but only one key can be act ivat ed at any one t im e.
Rekey Opt ions
Reaut hent icat ion
Tim e
Specify how oft en wireless st at ions have t o resend user nam es and passwords in order t o
st ay connect ed.
Ent er a t im e int erval bet ween 100 and 3600 seconds. Alt ernat ively, ent er “ 0” t o t urn
reaut hent icat ion off.
Note: If wireless station authentication is done using a RADIUS server, the reauthentication
timer on the RADIUS server has priority.
Enable Group- Key
Updat e
Select t his opt ion t o have t he NWA1121- NI aut om at ically disconnect a wireless st at ion
from t he wired net work aft er a period of inact ivit y. The wireless st at ion needs t o ent er t he
user nam e and password again before access t o t he wired net work is allowed.
Ent er a t im e int erval bet ween 100 and 3600 seconds.
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1121-NI User’s Guide
81
Chapter 6 Wireless LAN
6.6.3.2 Wireless Client
Use t his screen t o use 802.1x- Only securit y m ode for your NWA1121- NI t hat is in wireless client
operat ing m ode. Select 8 0 2 .1 X- St a t ic W EP in t he Se cur it y M ode field t o display t he following
screen.
Figure 33 Securit y: 802.1X- St at ic WEP for Wireless Client
The following t able describes t he labels in t his screen.
Table 19 Securit y: 802.1X- St at ic WEP for Wireless Client
LABEL
DESCRIPTION
Securit y Set t ings
82
Profile Nam e
This is t he nam e t hat ident ifying t his profile.
Securit y Mode
Choose t he sam e securit y m ode used by t he AP.
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
Table 19 Securit y: 802.1X- St at ic WEP for Wireless Client ( cont inued)
LABEL
DESCRIPTION
Dat a Encrypt ion
Select 6 4 - bit W EP or 1 2 8 - bit W EP t o enable dat a encrypt ion.
Passphrase
Ent er t he passphrase or st ring of t ext used for aut om at ic WEP key generat ion.
Generat e
Click t his t o get t he keys from t he Pa ssph r a se you ent ered.
Key 1 t o
The WEP keys are used t o encrypt dat a. Bot h t he NWA1121- NI and t he AP m ust use t he
sam e WEP key for dat a t ransm ission.
Key 4
I f you chose 6 4 - bit W EP, t hen ent er any 5 ASCI I charact ers or 10 hexadecim al
charact ers ( " 0- 9" , " A- F" ) .
I f you chose 1 2 8 - bit W EP, t hen ent er 13 ASCI I charact ers or 26 hexadecim al
charact ers ( " 0- 9" , " A- F" ) .
You m ust configure all four keys, but only one key can be act ivat ed at any one t im e.
I EEE802.1x Aut hent icat ion
Eap Type
The opt ions on t he left refer t o EAP m et hods. You can choose eit her TLS, LEAP, PEAP
or TTLS.
I f you select TTLS or PEAP, t he opt ions on t he right refer t o aut hent icat ion prot ocols.
You can choose bet ween PAP, CH AP, M SCH AP, M SCH APv2 and/ or GTC.
User I nform at ion
Usernam e
Supply t he user nam e of t he account creat ed in t he RADI US server.
Login Nam e
Password
Supply t he password of t he account creat ed in t he RADI US server.
Cert ificat e
User Cert ificat e
I f you select TLS, ent er t he nam e of t he cert ificat e used t o t o verify t he ident it y of
client s.
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
6.6.4 Security: WPA, WPA2, WPA2-MIX
This screen varies depending on t he operat ing m ode you select in t he W ir e le ss LAN > W ir e le ss
Se t t in gs screen.
NWA1121-NI User’s Guide
83
Chapter 6 Wireless LAN
6.6.4.1 Access Point
Use t his screen t o em ploy WPA or WPA2 as t he securit y m ode for your NWA1121- NI t hat is in root
AP, MBSSI D or repeat er operat ing m ode. Select W PA, W PA2 or W PA2 - M I X in t he Se cur it y M ode
field t o display t he following screen.
Figure 34 Securit y: WPA/ WPA2 for Access Point
The following t able describes t he labels in t his screen.
Table 20 Securit y: WPA/ WPA2 for Access Point
LABEL
DESCRIPTION
Securit y Set t ings
Profile Nam e
This is t he nam e t hat ident ifying t his profile.
Securit y Mode
Choose W PA, W PA2 or W PA- M I X in t his field.
Rekey Opt ions
Reaut hent icat ion
Tim e
Specify how oft en wireless st at ions have t o resend user nam es and passwords in order t o
st ay connect ed.
Ent er a t im e int erval bet ween 100 and 3600 seconds. Alt ernat ively, ent er “ 0” t o t urn
reaut hent icat ion off.
Note: If wireless station authentication is done using a RADIUS server, the reauthentication
timer on the RADIUS server has priority.
Enable Group- Key
Updat e
Select t his opt ion t o have t he NWA1121- NI aut om at ically disconnect a wireless st at ion
from t he wired net work aft er a period of inact ivit y. The wireless st at ion needs t o ent er t he
user nam e and password again before access t o t he wired net work is allowed.
Ent er a t im e int erval bet ween 100 and 3600 seconds.
84
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
6.6.4.2 Wireless Client
Use t his screen t o em ploy WPA or WPA2 as t he securit y m ode for your NWA1121- NI t hat is in
wireless client operat ing m ode. Select W PA or W PA2 in t he Se cur it y M ode field t o display t he
following screen.
Figure 35 Securit y: WPA for Wireless Client
The following t able describes t he labels in t his screen.
Table 21 Securit y: WPA/ WPA2 for Wireless Client
LABEL
DESCRIPTION
Securit y Set t ings
Profile Nam e
This is t he nam e t hat ident ifying t his profile.
Securit y Mode
Choose t he sam e securit y m ode used by t he AP.
Dat a Encrypt ion
This shows t he encrypt ion m et hod used by t he NWA1121- NI .
I EEE802.1x Aut hent icat ion
Eap Type
The opt ions on t he left refer t o EAP m et hods. You can choose eit her TLS, LEAP, PEAP or
TTLS.
I f you select TTLS or PEAP, t he opt ions on t he right refer t o aut hent icat ion prot ocols. You
can choose bet ween PAP, CH AP, M SCH AP, M SCH APv2 and/ or GTC.
User I nform at ion
Usernam e
Supply t he user nam e of t he account creat ed in t he RADI US server.
Login Nam e
Password
Supply t he password of t he account creat ed in t he RADI US server.
Cert ificat e
User Cert ificat e
NWA1121-NI User’s Guide
I f you select TLS, ent er t he nam e of t he cert ificat e used t o t o verify t he ident it y of client s.
85
Chapter 6 Wireless LAN
Table 21 Securit y: WPA/ WPA2 for Wireless Client ( cont inued)
LABEL
DESCRIPTION
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
6.6.5 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX
Use t his screen t o em ploy WPA- PSK, WPA2- PSK or WPA2- PSK- MI X as t he securit y m ode of your
NWA1121- NI . Select W PA- PSK, W PA2 - PSK or W PA2 - PSK- M I X in t he Se cur it y M ode field t o
display t he following screen.
Figure 36 Securit y: WPA- PSK, WPA2- PSK or WPA2- PSK- MI X
The following t able describes t he labels not previously discussed
Table 22 Securit y: WPA- PSK, WPA2- PSK or WPA2- PSK- MI X
LABEL
DESCRIPTION
Profile Nam e
This is t he nam e t hat ident ifying t his profile.
Securit y Mode
Choose W PA- PSK, W PA2 - PSK or W PA2 - PSK- M I X in t his field.
Pre- Shared Key
The encrypt ion m echanism s used for W PA and W PA- PSK are t he sam e. The only
difference bet ween t he t wo is t hat W PA- PSK uses a sim ple com m on password, inst ead
of user- specific credent ials.
Type a pre- shared key from 8 t o 63 case- sensit ive ASCI I charact ers ( including spaces
and sym bols) .
86
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
6.7 RADIUS Screen
Use t his screen t o set up your NWA1121- NI ’s RADI US server set t ings. Click W ir e le ss LAN >
RAD I US. The screen appears as shown.
Figure 37 Wireless LAN > RADI US
Select a profile you want t o configure and click Edit .
Figure 38 Wireless LAN > RADI US
NWA1121-NI User’s Guide
87
Chapter 6 Wireless LAN
The following t able describes t he labels in t his screen.
Table 23 Wireless LAN > RADI US
LABEL
DESCRIPTION
Profile Nam e
This is t he nam e t hat ident ifying t his RADI US profile.
Prim ary RADI US
Server
Select t he check box t o enable user aut hent icat ion t hrough an ext ernal aut hent icat ion
server.
Prim ary Server I P
Address
Ent er t he I P address of t he RADI US server t o be used for aut hent icat ion.
Prim ary Server
Port
Ent er t he port num ber of t he RADI US server t o be used for aut hent icat ion.
Prim ary Share
Secret
Ent er a password ( up t o 128 alphanum eric charact ers) as t he key t o be shared
bet ween t he ext ernal aut hent icat ion server and t he NWA1121- NI . The key m ust be
t he sam e on t he ext ernal aut hent icat ion server and your NWA1121- NI . The key is not
sent over t he net work.
Backup RADI US
Server
I f t he NWA1121- NI cannot com m unicat e wit h t he prim ary RADI US server, you can
have t he NWA1121- NI use a backup RADI US server. Make sure t he check boxe is
select ed if you want t o use t he backup server.
The NWA1121- NI will at t em pt t o com m unicat e t hree t im es before using t he backup
server. Request s can be issued from t he client int erface t o use t he backup server. The
lengt h of t im e for each aut hent icat ion is decided by t he wireless client or based on
t he configurat ion of t he Re a u t h e n t ica t ion Tim e field in t he W ir e le ss LAN >
Se cu r it y screen.
Backup Server I P
Address
Ent er t he I P address of t he RADI US server t o be used for aut hent icat ion.
Backup Server
Port
Ent er t he port num ber of t he RADI US server t o be used for aut hent icat ion.
Backup Share
Secret
Ent er a password ( up t o 128 alphanum eric charact ers) as t he key t o be shared
bet ween t he ext ernal aut hent icat ion server and t he NWA1121- NI . The key m ust be
t he sam e on t he ext ernal aut hent icat ion server and your NWA1121- NI . The key is not
sent over t he net work.
Prim ary Account ing
Server
Select t he check box t o enable user account ing t hrough an ext ernal aut hent icat ion
server.
Prim ary Server I P
Address
Ent er t he I P address of t he ext ernal account ing server in dot t ed decim al not at ion.
Prim ary Server
Port
Ent er t he port num ber of t he ext ernal account ing server.
Prim ary Share
Secret
Ent er a password ( up t o 128 alphanum eric charact ers) as t he key t o be shared
bet ween t he ext ernal account ing server and t he NWA1121- NI . The key m ust be t he
sam e on t he ext ernal account ing server and your NWA1121- NI . The key is not sent
over t he net work.
Backup Account ing
Server
I f t he NWA1121- NI cannot com m unicat e wit h t he prim ary account ing server, you can
have t he NWA1121- NI use a backup account ing server. Make sure t he check boxe is
select ed if you want t o use t he backup server.
The NWA1121- NI will at t em pt t o com m unicat e t hree t im es before using t he backup
server.
Backup Server I P
Address
Ent er t he I P address of t he ext ernal account ing server in dot t ed decim al not at ion.
Backup Server
Port
Ent er t he port num ber of t he ext ernal account ing server.
Backup Share
Secret
Ent er a password ( up t o 128 alphanum eric charact ers) as t he key t o be shared
bet ween t he ext ernal account ing server and t he NWA1121- NI . The key m ust be t he
sam e on t he ext ernal account ing and your NWA1121- NI . The key is not sent over t he
net work.
Back
88
Click Ba ck t o ret urn t o t he previous screen.
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
Table 23 Wireless LAN > RADI US ( cont inued)
LABEL
DESCRIPTION
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
6.8 MAC Filter Screen
Every Et hernet device has a unique MAC ( Media Access Cont rol) address. The MAC address is
assigned at t he fact ory and consist s of six pairs of hexadecim al charact ers, for exam ple,
00: A0: C5: 00: 00: 02. You need t o know t he MAC address of each device t o configure MAC filt ering
on t he NWA1121- NI .
The MAC filt er funct ion allows you t o configure t he NWA1121- NI t o grant access t o t he NWA1121NI from ot her wireless devices ( Allow Associat ion) or exclude devices from accessing t he NWA1121NI ( Deny Associat ion) .
Figure 39 MAC Filt ering
I n t he figure above, wireless client U is able t o connect t o t he I nt ernet because it s MAC address is
in t he allowed associat ion list specified in t he NWA1121- NI . The MAC address of client A is eit her
denied associat ion or is not in t he list of allowed wireless client s specified in t he NWA1121- NI .
NWA1121-NI User’s Guide
89
Chapter 6 Wireless LAN
Use t his screen t o enable MAC address filt ering in your NWA1121- NI . You can specify MAC
addresses t o eit her allow or deny associat ion wit h your NWA1121- NI . Click W ir e le ss LAN > M AC
Filt e r. The screen displays as shown.
Figure 40 Wireless LAN > MAC Filt er
Select a profile you want t o configure and click Edit .
Figure 41 MAC Filt er: Edit
90
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
The following t able describes t he labels in t his screen.
Table 24 Wireless LAN > MAC Filt er
LABEL
DESCRIPTION
Profile Nam e
This is t he nam e t hat ident ifying t his profile.
Access Cont rol Mode
Select D isa ble d if you do not want t o use t his feat ure.
Select Allow t o perm it access t o t he NWA1121- NI . MAC addresses not list ed will be
denied access t o t he NWA1121- NI .
Select D e n y t o block access t o t heNWA1121- NI . MAC addresses not list ed will be
allowed t o access t he NWA1121- NI .
This is t he index num ber of t he MAC address list ed.
MAC Address
Ent er t he MAC addresses ( in XX: XX: XX: XX: XX: XX form at ) of t he wireless st at ion t o be
allowed or denied access t o t he NWA1121- NI .
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
6.9 Technical Reference
This sect ion provides t echnical background inform at ion about t he t opics covered in t his chapt er.
Refer t o Appendix D on page 181 for furt her readings on Wireless LAN.
6.9.1 Additional Wireless Terms
Table 25 Addit ional Wireless Term s
TERM
DESCRIPTION
I nt ra- BSS Traffic
This describes direct com m unicat ion ( not t hrough t he NWA1121- NI ) bet ween t wo
wireless devices wit hin a wireless net work. You m ight disable t his kind of
com m unicat ion t o enhance securit y wit hin your wireless net work.
RTS/ CTS Threshold
I n a wireless net work which covers a large area, wireless devices are som et im es not
aware of each ot her ’s presence. This m ay cause t hem t o send inform at ion t o t he AP
at t he sam e t im e and result in inform at ion colliding and not get t ing t hrough.
By set t ing t his value lower t han t he default value, t he wireless devices m ust
som et im es get perm ission t o send inform at ion t o t he NWA1121- NI . The lower t he
value, t he m ore oft en t he devices m ust get perm ission.
I f t his value is great er t han t he fragm ent at ion t hreshold value ( see below) , t hen
wireless devices never have t o get perm ission t o send inform at ion t o t he NWA1121NI .
Pream ble
A pream ble affect s t he t im ing in your wireless net work. There are t wo pream ble
m odes: long and short . I f a device uses a different pream ble m ode t han t he
NWA1121- NI does, it cannot com m unicat e wit h t he NWA1121- NI .
Fragm ent at ion
Threshold
A sm all fragm ent at ion t hreshold is recom m ended for busy net works, while a larger
t hreshold provides fast er perform ance if t he net work is not very busy.
NWA1121-NI User’s Guide
91
Chapter 6 Wireless LAN
TERM
DESCRIPTION
Roam ing
I f you have t wo or m ore NWA1121- NI s ( or ot her wireless access point s) on your
wireless net work, you can enable t his opt ion so t hat wireless devices can change
locat ions wit hout having t o log in again. This is useful for devices, such as not ebooks,
t hat m ove around a lot .
Ant enna
An ant enna couples Radio Frequency ( RF) signals ont o air. A t ransm it t er wit hin a
wireless device sends an RF signal t o t he ant enna, which propagat es t he signal
t hrough t he air. The ant enna also operat es in reverse by capt uring RF signals from
t he air.
Posit ioning t he ant ennas properly increases t he range and coverage area of a wireless
LAN.
6.9.2 WMM QoS
WMM ( Wi- Fi Mult iMedia) QoS ( Qualit y of Service) ensures qualit y of service in wireless net works. I t
cont rols WLAN t ransm ission priorit y on packet s t o be t ransm it t ed over t he wireless net work.
WMM QoS priorit izes wireless t raffic according t o t he delivery requirem ent s of t he individual and
applicat ions. WMM QoS is a part of t he I EEE 802.11e QoS enhancem ent t o cert ified Wi- Fi wireless
net works.
On APs wit hout WMM QoS, all t raffic st ream s are given t he sam e access priorit y t o t he wireless
net work. I f t he int roduct ion of anot her t raffic st ream creat es a dat a t ransm ission dem and t hat
exceeds t he current net work capacit y, t hen t he new t raffic st ream reduces t he t hroughput of t he
ot her t raffic st ream s.
The NWA1121- NI uses WMM QoS t o priorit ize t raffic st ream s according t o t he I EEE 802.1q or DSCP
inform at ion in each packet ’s header. The NWA1121- NI aut om at ically det erm ines t he priorit y t o use
for an individual t raffic st ream . This prevent s reduct ions in dat a t ransm ission for applicat ions t hat
are sensit ive t o lat ency and j it t er ( variat ions in delay) .
6.9.2.1 WMM QoS Priorities
The following t able describes t he WMM QoS priorit y levels t hat t he NWA1121- NI uses.
Table 26 WMM QoS Priorit ies
Priorit y Level
descript ion
voice
Typically used for t raffic t hat is especially sensit ive t o j it t er. Use t his priorit y t o
reduce lat ency for im proved voice qualit y.
( WMM_VOI CE)
video
( WMM_VI DEO)
best effort
( WMM_BESTEFFORT)
background
( WMM_BACKGROUND)
92
Typically used for t raffic which has som e t olerance for j it t er but needs t o be
priorit ized over ot her dat a t raffic.
Typically used for t raffic from applicat ions or devices t hat lack QoS capabilit ies. Use
best effort priorit y for t raffic t hat is less sensit ive t o lat ency, but is affect ed by long
delays, such as I nt ernet surfing.
This is t ypically used for non- crit ical t raffic such as bulk t ransfers and print j obs
t hat are allowed but t hat should not affect ot her applicat ions and users. Use
background priorit y for applicat ions t hat do not have st rict lat ency and t hroughput
requirem ent s.
NWA1121-NI User’s Guide
Chapter 6 Wireless LAN
6.9.3 Security Mode Guideline
The following is a general guideline in choosing t he securit y m ode for your NWA1121- NI .
• Use WPA( 2) - PSK if you have WPA( 2) - aware wireless client s but no RADI US server.
• Use WPA( 2) securit y if you have WPA( 2) - aware wireless client s and a RADI US server. WPA has
user aut hent icat ion and im proved dat a encrypt ion over WEP.
• Use WPA( 2) - PSK if you have WPA( 2) - aware wireless client s but no RADI US server.
• I f you don’t have WPA( 2) - aware wireless client s, t hen use WEP key encrypt ing. A higher bit key
offers bet t er securit y. You can m anually ent er 64- bit or 128- bit WEP keys.
More inform at ion on Wireless Securit y can be found in Appendix D on page 181.
NWA1121-NI User’s Guide
93
C HAPT ER
LAN
7.1 Overview
This chapt er describes how you can configure t he I P address of your NWA1121- NI .
The I nt ernet Prot ocol ( I P) address ident ifies a device on a net work. Every net working device
( including com put ers, servers, rout ers, print ers, et c.) needs an I P address t o com m unicat e across
t he net work. These net working devices are also known as host s.
Figure 42 I Pv4 Set up
The figure above illust rat es one possible set up of your NWA1121- NI . The gat eway I Pv4 address is
192.168.1.1 and t he I Pv4 address of t he NWA1121- NI is 192.168.1.2 ( default ) . The gat eway and
t he device m ust belong in t he sam e subnet m ask t o be able t o com m unicat e wit h each ot her.
7.2 What You Can Do in this Chapter
Use t he LAN I P screen t o configure t he I P address of your NWA1121- NI ( see Sect ion 7.4 on page
96) .
7.3 What You Need to Know
The Et hernet param et ers of t he NWA1121- NI are preset in t he fact ory wit h t he following values:
I P address of 192.168.1.2
Subnet m ask of 255.255.255.0 ( 24 bit s)
NWA1121-NI User’s Guide
94
Chapter 7 LAN
IPv6
I Pv6 ( I nt ernet Prot ocol version 6) , is designed t o enhance I P address size and feat ures. The
increase in I Pv6 address size t o 128 bit s ( from t he 32- bit I Pv4 address) allows up t o 3.4 x 10 38 I P
addresses.
IPv6 Addressing
The 128- bit I Pv6 address is writ t en as eight 16- bit hexadecim al blocks separat ed by colons ( : ) . This
is an exam ple I Pv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000.
I Pv6 addresses can be abbreviat ed in t wo ways:
• Leading zeros in a block can be om it t ed. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can
be writ t en as 2001:db8:1a2b:15:0:0:1a2f:0.
• Any num ber of consecut ive blocks of zeros can be replaced by a double colon. A double colon can
only appear once in an I Pv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can be
writ t en as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015,
2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.
Prefix and Prefix Length
Sim ilar t o an I Pv4 subnet m ask, I Pv6 uses an address prefix t o represent t he net work address. An
I Pv6 prefix lengt h specifies how m any m ost significant bit s ( st art from t he left ) in t he address
com pose t he net work address. The prefix lengt h is writ t en as “ / x” where x is a num ber. For
exam ple,
2001:db8:1a2b:15::1a2f:0/32
m eans t hat t he first 32 bit s ( 2001:db8) is t he subnet prefix.
Link-local Address
A link- local address uniquely ident ifies a device on t he local net work ( t he LAN) . I t is sim ilar t o a
“ privat e I P address” in I Pv4. You can have t he sam e link- local address on m ult iple int erfaces on a
device. A link- local unicast address has a predefined prefix of fe80: : / 10. The link- local unicast
address form at is as follows.
Table 27 Link- local Unicast Address Form at
1111 1110 10
I nt erface I D
10 bit s
54 bit s
64 bit s
Global Address
A global address uniquely ident ifies a device on t he I nt ernet . I t is sim ilar t o a “ public I P address” in
I Pv4. A global unicast address st art s wit h a 2 or 3.
NWA1121-NI User’s Guide
95
Chapter 7 LAN
7.4 LAN IP Screen
Use t his screen t o configure t he I P address for your NWA1121- NI . Click N e t w or k > LAN t o display
t he following screen.
Figure 43 LAN I P
The following t able describes t he labels in t his screen.
Table 28 LAN I P
LABEL
DESCRIPTION
I Pv4 Address
Assignm ent
Obt ain I P Address
Aut om at ically
Select t his opt ion if your NWA1121- NI is using a dynam ically assigned I Pv4 address
from a DHCP server each t im e.
Note: You must know the IP address assigned to the NWA1121-NI (by the DHCP
server) to access the NWA1121-NI again.
Use Fixed I P Address
I P Address
Select t his opt ion if your NWA1121- NI is using a st at ic I Pv4 address. When you
select t his opt ion, fill in t he fields below.
Ent er t he I P address of your NWA1121- NI in dot t ed decim al not at ion.
Note: If you change the NWA1121-NI's IP address, you must use the new IP address if
you want to access the web configurator again.
96
Subnet Mask
Type t he subnet m ask.
Gat eway I P
Address
Type t he I Pv4 address of t he gat eway. The gat eway is an im m ediat e neighbor of your
NWA1121- NI t hat will forward t he packet t o t he dest inat ion. On t he LAN, t he
gat eway m ust be a rout er on t he sam e segm ent as your NWA1121- NI ; over t he
WAN, t he gat eway m ust be t he I P address of one of t he rem ot e nodes.
NWA1121-NI User’s Guide
Chapter 7 LAN
Table 28 LAN I P ( cont inued)
LABEL
DESCRIPTION
I Pv6 Address
Assignm ent
Enable St at eful
Address Aut oconfigurat ion
Select t his t o t urn on I Pv6 st at eful aut oconfigurat ion t o have t he NWA1121- NI obt ain
an I Pv6 global address from a DHCPv6 server in your net work.
I Pv6 Address/ Prefix
Lengt h
Ent er your I Pv6 address and prefix m anually.
Syst em DNS Servers
Prim ary DNS Server
Ent er t he I Pv4 address of t he first DNS ( Dom ain Nam e Service) server, if provided.
Secondary DNS Server
Ent er t he I Pv4 address of t he second DNS ( Dom ain Nam e Service) server address, if
provided.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1121-NI User’s Guide
97
C HAPT ER
VLAN
8.1 Overview
This chapt er discusses how t o configure t he NWA1121- NI ’s VLAN set t ings.
Figure 44 Managem ent VLAN Set up
I n t he figure above, t o access and m anage t he NWA1121- NI from com put er A, t he NWA1121- NI
and swit ch B’s port s t o which com put er A and t he NWA1121- NI are connect ed should be in t he
sam e VLAN.
8.1.1 What You Can Do in This Chapter
The VLAN screens let you set up t he NWA1121- NI ’s m angem ent VLAN ( Sect ion 8.3 on page 99) .
8.2 What You Need to Know
Introduction to VLANs
A Virt ual Local Area Net work ( VLAN) allows a physical net work t o be part it ioned int o m ult iple logical
net works. Devices on a logical net work belong t o one group. A device can belong t o m ore t han one
group. Wit h VLAN, a device cannot direct ly t alk t o or hear from devices t hat are not in t he sam e
group( s) ; t he t raffic m ust first go t hrough a rout er.
I n Mult i-Tenant Unit ( MTU) applicat ions, VLAN is vit al in providing isolat ion and securit y am ong t he
subscribers. When properly configured, VLAN prevent s one subscriber from accessing t he net work
resources of anot her on t he sam e LAN, t hus a user will not see t he print ers and hard disks of
anot her user in t he sam e building.
NWA1121-NI User’s Guide
98
Chapter 8 VLAN
VLAN also increases net work perform ance by lim it ing broadcast s t o a sm aller and m ore
m anageable logical broadcast dom ain. I n t radit ional swit ched environm ent s, all broadcast packet s
go t o each and every individual port . Wit h VLAN, all broadcast s are confined t o a specific broadcast
dom ain.
IEEE 802.1Q Tag
The I EEE 802.1Q st andard defines an explicit VLAN t ag in t he MAC header t o ident ify t he VLAN
m em bership of a fram e across bridges. A VLAN t ag includes t he 12- bit VLAN I D and 3- bit user
priorit y. The VLAN I D associat es a fram e wit h a specific VLAN and provides t he inform at ion t hat
devices need t o process t he fram e across t he net work.
8.3 VLAN Screen
Use t his screen t o set up t he VLAN for m anaging t he NWA1121- NI . Click N e t w or k > VLAN t o
display t he screen as shown.
Figure 45 Net work > VLAN
The following t able describes t he labels in t his screen.
Figure 46 Net work > VLAN
LABEL
DESCRI PTI ON
802.1Q VLAN
Select t his t o enable VLAN t agging on t he NWA1121- NI .
Managem ent VLAN
Select t his t o enable VLAN m anagem ent . Only t raffic t agged wit h t he m anagem ent
VLAN I D can access t he NWA1121- NI . At least one device in your net work m ust
belong t o t he VLAN specified below in order t o m anage t he NWA1121- NI .
Managem ent VLAN I D
Ent er a num ber from 1 t o 4094 t o define t he NWA1121- NI ’s m anagem ent VLAN
group.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1121-NI User’s Guide
99
Chapter 8 VLAN
100
NWA1121-NI User’s Guide
C HAPT ER
System
9.1 Overview
This chapt er shows you how t o enable rem ot e m anagem ent of your NWA1121- NI . I t provides
inform at ion on det erm ining which services or prot ocols can access which of t he NWA1121- NI ’s
int erfaces.
Rem ot e Managem ent allows a user t o adm inist rat e t he device over t he net work. You can m anage
your NWA1121- NI from a rem ot e locat ion via t he following int erfaces:
• WLAN
• LAN
• Bot h WLAN and LAN
• Neit her ( Disable)
Figure 47 Rem ot e Managem ent Exam ple
I n t he figure above, t he NWA1121- NI ( A) is being m anaged by a deskt op com put er ( B) connect ed
via LAN ( Land Area Net work) . I t is also being accessed by a not ebook ( C) connect ed via WLAN
( Wireless LAN) .
9.2 What You Can Do in this Chapter
• Use t he W W W screen t o configure t hrough which int erface( s) and from which I P address( es) you
can use t he Web Browser t o m anage t he NWA1121- NI ( see Sect ion 9.4 on page 104) .
• Use t he Ce r t ifica t e s screen t o delet e and im port cert ificat es ( seen Sect ion 9.5 on page 105) .
NWA1121-NI User’s Guide
101
Chapter 9 System
• Use t he Te lne t screen t o configure t hrough which int erface( s) and from which I P address( es)
you can use Telnet t o m anage t he NWA1121- NI . A Telnet connect ion is priorit ized by t he
NWA1121- NI over ot her rem ot e m anagem ent sessions ( see Sect ion 9.6 on page 106) .
• Use t he SN M P screen t o configure t hrough which int erface( s) and from which I P address( es) a
net work syst em s m anager can access t he NWA1121- NI ( see Sect ion 9.7 on page 107) .
• Use t he FTP screen t o configure t hrough which int erface( s) and from which I P address( es) you
can use File Transfer Prot ocol ( FTP) t o m anage t he NWA1121- NI . You can use FTP t o upload t he
lat est firm ware for exam ple ( see Sect ion 9.8 on page 110) .
9.3 What You Need To Know
WWW
The World Wide Web allows you t o access files host ed in a rem ot e server. For exam ple, you can
view t ext files ( usually referred t o as ‘pages’) using your web browser via HyperText Transfer
Prot ocol ( HTTP) .
Telnet
Telnet is short for Telecom m unicat ions Net work, which is a client- side prot ocol t hat enables you t o
access a device over t he net work.
FTP
File Transfer Prot ocol ( FTP) allows you t o upload or download a file or several files t o and from a
rem ot e locat ion using a client or t he com m and console.
SNMP
Sim ple Net work Managem ent Prot ocol ( SNMP) is a m em ber of t he TCP/ I P prot ocol suit e used for
exchanging m anagem ent inform at ion bet ween net work devices.
Your NWA1121- NI support s SNMP agent funct ionalit y, which allows a m anager st at ion t o m anage
and m onit or t he NWA1121- NI t hrough t he net work. The NWA1121- NI support s SNMP version one
( SNMPv1) , version t wo ( SNMPv2c) and version t hree ( SNMPv3) .
102
NWA1121-NI User’s Guide
Chapter 9 System
The next figure illust rat es an SNMP m anagem ent operat ion.
Figure 48 SNMP Managem ent Mode
An SNMP m anaged net work consist s of t wo m ain t ypes of com ponent : agent s and a m anager.
An agent is a m anagem ent soft ware m odule t hat resides in a m anaged device ( t he NWA1121- NI ) .
An agent t ranslat es t he local m anagem ent inform at ion from t he m anaged device int o a form
com pat ible wit h SNMP. The m anager is t he console t hrough which net work adm inist rat ors perform
net work m anagem ent funct ions. I t execut es applicat ions t hat cont rol and m onit or m anaged
devices.
SNMP allows a m anager and agent s t o com m unicat e for t he purpose of accessing inform at ion such
as packet s received, node port st at us, et c.
SNMP v3 and Security
SNMP v3 enhances securit y for SNMP m anagem ent . SNMP m anagers can be required t o
aut hent icat e wit h agent s before conduct ing SNMP m anagem ent sessions.
Securit y can be furt her enhanced by encrypt ing t he SNMP m essages sent from t he m anagers.
Encrypt ion prot ect s t he cont ent s of t he SNMP m essages. When t he cont ent s of t he SNMP m essages
are encrypt ed, only t he int ended recipient s can read t hem .
Remote Management Limitations
Rem ot e m anagem ent over LAN or WLAN will not work when:
• You have disabled t hat service in one of t he rem ot e m anagem ent screens.
• The I P address in t he Se cu r e d Clie n t I P Addr e ss field does not m at ch t he client I P address. I f
it does not m at ch, t he NWA1121- NI will disconnect t he session im m ediat ely.
NWA1121-NI User’s Guide
103
Chapter 9 System
• You m ay only
aut om at ically
m anagem ent
m anagem ent
Telnet
HTTP
have one rem ot e m anagem ent session running at one t im e. The NWA1121- NI
disconnect s a rem ot e m anagem ent session of lower priorit y when anot her rem ot e
session of higher priorit y st art s. The priorit ies for t he different t ypes of rem ot e
sessions are as follows:
System Timeout
There is a default syst em m anagem ent idle t im eout of five m inut es ( t hree hundred seconds) . The
NWA1121- NI aut om at ically logs you out if t he m anagem ent session rem ains idle for longer t han
t his t im eout period. The m anagem ent session does not t im e out when a st at ist ics screen is polling.
You can change t he t im eout period in t he SYSTEM screen.
Certificate
A cert ificat e cont ains t he cert ificat e owner ’s ident it y and public key. Cert ificat es provide a way t o
exchange public keys for use in aut hent icat ion.
Figure 49 Cert ificat es Exam ple
I n t he figure above, t he NWA1121- NI ( Z) checks t he ident it y of t he not ebook ( A) using a cert ificat e
before grant ing access t o t he net work.
The cert ificat ion aut horit y cert ificat e t hat you can im port t o your NWA1121- NI should be in PFX
PKCS# 12 file form at . This form at referred t o as t he Personal I nform at ion Exchange Synt ax
St andard is com prised of a privat e key- public cert ificat e pair t hat is furt her encrypt ed wit h a
password. Before you im port a cert ificat e int o t he NWA1121- NI , you should verify t hat you have t he
correct cert ificat e.
Key dist ribut ion is sim ple and very secure since you can freely dist ribut e public keys and you never
need t o t ransm it privat e keys.
9.4 WWW Screen
Use t his screen t o configure your NWA1121- NI via t he World Wide Web ( W W W ) using a Web
browser. This let s you specify which I P addresses or com put ers are able t o com m unicat e wit h and
access t he NWA1121- NI .
104
NWA1121-NI User’s Guide
Chapter 9 System
To change your NWA1121- NI ’s W W W set t ings, click Syst e m > W W W. The following screen shows.
Figure 50 Syst em > WWW
The following t able describes t he labels in t his screen.
Table 29 Syst em > WWW
LABEL
DESCRIPTION
WWW
HTTP Port
You m ay change t he server port num ber for a service if needed, however you m ust use
t he sam e port num ber in order t o use t hat service for rem ot e m anagem ent .
HTTPS Port
The HTTPS proxy server list ens on port 443 by default . I f you change t he HTTPS proxy
server port t o a different num ber on t he NWA1121- NI , for exam ple 8443, t hen you m ust
not ify people who need t o access t he NWA1121- NI web configurat or t o use “ ht t ps: / /
NWA1121- NI I P Address: 8443” as t he URL.
Server Access
Select t he int erface( s) t hrough which a com put er m ay access t he NWA1121- NI using
t his service.
Secured Client I P
Address
A secured client is a “ t rust ed” com put er t hat is allowed t o com m unicat e w it h t he
NWA1121- NI using t his service.
Select All t o allow any com put er t o access t he NWA1121- NI using t his service.
Choose Se le ct e d t o j ust allow t he com put er wit h t he I P address t hat you specify t o
access t he NWA1121- NI using t his service.
Secured Client
MAC Address
Select All t o allow any com put er t o access t he NWA1121- NI using t his service.
Apply
Click Apply t o save your cust om ized set t ings.
Cancel
Click Ca nce l t o begin configuring t his screen afresh.
Choose Se le ct e d t o j ust allow t he com put er wit h t he MAC address t hat you specify t o
access t he NWA1121- NI using t his service.
9.5 Certificates Screen
Use t his screen t o delet e or im port cert ificat es.
NWA1121-NI User’s Guide
105
Chapter 9 System
Click Syst e m > Ce r t ifica t e s. The following screen shows.
Figure 51 Syst em > Cert ificat es
The following t able describes t he labels in t his screen.
Table 30 Syst em > Cert ificat es
LABEL
DESCRIPTION
I m port Cert ificat e
I m port
Cert ificat e
Ent er t he locat ion of a previously- saved cert ificat e t o upload t o t he NWA1121- NI .
Alt ernat ively, click t he Br ow se but t on t o locat e a list .
Browse
Click t his but t on t o locat e a previously- saved cert ificat e t o upload t o t he NWA1121- NI .
I m port
Click t his but t on t o upload t he previously- saved cert ificat e displayed in t he I m por t
Ce r t ifica t e field t o t he NWA1121- NI .
Delet e Cert ificat e
You can delet e a
cert ificat e
Select t he cert ificat e from t he list t hat you want t o delet e.
Delet e
Click t his t o delet e t he select ed cert ificat e.
9.6 Telnet Screen
Use t his screen t o configure your NWA1121- NI for rem ot e Telnet access. You can use Telnet t o
access t he NWA1121- NI ’s Com m and Line I nt erface ( CLI ) .
Click Syst e m > Te lne t . The following screen displays.
Figure 52 Syst em > Telnet
106
NWA1121-NI User’s Guide
Chapter 9 System
The following t able describes t he labels in t his screen.
Table 31 Syst em > Telnet
LABEL
DESCRIPTION
TELNET
Port
You can change t he server port num ber for a service if needed, however you m ust use
t he sam e port num ber in order t o use t hat service for rem ot e m anagem ent .
Server Access
Select t he int erface( s) t hrough which a com put er m ay access t he NWA1121- NI using
Telnet .
Secured Client I P
Address
A secured client is a “ t rust ed” com put er t hat is allowed t o com m unicat e wit h t he
NWA1121- NI using t his service.
Select All t o allow any com put er t o access t he NWA1121- NI using t his service.
Choose Se le ct e d t o j ust allow t he com put er wit h t he I P address t hat you specify t o
access t he NWA1121- NI using t his service.
Secured Client
MAC Address
Select All t o allow any com put er t o access t he NWA1121- NI using t his service.
Apply
Click Apply t o save your cust om ized set t ings.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
Choose Se le ct e d t o j ust allow t he com put er wit h t he MAC address t hat you specify t o
access t he NWA1121- NI using t his service.
9.7 SNMP Screen
Use t his screen t o have a m anager st at ion adm inist rat e your NWA1121- NI over t he net work and
configure SNMP account s on t he SNMP v3 m anager. An SNMP adm inist rat or/ user is an SNMP
NWA1121-NI User’s Guide
107
Chapter 9 System
m anager. To change your NWA1121- NI ’s SNMP set t ings, click Syst e m > SN M P. The following
screen displays.
Figure 53 Syst em > SNMP
The following t able describes t he labels in t his screen.
Table 32 Syst em > SNMP
LABEL
DESCRIPTION
SNMP
Port
108
You can change t he server port num ber for a service if needed, however you m ust use
t he sam e port num ber in order t o use t hat service for rem ot e m anagem ent .
NWA1121-NI User’s Guide
Chapter 9 System
Table 32 Syst em > SNMP ( cont inued)
LABEL
DESCRIPTION
Server Access
Select t he int erface( s) t hrough which a com put er m ay access t he NWA1121- NI using
Telnet .
Secured Client I P
Address
A secured client is a “ t rust ed” com put er t hat is allowed t o com m unicat e wit h t he
NWA1121- NI using t his service.
Select All t o allow any com put er t o access t he NWA1121- NI using t his service.
Choose Se le ct e d t o j ust allow t he com put er wit h t he I P address t hat you specify t o
access t he NWA1121- NI using t his service.
Secured Client MAC
Address
Select All t o allow any com put er t o access t he NWA1121- NI using t his service.
Choose Se le ct e d t o j ust allow t he com put er wit h t he MAC address t hat you specify t o
access t he NWA1121- NI using t his service.
SNMP Configurat ion
Prot ocol Version
Select t he SNMP version for t he NWA1121- NI , which you allow t he SNMP m anager t o
use t o access t he NWA1121- NI .
The SNMP version on t he NWA1121- NI m ust m at ch t he version on t he SNMP m anager.
Note: SNMP version 2c is backwards compatible with SNMP version 1.
Get Com m unit y
Ent er t he Ge t Com m u n it y, which is t he password for t he incom ing Get and Get Next
request s from t he m anagem ent st at ion.
Set Com m unit y
Ent er t he Se t com m u n it y, which is t he password for incom ing Set request s from t he
m anagem ent st at ion.
Trap Com m unit y
Type t he t rap com m unit y, which is t he password sent wit h each t rap t o t he SNMP
m anager.
Trap Dest inat ion
Type t he I P address of t he st at ion t o send your SNMP t raps t o.
SNMPv3 Adm in
Set t ings
SNMPv3 Adm in
Select t he check box t o enable t he SNMP adm inist rat or account for aut hent icat ion wit h
SNMP m anagers using SNMP v3.
User Nam e
Specify t he user nam e of t he SNMP adm inist rat or account .
Password
Ent er t he password for SNMP adm inist rat or aut hent icat ion.
Confirm Password
Ret ype t he password for confirm at ion.
Access Type
Specify t he SNMP adm inist rat or ’s access right s t o MI Bs.
Re a d/ W r it e - The SNMP adm inist rat or has read and writ e right s, m eaning t hat t he
user can creat e and edit t he MI Bs on t he NWA1121- NI .
Re a d Only - The SNMP adm inist rat or has read right s only, m eaning t he user can collect
inform at ion from t he NWA1121- NI .
Aut hent icat ion
Prot ocol
Select an aut hent icat ion algorit hm used for SNMP com m unicat ion wit h t he SNMP
adm inist rat or.
M D 5 ( Message Digest 5) and SH A ( Secure Hash Algorit hm ) are hash algorit hm s used
t o aut hent icat e SNMP dat a. SH A aut hent icat ion is generally considered st ronger t han
M D 5 , but is slower.
Privacy Prot ocol
Specify t he encrypt ion m et hod used for SNMP com m unicat ion wit h t he SNMP
adm inist rat or.
D ES - Dat a Encrypt ion St andard is a widely used ( but breakable) m et hod of dat a
encrypt ion. I t applies a 56- bit key t o each 64- bit block of dat a.
AES - Advanced Encrypt ion St andard is anot her m et hod for dat a encrypt ion t hat also
uses a secret key. AES applies a 128- bit key t o 128- bit blocks of dat a.
NWA1121-NI User’s Guide
109
Chapter 9 System
Table 32 Syst em > SNMP ( cont inued)
LABEL
DESCRIPTION
SNMPv3 User
Set t ings
SNMPv3 User
Select t he check box t o enable t he SNMP user account for aut hent icat ion wit h SNMP
m anagers using SNMP v3.
User Nam e
Specify t he user nam e of t he SNMP user account .
Password
Ent er t he password for SNMP user aut hent icat ion.
Confirm Password
Ret ype t he password for confirm at ion.
Access Type
Specify t he SNMP user ’s access right s t o MI Bs.
Re a d On ly - The SNMP user has read right s only, m eaning t he user can collect
inform at ion from t he NWA1121- NI .
Re a d/ W r it e - The SNMP user has read and writ e right s, m eaning t hat t he user can
creat e and edit t he MI Bs on t he NWA1121- NI .
Aut hent icat ion
Prot ocol
Privacy Prot ocol
Select an aut hent icat ion algorit hm used for SNMP com m unicat ion wit h t he SNMP user.
M D 5 ( Message Digest 5) and SH A ( Secure Hash Algorit hm ) are hash algorit hm s used
t o aut hent icat e SNMP dat a. SH A aut hent icat ion is generally considered st ronger t han
M D 5 , but is slower.
Specify t he encrypt ion m et hod used for SNMP com m unicat ion wit h t he SNMP user.
D ES - Dat a Encrypt ion St andard is a widely used ( but breakable) m et hod of dat a
encrypt ion. I t applies a 56- bit key t o each 64- bit block of dat a.
AES - Advanced Encrypt ion St andard is anot her m et hod for dat a encrypt ion t hat also
uses a secret key. AES applies a 128- bit key t o 128- bit blocks of dat a.
Apply
Click Apply t o save your cust om ized set t ings.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
9.8 FTP Screen
Use t his screen t o upload and download t he NWA1121- NI ’s firm ware using FTP. To use t his feat ure,
your com put er m ust have an FTP client .
To change your NWA1121- NI ’s FTP set t ings, click Syst e m > FTP. The following screen displays.
Figure 54 Syst em > FTP
110
NWA1121-NI User’s Guide
Chapter 9 System
The following t able describes t he labels in t his screen.
Table 33 Syst em > FTP
LABEL
DESCRIPTION
FTP
Port
You m ay change t he server port num ber for a service if needed, however you m ust use
t he sam e port num ber in order t o use t hat service for rem ot e m anagem ent .
Server Access
Select t he int erface( s) t hrough which a com put er m ay access t he NWA1121- NI using t his
service.
Secured Client I P
Address
A secured client is a “ t rust ed” com put er t hat is allowed t o com m unicat e wit h t he
NWA1121- NI using t his service.
Select All t o allow any com put er t o access t he NWA1121- NI using t his service.
Choose Se le ct e d t o j ust allow t he com put er wit h t he I P address t hat you specify t o access
t he NWA1121- NI using t his service.
Secured Client
MAC Address
Select All t o allow any com put er t o access t he NWA1121- NI using t his service.
Choose Se le ct e d t o j ust allow t he com put er wit h t he MAC address t hat you specify t o
access t he NWA1121- NI e using t his service.
Apply
Click Apply t o save your cust om ized set t ings.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
9.9 Technical Reference
This sect ion provides som e t echnical background inform at ion about t he t opics covered in t his
chapt er.
9.9.1 MIB
Managed devices in an SMNP m anaged net work cont ain obj ect variables or m anaged obj ect s t hat
define each piece of inform at ion t o be collect ed about a device. Exam ples of variables include such
as num ber of packet s received, node port st at us et c. A Managem ent I nform at ion Base ( MI B) is a
collect ion of m anaged obj ect s.SNMP it self is a sim ple request / response prot ocol based on t he
m anager/ agent m odel. The m anager issues a request and t he agent ret urns responses using t he
following prot ocol operat ions:
• Get - Allows t he m anager t o ret rieve an obj ect variable from t he agent .
• Get Next - Allows t he m anager t o ret rieve t he next obj ect variable from a t able or list wit hin an
agent . I n SNMPv1, when a m anager want s t o ret rieve all elem ent s of a t able from an agent , it
init iat es a Get operat ion, followed by a series of Get Next operat ions.
• Set - Allows t he m anager t o set values for obj ect variables wit hin an agent .
• Trap - Used by t he agent t o inform t he m anager of som e event s.
9.9.2 Supported MIBs
The NWA1121- NI support s MI B I I t hat is defined in RFC- 1213 and RFC- 1215 as well as t he
propriet ary ZyXEL privat e MI B. The purpose of t he MI Bs is t o let adm inist rat ors collect st at ist ical
dat a and m onit or st at us and perform ance.
NWA1121-NI User’s Guide
111
Chapter 9 System
9.9.3 SNMP Traps
SNMP t raps are m essages sent by t he agent s of each m anaged device t o t he SNMP m anager. These
m essages inform t he adm inist rat or of event s in dat a net works handled by t he device. The
NWA1121- NI can send t he following t raps t o t he SNMP m anager.
Table 34 SNMP Traps
OBJECT IDENTIFIER #
(OID)
TRAP NAME
DESCRIPTION
Generic Traps
coldSt art
1.3.6.1.6.3.1.1.5.1
This t rap is sent aft er boot ing ( power on) . This t rap is
defined in RFC- 1215.
warm St art
1.3.6.1.6.3.1.1.5.2
This t rap is sent aft er boot ing ( soft ware reboot ) . This
t rap is defined in RFC- 1215.
linkDown
1.3.6.1.6.3.1.1.5.3
This t rap is sent when t he Et hernet link is down.
linkUp
1.3.6.1.6.3.1.1.5.4
This t rap is sent when t he Et hernet link is up.
aut hent icat ionFailure
( defined in RFC- 1215)
1.3.6.1.6.3.1.1.5.5
The device sends t his t rap when it receives any SNMP
get or set requirem ent s wit h t he wrong com m unit y
( password) .
Not e: snm pEnableAut henTraps, OI D 1.3.6.1.2.1.11.30
( defined in RFC 1214 and RFC 1907) m ust be enabled
on in order for t he device t o send aut hent icat ionFailure
t raps. Use a MI B browser t o enable or disable
snm pEnableAut henTraps.
Traps defined in t he
ZyXEL Privat e MI B.
w hyReboot
1.3.6.1.4.1.890.1.5.13.0.
This t rap is sent wit h t he reason for rest art ing before
t he syst em reboot s ( warm st art ) .
" Syst em reboot by user! " is added for an int ent ional
reboot ( for exam ple, download new files, CI com m and
" sys reboot " ) .
I f t he syst em reboot s because of fat al errors, a code
for t he error is list ed.
pwTFTPSt at us
1.3.6.1.4.1.890.1.9.2.3.3
.1
This t rap is sent t o indicat e t he st at us and result of a
TFTP client session t hat has ended.
Som e t raps include an SNMP int erface index. The following t able m aps t he SNMP int erface indexes
t o t he NWA1121- NI ’s physical and virt ual port s.
Table 35 SNMP I nt erface I ndex t o Physical and Virt ual Port Mapping
TYPE
INTERFACE
PORT
Physical
enet 0
Wireless LAN adapt or WLAN1
enet 1
Et hernet port ( LAN)
enet 2
Wireless LAN adapt or WLAN2
enet 3 ~ enet 9
WLAN1 in MBSSI D m ode
enet 10 ~ enet 16
WLAN2 in MBSSI D m ode
enet 17 ~ enet 21
WLAN1 in WDS m ode
enet 22 ~ enet 26
WLAN2 in WDS m ode
Virt ual
112
NWA1121-NI User’s Guide
Chapter 9 System
9.9.4 Private-Public Certificates
When using public- key crypt ology for aut hent icat ion, each host has t wo keys. One key is public and
can be m ade openly available. The ot her key is privat e and m ust be kept secure.
These keys work like a handwrit t en signat ure ( in fact, cert ificat es are oft en referred t o as “ digit al
signat ures” ) . Only you can writ e your signat ure exact ly as it should look. When people know what
your signat ure looks like, t hey can verify whet her som et hing was signed by you, or by som eone
else. I n t he sam e way, your privat e key “ writ es” your digit al signat ure and your public key allows
people t o verify whet her dat a was signed by you, or by som eone else. This process works as
follows.
Tim want s t o send a m essage t o Jenny. He needs her t o be sure t hat it com es from him , and t hat
t he m essage cont ent has not been alt ered by anyone else along t he way. Tim generat es a public
key pair ( one public key and one privat e key) .
Tim keeps t he privat e key and m akes t he public key openly available. This m eans t hat anyone who
receives a m essage seem ing t o com e from Tim can read it and verify whet her it is really from him
or not .
Tim uses his privat e key t o sign t he m essage and sends it t o Jenny.
Jenny receives t he m essage and uses Tim ’s public key t o verify it . Jenny knows t hat t he m essage is
from Tim , and t hat alt hough ot her people m ay have been able t o read t he m essage, no- one can
have alt ered it ( because t hey cannot re- sign t he m essage wit h Tim ’s privat e key) .
Addit ionally, Jenny uses her own privat e key t o sign a m essage and Tim uses Jenny’s public key t o
verify t he m essage.
9.9.5 Certification Authorities
A Cert ificat ion Aut horit y ( CA) issues cert ificat es and guarant ees t he ident it y of each cert ificat e
owner. There are com m ercial cert ificat ion aut horit ies like CyberTrust or VeriSign and governm ent
cert ificat ion aut horit ies. You can use t he NWA1121- NI t o generat e cert ificat ion request s t hat
cont ain ident ifying inform at ion and public keys and t hen send t he cert ificat ion request s t o a
cert ificat ion aut horit y.
9.9.6 Checking the Fingerprint of a Certificate on Your Computer
A cert ificat e’s fingerprint s are m essage digest s calculat ed using t he MD5 or SHA1 algorit hm s. The
following procedure describes how t o check a cert ificat e’s fingerprint t o verify t hat you have t he
act ual cert ificat e.
Browse t o where you have t he cert ificat e saved on your com put er.
Make sure t hat t he cert ificat e has a “ .cer ” or “ .crt ” file nam e ext ension.
Figure 55 Cert ificat es on Your Com put er
NWA1121-NI User’s Guide
113
Chapter 9 System
Double- click t he cert ificat e’s icon t o open t he Ce r t ifica t e window. Click t he D e t a ils t ab and scroll
down t o t he Thum bpr int Algor it hm and Th um bpr int fields.
Figure 56 Cert ificat e Det ails
114
Use a secure m et hod t o verify t hat t he cert ificat e owner has t he sam e inform at ion in t he
Th um bpr in t Algor it h m and Th u m bpr in t fields. The secure m et hod m ay vary according t o your
sit uat ion. Possible exam ples would be over t he t elephone or t hrough an HTTPS connect ion.
NWA1121-NI User’s Guide
C HAPTER
10
Log Settings
10.1 Overview
This chapt er provides inform at ion on viewing and generat ing logs on your NWA1121- NI .
Logs are files t hat cont ain recorded net work act ivit y over a set period. They are used by
adm inist rat ors t o m onit or t he healt h of t he syst em ( s) t hey are m anaging. Logs enable
adm inist rat ors t o effect ively m onit or event s, errors, progress, et c. so t hat when net work problem s
or syst em failures occur, t he cause or origin can be t raced. Logs are also essent ial for audit ing and
keeping t rack of changes m ade by users.
Figure 57
Accessing Logs in t he Net work
The figure above illust rat es t hree ways t o access logs. The user ( U) can access logs direct ly from
t he NWA1121- NI ( A) via t he Web configurat or. Logs can also be locat ed in an ext ernal log server
( B) . An em ail server ( C) can also send harvest ed logs t o t he user ’s em ail account .
10.2 What You Can Do in this Chapter
Use t he Log Se t t ings screen t o configure where and when t he NWA1121- NI will send t he logs, and
which logs and/ or im m ediat e alert s it will send ( Sect ion 10.4 on page 116) . Use t he M onit or >
Logs screen t o display all logs or logs for a cert ain cat egory.
NWA1121-NI User’s Guide
115
Chapter 10 Log Settings
10.3 What You Need To Know
Alerts and Logs
An alert is a t ype of log t hat warrant s m ore serious at t ent ion. Som e cat egories such as Syst e m
Er r or consist of bot h logs and alert s. You can different iat e t hem by t heir color in t he M onit or >
Logs screen. Alert s are displayed in red and logs are displayed in black.
Receiving Logs via E-mail
I f you want t o receive logs in your e- m ail account , you need t o have t he necessary det ails ready,
such as t he Server Nam e or Sim ple Mail Transfer Prot ocol ( SMTP) Address of your e- m ail account .
Ensure t hat you have a valid e- m ail address.
Enabling Syslog Logging
To enable Syslog Logging, obt ain your Syslog server ’s I P address ( or server nam e) .
10.4 Log Settings Screen
Use t his screen t o configure t o where and when t he NWA1121- NI is t o send t he logs and which logs
and/ or im m ediat e alert s it is t o send.
116
NWA1121-NI User’s Guide
Chapter 10 Log Settings
To change your NWA1121- NI ’s log set t ings, click Configu r a t ion > Log Se t t in gs. The screen
appears as shown.
Figure 58 Log Set t ings
The following t able describes t he labels in t his screen.
Table 36 Log Set t ings
LABEL
DESCRIPTION
E- m ail Log Set t ings
Mail Server
Ent er t he server nam e or t he I P address of t he m ail server for t he e- m ail addresses
specified below. I f t his field is left blank, logs and alert m essages will not be sent via
e- m ail.
Mail Subj ect
Type a t it le t hat you want t o be in t he subj ect line of t he log e- m ail m essage t hat t he
NWA1121- NI sends.
Send Log t o
Logs are sent t o t he e- m ail address specified in t his field. I f t his field is left blank, logs
will not be sent via e- m ail.
NWA1121-NI User’s Guide
117
Chapter 10 Log Settings
Table 36 Log Set t ings ( cont inued)
LABEL
DESCRIPTION
SMTP Aut hent icat ion
SMTP ( Sim ple Mail Transfer Prot ocol) is t he m essage- exchange st andard for t he
I nt ernet . Select t he check box t o act ivat e SMTP aut hent icat ion. I f m ail server
aut hent icat ion is needed but t his feat ure is disabled, you will not receive t he e- m ail
logs.
I f you use SMTP aut hent icat ion, t he m ail receiver should be t he owner of t he SMTP
account .
User Nam e
I f your e- m ail account requires SMTP aut hent icat ion, ent er t he usernam e here.
Password
Ent er t he password associat ed wit h t he above usernam e.
Syslog Logging
Syslog logging sends a log t o an ext ernal syslog server used t o st ore logs.
Syslog Logging
Select t he check box t o enable syslog logging.
Syslog Server I P
Address
Ent er t he I P address of t he syslog server t hat will log t he select ed cat egories of logs.
Syslog Port
Num ber
Ent er t he port num ber of t he syslog server t hat will log t he select ed cat egories of
logs.
Send Log
Log Schedule
This drop- down m enu is used t o configure t he frequency of log m essages being sent
as E- m ail:
•
•
•
•
•
When Log is Full
Hourly
Daily
Weekly
None.
I f t he W e e k ly or t he D a ily opt ion is select ed, specify a t im e of day when t he E- m ail
should be sent . I f t he W e e k ly opt ion is select ed, t hen also specify which day of t he
week t he E- m ail should be sent . I f t he W h e n Log is Fu ll opt ion is select ed, an alert
is sent when t he log fills up. I f you select N one , no log m essages are sent .
Day for Sending
Log
This field is only available when you select W e e k ly in t he Log Sch e du le field.
Tim e for Sending
Log
Ent er t he t im e of t he day in 24- hour form at ( for exam ple 23: 00 equals 11: 00 pm ) t o
send t he logs.
Clear log aft er
sending m ail
Select t he check box t o clear all logs aft er logs and alert m essages are sent via em ail.
Use t he drop down list box t o select which day of t he week t o send t he logs.
Log Cat egory
118
Syst em
Maint enance
Click t his t o receive logs relat ed t o syst em m aint enance.
Syst em Error
Click t his t o receive logs relat ed t o syst em errors.
802.1x
Click t his t o receive logs relat ed t o t he 802.1x m ode.
Wireless
Click t his t o receive logs relat ed t o t he wireless funct ion.
Em ail Log Now
Select t he cat egories of alert s for which you want t he NWA1121- NI t o im m ediat ely
send e- m ail alert s.
Apply
Click Apply t o save your cust om ized set t ings.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1121-NI User’s Guide
C HAPTER
11
Maintenance
11.1 Overview
This chapt er describes t he m aint enance screens. I t discusses how you can upload new firm ware,
m anage configurat ion and rest art your NWA1121- NI wit hout t urning it off and on.
This chapt er provides inform at ion and inst ruct ions on how t o ident ify and m anage your NWA1121NI over t he net work.
Figure 59 NWA1121- NI Set up
I n t he figure above, t he NWA1121- NI connect s t o a Dom ain Nam e Server ( DNS) server t o avail of a
dom ain nam e. I t also connect s t o an Net work Tim e Prot ocol ( NTP) server t o set t he t im e on t he
device.
11.2 What You Can Do in this Chapter
• Use t he Ge ne r a l screen t o specify t he syst em nam e ( see Sect ion 11.4 on page 120) .
• Use t he Pa ssw or d screen t o m anage t he password for your NWA1121- NI ( see Sect ion 11.5 on
page 121) .
• Use t he Tim e screen t o change your NWA1121- NI ’s t im e and dat e. This screen allows you t o
configure t he NWA1121- NI ’s t im e based on your local t im e zone ( see Sect ion 11.6 on page 122) .
• Use t he Fir m w a r e Uploa d screen t o upload t he lat est firm ware for your NWA1121- NI ( see
Sect ion 11.7 on page 123) .
• Use t he Ba ck u p/ Re st or e screen t o view inform at ion relat ed t o fact ory default s, backup
configurat ion, and rest oring configurat ion ( see Sect ion 11.8 on page 124) .
NWA1121-NI User’s Guide
119
Chapter 11 Maintenance
• Use Re st a r t screen t o reboot t he NWA1121- NI wit hout t urning t he power off ( see Sect ion 11.9
on page 126) .
11.3 What You Need To Know
You can find t he firm ware for your device at www.zyxel.com . I t is a file t hat ( usually) uses t he
syst em m odel nam e wit h a " * .bin" ext ension, for exam ple " [ Model # ] .bin" . The upload process uses
HTTP ( Hypert ext Transfer Prot ocol) and m ay t ake up t o t wo m inut es. Aft er a successful upload, t he
syst em will reboot .
11.4 General Screen
Use t he Ge n e r a l screen t o ident ify your NWA1121- NI over t he net work. Click M a in t e n a n ce >
Ge ne r a l. The following screen displays.
Figure 60 Maint enance > General
The following t able describes t he labels in t his screen.
Table 37 Maint enance > General
LABEL
DESCRIPTION
Syst em Set t ings
Syst em Nam e
Type a descript ive nam e t o ident ify t he NWA1121- NI in t he Et hernet net work.
This nam e can be up t o 15 alphanum eric charact ers long. Spaces are not allowed, but
dashes " - " are accept ed.
120
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o reload t he previous configurat ion for t his screen.
NWA1121-NI User’s Guide
Chapter 11 Maintenance
11.5 Password Screen
Use t his screen t o cont rol access t o your NWA1121- NI by assigning a password t o it . Click
M a int e na nce > Pa ssw or d. The following screen displays.
Figure 61 Maint enance > Password
The following t able describes t he labels in t his screen.
Table 38 Maint enance > Password
LABEL
DESCRIPTIONS
Current Password
Type in your exist ing syst em password.
New Password
Type your new syst em password. Not e t hat as you t ype a password, t he screen
displays a dot ( .) for each charact er you t ype.
Ret ype t o Confirm
Ret ype your new syst em password for confirm at ion.
Apply
Click Apply t o save your changes.
Cancel
Click Ca nce l t o reload t he previous configurat ion for t his screen.
NWA1121-NI User’s Guide
121
Chapter 11 Maintenance
11.6 Time Screen
Use t his screen t o change your NWA1121- NI ’s t im e and dat e, click M a int e n a n ce > Tim e . The
following screen displays.
Figure 62 Maint enance > Tim e
The following t able describes t he labels in t his screen.
Table 39 Maint enance > Tim e
LABEL
DESCRIPTION
Current Tim e and Dat e
Current Tim e
This field displays t he t im e of your NWA1121- NI .
Each t im e you reload t his page, t he NWA1121- NI synchronizes t he t im e wit h t he
t im e server ( if configured) .
When you disable N TP Clie n t Upda t e , you can m anually ent er t he new t im e in t his
field and t hen click Apply.
Current Dat e
This field displays t he last updat ed dat e from t he t im e server.
When you disable N TP Clie n t Upda t e , you can m anually ent er t he new dat e in t his
field and t hen click Apply.
Tim e and Dat e Set up
NTP Client Updat e
Select t his t o have t he NWA1121- NI get t he t im e and dat e from t he t im e server you
specified below.
NTP server
Select t his opt ion t o use t he predefined list of Net work Tim e Prot ocol ( NTP) servers.
Select an NTP server from t he drop- list box.
Manual I P
Select t his opt ion t o ent er t he I P address or URL of your t im e server. Check wit h
your I SP/ net work adm inist rat or if you are unsure of t his inform at ion.
Tim e Zone Set up
122
Tim e Zone
Choose t he t im e zone of your locat ion. This will set t he t im e difference bet ween
your t im e zone and Greenwich Mean Tim e ( GMT) .
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o reload t he previous configurat ion for t his screen.
NWA1121-NI User’s Guide
Chapter 11 Maintenance
11.7 Firmware Upgrade Screen
Use t his screen t o upload a firm ware t o your NWA1121- NI . Click M a int e na nce > Fir m w a r e
Upgr a de . Follow t he inst ruct ions in t his sect ion t o upload firm ware t o your NWA1121- NI .
Figure 63 Maint enance > Firm ware Upgrade
The following t able describes t he labels in t his screen.
Table 40 Maint enance > Firm ware Upgrade
LABEL
DESCRIPTION
File Pat h
Type in t he locat ion of t he file you want t o upload in t his field or click Br ow se ... t o find
it .
Browse...
Click Br ow se ... t o find t he .bin file you want t o upload. Rem em ber t hat you m ust
decom press com pressed ( .zip) files before you can upload t hem .
Upload
Click Uploa d t o begin t he upload process. This process m ay t ake up t o t wo m inut es.
Do not turn off the NWA1121-NI while firmware upload is in progress!
Aft er you see t he Fir m w a r e Uploa d in Pr oce ss screen, wait t wo m inut es before logging int o t he
NWA1121- NI again.
Figure 64 Firm ware Upload I n Process
The NWA1121- NI aut om at ically rest art s in t his t im e causing a t em porary net work disconnect . I n
som e operat ing syst em s, you m ay see t he following icon on your deskt op.
Figure 65 Net work Tem porarily Disconnect ed
NWA1121-NI User’s Guide
123
Chapter 11 Maintenance
Aft er t he upload was finished, log in again and check your new firm ware version in t he D a sh boa r d
screen.
I f t he upload was not successful, t he following screen will appear. Click Re t ur n t o go back t o t he F/
W Uploa d screen.
Figure 66 Firm ware Upload Error
11.8 Configuration File Screen
Use t his screen t o backup, rest ore and reset t he configurat ion of your NWA1121- NI .
Click M a int e na nce > Con figu r a t ion File . The screen appears as shown next .
Figure 67 Maint enance > Configurat ion File
11.8.1 Backup Configuration
Backup configurat ion allows you t o back up ( save) t he NWA1121- NI ’s current configurat ion t o a file
on your com put er. Once your NWA1121- NI is configured and funct ioning properly, it is highly
recom m ended t hat you back up your configurat ion file before m aking configurat ion changes. The
backup configurat ion file will be useful in case you need t o ret urn t o your previous set t ings.
Click Ba ck up t o save t he NWA1121- NI ’s current configurat ion t o your com put er.
124
NWA1121-NI User’s Guide
Chapter 11 Maintenance
11.8.2 Restore Configuration
Rest ore configurat ion allows you t o upload a new or previously saved configurat ion file from your
com put er t o your NWA1121- NI .
Table 41 Rest ore Configurat ion
LABEL
DESCRIPTION
File Pat h
Type in t he locat ion of t he file you want t o upload in t his field or click Br ow se ... t o find
it .
Browse...
Click Br ow se ... t o find t he file you want t o upload. Rem em ber t hat you m ust
decom press com pressed ( .ZI P) files before you can upload t hem .
Upload
Click Uploa d t o begin t he upload process.
Do not turn off the NWA1121-NI while configuration file upload is in
progress.
Aft er you see a “ rest ore configurat ion successful” screen, you m ust t hen wait one m inut e before
logging int o t he NWA1121- NI again.
Figure 68 Configurat ion Upload Successful
The NWA1121- NI aut om at ically rest art s in t his t im e causing a t em porary net work disconnect . I n
som e operat ing syst em s, you m ay see t he following icon on your deskt op.
Figure 69 Net work Tem porarily Disconnect ed
I f you uploaded t he default configurat ion file you m ay need t o change t he I P address of your
com put er t o be in t he sam e subnet as t hat of t he default NWA1121- NI I P address ( 192.168.1.2) .
See Appendix A on page 133 for det ails on how t o set up your com put er ’s I P address.
NWA1121-NI User’s Guide
125
Chapter 11 Maintenance
I f t he upload was not successful, t he following screen will appear. Click Re t u r n t o go back t o t he
Ba ck up/ Re st or e screen.
Figure 70 Configurat ion Upload Error
11.8.3 Back to Factory Defaults
Pressing t he Re se t but t on in t his sect ion clears all user- ent ered configurat ion inform at ion and
ret urns t he NWA1121- NI t o it s fact ory default s as shown on t he screen. The following warning
screen will appear.
Figure 71 Reset Message
You can also press t he RESET but t on t o reset your NWA1121- NI t o it s fact ory default set t ings.
Refer t o Sect ion 2.2 on page 20 for m ore inform at ion.
11.9 Restart Screen
Use t his screen t o reboot t he NWA1121- NI wit hout t urning t he power off.
Click M a int e na nce > Re st a r t . The following screen displays.
Figure 72 Maint enance > Rest art
Click Re st a r t t o have t he NWA1121- NI reboot . This does not affect t he NWA1121- NI 's
configurat ion.
126
NWA1121-NI User’s Guide
Chapter 11 Maintenance
NWA1121-NI User’s Guide
127
Chapter 11 Maintenance
128
NWA1121-NI User’s Guide
C HAPTER
12
Troubleshooting
This chapt er offers som e suggest ions t o solve problem s you m ight encount er. The pot ent ial
problem s are divided int o t he following cat egories.
• Power, Hardware Connect ions, and LEDs
• NWA1121- NI Access and Login
• I nt ernet Access
12.1 Power, Hardware Connections, and LEDs
The NWA1121- NI does not t urn on. None of t he LEDs t urn on.
Make sure you are using t he power adapt or or cord included wit h t he NWA1121- NI .
Make sure t he power adapt or or cord is connect ed t o t he NWA1121- NI and plugged in t o an
appropriat e power source. Make sure t he power source is t urned on.
Disconnect and re- connect t he power adapt or or cord t o t he NWA1121- NI .
I f t he problem cont inues, cont act t he vendor.
One of t he LEDs does not behave as expect ed.
Make sure you underst and t he norm al behavior of t he LED. See Sect ion 1.7 on page 17.
Check t he hardware connect ions. See t he Quick St art Guide.
I nspect your cables for dam age. Cont act t he vendor t o replace any dam aged cables.
Disconnect and re- connect t he power adapt or t o t he NWA1121- NI .
I f t he problem cont inues, cont act t he vendor.
NWA1121-NI User’s Guide
129
Chapter 12 Troubleshooting
12.2 NWA1121-NI Access and Login
I forgot t he I P address for t he NWA1121- NI .
The default I P address is 1 9 2 .1 6 8 .1 .2 .
I f you changed t he I P address and have forgot t en it , you m ight get t he I P address of t he NWA1121NI by looking up t he I P address of t he default gat eway for your com put er. To do t his in m ost
Windows com put ers, click St a r t > Run , ent er “ cm d”, and t hen ent er “ ipconfig”. The I P address of
t he D e fa ult Ga t e w a y m ight be t he I P address of t he NWA1121- NI ( it depends on t he net work) , so
ent er t his I P address in your I nt ernet browser.
I f t his does not work, you have t o reset t he device t o it s fact ory default s. See Sect ion 2.2 on page
20.
I forgot t he passwor d.
The default password is 1 2 3 4 .
I f t his does not work, you have t o reset t he device t o it s fact ory default s. See Sect ion 2.2 on page
20.
I cannot see or access t he Login screen in t he web configurat or.
Make sure you are using t he correct I P address.
• The default I P address is 192.168.1.2.
• I f you changed t he I P address ( Sect ion 7.4 on page 96) , use t he new I P address.
• I f you changed t he I P address and have forgot t en it , see t he t roubleshoot ing suggest ions for I
forgot t he I P address for t he NWA1121- NI .
Check t he hardware connect ions, and m ake sure t he LEDs are behaving as expect ed. See t he Quick
St art Guide and Sect ion 1.7 on page 17.
Make sure your I nt ernet browser does not block pop- up windows and has JavaScript and Java
enabled. See Sect ion 12.1 on page 129.
Make sure your com put er is in t he sam e subnet as t he NWA1121- NI . ( I f you know t hat t here are
rout ers bet ween your com put er and t he NWA1121- NI , skip t his st ep.)
• I f t here is no DHCP server on your net work, m ake sure your com put er ’s I P address is in t he
sam e subnet as t he NWA1121- NI .
130
Reset t he device t o it s fact ory default s, and t ry t o access t he NWA1121- NI wit h t he default I P
address. See Chapt er 2 on page 20.
NWA1121-NI User’s Guide
Chapter 12 Troubleshooting
I f t he problem cont inues, cont act t he net work adm inist rat or or vendor, or t ry one of t he advanced
suggest ions.
Adva n ce d Sugge st ions
• Try t o access t he NWA1121- NI using anot her service, such as Telnet . I f you can access t he
NWA1121- NI , check t he rem ot e m anagem ent set t ings t o find out why t he NWA1121- NI does not
respond t o HTTP.
• I f your com put er is connect ed wirelessly, use a com put er t hat is connect ed t o a LAN/ Et hernet
port .
I can see t he Login screen, but I cannot log in t o t he NWA1121- NI .
Make sure you have ent ered t he user nam e and password correct ly. The default password is 1 2 3 4 .
This fields are case- sensit ive, so m ake sure [ Caps Lock] is not on.
You cannot log in t o t he web configurat or while som eone is using t he Telnet t o access t he
NWA1121- NI . Log out of t he NWA1121- NI in t he ot her session, or ask t he person who is logged in
t o log out .
Disconnect and re- connect t he power adapt or or cord t o t he NWA1121- NI .
I f t his does not work, you have t o reset t he device t o it s fact ory default s. See Sect ion 2.2 on page
20.
I cannot use FTP t o upload new firm ware.
See t he t roubleshoot ing suggest ions for I cannot see or access t he Login screen in t he web
configurat or. I gnore t he suggest ions about your browser.
12.3 Internet Access
I cannot access t he I nt er net .
Check t he hardware connect ions, and m ake sure t he LEDs are behaving as expect ed. See t he Quick
St art Guide and Sect ion 12.1 on page 129.
2. Make sure your NWA1121- NI is connect ed t o a net working device t hat provides I nt ernet access.
I f you are t rying t o access t he I nt ernet wirelessly, m ake sure t he wireless set t ings on t he wireless
client are t he sam e as t he set t ings on t he AP.
Disconnect all t he cables from your device, and follow t he direct ions in t he Quick St art Guide again.
NWA1121-NI User’s Guide
131
Chapter 12 Troubleshooting
I f t he problem cont inues, cont act your I SP.
I cannot access t he I nt ernet anym ore. I had access t o t he I nt ernet ( wit h t he NWA1121- NI ) ,
but m y I nt ernet connect ion is not available anym ore.
Check t he hardware connect ions, and m ake sure t he LEDs are behaving as expect ed. See t he Quick
St art Guide and Sect ion 1.7 on page 17.
Reboot t he NWA1121- NI .
I f t he problem cont inues, cont act your I SP or net work adm inist rat or.
The I nt ernet connect ion is slow or int erm it t ent .
There m ight be a lot of t raffic on t he net work. Look at t he LEDs, and check Sect ion 1.7 on page 17.
I f t he NWA1121- NI is sending or receiving a lot of inform at ion, t ry closing som e program s t hat use
t he I nt ernet , especially peer- t o- peer applicat ions.
Check t he signal st rengt h. I f t he signal is weak, t ry m oving t he NWA1121- NI ( in wireless client
m ode) closer t o t he AP ( if possible) , and look around t o see if t here are any devices t hat m ight be
int erfering wit h t he wireless net work ( m icrowaves, ot her wireless net works, and so on) .
Reboot t he NWA1121- NI .
I f t he problem cont inues, cont act t he net work adm inist rat or or vendor, or t ry one of t he advanced
suggest ions.
Adva n ce d Sugge st ions
• Check t he set t ings for QoS. I f it is disabled, you m ight consider act ivat ing it .
132
NWA1121-NI User’s Guide
A PPENDIX
Setting Up Your Computer’s IP Address
Not e: Your specific NWA1121- NI m ay not support all of t he operat ing syst em s described
in t his appendix. See t he product specificat ions for m ore inform at ion about which
operat ing syst em s are support ed.
This appendix shows you how t o configure t he I P set t ings on your com put er in order for it t o be
able t o com m unicat e wit h t he ot her devices on your net work. Windows Vist a/ XP/ 2000, Mac OS 9/
OS X, and all versions of UNI X/ LI NUX include t he soft ware com ponent s you need t o use TCP/ I P on
your com put er.
I f you m anually assign I P inform at ion inst ead of using a dynam ic I P, m ake sure t hat your net work’s
com put ers have I P addresses t hat place t hem in t he sam e subnet .
I n t his appendix, you can set up an I P address for:
• Windows XP/ NT/ 2000 on page 133
• Windows Vist a on page 137
• Windows 7 on page 141
• Mac OS X: 10.3 and 10.4 on page 145
• Mac OS X: 10.5 and 10.6 on page 148
• Linux: Ubunt u 8 ( GNOME) on page 151
• Linux: openSUSE 10.3 ( KDE) on page 155
Windows XP/NT/2000
The following exam ple uses t he default Windows XP display t hem e but can also apply t o Windows
2000 and Windows NT.
NWA1121-NI User’s Guide
133
Appendix A Setting Up Your Computer’s IP Address
134
Click St a r t > Con t r ol Pa n e l.
I n t he Cont r ol Pa n e l, click t he N e t w or k Con ne ct ion s icon.
Right- click Loca l Ar e a Conne ct ion and t hen select Pr ope r t ie s.
NWA1121-NI User’s Guide
Appendix A Setting Up Your Computer’s IP Address
On t he Ge n e r a l t ab, select I n t e r n e t Pr ot ocol ( TCP/ I P) and t hen click Pr ope r t ie s.
NWA1121-NI User’s Guide
135
Appendix A Setting Up Your Computer’s IP Address
The I nt e r ne t Pr ot ocol TCP/ I P Pr ope r t ie s window opens.
Select Obt a in a n I P a ddr e ss a ut om a t ica lly if your net work adm inist rat or or I SP assigns your I P
address dynam ically.
Select Use t h e follow in g I P Addr e ss and fill in t he I P a ddr e ss, Subn e t m a sk , and D e fa ult
ga t e w a y fields if you have a st at ic I P address t hat was assigned t o you by your net work
adm inist rat or or I SP. You m ay also have t o ent er a Pr e fe r r e d D N S se r ve r and an Alt e r na t e D N S
se r ve r , if t hat inform at ion was provided.
Click OK t o close t he I n t e r ne t Pr ot ocol ( TCP/ I P) Pr ope r t ie s window.
Click OK t o close t he Loca l Ar e a Con n e ct ion Pr ope r t ie s window.
Verifying Settings
Click St a r t > All Pr ogr a m s > Acce ssor ie s > Com m a nd Pr om pt .
I n t he Com m a nd Pr om pt window, t ype " ipconfig" and t hen press [ ENTER] .
You can also go t o St a r t > Con t r ol Pa n e l > N e t w or k Con n e ct ions, right- click a net work
connect ion, click St a t u s and t hen click t he Suppor t t ab t o view your I P address and connect ion
inform at ion.
136
NWA1121-NI User’s Guide
Appendix A Setting Up Your Computer’s IP Address
Windows Vista
This sect ion shows screens from Windows Vist a Professional.
Click St a r t > Cont r ol Pa n e l.
I n t he Cont r ol Pa n e l, click t he N e t w or k a nd I n t e r n e t icon.
Click t he N e t w or k a n d Sh a r ing Ce n t e r icon.
NWA1121-NI User’s Guide
137
Appendix A Setting Up Your Computer’s IP Address
Click M a n a ge n e t w or k con n e ct ions.
Right- click Loca l Ar e a Conne ct ion and t hen select Pr ope r t ie s.
Not e: During t his procedure, click Con t inu e whenever Windows displays a screen saying
t hat it needs your perm ission t o cont inue.
138
NWA1121-NI User’s Guide
Appendix A Setting Up Your Computer’s IP Address
Select I n t e r n e t Pr ot ocol Ve r sion 4 ( TCP/ I Pv4 ) and t hen select Pr ope r t ie s.
NWA1121-NI User’s Guide
139
Appendix A Setting Up Your Computer’s IP Address
The I nt e r ne t Pr ot ocol Ve r sion 4 ( TCP/ I Pv4 ) Pr ope r t ie s window opens.
Select Obt a in a n I P a ddr e ss a ut om a t ica lly if your net work adm inist rat or or I SP assigns your I P
address dynam ically.
Select Use t h e follow in g I P Addr e ss and fill in t he I P a ddr e ss, Subn e t m a sk , and D e fa ult
ga t e w a y fields if you have a st at ic I P address t hat was assigned t o you by your net work
adm inist rat or or I SP. You m ay also have t o ent er a Pr e fe r r e d D N S se r ve r and an Alt e r na t e D N S
se r ve r , if t hat inform at ion was provided.Click Adva nce d.
Click OK t o close t he I n t e r ne t Pr ot ocol ( TCP/ I P) Pr ope r t ie s window.
10 Click OK t o close t he Loca l Ar e a Con n e ct ion Pr ope r t ie s window.
Verifying Settings
Click St a r t > All Pr ogr a m s > Acce ssor ie s > Com m a nd Pr om pt .
I n t he Com m a nd Pr om pt window, t ype " ipconfig" and t hen press [ ENTER] .
You can also go t o St a r t > Con t r ol Pa n e l > N e t w or k Con n e ct ions, right- click a net work
connect ion, click St a t u s and t hen click t he Suppor t t ab t o view your I P address and connect ion
inform at ion.
140
NWA1121-NI User’s Guide
Appendix A Setting Up Your Computer’s IP Address
Windows 7
This sect ion shows screens from Windows 7 Ent erprise.
Click St a r t > Cont r ol Pa n e l.
I n t he Cont r ol Pa n e l, click Vie w ne t w or k st a t us a nd t a sk s under t he N e t w or k a n d I n t e r n e t
cat egory.
Click Ch a n ge a da pt e r se t t in gs.
NWA1121-NI User’s Guide
141
Appendix A Setting Up Your Computer’s IP Address
Double click Loca l Ar e a Conne ct ion and t hen select Pr ope r t ie s.
Not e: During t his procedure, click Con t inu e whenever Windows displays a screen saying
t hat it needs your perm ission t o cont inue.
142
NWA1121-NI User’s Guide
Appendix A Setting Up Your Computer’s IP Address
Select I n t e r n e t Pr ot ocol Ve r sion 4 ( TCP/ I Pv4 ) and t hen select Pr ope r t ie s.
NWA1121-NI User’s Guide
143
Appendix A Setting Up Your Computer’s IP Address
The I nt e r ne t Pr ot ocol Ve r sion 4 ( TCP/ I Pv4 ) Pr ope r t ie s window opens.
Select Obt a in a n I P a ddr e ss a ut om a t ica lly if your net work adm inist rat or or I SP assigns your I P
address dynam ically.
Select Use t h e follow in g I P Addr e ss and fill in t he I P a ddr e ss, Subn e t m a sk , and D e fa ult
ga t e w a y fields if you have a st at ic I P address t hat was assigned t o you by your net work
adm inist rat or or I SP. You m ay also have t o ent er a Pr e fe r r e d D N S se r ve r and an Alt e r na t e D N S
se r ve r , if t hat inform at ion was provided. Click Adva nce d if you want t o configure advanced
set t ings for I P, DNS and WI NS.
Click OK t o close t he I n t e r ne t Pr ot ocol ( TCP/ I P) Pr ope r t ie s window.
Click OK t o close t he Loca l Ar e a Con n e ct ion Pr ope r t ie s window.
Verifying Settings
144
Click St a r t > All Pr ogr a m s > Acce ssor ie s > Com m a nd Pr om pt .
I n t he Com m a nd Pr om pt window, t ype " ipconfig" and t hen press [ ENTER] .
NWA1121-NI User’s Guide
Appendix A Setting Up Your Computer’s IP Address
The I P set t ings are displayed as follows.
Mac OS X: 10.3 and 10.4
The screens in t his sect ion are from Mac OS X 10.4 but can also apply t o 10.3.
Click Apple > Syst e m Pr e fe r e nce s.
NWA1121-NI User’s Guide
145
Appendix A Setting Up Your Computer’s IP Address
146
I n t he Syst e m Pr e fe r e nce s window, click t he N e t w or k icon.
When t he N e t w or k preferences pane opens, select Built - in Et he r ne t from t he net work
connect ion t ype list , and t hen click Configu r e .
NWA1121-NI User’s Guide
Appendix A Setting Up Your Computer’s IP Address
For dynam ically assigned set t ings, select Usin g D H CP from t he Configu r e I Pv4 list in t he TCP/ I P
t ab.
For st at ically assigned set t ings, do t he following:
• From t he Configu r e I Pv4 list , select M a nua lly.
• I n t he I P Addr e ss field, t ype your I P address.
• I n t he Subn e t M a sk field, t ype your subnet m ask.
• I n t he Rou t e r field, t ype t he I P address of your device.
Click Apply N ow and close t he window.
NWA1121-NI User’s Guide
147
Appendix A Setting Up Your Computer’s IP Address
Verifying Settings
Check your TCP/ I P propert ies by clicking Applica t ions > Ut ilit ie s > N e t w or k Ut ilit ie s, and t hen
select ing t he appropriat e N e t w or k I nt e r fa ce from t he I n fo t ab.
Figure 73 Mac OS X 10.4: Net work Ut ilit y
Mac OS X: 10.5 and 10.6
The screens in t his sect ion are from Mac OS X 10.5 but can also apply t o 10.6.
148
Click Apple > Syst e m Pr e fe r e nce s.
NWA1121-NI User’s Guide
Appendix A Setting Up Your Computer’s IP Address
I n Syst e m Pr e fe r e n ce s, click t he N e t w or k icon.
When t he N e t w or k preferences pane opens, select Et he r ne t from t he list of available connect ion
t ypes.
From t he Configu r e list , select Usin g D H CP for dynam ically assigned set t ings.
For st at ically assigned set t ings, do t he following:
NWA1121-NI User’s Guide
149
Appendix A Setting Up Your Computer’s IP Address
• From t he Configu r e list , select M a nua lly.
• I n t he I P Addr e ss field, ent er your I P address.
• I n t he Subn e t M a sk field, ent er your subnet m ask.
• I n t he Rou t e r field, ent er t he I P address of your NWA1121- NI .
150
Click Apply and close t he window.
NWA1121-NI User’s Guide
Appendix A Setting Up Your Computer’s IP Address
Verifying Settings
Check your TCP/ I P propert ies by clicking Applica t ions > Ut ilit ie s > N e t w or k Ut ilit ie s, and t hen
select ing t he appropriat e N e t w or k int e r fa ce from t he I nfo t ab.
Figure 74 Mac OS X 10.5: Net work Ut ilit y
Linux: Ubuntu 8 (GNOME)
This sect ion shows you how t o configure your com put er ’s TCP/ I P set t ings in t he GNU Obj ect Model
Environm ent ( GNOME) using t he Ubunt u 8 Linux dist ribut ion. The procedure, screens and file
locat ions m ay vary depending on your specific dist ribut ion, release version, and individual
configurat ion. The following screens use t he default Ubunt u 8 inst allat ion.
Not e: Make sur e you are logged in as t he root adm inist rat or.
Follow t he st eps below t o configure your com put er I P address in GNOME:
Click Syst e m > Adm in ist r a t ion > N e t w or k .
NWA1121-NI User’s Guide
151
Appendix A Setting Up Your Computer’s IP Address
152
When t he N e t w or k Se t t in gs window opens, click Un lock t o open t he Aut he nt ica t e window. ( By
default , t he Unlock but t on is greyed out unt il clicked.) You cannot m ake changes t o your
configurat ion unless you first ent er your adm in password.
I n t he Aut he nt ica t e window, ent er your adm in account nam e and password t hen click t he
Aut he nt ica t e but t on.
NWA1121-NI User’s Guide
Appendix A Setting Up Your Computer’s IP Address
I n t he N e t w or k Se t t ings window, select t he connect ion t hat you want t o configure, t hen click
Pr ope r t ie s.
The Pr ope r t ie s dialog box opens.
• I n t he Configu r a t ion list , select Au t om a t ic Con figu r a t ion ( D H CP) if you have a dynam ic I P
address.
• I n t he Configur a t ion list , select St a t ic I P a ddr e ss if you have a st at ic I P address. Fill in t he
I P a ddr e ss, Subne t m a sk , and Ga t e w a y a ddr e ss fields.
Click OK t o save t he changes and close t he Pr ope r t ie s dialog box and ret urn t o t he N e t w or k
Se t t in gs screen.
NWA1121-NI User’s Guide
153
Appendix A Setting Up Your Computer’s IP Address
154
I f you know your DNS server I P address( es) , click t he D N S t ab in t he N e t w or k Se t t in gs window
and t hen ent er t he DNS server inform at ion in t he fields provided.
Click t he Close but t on t o apply t he changes.
NWA1121-NI User’s Guide
Appendix A Setting Up Your Computer’s IP Address
Verifying Settings
Check your TCP/ I P propert ies by clicking Syst e m > Adm in ist r a t ion > N e t w or k Tools, and t hen
select ing t he appropriat e N e t w or k de vice from t he D e vice s t ab. The I n t e r fa ce St a t ist ics
colum n shows dat a if your connect ion is working properly.
Figure 75 Ubunt u 8: Net work Tools
Linux: openSUSE 10.3 (KDE)
This sect ion shows you how t o configure your com put er ’s TCP/ I P set t ings in t he K Deskt op
Environm ent ( KDE) using t he openSUSE 10.3 Linux dist ribut ion. The procedure, screens and file
locat ions m ay vary depending on your specific dist ribut ion, release version, and individual
configurat ion. The following screens use t he default openSUSE 10.3 inst allat ion.
Not e: Make sur e you are logged in as t he root adm inist rat or.
Follow t he st eps below t o configure your com put er I P address in t he KDE:
NWA1121-NI User’s Guide
155
Appendix A Setting Up Your Computer’s IP Address
156
Click K M e n u > Com pu t e r > Adm in ist r a t or Se t t in gs ( Ya ST) .
When t he Run a s Root - KD E su dialog opens, ent er t he adm in password and click OK.
NWA1121-NI User’s Guide
Appendix A Setting Up Your Computer’s IP Address
When t he Ya ST Cont r ol Ce nt e r window opens, select N e t w or k D e vice s and t hen click t he
N e t w or k Ca r d icon.
When t he N e t w or k Se t t in gs window opens, click t he Ove r vie w t ab, select t he appropriat e
connect ion N a m e from t he list , and t hen click t he Configu r e but t on.
NWA1121-NI User’s Guide
157
Appendix A Setting Up Your Computer’s IP Address
When t he N e t w or k Ca r d Se t u p window opens, click t he Addr e ss t ab
Figure 76 openSUSE 10.3: Net work Card Set up
Select D yna m ic Addr e ss ( D H CP) if you have a dynam ic I P address.
Select St a t ica lly a ssign e d I P Addr e ss if you have a st at ic I P address. Fill in t he I P a ddr e ss,
Subne t m a sk , and H ost na m e fields.
158
Click N e x t t o save t he changes and close t he N e t w or k Ca r d Se t up window.
NWA1121-NI User’s Guide
Appendix A Setting Up Your Computer’s IP Address
I f you know your DNS server I P address( es) , click t he H ost na m e / D N S t ab in N e t w or k Se t t in gs
and t hen ent er t he DNS server inform at ion in t he fields provided.
Click Finish t o save your set t ings and close t he window.
Verifying Settings
Click t he KN e t w or k M a na ge r icon on t he Ta sk ba r t o check your TCP/ I P propert ies. From t he
Opt ion s sub- m enu, select Sh ow Con n e ct ion I n for m a t ion .
Figure 77 openSUSE 10.3: KNet work Manager
NWA1121-NI User’s Guide
159
Appendix A Setting Up Your Computer’s IP Address
When t he Conn e ct ion St a t u s - KN e t w or k M a n a ge r window opens, click t he St a t ist ics t a b t o
see if your connect ion is working properly.
Figure 78 openSUSE: Connect ion St at us - KNet work Manager
160
NWA1121-NI User’s Guide
A PPENDIX
Pop-up Windows, JavaScript and Java
Permissions
I n order t o use t he web configurat or you need t o allow:
• Web browser pop- up windows from your device.
• JavaScript ( enabled by default ) .
• Java perm issions ( enabled by default ) .
Not e: The screens used below belong t o I nt ernet Explorer version 6, 7 and 8. Screens for
ot her I nt ernet Explorer versions m ay vary.
Internet Explorer Pop-up Blockers
You m ay have t o disable pop- up blocking t o log int o your device.
Eit her disable pop- up blocking ( enabled by default in Windows XP SP ( Service Pack) 2) or allow
pop- up blocking and creat e an except ion for your device’s I P address.
Disable Pop-up Blockers
I n I nt ernet Explorer, select Tools, Pop- u p Block e r and t hen select Tur n Off Pop- up Block e r.
Figure 79 Pop- up Blocker
You can also check if pop- up blocking is disabled in t he Pop- u p Block e r sect ion in t he Pr iva cy t ab.
I n I nt ernet Explorer, select Tools, I nt e r ne t Opt ions, Pr iva cy.
NWA1121-NI User’s Guide
161
Appendix B Pop-up Windows, JavaScript and Java Permissions
Clear t he Block pop- ups check box in t he Pop- u p Block e r sect ion of t he screen. This disables any
web pop- up blockers you m ay have enabled.
Figure 80 I nt ernet Opt ions: Privacy
Click Apply t o save t his set t ing.
Enable Pop-up Blockers with Exceptions
Alt ernat ively, if you only want t o allow pop- up windows from your device, see t he following st eps.
162
I n I nt ernet Explorer, select Tools, I nt e r ne t Opt ions and t hen t he Pr iva cy t ab.
NWA1121-NI User’s Guide
Appendix B Pop-up Windows, JavaScript and Java Permissions
Select Se t t ings…t o open t he Pop- up Block e r Se t t ings screen.
Figure 81 I nt ernet Opt ions: Privacy
Type t he I P address of your device ( t he web page t hat you do not want t o have blocked) wit h t he
prefix “ ht t p: / / ”. For exam ple, ht t p: / / 192.168.167.1.
NWA1121-NI User’s Guide
163
Appendix B Pop-up Windows, JavaScript and Java Permissions
Click Add t o m ove t he I P address t o t he list of Allow e d sit e s.
Figure 82 Pop- up Blocker Set t ings
Click Close t o ret urn t o t he Pr iva cy screen.
Click Apply t o save t his set t ing.
JavaScript
I f pages of t he web configurat or do not display properly in I nt ernet Explorer, check t hat JavaScript
are allowed.
164
NWA1121-NI User’s Guide
Appendix B Pop-up Windows, JavaScript and Java Permissions
I n I nt ernet Explorer, click Tools, I n t e r ne t Opt ion s and t hen t he Se cur it y t ab.
Figure 83 I nt ernet Opt ions: Securit y
Click t he Cu st om Le ve l... but t on.
Scroll down t o Scr ipt ing.
Under Act ive scr ipt ing m ake sure t hat Ena ble is select ed ( t he default ) .
Under Scr ipt ing of Ja va a pple t s m ake sure t hat Ena ble is select ed ( t he default ) .
NWA1121-NI User’s Guide
165
Appendix B Pop-up Windows, JavaScript and Java Permissions
Click OK t o close t he window.
Figure 84 Securit y Set t ings - Java Script ing
Java Permissions
166
From I nt ernet Explorer, click Tools, I nt e r ne t Opt ions and t hen t he Se cu r it y t ab.
Click t he Cu st om Le ve l... but t on.
Scroll down t o M icr osoft VM .
Under Ja va pe r m issions m ake sure t hat a safet y level is select ed.
NWA1121-NI User’s Guide
Appendix B Pop-up Windows, JavaScript and Java Permissions
Click OK t o close t he window.
Figure 85 Securit y Set t ings - Java
JAVA (Sun)
From I nt ernet Explorer, click Tools, I nt e r ne t Opt ions and t hen t he Adva n ce d t ab.
Make sure t hat Use Ja va 2 for < a pple t > under Ja va ( Sun) is select ed.
NWA1121-NI User’s Guide
167
Appendix B Pop-up Windows, JavaScript and Java Permissions
Click OK t o close t he window.
Figure 86 Java ( Sun)
Mozilla Firefox
Mozilla Firefox 2.0 screens are used here. Screens for ot her versions m ay vary slight ly. The st eps
below apply t o Mozilla Firefox 3.0 as well.
You can enable Java, Javascript and pop- ups in one screen. Click Tools, t hen click Opt ions in t he
screen t hat appears.
Figure 87 Mozilla Firefox: TOOLS > Opt ions
168
NWA1121-NI User’s Guide
Appendix B Pop-up Windows, JavaScript and Java Permissions
Click Cont e n t t o show t he screen below. Select t he check boxes as shown in t he following screen.
Figure 88 Mozilla Firefox Cont ent Securit y
Opera
Opera 10 screens are used here. Screens for ot her versions m ay vary slight ly.
NWA1121-NI User’s Guide
169
Appendix B Pop-up Windows, JavaScript and Java Permissions
Allowing Pop-Ups
From Opera, click Tools, t hen Pr e fe r e nce s. I n t he Ge n e r a l t ab, go t o Ch oose h ow you pr e fe r
t o h a n dle pop- ups and select Ope n a ll pop- ups.
Figure 89 Opera: Allowing Pop- Ups
Enabling Java
From Opera, click Tools, t hen Pr e fe r e nce s. I n t he Adva nce d t ab, select Cont e nt from t he leftside m enu. Select t he check boxes as shown in t he following screen.
Figure 90 Opera: Enabling Java
170
NWA1121-NI User’s Guide
Appendix B Pop-up Windows, JavaScript and Java Permissions
To cust om ize JavaScript behavior in t he Opera browser, click Ja va Scr ipt Opt ions.
Figure 91 Opera: JavaScript Opt ions
Select t he it em s you want Opera’s JavaScript t o apply.
NWA1121-NI User’s Guide
171
Appendix B Pop-up Windows, JavaScript and Java Permissions
172
NWA1121-NI User’s Guide
A PPENDIX
IP Addresses and Subnetting
This appendix int roduces I P addresses and subnet m asks.
I P addresses ident ify individual devices on a net work. Every net working device ( including
com put ers, servers, rout ers, print ers, et c.) needs an I P address t o com m unicat e across t he
net work. These net working devices are also known as host s.
Subnet m asks det erm ine t he m axim um num ber of possible host s on a net work. You can also use
subnet m asks t o divide one net work int o m ult iple sub- net works.
Introduction to IP Addresses
One part of t he I P address is t he net work num ber, and t he ot her part is t he host I D. I n t he sam e
way t hat houses on a st reet share a com m on st reet nam e, t he host s on a net work share a com m on
net work num ber. Sim ilarly, as each house has it s own house num ber, each host on t he net work has
it s own unique ident ifying num ber - t he host I D. Rout ers use t he net work num ber t o send packet s
t o t he correct net work, while t he host I D det erm ines t o which host on t he net work t he packet s are
delivered.
Structure
An I P address is m ade up of four part s, writ t en in dot t ed decim al not at ion ( for exam ple,
192.168.1.1) . Each of t hese four part s is known as an oct et . An oct et is an eight- digit binary
num ber ( for exam ple 11000000, which is 192 in decim al not at ion) .
Therefore, each oct et has a possible range of 00000000 t o 11111111 in binary, or 0 t o 255 in
decim al.
NWA1121-NI User’s Guide
173
Appendix C IP Addresses and Subnetting
The following figure shows an exam ple I P address in which t he first t hree oct et s ( 192.168.1) are
t he net work num ber, and t he fourt h oct et ( 16) is t he host I D.
Figure 92 Net work Num ber and Host I D
How m uch of t he I P address is t he net work num ber and how m uch is t he host I D varies according
t o t he subnet m ask.
Subnet Masks
A subnet m ask is used t o det erm ine which bit s are part of t he net work num ber, and which bit s are
part of t he host I D ( using a logical AND operat ion) . The t erm “ subnet ” is short for “ sub- net work”.
A subnet m ask has 32 bit s. I f a bit in t he subnet m ask is a “ 1” t hen t he corresponding bit in t he I P
address is part of t he net work num ber. I f a bit in t he subnet m ask is “ 0” t hen t he corresponding bit
in t he I P address is part of t he host I D.
The following exam ple shows a subnet m ask ident ifying t he net work num ber ( in bold t ext ) and host
I D of an I P address ( 192.168.1.2 in decim al) .
Table 42 Subnet Masks
1ST OCTET: 2ND
OCTET:
(192)
(168)
3RD
OCTET:
4TH OCTET
(1)
(2)
I P Address ( Binary)
11000000
10101000
00000001
00000010
Subnet Mask ( Binary)
11111111
11111111
11111111
00000000
Net work Num ber
11000000
10101000
00000001
Host I D
00000010
By convent ion, subnet m asks always consist of a cont inuous sequence of ones beginning from t he
left m ost bit of t he m ask, followed by a cont inuous sequence of zeros, for a t ot al num ber of 32 bit s.
174
NWA1121-NI User’s Guide
Appendix C IP Addresses and Subnetting
Subnet m asks can be referred t o by t he size of t he net work num ber part ( t he bit s wit h a “ 1” value) .
For exam ple, an “ 8- bit m ask” m eans t hat t he first 8 bit s of t he m ask are ones and t he rem aining 24
bit s are zeroes.
Subnet m asks are expressed in dot t ed decim al not at ion j ust like I P addresses. The following
exam ples show t he binary and decim al not at ion for 8- bit , 16- bit , 24- bit and 29- bit subnet m asks.
Table 43 Subnet Masks
BINARY
DECIMAL
1ST
OCTET
2ND
OCTET
3RD
OCTET
4TH OCTET
8- bit m ask
11111111
00000000
00000000
00000000
255.0.0.0
16- bit m ask
11111111
11111111
00000000
00000000
255.255.0.0
24- bit m ask
11111111
11111111
11111111
00000000
255.255.255.0
29- bit m ask
11111111
11111111
11111111
11111000
255.255.255.248
Network Size
The size of t he net work num ber det erm ines t he m axim um num ber of possible host s you can have
on your net work. The larger t he num ber of net work num ber bit s, t he sm aller t he num ber of
rem aining host I D bit s.
An I P address wit h host I Ds of all zeros is t he I P address of t he net work ( 192.168.1.0 wit h a 24- bit
subnet m ask, for exam ple) . An I P address wit h host I Ds of all ones is t he broadcast address for t hat
net work ( 192.168.1.255 wit h a 24- bit subnet m ask, for exam ple) .
As t hese t wo I P addresses cannot be used for individual host s, calculat e t he m axim um num ber of
possible host s in a net work as follows:
Table 44 Maxim um Host Num bers
SUBNET MASK
HOST ID SIZE
MAXIMUM NUMBER OF HOSTS
24
8 bit s
255.0.0.0
24 bit s
16 bit s
255.255.0.0
16 bit s
2 16 – 2
24 bit s
29 bit s
255.255.255.0
255.255.255.24
8 bit s
3 bit s
– 2
16777214
65534
254
2 – 2
2 – 2
Notation
Since t he m ask is always a cont inuous num ber of ones beginning from t he left , followed by a
cont inuous num ber of zeros for t he rem ainder of t he 32 bit m ask, you can sim ply specify t he
num ber of ones inst ead of writ ing t he value of each oct et . This is usually specified by writ ing a “ / ”
followed by t he num ber of bit s in t he m ask aft er t he address.
For exam ple, 192.1.1.0 / 25 is equivalent t o saying 192.1.1.0 wit h subnet m ask 255.255.255.128.
NWA1121-NI User’s Guide
175
Appendix C IP Addresses and Subnetting
The following t able shows som e possible subnet m asks using bot h not at ions.
Table 45 Alt ernat ive Subnet Mask Not at ion
SUBNET MASK
ALTERNATIVE
NOTATION
LAST OCTET
(BINARY)
LAST OCTET
(DECIMAL)
255.255.255.0
/ 24
0000 0000
255.255.255.128
/ 25
1000 0000
128
255.255.255.192
/ 26
1100 0000
192
255.255.255.224
/ 27
1110 0000
224
255.255.255.240
/ 28
1111 0000
240
255.255.255.248
/ 29
1111 1000
248
255.255.255.252
/ 30
1111 1100
252
Subnetting
You can use subnet t ing t o divide one net work int o m ult iple sub- net works. I n t he following exam ple
a net work adm inist rat or creat es t wo sub- net works t o isolat e a group of servers from t he rest of t he
com pany net work for securit y reasons.
I n t his exam ple, t he com pany net work address is 192.168.1.0. The first t hree oct et s of t he address
( 192.168.1) are t he net work num ber, and t he rem aining oct et is t he host I D, allowing a m axim um
of 2 8 – 2 or 254 possible host s.
The following figure shows t he com pany net work before subnet t ing.
Figure 93 Subnet t ing Exam ple: Before Subnet t ing
You can “ borrow” one of t he host I D bit s t o divide t he net work 192.168.1.0 int o t wo separat e subnet works. The subnet m ask is now 25 bit s ( 255.255.255.128 or / 25) .
The “ borrowed” host I D bit can have a value of eit her 0 or 1, allowing t wo subnet s; 192.168.1.0 / 25
and 192.168.1.128 / 25.
176
NWA1121-NI User’s Guide
Appendix C IP Addresses and Subnetting
The following figure shows t he com pany net work aft er subnet t ing. There are now t wo subnet works, A and B.
Figure 94 Subnet t ing Exam ple: Aft er Subnet t ing
I n a 25- bit subnet t he host I D has 7 bit s, so each sub- net work has a m axim um of 2 7 – 2 or 126
possible host s ( a host I D of all zeroes is t he subnet ’s address it self, all ones is t he subnet ’s
broadcast address) .
192.168.1.0 wit h m ask 255.255.255.128 is subnet A it self, and 192.168.1.127 wit h m ask
255.255.255.128 is it s broadcast address. Therefore, t he lowest I P address t hat can be assigned t o
an act ual host for subnet A is 192.168.1.1 and t he highest is 192.168.1.126.
Sim ilarly, t he host I D range for subnet B is 192.168.1.129 t o 192.168.1.254.
Example: Four Subnets
The previous exam ple illust rat ed using a 25- bit subnet m ask t o divide a 24- bit address int o t wo
subnet s. Sim ilarly, t o divide a 24- bit address int o four subnet s, you need t o “ borrow” t wo host I D
bit s t o give four possible com binat ions ( 00, 01, 10 and 11) . The subnet m ask is 26 bit s
( 11111111.11111111.11111111.1 1 000000) or 255.255.255.192.
Each subnet cont ains 6 host I D bit s, giving 2 6 - 2 or 62 host s for each subnet ( a host I D of all
zeroes is t he subnet it self, all ones is t he subnet ’s broadcast address) .
Table 46 Subnet 1
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
I P Address ( Decim al)
192.168.1.
I P Address ( Binary)
11000000.10101000.00000001.
0 0 000000
Subnet Mask ( Binary)
11111111.11111111.11111111.
1 1 000000
NWA1121-NI User’s Guide
177
Appendix C IP Addresses and Subnetting
Table 46 Subnet 1 ( cont inued)
IP/SUBNET MASK
NETWORK NUMBER
Subnet Address:
192.168.1.0
Lowest Host I D: 192.168.1.1
Broadcast Address:
192.168.1.63
Highest Host I D: 192.168.1.62
LAST OCTET BIT
VALUE
Table 47 Subnet 2
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
I P Address
192.168.1.
64
I P Address ( Binary)
11000000.10101000.00000001.
0 1 000000
Subnet Mask ( Binary)
11111111.11111111.11111111.
1 1 000000
Subnet Address:
192.168.1.64
Lowest Host I D: 192.168.1.65
Broadcast Address:
192.168.1.127
Highest Host I D: 192.168.1.126
Table 48 Subnet 3
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
I P Address
192.168.1.
128
I P Address ( Binary)
11000000.10101000.00000001.
1 0 000000
Subnet Mask ( Binary)
11111111.11111111.11111111.
1 1 000000
Subnet Address:
192.168.1.128
Lowest Host I D: 192.168.1.129
Broadcast Address:
192.168.1.191
Highest Host I D: 192.168.1.190
Table 49 Subnet 4
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
I P Address
192.168.1.
192
I P Address ( Binary)
11000000.10101000.00000001.
1 1 000000
Subnet Mask ( Binary)
11111111.11111111.11111111.
1 1 000000
Subnet Address:
192.168.1.192
Lowest Host I D: 192.168.1.193
Broadcast Address:
192.168.1.255
Highest Host I D: 192.168.1.254
Example: Eight Subnets
Sim ilarly, use a 27- bit m ask t o creat e eight subnet s ( 000, 001, 010, 011, 100, 101, 110 and 111) .
178
NWA1121-NI User’s Guide
Appendix C IP Addresses and Subnetting
The following t able shows I P address last oct et values for each subnet .
Table 50 Eight Subnet s
SUBNET
SUBNET
ADDRESS
FIRST ADDRESS
LAST
ADDRESS
BROADCAST
ADDRESS
30
31
32
33
62
63
64
65
94
95
96
97
126
127
128
129
158
159
160
161
190
191
192
193
222
223
224
225
254
255
Subnet Planning
The following t able is a sum m ary for subnet planning on a net work wit h a 24- bit net work num ber.
Table 51 24- bit Net work Num ber Subnet Planning
NO. “BORROWED”
HOST BITS
SUBNET MASK
NO. SUBNETS
NO. HOSTS PER
SUBNET
255.255.255.128 ( / 25)
126
255.255.255.192 ( / 26)
62
255.255.255.224 ( / 27)
30
255.255.255.240 ( / 28)
16
14
255.255.255.248 ( / 29)
32
255.255.255.252 ( / 30)
64
255.255.255.254 ( / 31)
128
The following t able is a sum m ary for subnet planning on a net work wit h a 16- bit net work num ber.
Table 52 16- bit Net work Num ber Subnet Planning
NO. “BORROWED”
HOST BITS
SUBNET MASK
NO. SUBNETS
NO. HOSTS PER
SUBNET
255.255.128.0 ( / 17)
32766
255.255.192.0 ( / 18)
16382
255.255.224.0 ( / 19)
8190
255.255.240.0 ( / 20)
16
4094
255.255.248.0 ( / 21)
32
2046
255.255.252.0 ( / 22)
64
1022
255.255.254.0 ( / 23)
128
510
255.255.255.0 ( / 24)
256
254
255.255.255.128 ( / 25)
512
126
10
255.255.255.192 ( / 26)
1024
62
11
255.255.255.224 ( / 27)
2048
30
12
255.255.255.240 ( / 28)
4096
14
NWA1121-NI User’s Guide
179
Appendix C IP Addresses and Subnetting
Table 52 16- bit Net work Num ber Subnet Planning ( cont inued)
NO. “BORROWED”
HOST BITS
SUBNET MASK
NO. SUBNETS
NO. HOSTS PER
SUBNET
13
255.255.255.248 ( / 29)
8192
14
255.255.255.252 ( / 30)
16384
15
255.255.255.254 ( / 31)
32768
Configuring IP Addresses
Where you obt ain your net work num ber depends on your part icular sit uat ion. I f t he I SP or your
net work adm inist rat or assigns you a block of regist ered I P addresses, follow t heir inst ruct ions in
select ing t he I P addresses and t he subnet m ask.
I f t he I SP did not explicit ly give you an I P net work num ber, t hen m ost likely you have a single user
account and t he I SP will assign you a dynam ic I P address when t he connect ion is est ablished. I f t his
is t he case, it is recom m ended t hat you select a net work num ber from 192.168.0.0 t o
192.168.255.0. The I nt ernet Assigned Num ber Aut horit y ( I ANA) reserved t his block of addresses
specifically for privat e use; please do not use any ot her num ber unless you are t old ot herwise. You
m ust also enable Net work Address Translat ion ( NAT) on t he NWA1121- NI .
Once you have decided on t he net work num ber, pick an I P address for your NWA1121- NI t hat is
easy t o rem em ber ( for inst ance, 192.168.1.1) but m ake sure t hat no ot her device on your net work
is using t hat I P address.
The subnet m ask specifies t he net work num ber port ion of an I P address. Your NWA1121- NI will
com put e t he subnet m ask aut om at ically based on t he I P address t hat you ent ered. You don't need
t o change t he subnet m ask com put ed by t he NWA1121- NI unless you are inst ruct ed t o do
ot herwise.
Private IP Addresses
Every m achine on t he I nt ernet m ust have a unique address. I f your net works are isolat ed from t he
I nt ernet ( running only bet ween t wo branch offices, for exam ple) you can assign any I P addresses t o
t he host s wit hout problem s. However, t he I nt ernet Assigned Num bers Aut horit y ( I ANA) has
reserved t he following t hree blocks of I P addresses specifically for privat e net works:
• 10.0.0.0
• 172.16.0.0
— 10.255.255.255
— 172.31.255.255
• 192.168.0.0 — 192.168.255.255
You can obt ain your I P address from t he I ANA, from an I SP, or it can be assigned from a privat e
net work. I f you belong t o a sm all organizat ion and your I nt ernet access is t hrough an I SP, t he I SP
can provide you wit h t he I nt ernet addresses for your local net works. On t he ot her hand, if you are
part of a m uch larger organizat ion, you should consult your net work adm inist rat or for t he
appropriat e I P addresses.
Regardless of your part icular sit uat ion, do not creat e an arbit rary I P address; always follow t he
guidelines above. For m ore inform at ion on address assignm ent , please refer t o RFC 1597, Address
Allocat ion for Privat e I nt ernet s and RFC 1466, Guidelines for Managem ent of I P Address Space.
180
NWA1121-NI User’s Guide
A PPENDIX
Wireless LANs
Wireless LAN Topologies
This sect ion discusses ad- hoc and infrast ruct ure wireless LAN t opologies.
Ad-hoc Wireless LAN Configuration
The sim plest WLAN configurat ion is an independent ( Ad- hoc) WLAN t hat connect s a set of
com put ers wit h wireless adapt ers ( A, B, C) . Any t im e t wo or m ore wireless adapt ers are wit hin
range of each ot her, t hey can set up an independent net work, which is com m only referred t o as an
ad- hoc net work or I ndependent Basic Service Set ( I BSS) . The following diagram shows an exam ple
of not ebook com put ers using wireless adapt ers t o form an ad- hoc wireless LAN.
Figure 95 Peer- t o- Peer Com m unicat ion in an Ad- hoc Net work
BSS
A Basic Service Set ( BSS) exist s when all com m unicat ions bet ween wireless client s or bet ween a
wireless client and a wired net work client go t hrough one access point ( AP) .
I nt ra- BSS t raffic is t raffic bet ween wireless client s in t he BSS. When I nt ra- BSS is enabled, wireless
client A and B can access t he wired net work and com m unicat e wit h each ot her. When I nt ra- BSS is
NWA1121-NI User’s Guide
181
Appendix D Wireless LANs
disabled, wireless client A and B can st ill access t he wired net work but cannot com m unicat e wit h
each ot her.
Figure 96 Basic Service Set
ESS
An Ext ended Service Set ( ESS) consist s of a series of overlapping BSSs, each cont aining an access
point , wit h each access point connect ed t oget her by a wired net work. This wired connect ion
bet ween APs is called a Dist ribut ion Syst em ( DS) .
This t ype of wireless LAN t opology is called an I nfrast ruct ure WLAN. The Access Point s not only
provide com m unicat ion wit h t he wired net work but also m ediat e wireless net work t raffic in t he
im m ediat e neighborhood.
182
NWA1121-NI User’s Guide
Appendix D Wireless LANs
An ESSI D ( ESS I Dent ificat ion) uniquely ident ifies each ESS. All access point s and t heir associat ed
wireless client s wit hin t he sam e ESS m ust have t he sam e ESSI D in order t o com m unicat e.
Figure 97 I nfrast ruct ure WLAN
Channel
A channel is t he radio frequency( ies) used by wireless devices t o t ransm it and receive dat a.
Channels available depend on your geographical area. You m ay have a choice of channels ( for your
region) so you should use a channel different from an adj acent AP ( access point ) t o reduce
int erference. I nt erference occurs when radio signals from different access point s overlap causing
int erference and degrading perform ance.
Adj acent channels part ially overlap however. To avoid int erference due t o overlap, your AP should
be on a channel at least five channels away from a channel t hat an adj acent AP is using. For
exam ple, if your region has 11 channels and an adj acent AP is using channel 1, t hen you need t o
select a channel bet ween 6 or 11.
RTS/CTS
A hidden node occurs when t wo st at ions are wit hin range of t he sam e access point , but are not
wit hin range of each ot her. The following figure illust rat es a hidden node. Bot h st at ions ( STA) are
wit hin range of t he access point ( AP) or wireless gat eway, but out- of- range of each ot her, so t hey
NWA1121-NI User’s Guide
183
Appendix D Wireless LANs
cannot " hear" each ot her, t hat is t hey do not know if t he channel is current ly being used. Therefore,
t hey are considered hidden from each ot her.
Figure 98
RTS/ CTS
When st at ion A sends dat a t o t he AP, it m ight not know t hat t he st at ion B is already using t he
channel. I f t hese t wo st at ions send dat a at t he sam e t im e, collisions m ay occur when bot h set s of
dat a arrive at t he AP at t he sam e t im e, result ing in a loss of m essages for bot h st at ions.
RTS/ CTS is designed t o prevent collisions due t o hidden nodes. An RTS/ CTS defines t he biggest
size dat a fram e you can send before an RTS ( Request To Send) / CTS ( Clear t o Send) handshake is
invoked.
When a dat a fram e exceeds t he RTS/ CTS value you set ( bet ween 0 t o 2432 byt es) , t he st at ion
t hat want s t o t ransm it t his fram e m ust first send an RTS ( Request To Send) m essage t o t he AP for
perm ission t o send it . The AP t hen responds wit h a CTS ( Clear t o Send) m essage t o all ot her
st at ions wit hin it s range t o not ify t hem t o defer t heir t ransm ission. I t also reserves and confirm s
wit h t he request ing st at ion t he t im e fram e for t he request ed t ransm ission.
St at ions can send fram es sm aller t han t he specified RTS/ CTS direct ly t o t he AP wit hout t he RTS
( Request To Send) / CTS ( Clear t o Send) handshake.
You should only configure RTS/ CTS if t he possibilit y of hidden nodes exist s on your net work and
t he " cost " of resending large fram es is m ore t han t he ext ra net work overhead involved in t he RTS
( Request To Send) / CTS ( Clear t o Send) handshake.
I f t he RTS/ CTS value is great er t han t he Fr a gm e nt a t ion Thr e sh old value ( see next ) , t hen t he
RTS ( Request To Send) / CTS ( Clear t o Send) handshake will never occur as dat a fram es will be
fragm ent ed before t hey reach RTS/ CTS size.
Not e: Enabling t he RTS Threshold causes redundant net w ork overhead t hat could
negat ively affect t he t hroughput perfor m ance inst ead of pr oviding a rem edy.
Fragmentation Threshold
A Fr a gm e nt a t ion Thr e sh old is t he m axim um dat a fragm ent size ( bet ween 256 and 2432 byt es)
t hat can be sent in t he wireless net work before t he AP will fragm ent t he packet int o sm aller dat a
fram es.
A large Fr a gm e n t a t ion Th r e sh old is recom m ended for net works not prone t o int erference while
you should set a sm aller t hreshold for busy net works or net works t hat are prone t o int erference.
184
NWA1121-NI User’s Guide
Appendix D Wireless LANs
I f t he Fr a gm e nt a t ion Thr e shold value is sm aller t han t he RTS/ CTS value ( see previously) you
set t hen t he RTS ( Request To Send) / CTS ( Clear t o Send) handshake will never occur as dat a fram es
will be fragm ent ed before t hey reach RTS/ CTS size.
Preamble Type
Pream ble is used t o signal t hat dat a is com ing t o t he receiver. Short and long refer t o t he lengt h of
t he synchronizat ion field in a packet .
Short pream ble increases perform ance as less t im e sending pream ble m eans m ore t im e for sending
dat a. All I EEE 802.11 com pliant wireless adapt ers support long pream ble, but not all support short
pream ble.
Use long pream ble if you are unsure what pream ble m ode ot her wireless devices on t he net work
support , and t o provide m ore reliable com m unicat ions in busy wireless net works.
Use short pream ble if you are sure all wireless devices on t he net work support it , and t o provide
m ore efficient com m unicat ions.
Use t he dynam ic set t ing t o aut om at ically use short pream ble when all wireless devices on t he
net work support it , ot herwise t he NWA1121- NI uses long pream ble.
Not e: The wireless devices MUST use t he sam e pream ble m ode in order t o com m unicat e.
IEEE 802.11g Wireless LAN
I EEE 802.11g is fully com pat ible wit h t he I EEE 802.11b st andard. This m eans an I EEE 802.11b
adapt er can int erface direct ly wit h an I EEE 802.11g access point ( and vice versa) at 11 Mbps or
lower depending on range. I EEE 802.11g has several int erm ediat e rat e st eps bet ween t he
m axim um and m inim um dat a rat es. The I EEE 802.11g dat a rat e and m odulat ion are as follows:
Table 53 I EEE 802.11g
DATA RATE (MBPS)
MODULATION
DBPSK ( Different ial Binary Phase Shift Keyed)
DQPSK ( Different ial Quadrat ure Phase Shift Keying)
5.5 / 11
CCK ( Com plem ent ary Code Keying)
6/ 9/ 12/ 18/ 24/ 36/ 48/
54
OFDM ( Ort hogonal Frequency Division Mult iplexing)
Wireless Security Overview
Wireless securit y is vit al t o your net work t o prot ect wireless com m unicat ion bet ween wireless
client s, access point s and t he wired net work.
Wireless securit y m et hods available on t he NWA1121- NI are dat a encrypt ion, wireless client
aut hent icat ion, rest rict ing access by device MAC address and hiding t he NWA1121- NI ident it y.
NWA1121-NI User’s Guide
185
Appendix D Wireless LANs
The following figure shows t he relat ive effect iveness of t hese wireless securit y m et hods available on
your NWA1121- NI .
Table 54 Wireless Securit y Levels
SECURITY
LEVEL
Least
Secure
SECURITY TYPE
Unique SSI D ( Default )
Unique SSI D wit h Hide SSI D Enabled
MAC Address Filt ering
WEP Encrypt ion
I EEE802.1x EAP wit h RADI US Server Aut hent icat ion
Wi- Fi Prot ect ed Access ( WPA)
WPA2
Most Secure
Not e: You m ust enable t he sam e wireless securit y set t ings on t he NWA1121- NI and on all
wireless client s t hat you want t o associat e wit h it .
IEEE 802.1x
I n June 2001, t he I EEE 802.1x st andard was designed t o ext end t he feat ures of I EEE 802.11 t o
support ext ended aut hent icat ion as well as providing addit ional account ing and cont rol feat ures. I t
is support ed by Windows XP and a num ber of net work devices. Som e advant ages of I EEE 802.1x
are:
• User based ident ificat ion t hat allows for roam ing.
• Support for RADI US ( Rem ot e Aut hent icat ion Dial I n User Service, RFC 2138, 2139) for
cent ralized user profile and account ing m anagem ent on a net work RADI US server.
• Support for EAP ( Ext ensible Aut hent icat ion Prot ocol, RFC 2486) t hat allows addit ional
aut hent icat ion m et hods t o be deployed wit h no changes t o t he access point or t he wireless
client s.
RADIUS
RADI US is based on a client- server m odel t hat support s aut hent icat ion, aut horizat ion and
account ing. The access point is t he client and t he server is t he RADI US server. The RADI US server
handles t he following t asks:
• Aut hent icat ion
Det erm ines t he ident it y of t he users.
• Aut horizat ion
Det erm ines t he net work services available t o aut hent icat ed users once t hey are connect ed t o t he
net work.
• Account ing
Keeps t rack of t he client ’s net work act ivit y.
186
NWA1121-NI User’s Guide
Appendix D Wireless LANs
RADI US is a sim ple package exchange in which your AP act s as a m essage relay bet ween t he
wireless client and t he net work RADI US server.
Types of RADIUS Messages
The following t ypes of RADI US m essages are exchanged bet ween t he access point and t he RADI US
server for user aut hent icat ion:
• Access- Request
Sent by an access point request ing aut hent icat ion.
• Access- Rej ect
Sent by a RADI US server rej ect ing access.
• Access-Accept
Sent by a RADI US server allowing access.
• Access- Challenge
Sent by a RADI US server request ing m ore inform at ion in order t o allow access. The access point
sends a proper response from t he user and t hen sends anot her Access- Request m essage.
The following t ypes of RADI US m essages are exchanged bet ween t he access point and t he RADI US
server for user account ing:
• Account ing- Request
Sent by t he access point request ing account ing.
• Account ing- Response
Sent by t he RADI US server t o indicat e t hat it has st art ed or st opped account ing.
I n order t o ensure net work securit y, t he access point and t he RADI US server use a shared secret
key, which is a password, t hey bot h know. The key is not sent over t he net work. I n addit ion t o t he
shared key, password inform at ion exchanged is also encrypt ed t o prot ect t he net work from
unaut horized access.
Types of EAP Authentication
This sect ion discusses som e popular aut hent icat ion t ypes: EAP- MD5, EAP-TLS, EAP-TTLS, PEAP and
LEAP. Your wireless LAN device m ay not support all aut hent icat ion t ypes.
EAP ( Ext ensible Aut hent icat ion Prot ocol) is an aut hent icat ion prot ocol t hat runs on t op of t he I EEE
802.1x t ransport m echanism in order t o support m ult iple t ypes of user aut hent icat ion. By using EAP
t o int eract wit h an EAP- com pat ible RADI US server, an access point helps a wireless st at ion and a
RADI US server perform aut hent icat ion.
The t ype of aut hent icat ion you use depends on t he RADI US server and an int erm ediary AP( s) t hat
support s I EEE 802.1x. .
For EAP-TLS aut hent icat ion t ype, you m ust first have a wired connect ion t o t he net work and obt ain
t he cert ificat e( s) from a cert ificat e aut horit y ( CA) . A cert ificat e ( also called digit al I Ds) can be used
t o aut hent icat e users and a CA issues cert ificat es and guarant ees t he ident it y of each cert ificat e
owner.
NWA1121-NI User’s Guide
187
Appendix D Wireless LANs
EAP-MD5 (Message-Digest Algorithm 5)
MD5 aut hent icat ion is t he sim plest one- way aut hent icat ion m et hod. The aut hent icat ion server
sends a challenge t o t he wireless client . The wireless client ‘proves’ t hat it knows t he password by
encrypt ing t he password wit h t he challenge and sends back t he inform at ion. Password is not sent in
plain t ext .
However, MD5 aut hent icat ion has som e weaknesses. Since t he aut hent icat ion server needs t o get
t he plaint ext passwords, t he passwords m ust be st ored. Thus som eone ot her t han t he
aut hent icat ion server m ay access t he password file. I n addit ion, it is possible t o im personat e an
aut hent icat ion server as MD5 aut hent icat ion m et hod does not perform m ut ual aut hent icat ion.
Finally, MD5 aut hent icat ion m et hod does not support dat a encrypt ion wit h dynam ic session key. You
m ust configure WEP encrypt ion keys for dat a encrypt ion.
EAP-TLS (Transport Layer Security)
Wit h EAP-TLS, digit al cert ificat ions are needed by bot h t he server and t he wireless client s for
m ut ual aut hent icat ion. The server present s a cert ificat e t o t he client . Aft er validat ing t he ident it y of
t he server, t he client sends a different cert ificat e t o t he server. The exchange of cert ificat es is done
in t he open before a secured t unnel is creat ed. This m akes user ident it y vulnerable t o passive
at t acks. A digit al cert ificat e is an elect ronic I D card t hat aut hent icat es t he sender ’s ident it y.
However, t o im plem ent EAP-TLS, you need a Cert ificat e Aut horit y ( CA) t o handle cert ificat es, which
im poses a m anagem ent overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an ext ension of t he EAP-TLS aut hent icat ion t hat uses cert ificat es for only t he serverside aut hent icat ions t o est ablish a secure connect ion. Client aut hent icat ion is t hen done by sending
usernam e and password t hrough t he secure connect ion, t hus client ident it y is prot ect ed. For client
aut hent icat ion, EAP-TTLS support s EAP m et hods and legacy aut hent icat ion m et hods such as PAP,
CHAP, MS- CHAP and MS- CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server- side cert ificat e aut hent icat ion is used t o est ablish a secure connect ion, t hen
use sim ple usernam e and password m et hods t hrough t he secured connect ion t o aut hent icat e t he
client s, t hus hiding client ident it y. However, PEAP only support s EAP m et hods, such as EAP- MD5,
EAP- MSCHAPv2 and EAP- GTC ( EAP- Generic Token Card) , for client aut hent icat ion. EAP- GTC is
im plem ent ed only by Cisco.
LEAP
LEAP ( Light weight Ext ensible Aut hent icat ion Prot ocol) is a Cisco im plem ent at ion of I EEE 802.1x.
Dynamic WEP Key Exchange
The AP m aps a unique key t hat is generat ed wit h t he RADI US server. This key expires when t he
wireless connect ion t im es out , disconnect s or reaut hent icat ion t im es out . A new WEP key is
generat ed each t im e reaut hent icat ion is perform ed.
188
NWA1121-NI User’s Guide
Appendix D Wireless LANs
I f t his feat ure is enabled, it is not necessary t o configure a default encrypt ion key in t he wireless
securit y configurat ion screen. You m ay st ill configure and st ore keys, but t hey will not be used while
dynam ic WEP is enabled.
Not e: EAP- MD5 cannot be used wit h Dynam ic WEP Key Exchange
For added securit y, cert ificat e- based aut hent icat ions ( EAP-TLS, EAP-TTLS and PEAP) use dynam ic
keys for dat a encrypt ion. They are oft en deployed in corporat e environm ent s, but for public
deploym ent , a sim ple user nam e and password pair is m ore pract ical. The following t able is a
com parison of t he feat ures of aut hent icat ion t ypes.
Table 55 Com parison of EAP Aut hent icat ion Types
EAP-MD5
EAP-TLS
EAP-TTLS
PEAP
LEAP
Mut ual Aut hent icat ion
No
Yes
Yes
Yes
Yes
Cert ificat e – Client
No
Yes
Opt ional
Opt ional
No
Cert ificat e – Server
No
Yes
Yes
Yes
No
Dynam ic Key Exchange
No
Yes
Yes
Yes
Yes
Credent ial I nt egrit y
None
St rong
St rong
St rong
Moderat e
Deploym ent Difficult y
Easy
Hard
Moderat e
Moderat e
Moderat e
Client I dent it y Prot ect ion
No
No
Yes
Yes
No
WPA and WPA2
Wi- Fi Prot ect ed Access ( WPA) is a subset of t he I EEE 802.11i st andard. WPA2 ( I EEE 802.11i) is a
wireless securit y st andard t hat defines st ronger encrypt ion, aut hent icat ion and key m anagem ent
t han WPA.
Key differences bet ween WPA or WPA2 and WEP are im proved dat a encrypt ion and user
aut hent icat ion.
I f bot h an AP and t he wireless client s support WPA2 and you have an ext ernal RADI US server, use
WPA2 for st ronger dat a encrypt ion. I f you don't have an ext ernal RADI US server, you should use
WPA2- PSK ( WPA2- Pre- Shared Key) t hat only requires a single ( ident ical) password ent ered int o
each access point , wireless gat eway and wireless client . As long as t he passwords m at ch, a wireless
client will be grant ed access t o a WLAN.
I f t he AP or t he wireless client s do not support WPA2, j ust use WPA or WPA- PSK depending on
whet her you have an ext ernal RADI US server or not .
Select WEP only when t he AP and/ or wireless client s do not support WPA or WPA2. WEP is less
secure t han WPA or WPA2.
Encryption
WPA im proves dat a encrypt ion by using Tem poral Key I nt egrit y Prot ocol ( TKI P) , Message I nt egrit y
Check ( MI C) and I EEE 802.1x. WPA2 also uses TKI P when required for com pat ibilit y reasons, but
offers st ronger encrypt ion t han TKI P wit h Advanced Encrypt ion St andard ( AES) in t he Count er
m ode wit h Cipher block chaining Message aut hent icat ion code Prot ocol ( CCMP) .
TKI P uses 128- bit keys t hat are dynam ically generat ed and dist ribut ed by t he aut hent icat ion server.
AES ( Advanced Encrypt ion St andard) is a block cipher t hat uses a 256- bit m at hem at ical algorit hm
NWA1121-NI User’s Guide
189
Appendix D Wireless LANs
called Rij ndael. They bot h include a per- packet key m ixing funct ion, a Message I nt egrit y Check
( MI C) nam ed Michael, an ext ended init ializat ion vect or ( I V) wit h sequencing rules, and a re- keying
m echanism .
WPA and WPA2 regularly change and rot at e t he encrypt ion keys so t hat t he sam e encrypt ion key is
never used t wice.
The RADI US server dist ribut es a Pairwise Mast er Key ( PMK) key t o t he AP t hat t hen set s up a key
hierarchy and m anagem ent syst em , using t he PMK t o dynam ically generat e unique dat a encrypt ion
keys t o encrypt every dat a packet t hat is wirelessly com m unicat ed bet ween t he AP and t he wireless
client s. This all happens in t he background aut om at ically.
The Message I nt egrit y Check ( MI C) is designed t o prevent an at t acker from capt uring dat a packet s,
alt ering t hem and resending t hem . The MI C provides a st rong m at hem at ical funct ion in which t he
receiver and t he t ransm it t er each com put e and t hen com pare t he MI C. I f t hey do not m at ch, it is
assum ed t hat t he dat a has been t am pered wit h and t he packet is dropped.
By generat ing unique dat a encrypt ion keys for every dat a packet and by creat ing an int egrit y
checking m echanism ( MI C) , wit h TKI P and AES it is m ore difficult t o decrypt dat a on a Wi- Fi
net work t han WEP and difficult for an int ruder t o break int o t he net work.
The encrypt ion m echanism s used for WPA( 2) and WPA( 2) - PSK are t he sam e. The only difference
bet ween t he t wo is t hat WPA( 2) - PSK uses a sim ple com m on password, inst ead of user- specific
credent ials. The com m on- password approach m akes WPA( 2) - PSK suscept ible t o brut e- force
password- guessing at t acks but it ’s st ill an im provem ent over WEP as it em ploys a consist ent ,
single, alphanum eric password t o derive a PMK which is used t o generat e unique t em poral
encrypt ion keys. This prevent all wireless devices sharing t he sam e encrypt ion keys. ( a weakness of
WEP)
User Authentication
WPA and WPA2 apply I EEE 802.1x and Ext ensible Aut hent icat ion Prot ocol ( EAP) t o aut hent icat e
wireless client s using an ext ernal RADI US dat abase. WPA2 reduces t he num ber of key exchange
m essages from six t o four ( CCMP 4- way handshake) and short ens t he t im e required t o connect t o a
net work. Ot her WPA2 aut hent icat ion feat ures t hat are different from WPA include key caching and
pre- aut hent icat ion. These t wo feat ures are opt ional and m ay not be support ed in all wireless
devices.
Key caching allows a wireless client t o st ore t he PMK it derived t hrough a successful aut hent icat ion
wit h an AP. The wireless client uses t he PMK when it t ries t o connect t o t he sam e AP and does not
need t o go wit h t he aut hent icat ion process again.
Pre- aut hent icat ion enables fast roam ing by allowing t he wireless client ( already connect ing t o an
AP) t o perform I EEE 802.1x aut hent icat ion wit h anot her AP before connect ing t o it .
Wireless Client WPA Supplicants
A wireless client supplicant is t he soft ware t hat runs on an operat ing syst em inst ruct ing t he wireless
client how t o use WPA. At t he t im e of writ ing, t he m ost widely available supplicant is t he WPA pat ch
for Windows XP, Funk Soft ware's Odyssey client .
The Windows XP pat ch is a free download t hat adds WPA capabilit y t o Windows XP's built- in " Zero
Configurat ion" wireless client . However, you m ust run Windows XP t o use it .
190
NWA1121-NI User’s Guide
Appendix D Wireless LANs
WPA(2) with RADIUS Application Example
To set up WPA( 2) , you need t he I P address of t he RADI US server, it s port num ber ( default is 1812) ,
and t he RADI US shared secret . A WPA( 2) applicat ion exam ple wit h an ext ernal RADI US server
looks as follows. " A" is t he RADI US server. " DS" is t he dist ribut ion syst em .
The AP passes t he wireless client 's aut hent icat ion request t o t he RADI US server.
The RADI US server t hen checks t he user's ident ificat ion against it s dat abase and grant s or denies
net work access accordingly.
A 256- bit Pairwise Mast er Key ( PMK) is derived from t he aut hent icat ion process by t he RADI US
server and t he client .
The RADI US server dist ribut es t he PMK t o t he AP. The AP t hen set s up a key hierarchy and
m anagem ent syst em , using t he PMK t o dynam ically generat e unique dat a encrypt ion keys. The
keys are used t o encrypt every dat a packet t hat is wirelessly com m unicat ed bet ween t he AP and
t he wireless client s.
Figure 99 WPA( 2) wit h RADI US Applicat ion Exam ple
WPA(2)-PSK Application Example
A WPA( 2) - PSK applicat ion looks as follows.
First ent er ident ical passwords int o t he AP and all wireless client s. The Pre- Shared Key ( PSK) m ust
consist of bet ween 8 and 63 ASCI I charact ers or 64 hexadecim al charact ers ( including spaces and
sym bols) .
The AP checks each wireless client 's password and allows it t o j oin t he net work only if t he password
m at ches.
The AP and wireless client s generat e a com m on PMK ( Pairwise Mast er Key) . The key it self is not
sent over t he net work, but is derived from t he PSK and t he SSI D.
NWA1121-NI User’s Guide
191
Appendix D Wireless LANs
The AP and wireless client s use t he TKI P or AES encrypt ion process, t he PMK and inform at ion
exchanged in a handshake t o creat e t em poral encrypt ion keys. They use t hese keys t o encrypt dat a
exchanged bet ween t hem .
Figure 100 WPA( 2) - PSK Aut hent icat ion
Security Parameters Summary
Refer t o t his t able t o see what ot her securit y param et ers you should configure for each
aut hent icat ion m et hod or key m anagem ent prot ocol t ype. MAC address filt ers are not dependent on
how you configure t hese securit y feat ures.
Table 56 Wireless Securit y Relat ional Mat rix
AUTHENTICATION
ENCRYPTIO
METHOD/ KEY
MANAGEMENT PROTOCOL N METHOD
ENTER
MANUAL KEY
IEEE 802.1X
Open
No
Disable
None
Enable wit hout Dynam ic WEP Key
Open
Shared
WEP
WEP
No
Enable wit h Dynam ic WEP Key
Yes
Enable wit hout Dynam ic WEP Key
Yes
Disable
No
Enable wit h Dynam ic WEP Key
Yes
Enable wit hout Dynam ic WEP Key
Yes
Disable
WPA
TKI P/ AES
No
Enable
WPA- PSK
TKI P/ AES
Yes
Disable
WPA2
TKI P/ AES
No
Enable
WPA2- PSK
TKI P/ AES
Yes
Disable
Antenna Overview
An ant enna couples RF signals ont o air. A t ransm it t er wit hin a wireless device sends an RF signal t o
t he ant enna, which propagat es t he signal t hrough t he air. The ant enna also operat es in reverse by
capt uring RF signals from t he air.
192
NWA1121-NI User’s Guide
Appendix D Wireless LANs
Posit ioning t he ant ennas properly increases t he range and coverage area of a wireless LAN.
Antenna Characteristics
Frequency
An ant enna in t he frequency of 2.4GHz or 5GHz is needed t o com m unicat e efficient ly in a wireless
LAN
Radiation Pattern
A radiat ion pat t ern is a diagram t hat allows you t o visualize t he shape of t he ant enna’s coverage
area.
Antenna Gain
Ant enna gain, m easured in dB ( decibel) , is t he increase in coverage wit hin t he RF beam widt h.
Higher ant enna gain im proves t he range of t he signal for bet t er com m unicat ions.
For an indoor sit e, each 1 dB increase in ant enna gain result s in a range increase of approxim at ely
2.5% . For an unobst ruct ed out door sit e, each 1dB increase in gain result s in a range increase of
approxim at ely 5% . Act ual result s m ay vary depending on t he net work environm ent .
Ant enna gain is som et im es specified in dBi, which is how m uch t he ant enna increases t he signal
power com pared t o using an isot ropic ant enna. An isot ropic ant enna is a t heoret ical perfect ant enna
t hat sends out radio signals equally well in all direct ions. dBi represent s t he t rue gain t hat t he
ant enna provides.
Types of Antennas for WLAN
There are t wo t ypes of ant ennas used for wireless LAN applicat ions.
• Om ni- direct ional ant ennas send t he RF signal out in all direct ions on a horizont al plane. The
coverage area is t orus- shaped ( like a donut ) which m akes t hese ant ennas ideal for a room
environm ent . Wit h a wide coverage area, it is possible t o m ake circular overlapping coverage
areas wit h m ult iple access point s.
• Direct ional ant ennas concent rat e t he RF signal in a beam , like a flashlight does wit h t he light
from it s bulb. The angle of t he beam det erm ines t he widt h of t he coverage pat t ern. Angles
t ypically range from 20 degrees ( very direct ional) t o 120 degrees ( less direct ional) . Direct ional
ant ennas are ideal for hallways and out door point- t o- point applicat ions.
Positioning Antennas
I n general, ant ennas should be m ount ed as high as pract ically possible and free of obst ruct ions. I n
point- t o–point applicat ion, posit ion bot h ant ennas at t he sam e height and in a direct line of sight t o
each ot her t o at t ain t he best perform ance.
For om ni- direct ional ant ennas m ount ed on a t able, desk, and so on, point t he ant enna up. For
om ni- direct ional ant ennas m ount ed on a wall or ceiling, point t he ant enna down. For a single AP
applicat ion, place om ni- direct ional ant ennas as close t o t he cent er of t he coverage area as possible.
NWA1121-NI User’s Guide
193
Appendix D Wireless LANs
For direct ional ant ennas, point t he ant enna in t he direct ion of t he desired coverage area.
194
NWA1121-NI User’s Guide
A PPENDIX
Legal Information
Copyright
Copyright © 2012 by ZyXEL Com m unicat ions Corporat ion.
The cont ent s of t his publicat ion m ay not be reproduced in any part or as a whole, t ranscribed,
st ored in a ret rieval syst em , t ranslat ed int o any language, or t ransm it t ed in any form or by any
m eans, elect ronic, m echanical, m agnet ic, opt ical, chem ical, phot ocopying, m anual, or ot herwise,
wit hout t he prior writ t en perm ission of ZyXEL Com m unicat ions Corporat ion.
Published by ZyXEL Com m unicat ions Corporat ion. All right s reserved.
Disclaimers
ZyXEL does not assum e any liabilit y arising out of t he applicat ion or use of any product s, or
soft ware described herein. Neit her does it convey any license under it s pat ent right s nor t he pat ent
right s of ot hers. ZyXEL furt her reserves t he right t o m ake changes in any product s described herein
wit hout not ice. This publicat ion is subj ect t o change wit hout not ice.
Your use of t he NWA1121- NI is subj ect t o t he t erm s and condit ions of any relat ed service providers.
Use wit h product s t hat have NAT, and/ or 3G.
Do not use t he NWA1121- NI for illegal purposes. I llegal downloading or sharing of files can result in
severe civil and crim inal penalt ies. You are subj ect t o t he rest rict ions of copyright laws and any
ot her applicable laws, and will bear t he consequences of any infringem ent s t hereof. ZyXEL bears
NO responsibilit y or liabilit y for your use of t he download service feat ure. Use for product s t hat
have a download service.
Make sure all dat a and program s on t he NWA1121- NI are also st ored elsewhere. ZyXEL is not
responsible for any loss of or dam age t o any dat a, program s, or st orage m edia result ing from t he
use, m isuse, or disuse of t his or any ot her ZyXEL product . Use for st orage/ backup devices.
Trademarks
Tradem arks m ent ioned in t his publicat ion are used for ident ificat ion purposes only and m ay be
propert ies of t heir respect ive owners.
Certifications
Federal Communications Commission (FCC) Interference Statement
The device com plies wit h Part 15 of FCC rules. Operat ion is subj ect t o t he following t wo condit ions:
• This device m ay not cause harm ful int erference.
NWA1121-NI User’s Guide
195
Appendix E Legal Information
• This device m ust accept any int erference received, including int erference t hat m ay cause
undesired operat ions.
This device has been t est ed and found t o com ply wit h t he lim it s for a Class B digit al device pursuant
t o Part 15 of t he FCC Rules. These lim it s are designed t o provide reasonable prot ect ion against
harm ful int erference in a resident ial inst allat ion. This device generat es, uses, and can radiat e radio
frequency energy, and if not inst alled and used in accordance wit h t he inst ruct ions, m ay cause
harm ful int erference t o radio com m unicat ions. However, t here is no guarant ee t hat int erference will
not occur in a part icular inst allat ion.
I f t his device does cause harm ful int erference t o radio/ t elevision recept ion, which can be
det erm ined by t urning t he device off and on, t he user is encouraged t o t ry t o correct t he
int erference by one or m ore of t he following m easures:
Reorient or relocat e t he receiving ant enna.
I ncrease t he separat ion bet ween t he equipm ent and t he receiver.
Connect t he equipm ent int o an out let on a circuit different from t hat t o which t he receiver is
connect ed.
Consult t he dealer or an experienced radio/ TV t echnician for help.
FCC Caut ion: Any changes or m odificat ions not expressly approved by t he part y responsible for
com pliance could void t he user's aut horit y t o operat e t his equipm ent .
FCC Radiation Exposure Statement
• This t ransm it t er m ust not be co- locat ed or operat ing in conj unct ion wit h any ot her ant enna or
t ransm it t er.
• I EEE 802.11b, 802.11g or 802.11n ( 20MHz) operat ion of t his product in t he U.S.A. is firm warelim it ed t o channels 1 t hrough 11. I EEE 802.11n ( 40MHz) operat ion of t his product in t he U.S.A.
is firm ware- lim it ed t o channels 3 t hrough 9.
• To com ply wit h FCC RF exposure com pliance requirem ent s, a separat ion dist ance of at least 20
cm m ust be m aint ained bet ween t he ant enna of t his device and all persons.
Industry Canada Statement (For all products)
This device com plies wit h RSS- 210 of t he I ndust ry Canada Rules. Operat ion is subj ect t o t he
following t wo condit ions:
1) t his device m ay not cause int erference and
2) t his device m ust accept any int erference, including int erference t hat m ay cause undesired
operat ion of t he device
This device has been designed t o operat e wit h an ant enna having a m axim um gain of 2dBi.
196
NWA1121-NI User’s Guide
Appendix E Legal Information
Ant enna having a higher gain is st rict ly prohibit ed per regulat ions of I ndust ry Canada. The required
ant enna im pedance is 50 ohm s.
To reduce pot ent ial radio int erference t o ot her users, t he ant enna t ype and it s gain should be so
chosen t hat t he EI RP is not m ore t han required for successful com m unicat ion.
IMPORTANT NOTE
Device for t he band 5150- 5250 MHz is only for indoor usage t o reduce pot ent ial for harm ful
int erference t o co- channel m obile sat ellit e syst em s; users should also be caut ioned t o t ake not e
t hat high- power radars are allocat ed as prim ary users ( m eaning t hey have priorit y) of t he bands
5250- 5350 MHz and 5650- 5850 MHz and t hese radars could cause int erference and/ or dam age t o
LE- LAN devices.
IC Radiation Exposure Statement
This equipm ent com plies wit h I C radiat ion exposure lim it s set fort h for an uncont rolled
environm ent . End users m ust follow t he specific operat ing inst ruct ions for sat isfying RF exposure
com pliance.
注意 !
依據 低功率電波輻射性電機管理辦法
第十二條 經型式認證合格之低功率射頻電機，非經許可，公司、商號或使用
者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。
第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信；經發現
有干擾現象時，應立即停用，並改善至無干擾時方得繼續使用。
前項合法通信，指依電信規定作業之無線電信。低功率射頻電機須忍
受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。
本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。
減少電磁波影響，請妥適使用。
Notices
Changes or m odificat ions not expressly approved by t he part y responsible for com pliance could
void t he user's aut horit y t o operat e t he equipm ent .
This device is designed for t he WLAN 2.4 GHz and/ or 5 GHz net works t hroughout t he EC region and
Swit zerland, wit h rest rict ions in France.
Ce produit est conçu pour les bandes de fréquences 2,4 GHz et / ou 5 GHz conform ém ent à la
législat ion Européenne. En France m ét ropolit aine, suivant les décisions n° 03- 908 et 03- 909 de
l’ARCEP, la puissance d’ém ission ne devra pas dépasser 10 m W ( 10 dB) dans le cadre d’une
inst allat ion WiFi en ext érieur pour les fréquences com prises ent re 2454 MHz et 2483,5 MHz.
This Class B digit al apparat us com plies wit h Canadian I CES- 003.
Cet appareil num érique de la classe B est conform e à la norm e NMB- 003 du Canada.
CLASS 1 LASER PRODUCT
APPAREI L A LASER DE CLASS 1
NWA1121-NI User’s Guide
197
Appendix E Legal Information
PRODUCT COMPLI ES WI TH 21 CFR 1040.10 AND 1040.11.
PRODUI T CONFORME SELON 21 CFR 1040.10 ET 1040.11.
Viewing Certifications
Go t o ht t p: / / www.zyxel.com .
Select your product on t he ZyXEL hom e page t o go t o t hat product 's page.
Select t he cert ificat ion you wish t o view from t his page.
ZyXEL Limited Warranty
ZyXEL warrant s t o t he original end user ( purchaser) t hat t his product is free from any defect s in
m at erial or workm anship for a specific period ( t he Warrant y Period) from t he dat e of purchase. The
Warrant y Period varies by region. Check wit h your vendor and/ or t he aut horized ZyXEL local
dist ribut or for det ails about t he Warrant y Period of t his product . During t he warrant y period, and
upon proof of purchase, should t he product have indicat ions of failure due t o fault y workm anship
and/ or m at erials, ZyXEL will, at it s discret ion, repair or replace t he defect ive product s or
com ponent s wit hout charge for eit her part s or labor, and t o what ever ext ent it shall deem
necessary t o rest ore t he product or com ponent s t o proper operat ing condit ion. Any replacem ent
will consist of a new or re- m anufact ured funct ionally equivalent product of equal or higher value,
and will be solely at t he discret ion of ZyXEL. This warrant y shall not apply if t he product has been
m odified, m isused, t am pered wit h, dam aged by an act of God, or subj ect ed t o abnorm al working
condit ions.
Note
Repair or replacem ent , as provided under t his warrant y, is t he exclusive rem edy of t he purchaser.
This warrant y is in lieu of all ot her warrant ies, express or im plied, including any im plied warrant y of
m erchant abilit y or fit ness for a part icular use or purpose. ZyXEL shall in no event be held liable for
indirect or consequent ial dam ages of any kind t o t he purchaser.
To obt ain t he services of t his warrant y, cont act your vendor. You m ay also refer t o t he warrant y
policy for t he region in which you bought t he device at ht t p: / / www.zyxel.com / web/
support _warrant y_info.php.
Registration
Regist er your product online t o receive e- m ail not ices of firm ware upgrades and inform at ion at
www.zyxel.com .
Open Source Licenses
This product cont ains in part som e free soft ware dist ribut ed under GPL license t erm s and/ or GPL
like licenses. Open source licenses are provided wit h t he firm ware package. You can download t he
lat est firm ware at www.zyxel.com . To obt ain t he source code covered under t hose Licenses, please
cont act support @zyxel.com .t w t o get it .
198
NWA1121-NI User’s Guide
Appendix E Legal Information
Regulatory Information
European Union
The following inform at ion applies if you use t he product wit hin t he European Union.
Declaration of Conformity with Regard to EU Directive 1999/5/EC (R&TTE
Directive)
Com pliance I nform at ion for 2.4GHz and 5GHz Wireless Product s Relevant t o t he EU and Ot her
Count ries Following t he EU Direct ive 1999/ 5/ EC ( R&TTE Direct ive)
[ Czech]
ZyXEL t ím t o prohlašuj e, že t ent o zařízení j e ve shodě se základním i požadavky a dalším i
příslušným i ust anovením i sm ěrnice 1999/ 5/ EC.
[ Danish]
Undert egnede ZyXEL erklærer herved, at følgende udst yr udst yr overholder de væsent lige
krav og øvrige relevant e krav i direkt iv 1999/ 5/ EF.
[ Germ an]
Hierm it erklärt ZyXEL, dass sich das Gerät Ausst at t ung in Übereinst im m ung m it den
grundlegenden Anforderungen und den übrigen einschlägigen Best im m ungen der Richt linie
1999/ 5/ EU befindet .
[ Est onian]
Käesolevaga kinnit ab ZyXEL seadm e seadm ed vast avust direkt iivi 1999/ 5/ EÜ põhinõuet ele
j a nim et at ud direkt iivist t ulenevat ele t eist ele asj akohast ele sät et ele.
English
Hereby, ZyXEL declares t hat t his equipm ent is in com pliance wit h t he essent ial
requirem ent s and ot her relevant provisions of Direct ive 1999/ 5/ EC.
[ Spanish]
Por m edio de la present e ZyXEL declara que el equipo cum ple con los requisit os esenciales
y cualesquiera ot ras disposiciones aplicables o exigibles de la Direct iva 1999/ 5/ CE.
[ Greek]
Η
Ω
Α
Α Α
Α ZyXEL Η Ω
Η
Α
ε
π ισ ός
Χ
ΦΩ
Α Α
Α
Η
ΗΓ Α
1999/ 5/ C.
[ French]
Par la présent e ZyXEL déclare que l'appareil équipem ent s est conform e aux exigences
essent ielles et aux aut res disposit ions pert inent es de la direct ive 1999/ 5/ EC.
[ I t alian]
Con la present e ZyXEL dichiara che quest o at t rezzat ura è conform e ai requisit i essenziali ed
alle alt re disposizioni pert inent i st abilit e dalla diret t iva 1999/ 5/ CE.
[ Lat vian]
Ar šo ZyXEL deklarē, ka iekārt as at bilst Direkt īvas 1999/ 5/ EK būt iskaj ām prasībām un
cit iem ar t o saist īt aj iem not eikum iem .
[ Lit huanian]
Šiuo ZyXEL deklaruoj a, kad šis įranga at it inka esm inius reikalavim us ir kit as 1999/ 5/ EB
Direkt yvos nuost at as.
[ Dut ch]
Hierbij verklaart ZyXEL dat het t oest el uit rust ing in overeenst em m ing is m et de essent iële
eisen en de andere relevant e bepalingen van richt lij n 1999/ 5/ EC.
[ Malt ese]
Hawnhekk, ZyXEL, j iddikj ara li dan t agħm ir j ikkonform a m al- ħt iġij iet essenzj ali u m a
provvedim ent i oħraj n relevant i li hem m fid- Dirret t iva 1999/ 5/ EC.
[ Hungarian]
Alulírot t , ZyXEL nyilat kozom , hogy a berendezés m egfelel a vonat kozó alapvet õ
követ elm ényeknek és az 1999/ 5/ EK irányelv egyéb elõírásainak.
[ Polish]
Niniej szym ZyXEL oświadcza, że sprzęt j est zgodny z zasadniczym i wym ogam i oraz
pozost ałym i st osownym i post anowieniam i Dyrekt ywy 1999/ 5/ EC.
[ Port uguese]
ZyXEL declara que est e equipam ent o est á conform e com os requisit os essenciais e out ras
disposições da Direct iva 1999/ 5/ EC.
[ Slovenian]
ZyXEL izj avlj a, da j e t a oprem a v skladu z bist venim i zaht evam i in ost alim i relevant nim i
določili direkt ive 1999/ 5/ EC.
[ Slovak]
ZyXEL t ým t o vyhlasuj e, že zariadenia spĺňa základné požiadavky a všet ky príslušné
ust anovenia Sm ernice 1999/ 5/ EC.
NWA1121-NI User’s Guide
199
Appendix E Legal Information
[ Finnish]
ZyXEL vakuut t aa t ät en et t ä lait t eet t yyppinen lait e on direkt iivin 1999/ 5/ EY oleellist en
vaat im ust en j a sit ä koskevien direkt iivin m uiden eht oj en m ukainen.
[ Swedish]
Härm ed int ygar ZyXEL at t denna ut rust ning st år I överensst äm m else m ed de väsent liga
egenskapskrav och övriga relevant a best äm m elser som fram går av direkt iv 1999/ 5/ EC.
[ Bulgarian]
С
я
ZyXEL
,ч
я
1999/ 5/ C.
[ I celandic]
Hér m eð lýsir, ZyXEL því yfir að þessi búnaður er í sam ræm i við grunnkröfur og önnur
viðeigandi ákvæði t ilskipunar 1999/ 5/ EC.
[ Norwegian]
Erklærer herved ZyXEL at det t e ut st yret er I sam svar m ed de grunnleggende kravene og
andre relevant e best em m elser I direkt iv 1999/ 5/ EF.
[ Rom anian]
Prin prezent a, ZyXEL declară că acest echipam ent est e în conform it at e cu cerinţele
esenţiale şi alt e prevederi relevant e ale Direct ivei 1999/ 5/ EC.
National Restrictions
This product m ay be used in all EU count ries ( and ot her count ries following t he EU direct ive 1999/
5/ EC) wit hout any lim it at ion except for t he count ries m ent ioned below:
Ce produit peut êt re ut ilisé dans t ous les pays de l’UE ( et dans t ous les pays ayant t ransposés la
direct ive 1999/ 5/ CE) sans aucune lim it at ion, except é pour les pays m ent ionnés ci- dessous:
Quest o prodot t o è ut ilizzabile in t ut t e i paesi EU ( ed in t ut t i gli alt ri paesi che seguono le diret t ive EU
1999/ 5/ EC) senza nessuna lim it azione, eccet t o per i paesii m enzionat i di seguit o:
Das Produkt kann in allen EU St aat en ohne Einschränkungen eingeset zt werden ( sowie in anderen
St aat en die der EU Direkt ive 1995/ 5/ CE folgen) m it Außnahm e der folgenden aufgeführt en
St aat en:
I n t he m aj orit y of t he EU and ot her European count ries, t he 2, 4- and 5- GHz bands have been
m ade available for t he use of wireless local area net works ( LANs) . Lat er in t his docum ent you will
find an overview of count ries inwhich addit ional rest rict ions or requirem ent s or bot h are applicable.
The requirem ent s for any count ry m ay evolve. ZyXEL recom m ends t hat you check wit h t he local
aut horit ies for t he lat est st at us of t heir nat ional regulat ions for bot h t he 2,4- and 5- GHz wireless
LANs.
The following count ries have rest rict ions and/ or requirem ent s in addit ion t o t hose given in t he t able
labeled “ Overview of Regulat ory Requirem ent s for Wireless LANs” : .
Overview of Regulat ory Requirem ent s for Wireless LANs
Frequency Band ( MHz)
Max Power Level
I ndoor ONLY
I ndoor and Out door
( EI RP) 1 ( m W)
2400- 2483.5
100
5150- 5350
200
5470- 5725
1000
Belgium
200
NWA1121-NI User’s Guide
Appendix E Legal Information
The Belgian I nst it ut e for Post al Services and Telecom m unicat ions ( BI PT) m ust be not ified of any
out door wireless link having a range exceeding 300 m et ers. Please check ht t p: / / www.bipt .be for
m ore det ails.
Draadloze verbindingen voor buit engebruik en m et een reikwij dt e van m eer dan 300 m et er dienen
aangem eld t e worden bij het Belgisch I nst it uut voor post dienst en en t elecom m unicat ie ( BI PT) . Zie
ht t p: / / www.bipt .be voor m eer gegevens.
Les liaisons sans fil pour une ut ilisat ion en ext érieur d’une dist ance supérieure à 300 m èt res
doivent êt re not ifiées à l’I nst it ut Belge des services Post aux et des Télécom m unicat ions ( I BPT) .
Visit ez ht t p: / / www.ibpt .be pour de plus am ples dét ails.
Denm ark
I n Denm ark, t he band 5150 - 5350 MHz is also allowed for out door usage.
I Danm ark m å frekvensbåndet 5150 - 5350 også anvendes udendørs.
France
For 2.4 GHz, t he out put power is rest rict ed t o 10 m W EI RP when t he product is used out doors in t he
band 2454 - 2483.5 MHz. There are no rest rict ions when used indoors or in ot her part s of t he 2.4
GHz band. Check ht t p: / / www.arcep.fr/ for m ore det ails.
Pour la bande 2.4 GHz, la puissance est lim it ée à 10 m W en p.i.r.e. pour les équipem ent s ut ilisés en
ext érieur dans la bande 2454 - 2483.5 MHz. I l n'y a pas de rest rict ions pour des ut ilisat ions en
int érieur ou dans d'aut res part ies de la bande 2.4 GHz. Consult ez ht t p: / / www.arcep.fr/ pour de plus
am ples dét ails.
R&TTE 1999/ 5/ EC
WLAN 2.4 – 2.4835 GHz
I EEE 802.11 b/ g/ n
Locat ion
Frequency Range( GHz)
Power ( EI RP)
I ndoor ( No rest rict ions)
2.4 – 2.4835
100m W ( 20dBm )
Out door
2.4 – 2.454
100m W ( 20dBm )
2.454 – 2.4835
10m W ( 10dBm )
I t aly
This product m eet s t he Nat ional Radio I nt erface and t he requirem ent s specified in t he Nat ional
Frequency Allocat ion Table for I t aly. Unless t his wireless LAN product is operat ing wit hin t he
boundaries of t he owner's propert y, it s use requires a “ general aut horizat ion.” Please check ht t p: / /
www.sviluppoeconom ico.gov.it / for m ore det ails.
Quest o prodot t o è conform e alla specifiche di I nt erfaccia Radio Nazionali e rispet t a il Piano
Nazionale di ripart izione delle frequenze in I t alia. Se non viene inst allat o all 'int erno del proprio
fondo, l'ut ilizzo di prodot t i Wireless LAN richiede una “Aut orizzazione Generale”. Consult are ht t p: / /
www.sviluppoeconom ico.gov.it / per m aggiori det t agli.
Lat via
The out door usage of t he 2.4 GHz band requires an aut horizat ion from t he Elect ronic
Com m unicat ions Office. Please check ht t p: / / www.esd.lv for m ore det ails.
NWA1121-NI User’s Guide
201
Appendix E Legal Information
2.4 GHz frekvenèu j oslas izm ant oðanai ârpus t elpâm nepiecieðam a at ïauj a no Elekt ronisko sakaru
direkcij as. Vairâk inform âcij as: ht t p: / / www.esd.lv.
Not es:
1. Alt hough Norway, Swit zerland and Liecht enst ein are not EU m em ber st at es, t he EU Direct ive
1999/ 5/ EC has also been im plem ent ed in t hose count ries.
2. The regulat ory lim it s for m axim um out put power are specified in EI RP. The EI RP level ( in dBm ) of
a device can be calculat ed by adding t he gain of t he ant enna used( specified in dBi) t o t he out put
power available at t he connect or ( specified in dBm ) .
202
NWA1121-NI User’s Guide
Index
Index
Numbers
BSS 12, 56, 181
802.1x- Only 58
802.1x- St at ic128 58
802.1x- St at ic64 58
CA 188
access privileges 12
Account ing Server 88
Cert ificat e
aut hent icat ion 104
file form at 104
Cert ificat e Aut horit y
See CA.
Alert s 116
Cert ificat es
Fingerprint 113
MD5 113
public key 104
SHA1 113
Alt ernat ive subnet m ask not at ion 176
Cert ificat ion Aut horit y 113
Ant enna 92
cert ificat ions 195
not ices 197
viewing 198
Advanced Encrypt ion St andard
See AES.
AES 189
ant enna
direct ional 193
gain 193
om ni- direct ional 193
AP ( access point ) 183
Applicat ions
Access Point 14
AP + Bridge 14
applicat ions
MBSSI D 12
Repeat er 14
Channel 56
channel 183
int erference 183
com m and int erface 15
Cont rolling net work access, Ways of 11
copyright 195
CTS ( Clear t o Send) 184
ATC 73
ATC+ WMM 73
disclaim er 195
Basic Service Set 56
see BSS
Dist ribut ion Syst em 56
DNS 97, 119
Dom ain Nam e Server ( DNS) 119
DS 56
Basic Service Set , See BSS 181
DTI M I nt erval 63, 65, 70
beacon 56
dynam ic WEP key exchange 188
Beacon I nt erval 63, 65, 70
NWA1121-NI User’s Guide
203
Index
I m port Cert ificat e 106
EAP 59
I ndependent Basic Service Set
See I BSS 181
EAP Aut hent icat ion 187
init ializat ion vect or ( I V) 190
Encrypt ion 59, 76, 80, 83, 85
I nt ernet Assigned Num bers Aut horit y
See I ANA
encrypt ion 14, 189
ESS 56, 182
Et hernet device 89
Ext ended Service Set 56
Ext ended Service Set , See ESS 182
Ext ensible Aut hent icat ion Prot ocol 59
Fact ory Default s 126
rest oring 21
FCC int erference st at em ent 195
Firm ware 120
I nt ernet Prot ocol version 6, see I Pv6
I nt ernet t elephony 12
I P Address 94
Gat eway I P address 94
I P Screen 94
DHCP 96
I Pv6 95
addressing 95
global address 95
link- local address 95
Neighbor Discovery Prot ocol 95
ping 95
prefix 95
prefix lengt h 95
Fragm ent at ion 63, 66, 68, 71
Fragm ent at ion t hreshold 91
fragm ent at ion t hreshold 184
FTP 103
rest rict ions 103
key 59, 77, 81, 83
Generic Token Card 59
LEAP 59
GTC 59
LEDs 17, 129
Blinking 17
Flashing 17
Off 17
Light weight Ext ensible Aut hent icat ion Prot ocol 59
Log 49
hidden node 183
Log Screens 115
Logs
accessing logs 115
receiving logs via e- m ail 116
I ANA 180
I BSS 181
I EEE 802.11g 185
I EEE 802.1x 57
204
Logs Screen
Mail Server 117
Mail Subj ect 117
Send Log t o 117
Syslog 118
Logs, Uses of 115
NWA1121-NI User’s Guide
Index
PFX PKCS# 12 104
Pream ble 91
MAC Filt er
Allow Associat ion 89
Deny Associat ion 89
Maint enance 119
Associat ion List 120
Backup 124
Rest ore 125
Managem ent I nform at ion Base ( MI B) 111
m anaging t he device
using Telnet . See com m and int erface.
using t he com m and int erface. See com m and
int erface.
MBSSI D 12
pream ble m ode 185
Pream ble Type 63, 66, 68, 71
Pre- Shared Key 59
priorit ies 92
product regist rat ion 198
Prot ect ed Ext ensible Aut hent icat ion Prot ocol 59
PSK 59, 190
QoS 73
Media Access Cont rol 89
Message I nt egrit y Check ( MI C) 189
m essage relay 60
Microsoft Challenge Handshake Aut hent icat ion
Prot ocol Version 2 59
MSCHAPv2 59
MSDU 63, 66, 71
NAT 180
Net work Tim e Prot ocol ( NTP) 119
NTP 119
Radio Frequency 92
RADI US 59, 186
Account ing 60
Aut hent icat ion 60
Aut horizat ion 60
m essage t ypes 187
m essages 187
shared secret key 187
RADI US Screen
Account ing Server 88
Account ing Server I P Address 88
RADI US server 58
Backup 88
Prim ary 88
Rat es Configurat ion 63, 66, 68, 71
Operat ing Mode 56
Out put Power Managem ent 63, 65, 68, 70
regist rat ion
product 198
Rem ot e Aut hent icat ion Dial I n User Service 59
rem ot e m anagem ent 16
rem ot e m anagem ent lim it at ions 102
Pairwise Mast er Key ( PMK) 190, 191
Root AP 14
Passphrase 59
Password 130
RTS ( Request To Send) 184
t hreshold 183, 184
PEAP 59
RTS/ CTS Threshold 63, 66, 68, 71, 91
Roam ing 92
Personal I nform at ion Exchange Synt ax
St andard 104
NWA1121-NI User’s Guide
205
Index
Tim e and Dat e Set up 122
Tim e Zone 122
Securit y Mode, Choosing t he 93
Securit y Modes
802.1x- St at ic64 58
I EEE 802.1x- Only 58
I EEE 802.1x- St at ic128 58
I EEE 802.1x- St at ic64 58
None 58
WEP 58
WPA 58
WPA2 58
WPA2- MI X 58
WPA2- PSK 58
syst em t im eout 104
t elnet 106
Tem poral Key I nt egrit y Prot ocol 59
Tem poral Key I nt egrit y Prot ocol ( TKI P) 189
TFTP rest rict ions 103
Thum bprint Algorit hm 114
t im eout 16
Service Set I Dent ifier 56
TKI P 59
Service Set I dent ifier
see SSI D
TLS 59
Sim ple Mail Transfer Prot ocol 116
SMTP 116, 118
SNMP
MI Bs 111
t raps 112
Spanning Tree Prot ocol 91
SSI D 12, 56
SSI D profile
pre- configured 12
SSI D profiles 12
St at us Screens 25
802.11 Mode 50
Channel I D 50
Et hernet 25
FCS Error Count
Firm ware Version
I nt erface St at us
Poll I nt erval 50
Ret ry Count 50
St at ist ics 51
syst em st at ist ics
WLAN 25
t radem arks 195
Transport Layer Securit y 59
Troubleshoot ing 129
connect ion is slow or int erm it t ent 132
DHCP 130
fact ory default s 131
firm ware 131
I nt ernet 131
LAN/ ETHERNET port 131
QoS 132
Web Configurat or 130
TTLS 59
Tunneled Transport Layer Securit y 59
Tut orial 29
50
26
27
User Aut hent icat ion 58
25
Subnet 173
Subnet Mask 94, 174
Virt ual Local Area Net work 98
subnet t ing 176
VLAN 98
int roduct ion 98
Syslog Logging 116
Syst em Screens
General 120
Password 121
Tim e
206
VoI P 12, 73
NWA1121-NI User’s Guide
Index
RTS/ CTS Threshold 91
SSI D 56
Wireless Client Mode 67
Wireless Mode 57
WMM QoS 91
warrant y 198
not e 198
WDS 14
Web Configurat or 19
password 19
WEP 58
WEP key encrypt ing 93
Wi- Fi Mult im edia QoS 92
Wi- Fi Prot ect ed Access 58, 189
Wired Equivalent Privacy 58
Wireless Client 42
wireless client WPA supplicant s 190
Wireless Dist ribut ion Syst em ( WDS) 14
Wireless Mode 57
Wireless Mode, Choosing t he
Access Point 29
Bridge 29
Wireless Client 29
Wireless Securit y 16
how t o im prove 16
Levels 58
wireless securit y 12, 185
Wireless Securit y Screen
802.1x Only 77
Access Point 77, 80
Wireless Client 78, 82
802.1x St at ic 64- bit , 802.1x St at ic 128- bit 79
WEP 76
WPA 83
Access Point 84
Wireless Client 85
WPA- PSK, WPA2- PSK, WPA2- PSK- MI X 86
Wireless Set t ings Screen 55
Access Point Mode 61
Ant enna 92
AP + Bridge Mode 67
Bridge Mode 64
BSS 56
Channel 56
ESS 56
Fragm ent at ion Threshold 91
I nt ra- BSS Traffic 91
Operat ing Mode 56
Pream ble 91
Roam ing 92
NWA1121-NI User’s Guide
WLAN
int erference 183
securit y param et ers 192
WMM 73
WMM QoS 91
WPA 58, 189
key caching 190
pre- aut hent icat ion 190
user aut hent icat ion 190
vs WPA- PSK 190
wireless client supplicant 190
wit h RADI US applicat ion exam ple 191
WPA2 58, 189
user aut hent icat ion 190
vs WPA2- PSK 190
wireless client supplicant 190
wit h RADI US applicat ion exam ple 191
WPA2- MI X 58
WPA2- Pre- Shared Key 189
WPA2- PSK 189, 190
applicat ion exam ple 191
WPA2- PSK- MI X 58
WPA- PSK 189, 190
applicat ion exam ple 191
ZyXEL Device
Et hernet param et ers 94
good habit s 16
I nt roduct ion 11
m anaging 15
reset t ing 20, 126
Securit y Feat ures 16
207
Index
208
NWA1121-NI User’s Guide

---

Source Exif Data:

File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.6
Linearized                      : Yes
Encryption                      : Standard V4.4 (128-bit)
User Access                     : Print, Copy, Extract, Print high-res
Author                          : ZT01651
Create Date                     : 2012:02:13 14:54:38Z
Modify Date                     : 2013:08:06 06:30:34-07:00
Has XFA                         : No
XMP Toolkit                     : Adobe XMP Core 4.2.1-c043 52.372728, 2009/01/18-15:08:04
Format                          : application/pdf
Title                           : Book.book
Creator                         : ZT01651
Creator Tool                    : FrameMaker 9.0
Metadata Date                   : 2013:08:06 06:30:34-07:00
Producer                        : Acrobat Distiller 9.5.0 (Windows)
Document ID                     : uuid:5e91a4e7-6a89-4bbe-ae27-c7219c1f3b1c
Instance ID                     : uuid:6a8634ca-2001-4b13-b63f-7a576738c40d
Page Mode                       : UseOutlines
Page Count                      : 206

EXIF Metadata provided by EXIF.tools