ZyXEL Communications NWA1123-NI 802.11a/b/g/n Dual-Radio PoE Access Point User Manual

Download:
Mirror Download [FCC.gov]
Document ID	2298643
Application ID	Hu8QrdEjyoZOTQVLC+pbow==
Document Description	User Manual.pdf
Short Term Confidential	No
Permanent Confidential	No
Supercede	No
Document Type	User Manual
Display Format	Adobe Acrobat PDF - pdf
Filesize	388.14kB (4851734 bits)
Date Submitted	2014-06-18 00:00:00
Date Available	2014-06-18 00:00:00
Creation Date	2017-10-22 08:53:05
Producing Software	GPL Ghostscript 9.18
Document Lastmod	2017-10-22 08:53:05
Document Title	User Manual.pdf
Document Creator	PDFTechLib by PDF Technologies, Inc. http://www.pdf-technologies.com

N W A1 1 2 0 Se r ie s
Wireless LAN Ceiling Mount able PoE Access Point
Version 1.00
Edit ion 1, 12/ 2012
Quick Start Guide
Use r ’s Gu ide
D e fa u lt Login D e t a ils
LAN I P Address
ht t p: / / 192.168.1.2
User Nam e
adm in
Passwordwww.zyxel.com
1234
Copyright © 2012 ZyXEL Com m unicat ions Corporat ion
IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.
This is a User ’s Guide for a series of product s. Not all product s support all firm ware feat ures.
Screenshot s and graphics in t his book m ay differ slight ly from your product due t o differences in
your product firm ware or your com put er operat ing syst em . Every effort has been m ade t o ensure
t hat t he inform at ion in t his m anual is accurat e.
Related Documentation
• Quick St art Guide
The Quick St art Guide shows how t o connect t he NWA and access t he Web Configurat or.
NWA1120 Series User’s Guide
Contents Overview
Contents Overview
User’s Guide .........................................................................................................................................9
Introducing the NWA ............................................................................................................................... 11
Introducing the Web Configurator ...........................................................................................................19
Dashboard ...............................................................................................................................................25
Tutorial ....................................................................................................................................................29
Technical Reference ..........................................................................................................................47
Monitor ....................................................................................................................................................49
Wireless LAN ..........................................................................................................................................55
LAN .........................................................................................................................................................91
VLAN .......................................................................................................................................................95
System ....................................................................................................................................................97
Log Settings .......................................................................................................................................... 111
Maintenance .......................................................................................................................................... 115
Troubleshooting ....................................................................................................................................123
NWA1120 Series User’s Guide
Contents Overview
NWA1120 Series User’s Guide
Table of Contents
Table of Contents
Contents Overview ..............................................................................................................................3
Table of Contents .................................................................................................................................5
Part I: User’s Guide ........................................................................................... 9
Chapter 1
Introducing the NWA .......................................................................................................................... 11
1.1 Introducing the NWA ......................................................................................................................... 11
1.1.1 Dual-Band ................................................................................................................................12
1.2 Wireless Modes .................................................................................................................................12
1.2.1 MBSSID ...................................................................................................................................12
1.2.2 Wireless Client .........................................................................................................................13
1.2.3 Root AP ...................................................................................................................................15
1.2.4 Repeater ..................................................................................................................................15
1.3 Ways to Manage the NWA ................................................................................................................16
1.4 Configuring Your NWA’s Security Features .......................................................................................17
1.4.1 Control Access to Your Device ................................................................................................17
1.4.2 Wireless Security .....................................................................................................................17
1.5 Good Habits for Managing the NWA .................................................................................................17
1.6 Hardware Connections ......................................................................................................................18
1.7 LED ...................................................................................................................................................18
Chapter 2
Introducing the Web Configurator ....................................................................................................19
2.1 Accessing the Web Configurator .......................................................................................................19
2.2 Resetting the NWA ............................................................................................................................20
2.2.1 Methods of Restoring Factory-Defaults ...................................................................................21
2.3 Navigating the Web Configurator ......................................................................................................22
2.3.1 Title Bar ...................................................................................................................................22
2.3.2 Navigation Panel .....................................................................................................................23
2.3.3 Main Window ...........................................................................................................................24
Chapter 3
Dashboard ...........................................................................................................................................25
3.1 The Dashboard Screen .....................................................................................................................25
NWA1120 Series User’s Guide
Table of Contents
Chapter 4
Tutorial .................................................................................................................................................29
4.1 How to Configure the Wireless LAN ..................................................................................................29
4.1.1 Choosing the Wireless Mode ...................................................................................................29
4.1.2 Further Reading .......................................................................................................................29
4.2 How to Configure Multiple Wireless Networks ..................................................................................29
4.2.1 Configure the SSID Profiles .....................................................................................................31
4.2.2 Configure the Standard Network .............................................................................................33
4.2.3 Configure the VoIP Network ....................................................................................................34
4.2.4 Configure the Guest Network ..................................................................................................36
4.2.5 Testing the Wireless Networks ................................................................................................38
4.3 NWA Setup in AP and Wireless Client Modes ..................................................................................38
4.3.1 Scenario ..................................................................................................................................38
4.3.2 Configuring the NWA in MBSSID or Root AP Mode ................................................................39
4.3.3 Configuring the NWA in Wireless Client Mode ........................................................................42
4.3.4 MAC Filter Setup .....................................................................................................................44
4.3.5 Testing the Connection and Troubleshooting ..........................................................................45
Part II: Technical Reference............................................................................ 47
Chapter 5
Monitor.................................................................................................................................................49
5.1 Overview ...........................................................................................................................................49
5.2 What You Can Do .............................................................................................................................49
5.3 View Logs .........................................................................................................................................49
5.4 Statistics ............................................................................................................................................50
5.5 Association List .................................................................................................................................51
5.6 Channel Usage .................................................................................................................................52
Chapter 6
Wireless LAN.......................................................................................................................................55
6.1 Overview ...........................................................................................................................................55
6.2 What You Can Do in this Chapter .....................................................................................................55
6.3 What You Need To Know ..................................................................................................................56
6.4 Wireless Settings Screen ..................................................................................................................60
6.4.1 Root AP Mode .........................................................................................................................61
6.4.2 Repeater Mode ........................................................................................................................65
6.4.3 Wireless Client Mode ...............................................................................................................68
6.4.4 MBSSID Mode .........................................................................................................................71
6.5 SSID Screen .....................................................................................................................................74
6.5.1 Configuring SSID .....................................................................................................................75
NWA1120 Series User’s Guide
Table of Contents
6.6 Wireless Security Screen ..................................................................................................................76
6.6.1 Security: WEP .........................................................................................................................78
6.6.2 Security: WPA, WPA2, WPA2-MIX ..........................................................................................79
6.6.3 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX .................................................................81
6.7 RADIUS Screen ................................................................................................................................82
6.8 Layer-2 Isolation ................................................................................................................................84
6.8.1 Layer-2 Isolation Screen ..........................................................................................................85
6.9 MAC Filter Screen .............................................................................................................................86
6.10 Technical Reference ........................................................................................................................88
6.10.1 Additional Wireless Terms .....................................................................................................89
6.10.2 WMM QoS .............................................................................................................................89
6.10.3 Security Mode Guideline .......................................................................................................90
Chapter 7
LAN ......................................................................................................................................................91
7.1 Overview ...........................................................................................................................................91
7.2 What You Can Do in this Chapter .....................................................................................................91
7.3 What You Need to Know ...................................................................................................................91
7.4 LAN IP Screen ..................................................................................................................................93
Chapter 8
VLAN ....................................................................................................................................................95
8.1 Overview ...........................................................................................................................................95
8.1.1 What You Can Do in This Chapter ...........................................................................................95
8.2 What You Need to Know ...................................................................................................................95
8.3 VLAN Screen ....................................................................................................................................96
Chapter 9
System .................................................................................................................................................97
9.1 Overview ...........................................................................................................................................97
9.2 What You Can Do in this Chapter .....................................................................................................97
9.3 What You Need To Know ..................................................................................................................98
9.4 WWW Screen ..................................................................................................................................100
9.5 Certificates Screen ..........................................................................................................................101
9.6 Telnet Screen ..................................................................................................................................102
9.7 SNMP Screen .................................................................................................................................104
9.8 FTP Screen .....................................................................................................................................106
9.9 Technical Reference ........................................................................................................................107
9.9.1 MIB ........................................................................................................................................107
9.9.2 Supported MIBs .....................................................................................................................108
9.9.3 Private-Public Certificates .....................................................................................................108
9.9.4 Certification Authorities ..........................................................................................................108
9.9.5 Checking the Fingerprint of a Certificate on Your Computer .................................................109
NWA1120 Series User’s Guide
Table of Contents
Chapter 10
Log Settings ...................................................................................................................................... 111
10.1 Overview ....................................................................................................................................... 111
10.2 What You Can Do in this Chapter ................................................................................................. 111
10.3 What You Need To Know .............................................................................................................. 112
10.4 Log Settings Screen ...................................................................................................................... 112
Chapter 11
Maintenance ...................................................................................................................................... 115
11.1 Overview ....................................................................................................................................... 115
11.2 What You Can Do in this Chapter .................................................................................................. 115
11.3 What You Need To Know ............................................................................................................... 116
11.4 General Screen ............................................................................................................................. 116
11.5 Password Screen .......................................................................................................................... 117
11.6 Time Screen .................................................................................................................................. 118
11.7 Firmware Upgrade Screen ............................................................................................................ 119
11.8 Configuration File Screen ..............................................................................................................120
11.8.1 Backup Configuration ...........................................................................................................120
11.8.2 Restore Configuration ..........................................................................................................120
11.8.3 Back to Factory Defaults ......................................................................................................121
11.9 Restart Screen ..............................................................................................................................121
Chapter 12
Troubleshooting................................................................................................................................123
12.1 Power, Hardware Connections, and LEDs ....................................................................................123
12.2 NWA Access and Login ................................................................................................................124
12.3 Internet Access .............................................................................................................................125
12.4 Wireless LAN ................................................................................................................................126
Appendix A Setting Up Your Computer’s IP Address ......................................................................129
Appendix B Pop-up Windows, JavaScript and Java Permissions ...................................................157
Appendix C IP Addresses and Subnetting.......................................................................................169
Appendix D IPv6 ..............................................................................................................................177
Appendix E Wireless LANs..............................................................................................................187
Appendix F Legal Information..........................................................................................................201
Index ..................................................................................................................................................207
NWA1120 Series User’s Guide
P ART I
User’s Guide
10
C HAPT ER
Introducing the NWA
This chapt er int roduces t he m ain applicat ions and feat ures of t he NWA. I t also discusses t he ways
you can m anage your NWA.
1.1 Introducing the NWA
This User ’s Guide covers t he following m odels: NWA1121- NI , and NWA1123- NI . Your NWA is an
I Pv6 wireless AP ( Access Point ) t hat can funct ion in several wireless m odes. I t ext ends t he range of
your exist ing wired net work wit hout addit ional wiring, providing easy net work access t o m obile
users.
Table 1 NWA Series Com parison Table
FEATURES
NWA1121-NI
NWA1123-NI
I EEE 802.11b
I EEE 802.11g
I EEE 802.11n
I EEE 802.11a
I EEE 802.11b
I EEE 802.11g
I EEE 802.11n
2.4 GHz
2.4 GHz
5 GHz
Available Securit y Modes
None
WEP
WPA
WPA2
WPA2- MI X
WPA- PSK
WPA2- PSK
WPA2- PSK- MI X
None
WEP
WPA
WPA2
WPA2- MI X
WPA- PSK
WPA2- PSK
WPA2- PSK- MI X
Num ber of SSI D Profiles
32
Yes
Yes
Support ed Wireless St andards
Support ed Frequency Bands
Layer- 2 I solat ion
The NWA cont rols net work access wit h MAC address filt ering and RADI US server aut hent icat ion. I t
also provides a high level of net work t raffic securit y, support ing I EEE 802.1x, Wi- Fi Prot ect ed
Access ( WPA) , WPA2 and WEP dat a encrypt ion. I t s Qualit y of Service ( QoS) feat ures allow you t o
priorit ize t im e- sensit ive or highly im port ant applicat ions such as VoI P.
Your NWA is easy t o inst all, configure and use. The em bedded Web- based configurat or enables
sim ple, st raight forward m anagem ent and m aint enance.
See t he Quick St art Guide for inst ruct ions on how t o m ake hardware connect ions.
NWA1120 Series User’s Guide
11
Chapter 1 Introducing the NWA
1.1.1 Dual-Band
The NWA1123- NI is a dual- band AP and able t o funct ion bot h 2.4G and 5G net works at t he sam e
t im e. You could use t he 2.4 GHz band for regular I nt ernet surfing and downloading while using t he
5 GHz band for t im e sensit ive t raffic like high- definit ion video, m usic, and gam ing.
Figure 1 Dual- Band Applicat ion
1.2 Wireless Modes
The NWA can be configured t o use t he following WLAN operat ing m odes:
OPERATING MODE
NUMBER OF
SUPPORTED SSID
UNIVERSAL
REPEATER FUNCTION
AP FUNCTION
MBSSI D
No
Yes
Client
No
No
Root AP
Yes
Yes
Repeat er
Yes
Yes
Applicat ions for each operat ing m ode are shown below.
1.2.1 MBSSID
A Basic Service Set ( BSS) is t he set of devices form ing a single wireless net work ( usually an access
point and one or m ore wireless client s) . The Service Set I Dent ifier ( SSI D) is t he nam e of a BSS. I n
Mult iple BSS ( MBSSI D) m ode, t he NWA provides m ult iple virt ual APs, each form ing it s own BSS and
using it s own individual SSI D profile.
You can configure m ult iple SSI D profiles, and have all of t hem act ive at any one t im e.
12
NWA1120 Series User’s Guide
Chapter 1 Introducing the NWA
You can assign different wireless and securit y set t ings t o each SSI D profile. This allows you t o
com part m ent alize groups of users, set varying access privileges, and priorit ize net work t raffic t o
and from cert ain BSSs.
To t he wireless client s in t he net work, each SSI D appears t o be a different access point . As in any
wireless net work, client s can associat e only wit h t he SSI Ds for which t hey have t he correct securit y
set t ings.
For exam ple, you m ight want t o set up a wireless net work in your office where I nt ernet t elephony
( VoI P) users have priorit y. You also want a regular wireless net work for st andard users, as well as a
‘guest ’ wireless net work for visit ors. I n t he following figure, VoI P_ SSI D users have QoS priorit y,
SSI D 0 1 is t he wireless net work for st andard users, and Gu e st _ SSI D is t he wireless net work for
guest users. I n t his exam ple, t he guest user is forbidden access t o t he wired Land Area Net work
( LAN) behind t he AP and can access only t he I nt ernet .
Figure 2 Mult iple BSSs
1.2.2 Wireless Client
The NWA can be used as a wireless client t o com m unicat e wit h an exist ing net work.
Not e: The NWA1123- NI is a dual- band AP which cont ains t w o different t ypes of wireless
radios t o t ransm it at 2.4 GHz and 5 GHz bands separat ely and sim ult aneously. I f
one of t he NWA1123- NI wireless radio is set t o work in client m ode, t he ot her radio
will be disabled aut om at ically.
NWA1120 Series User’s Guide
13
Chapter 1 Introducing the NWA
I n t he figure below, t he print er can receive request s from t he wired com put er client s A and B via
t he NWA in Client m ode ( Z) using only t he 2.4 GHz band.
Figure 3 Wireless Client Applicat ion
14
NWA1120 Series User’s Guide
Chapter 1 Introducing the NWA
1.2.3 Root AP
I n Root AP m ode, t he NWA ( Z) can act as t he root AP in a wireless net work and also allow repeat ers
( X and Y) t o ext end t he range of it s wireless net work at t he sam e t im e. I n t he figure below, bot h
client s A, B and C can access t he wired net work t hrough t he root AP.
Figure 4 Root AP Applicat ion
On t he NWA in Root AP m ode, you can have m ult iple SSI Ds act ive for reqular wireless connect ions
and one SSI D for t he connect ion wit h a repeat er ( universal repeat er SSI D) . Wireless client s can use
eit her SSI D t o associat e wit h t he NWA in Root AP m ode. A repeat er m ust use t he universal repeat er
SSI D t o connect t o t he NWA in Root AP m ode.
When t he NWA is in Root AP m ode, universal repeat er securit y bet ween t he NWA and ot her
repeat er is independent of t he securit y bet ween t he wireless client s and t he AP or repeat er. I f you
do not enable universal repeat er securit y, t raffic bet ween APs is not encrypt ed. When universal
repeat er securit y is enabled, bot h APs and repeat ers m ust use t he sam e pre- shared key. See
Sect ion 6.6 on page 76 for m ore det ails.
Unless specified, t he t erm “ securit y set t ings” refers t o t he t raffic bet ween t he wireless client s and
t he AP. At t he t im e of writ ing, universal repeat er securit y is com pat ible wit h t he NWA only.
1.2.4 Repeater
The NWA can act as a wireless net work repeat er t o ext end a root AP’s wireless net work range, and
also est ablish wireless connect ions wit h wireless client s.
Using Repeat er m ode, your NWA can ext end t he range of t he WLAN. I n t he figure below, t he NWA
in Repeat er m ode ( Z) has a wireless connect ion t o t he NWA in Root AP m ode ( X) which is
connect ed t o a wired net work and also has a wireless connect ion t o anot her NWA in Repeat er m ode
( Y) at t he sam e t im e. Z and Y act as repeat ers t hat forward t raffic bet ween associat ed wireless
NWA1120 Series User’s Guide
15
Chapter 1 Introducing the NWA
client s and t he wired LAN. Client s A and B access t he AP and t he wired net work behind t he AP
t hrought repeat ers Z and Y.
Figure 5 Repeat er Applicat ion
When t he NWA is in Repeat er m ode, universal repeat er securit y bet ween t he NWA and ot her
repeat er is independent of t he securit y bet ween t he wireless client s and t he AP or repeat er. I f you
do not enable universal repeat er securit y, t raffic bet ween APs is not encrypt ed. When universal
repeat er securit y is enabled, bot h APs and repeat ers m ust use t he sam e pre- shared key. See
Sect ion 6.6 on page 76 for m ore det ails.
Once t he securit y set t ings of peer sides m at ch one anot her, t he connect ion bet ween devices is
m ade.
At t he t im e of writ ing, universal repeat er securit y is com pat ible wit h t he NWA only.
1.3 Ways to Manage the NWA
Use any of t he following m et hods t o m anage t he NWA.
• Web Configurat or. This is recom m ended for everyday m anagem ent of t he NWA using a
( support ed) web browser.
• FTP ( File Transfer Prot ocol) for firm ware upgrades and configurat ion backup and rest ore.
• SNMP ( Sim ple Net work Managem ent Prot ocol) . The device can be m onit ored by an SNMP
m anager.
16
NWA1120 Series User’s Guide
Chapter 1 Introducing the NWA
1.4 Configuring Your NWA’s Security Features
Your NWA com es wit h a variet y of securit y feat ures. This sect ion sum m arizes t hese feat ures and
provides links t o sect ions in t he User ’s Guide t o configure securit y set t ings on your NWA. Follow t he
suggest ions below t o im prove securit y on your NWA and net work.
1.4.1 Control Access to Your Device
Ensure only people wit h perm ission can access your NWA.
• Cont rol physical access by locat ing devices in secure areas, such as locked room s. Most NWAs
have a reset but t on. I f an unaut horized person has access t o t he reset but t on, t hey can t hen
reset t he device’s password t o it s default password, log in and reconfigure it s set t ings.
• Change any default passwords on t he NWA, such as t he password used for accessing t he NWA’s
web configurat or ( if it has a web configurat or) . Use a password wit h a com binat ion of let t ers and
num bers and change your password regularly. Writ e down t he password and put it in a safe
place.
• See Sect ion 11.5 on page 117 for inst ruct ions on changing your password.
• Configure rem ot e m anagem ent t o cont rol who can m anage your NWA. See Chapt er 9 on page 97
for m ore inform at ion. I f you enable rem ot e m anagem ent , ensure you have enabled rem ot e
m anagem ent only on t he I P addresses, services or int erfaces you int ended and t hat ot her rem ot e
m anagem ent set t ings are disabled.
1.4.2 Wireless Security
Wireless devices are especially vulnerable t o at t ack. Take t he following m easures t o im prove
wireless securit y.
• Enable wireless securit y on your NWA. Choose t he m ost secure encrypt ion m et hod t hat all
devices on your net work support . See Sect ion 6.6 on page 76 for direct ions on configuring
encrypt ion. I f you have a RADI US server, enable I EEE 802.1x or WPA( 2) user ident ificat ion on
your net work so users m ust log in. This m et hod is m ore com m on in business environm ent s.
• Hide your wireless net work nam e ( SSI D) . The SSI D can be regularly broadcast and unaut horized
users m ay use t his inform at ion t o access your net work. See Sect ion 6.5 on page 74 for direct ions
on using t he web configurat or t o hide t he SSI D.
• Enable t he MAC filt er t o allow only t rust ed users t o access your wireless net work or deny
unwant ed users access based on t heir MAC address. See Sect ion 6.9 on page 86 for direct ions on
configuring t he MAC filt er.
1.5 Good Habits for Managing the NWA
Do t he following t hings regularly t o m ake t he NWA m ore secure and t o m anage it m ore effect ively.
• Change t he password. Use a password t hat ’s not easy t o guess and t hat consist s of different
t ypes of charact ers, such as num bers and let t ers.
• Writ e down t he password and put it in a safe place.
NWA1120 Series User’s Guide
17
Chapter 1 Introducing the NWA
• Back up t he configurat ion ( and m ake sure you know how t o rest ore it ) . Rest oring an earlier
working configurat ion m ay be useful if t he device becom es unst able or even crashes. I f you
forget your password, you will have t o reset t he NWA t o it s fact ory default set t ings. I f you backed
up an earlier configurat ion file, you would not have t o t ot ally re- configure t he NWA. You could
sim ply rest ore your last configurat ion.
1.6 Hardware Connections
See your Quick St art Guide for inform at ion on m aking hardware connect ions.
1.7 LED
Figure 6 LED
Table 2 LED
COLOR
STATUS
DESCRIPTION
Am ber
On
There is syst em error and t he NWA cannot boot up, or t he NWA doesn’t
have an Et hernet connect ion wit h t he LAN.
Flashing
The NWA is st art ing up.
Off
The NWA is receiving power and ready for use.
On
The WLAN is act ive.
Green
18
Blinking
The WLAN is act ive, and t ransm it t ing or receiving dat a.
Off
The WLAN is not act ive.
NWA1120 Series User’s Guide
C HAPT ER
Introducing the Web Configurator
This chapt er describes how t o access t he NWA’s web configurat or and provides an overview of it s
screens.
2.1 Accessing the Web Configurator
Make sure your hardware is properly connect ed and prepare your com put er or com put er net work t o
connect t o t he NWA ( refer t o t he Quick St art Guide) .
Launch your web browser.
Type " 192.168.1.2" as t he URL ( default ) . The login screen appears.
Figure 7 The Login Screen
Type “ adm in” as t he ( default ) usernam e and “ 1234” as t he ( default ) password. Click Login.
You should see a screen asking you t o change your password ( highly recom m ended) as shown
next . Type a new password ( and ret ype it t o confirm ) t hen click Apply. Alt ernat ively, click I gnor e .
NWA1120 Series User’s Guide
19
Chapter 2 Introducing the Web Configurator
Not e: I f you do not change t he password, t he following screen appears every t im e you
login.
Figure 8 Change Password Screen
You should now see t he D a sh boa r d screen. See Chapt er 2 on page 19 for det ails about t he
D a shboa r d screen.
2.2 Resetting the NWA
I f you forget your password or cannot access t he web configurat or, you will need t o use t he RESET
but t on at t he rear panel of t he NWA. This replaces t he current configurat ion file wit h t he fact ory-
20
NWA1120 Series User’s Guide
Chapter 2 Introducing the Web Configurator
default configurat ion file. This m eans t hat you will lose all t he set t ings you previously configured.
The password will be reset t o “ 1234”.
Figure 9 The RESET But t on
2.2.1 Methods of Restoring Factory-Defaults
You can erase t he current configurat ion and rest ore fact ory default s in t wo ways:
Use t he RESET but t on t o upload t he default configurat ion file. Hold t his but t on in for about 3
seconds ( t he light will begin t o blink) . Use t his m et hod for cases when t he password or I P address
of t he NWA is not known.
Use t he web configurat or t o rest ore default s ( refer t o Sect ion 11.8 on page 120) .
NWA1120 Series User’s Guide
21
Chapter 2 Introducing the Web Configurator
2.3 Navigating the Web Configurator
The following sum m arizes how t o navigat e t he web configurat or from t he D a shboa r d screen. This
guide uses t he NWA1121- NI screens as an exam ple. The screens m ay vary slight ly for different
m odels.
Figure 10 St at us Screen of t he Web Configurat or
As illust rat ed above, t he Web Configurat or screen is divided int o t hese part s:
• A - t it le bar
• B - navigat ion panel
• C - m ain window
2.3.1 Title Bar
Click Logou t at any t im e t o exit t he Web Configurat or.
Click ZAbout t o open t he about window, which provides inform at ion of t he boot m odule and driver
versions.
22
NWA1120 Series User’s Guide
Chapter 2 Introducing the Web Configurator
2.3.2 Navigation Panel
Use t he m enu it em s on t he navigat ion panel t o open screens t o configure NWA feat ures. The
following t ables describe each m enu it em .
Table 3 Navigat ion Panel Sum m ary
LINK
TAB
Dashboard
FUNCTION
This screen shows t he NWA’s general device and net work st at us
inform at ion. Use t his screen t o access t he st at ist ics and client list .
Monit or
Logs
View Log
Use t his screen t o view t he logs for t he cat egories t hat you select ed.
St at ist ics
Use t his screen t o view port st at us, packet specific st at ist ics, t he
" syst em up t im e" and so on.
Associat ion List
Use t his screen t o view t he wireless st at ions t hat are current ly
associat ed t o t he NWA.
Channel Usage
Use t his screen t o know whet her a channel is used by anot her
wireless net work or not .
Configurat ion
Net work
Wireless LAN
Wireless
Set t ings
Use t his screen t o configure t he wireless LAN set t ings and NWA’s
operat ion m ode.
Wireless
Set t ings - 2.4G
Wireless
Set t ings - 5G
SSI D
Use t his screen t o configure up t o eight SSI D profiles for your NWA.
Securit y
Use t his screen t o configure wireless securit y profiles on t he NWA.
RADI US
Use t his screen t o configure up t o four RADI US profiles.
Layer- 2 I solat ion
Use t his screen t o configure t he MAC addresses of t he devices t hat
you want t o allow t he associat ed wireless client s t o have access t o
when layer- 2 isolat ion is enabled
MAC Filt er
Use t his screen t o configure MAC filt ering profiles.
LAN
Use t his screen t o configure t he NWA’s LAN I P address.
VLAN
Use t his screen t o configure t he NWA’s VLAN set t ings.
Syst em
Log Set t ings
WWW
Use t his screen t o configure t hrough which int erface( s) and from
w hich I P address( es) users can use HTTP t o m anage t he NWA.
Cert ificat es
Use t his screen t o im port or rem ove a cert ificat e from t he NWA.
Telent
Use t his screen t o configure t hrough which int erface( s) and from
w hich I P address( es) users can use Telnet t o m anage t he NWA.
SNMP
Use t his screen t o configure t he NWA for SNMP m anagem ent .
FTP
Use t his screen t o configure t hrough which int erface( s) and from
w hich I P address( es) users can use FTP t o access t he NWA.
Use t his screen t o change your log set t ings.
Maint enance
General
Use t his screen t o configure your device’s nam e.
Password
Use t his screen t o configure your device’s password.
Tim e
Use t his screen t o change your NWA’s t im e and dat e.
Firm ware Upgrade
Use t his screen t o upload firm ware t o your device.
NWA1120 Series User’s Guide
23
Chapter 2 Introducing the Web Configurator
Table 3 Navigat ion Panel Sum m ary
LINK
TAB
FUNCTION
Configurat ion File
Use t his screen t o backup and rest ore your device’s configurat ion
( set t ings) or reset t he fact ory default set t ings.
Rest art
Use t his screen t o reboot t he NWA wit hout t urning t he power off.
2.3.3 Main Window
The m ain window displays inform at ion and configurat ion fields. I t is discussed in t he rest of t his
docum ent .
24
NWA1120 Series User’s Guide
C HAPT ER
Dashboard
The D a sh boa r d screens display when you log int o t he NWA, or click D a shboa r d in t he navigat ion
m enu.
Use t he D a shboa r d screen t o look at t he current st at us of t he device, syst em resources, and
int erfaces. The D a shboa r d screens also provide det ailed inform at ion about syst em st at ist ics,
associat ed wireless client s, and logs.
3.1 The Dashboard Screen
Use t his screen t o get a quick view of syst em , Et hernet , WLAN and ot her inform at ion regarding
your NWA.
NWA1120 Series User’s Guide
25
Chapter 3 Dashboard
Click D a shboa r d. The following screen displays.
Figure 11 The Dashboard Screen ( NWA1121- NI )
Figure 12 The Dashboard Screen ( NWA1123- NI )
26
NWA1120 Series User’s Guide
Chapter 3 Dashboard
The following t able describes t he labels in t his screen.
Table 4 The Dashboard Screen
LABEL
DESCRIPTION
Refresh I nt erval
Select how oft en you want t he NWA t o updat e t his screen.
Refresh Now
Click t his t o updat e t his screen im m ediat ely.
Syst em I nform at ion
Syst em Nam e
This field displays t he NWA syst em nam e. I t is used for ident ificat ion. You can
change t his in t he M a in t e na nce > Ge ne r a l screen’s Syst e m N a m e field.
WLAN Operat ing
Mode
This field displays t he current operat ing m ode of t he wireless m odule ( Root AP,
Re pe a t e r, Clie n t , or M BSSI D ) . You can change t he operat ing m ode in t he
Configur a t ion > W ir e le ss LAN > W ir e le ss Se t t in gs screen.
2.4G
This field displays t he current operat ing m ode of t he 2.4G wireless m odule ( Root
AP, Re pe a t e r, Clie n t , or M BSSI D ) . You can change t he operat ing m ode in t he
Configur a t ion > W ir e le ss LAN > W ir e le ss Se t t in gs - 2 .4 G screen.
5G
This field displays t he current operat ing m ode of t he 5G wireless m odule ( Root AP,
Re pe a t e r, Clie n t , or M BSSI D ) . You can change t he operat ing m ode in t he
Configur a t ion > W ir e le ss LAN > W ir e le ss Se t t in gs - 5 G screen.
Firm ware Version
This field displays t he current version of t he firm ware inside t he device. I t also
shows t he dat e t he firm ware version was creat ed. You can change t he firm ware
version by uploading new firm ware in M a in t e n a n ce > Fir m w a r e Upgr a de .
Serial Num ber
This field displays t he serial num ber of t he NWA.
Et hernet I nform at ion
LAN MAC Address
This displays t he MAC ( Media Access Cont rol) address of t he NWA on t he LAN.
Every net work device has a unique MAC address which ident ifies it across t he
net work.
I Pv4 Address
This field displays t he current I Pv4 address of t he NWA on t he net work.
Subnet Mask
Subnet m asks det erm ine t he m axim um num ber of possible host s on a net work.
You can also use subnet m asks t o divide one net work int o m ult iple sub- net works.
Gat eway I P Address
This is t he I P address of t he gat eway. The gat eway is a rout er or swit ch on t he
sam e net work segm ent as t he device's LAN port . The gat eway helps forward
packet s t o t heir dest inat ions.
I Pv6 Address
This field displays t he current I Pv6 address( es) of t he NWA on t he net work.
Link Local
This is t he I Pv6 link- local address t hat t he NWA generat es aut om at ically.
Global
This is t he NWA’s I Pv6 global address t hat you specify m anually in t he
Configur a t ion > LAN screen.
WLAN I nform at ion
SSI D
This field displays t he SSI D ( Service Set I dent ifier) . This is available only when t he
WLAN operat ion m ode is Clie n t .
Channel
The channel or frequency used by t he NWA t o send and receive inform at ion ( in t he
2.4G or 5G wireless net work) .
St at us
This shows t he current st at us of t he wireless LAN. This is available only when t he
WLAN operat ion m ode is Clie n t .
Securit y Mode
This displays t he securit y m ode t he NWA is using. This is available only when t he
WLAN operat ion m ode is Clie n t .
Sum m ary
St at ist ics
Click t his link t o view port st at us and packet specific st at ist ics. See Sect ion 5.4 on
page 50.
Associat ion List
Click t his t o see a list of wireless client s current ly associat ed t o each of t he NWA’s
wireless m odules. See Sect ion 5.5 on page 51.
NWA1120 Series User’s Guide
27
Chapter 3 Dashboard
Table 4 The Dashboard Screen ( cont inued)
LABEL
View Log
DESCRIPTION
Click t his t o see a list of logs produced by t he NWA. See Sect ion 5.3 on page 49.
Syst em St at us
Syst em Up Tim e
This field displays t he elapsed t im e since t he NWA was t urned on.
Current Dat e/ Tim e
This field displays t he dat e and t im e configured on t he NWA. You can change t his in
t he M a in t e n a n ce > Tim e screen.
Syst em Resource
CPU Usage
This field displays what percent age of t he NWA’s processing abilit y is current ly
being used. The higher t he CPU usage, t he m ore likely t he NWA is t o slow down.
Mem ory Usage
This field displays what percent age of t he NWA’s volat ile m em ory is current ly in
use. The higher t he m em ory usage, t he m ore likely t he NWA is t o slow down. Som e
m em ory is required j ust t o st art t he NWA and t o run t he web configurat or.
I nt erface St at us
I nt erface
This colum n displays each int erface of t he NWA.
St at us
This field indicat es whet her or not t he NWA is using t he int erface.
For each int erface, t his field displays Up when t he NWA is using t he int erface and
D ow n when t he NWA is not using t he int erface.
Channel
Rat e
This shows t he channel num ber which t he NWA is current ly using over t he wireless
LAN.
For t he LAN port t his displays t he port speed and duplex set t ing.
For t he WLAN int erface, it displays t he downst ream and upst ream t ransm ission
rat e or N / A if t he int erface is not in use.
SSI D St at us
28
This sect ion is not available when t he WLAN operat ion m ode is Clie n t .
I nt erface
This colum n displays each of t he NWA’s wireless int erfaces.
SSI D
This field displays t he SSI D( s) current ly used by each wireless m odule.
BSSI D
This field displays t he MAC address of t he wireless m odule.
Securit y
This field displays t he t ype of wireless securit y used by each SSI D.
VLAN
This field displays t he VLAN I D of each SSI D in use, or D isa ble d if t he SSI D does
not use VLAN.
NWA1120 Series User’s Guide
C HAPT ER
Tutorial
This chapt er first provides an overview of how t o configure t he wireless LAN on your NWA, and t hen
gives st ep- by- st ep guidelines showing how t o configure your NWA for som e exam ple scenarios.
4.1 How to Configure the Wireless LAN
This sect ion illust rat es how t o choose which wireless operat ing m ode t o use on t he NWA and how t o
set up t he wireless LAN in each wireless m ode. See Sect ion 4.1.2 on page 29 for links t o m ore
inform at ion on each st ep.
4.1.1 Choosing the Wireless Mode
• Use M BSSI D ( Mult iple Basic Service Set I dent ifier) operat ing m ode if you want t o use t he NWA
as an access point wit h som e groups of users having different securit y or QoS set t ings from ot her
groups of users. See Sect ion 1.2.1 on page 12 for det ails.
• Use Clie nt operat ing m ode if you want t o use t he NWA t o access a wireless net work. See Sect ion
1.2.2 on page 13 for det ails.
• Use Root AP operat ing m ode if you want t o allow wireless client s t o access your wired net work
t hrough t he NWA and also have repeat ers com m unicat e wit h t he NWA t o expand wireleass
coverage. See Sect ion 1.2.3 on page 15 for det ails.
• Use Re pe a t e r operat ing m ode if you want t o use t he NWA t o com m unicat e wit h t he root AP or
ot her repeat ers. See Sect ion 1.2.4 on page 15 for det ails.
4.1.2 Further Reading
Use t hese links t o find m ore inform at ion on t he st eps:
• Choosing 8 0 2 .1 1 M ode : see Sect ion 6.4 on page 60.
• Choosing a wireless Cha nne l I D : see Sect ion 6.4 on page 60.
• Choosing a Se cur it y m ode: see Sect ion 6.6 on page 76.
• Configuring an ext ernal RAD I US server: see Sect ion 6.7 on page 82.
• Configuring M AC Filt e r in g: see Sect ion 6.9 on page 86.
4.2 How to Configure Multiple Wireless Networks
I n t his exam ple, you have been using your NWA as an access point for your office net work. Now
your net work is expanding and you want t o m ake use of t he MBSSI D feat ure ( see Sect ion 6.4.4 on
NWA1120 Series User’s Guide
29
Chapter 4 Tutorial
page 71) t o provide m ult iple wireless net works. Each wireless net work will cat er t o a different t ype
of user.
You want t o m ake t hree wireless net works: one st andard office wireless net work wit h all t he sam e
set t ings you already have, anot her wireless net work wit h high priorit y QoS set t ings for Voice over
I P ( VoI P) users, and a guest net work t hat allows visit ors t o access only t he I nt ernet and t he
net work print er.
To do t his, you will t ake t he following st eps:
Edit t he SSI D profiles.
Change t he operat ing m ode from Root AP t o M BSSI D and react ivat e t he st andard net work.
Configure different securit y m odes for t he net works.
Configure a wireless net work for st andard office use.
Configure a wireless net work for VoI P users.
Configure a wireless net work for guest s t o your office.
The following figure shows t he m ult iple net works you want t o set up. Your NWA is m arked Z, t he
m ain net work rout er is m arked A, and your net work print er is m arked B.
The st andard net work ( SSI D 0 1 ) has access t o all resources. The VoI P net work ( VoI P_ SSI D ) has
access t o all resources and a high QoS priorit y. The guest net work ( Gu e st _ SSI D ) has access t o t he
I nt ernet and t he net work print er only, and a low QoS priorit y.
30
NWA1120 Series User’s Guide
Chapter 4 Tutorial
To configure t hese set t ings, you need t o know t he Media Access Cont rol ( MAC) addresses of t he
devices you want t o allow users of t he guest net work t o access. The following t able shows t he
addresses used in t his exam ple.
Table 5 Tut orial: Exam ple I nform at ion
Net work rout er ( A) MAC address
00: AA: 00: AA: 00: AA
Net work print er ( B) MAC address
AA: 00: AA: 00: AA: 00
4.2.1 Configure the SSID Profiles
Log in t o t he NWA ( see Sect ion 2.1 on page 19) . Click W ir e le ss LAN > SSI D. The SSI D screen
appears.
Click t he Edit icon next t o t he Pr ofile 1 .
Renam e t he Pr ofile N a m e and SSI D as SSI D 0 1 . Click Apply.
Repeat St ep 2 and 3 t o change Pr ofile 2 and Pr ofile 3 t o VoI P_ SSI D and Gu e st _ SSI D.
NWA1120 Series User’s Guide
31
Chapter 4 Tutorial
4.2.1.1 MBSSID
32
Go t o W ir e le ss LAN > W ir e le ss Se t t ings. Select M BSSI D from t he Ope r a t ion M ode drop- down
list box.
SSI D 0 1 is t he st andard net work, so select SSI D 0 1 as t he first profile. I t is always act ive.
Select VoI P_ SSI D as t he second profile, and Gu e st _ SSI D as t he t hird profile. Select t he
corresponding Act ive check- boxes.
Click Apply t o save your set t ings. Now t he t hree SSI Ds are act ivat ed.
NWA1120 Series User’s Guide
Chapter 4 Tutorial
4.2.2 Configure the Standard Network
Click W ir e le ss LAN > SSI D. Click t he Edit icon next t o SSI D 0 1 .
Select Se cPr ofile 1 as SSI D 0 1 ’s securit y profile. Select t he H idde n SSI D checkbox as you want
only aut horized com pany em ployees t o use t his net work, so t here is no need t o broadcast t he SSI D
t o wireless client s scanning t he area.
Also, t he client s on SSI D 0 1 m ight need t o access ot her client s on t he sam e wireless net work. Do
not select t he I nt r a - BSS Tr a ffic block ing check- box.
Click Apply.
NWA1120 Series User’s Guide
33
Chapter 4 Tutorial
Next , click W ir e le ss LAN > Se cu r it y. Click t he Edit icon next t o Se cPr ofile 1 .
Since SSI D 0 1 is t he st andard net work t hat has access t o all resources, assign a m ore secure
securit y m ode. Select W PA2 - PSK- M I X as t he Se cur it y M ode , and ent er t he Pr e - Sha r e d Ke y. I n
t his exam ple, use ThisisSSI D 0 1 Pr e Sha r e dKe y. Click Apply.
You have finished configuring t he st andard net work, SSI D 0 1 .
4.2.3 Configure the VoIP Network
34
Go t o W ir e le ss LAN > SSI D. Click t he Edit icon next t o VoI P_ SSI D.
Select Se cPr ofile 2 as t he Se cur it y Pr ofile for t he VoI P net work. Select t he H idde n SSI D checkbox.
NWA1120 Series User’s Guide
Chapter 4 Tutorial
Select W M M _ VOI CE in t he QoS field t o give VoI P t he highest priorit y in t he wireless net work. Click
Apply.
Next , click W ir e le ss LAN > Se cu r it y. Click t he Edit icon next t o Se cPr ofile 2 .
NWA1120 Series User’s Guide
35
Chapter 4 Tutorial
Select W PA2 - PSK as t he Se cur it y M ode , and ent er t he Pr e - Sha r e d Ke y. I n t his exam ple, use
Th isisVoI PPr e Sh a r e dKe y. Click Apply.
Your VoI P wireless net work is now ready t o use. Any t raffic using t he VoI P_ SSI D profile will be
given t he highest priorit y across t he wireless net work.
4.2.4 Configure the Guest Network
When you are set t ing up t he wireless net work for guest s t o your office, your prim ary concern is t o
keep your net work secure while allowing access t o cert ain resources ( such as a net work print er, or
t he I nt ernet ) . For t his reason, t he pre- configured Gu e st _ SSI D profile has int ra- BSS t raffic blocking
enabled by default . “ I nt ra- BSS t raffic blocking” m eans t hat t he client cannot access ot her client s on
t he sam e wireless net work.
36
Click W ir e le ss LAN > SSI D. Click t he Edit icon next t o Gu e st _ SSI D.
Select Se cPr ofile 3 in t he Se cur it y field. Do not select t he H idde n SSI D check- box so t he guest s
can easily find t he wireless net work.
Select W M M _ BESTEFFORT in t he QoS field t o give t he guest a lower QoS priorit y.
NWA1120 Series User’s Guide
Chapter 4 Tutorial
Select t he check- box of I nt r a - BSS Tr a ffic block ing Ena ble d. Click Apply.
Next , click W ir e le ss LAN > Se cu r it y. Click t he Edit icon next t o Se cPr ofile 3 .
Select W PA- PSK in t he Se cu r it y M ode field. WPA- PSK provides st rong securit y t hat is support ed
by m ost wireless client s. Even t hough your Gue st _ SSI D client s do not have access t o sensit ive
inform at ion on t he net work, you should not leave t he net work wit hout securit y. An at t acker could
st ill cause dam age t o t he net work or int ercept unsecured com m unicat ions or use your I nt ernet
access for illegal act ivit ies.
NWA1120 Series User’s Guide
37
Chapter 4 Tutorial
Ent er t he PSK you want t o use in your net work in t he Pr e Sha r e d Ke y field. I n t his exam ple, t he
PSK is Thisism yGue st W PApr e - sh a r e dk e y. Click Apply.
Your guest wireless net work is now ready t o use.
4.2.5 Testing the Wireless Networks
To m ake sure t hat t he t hree net works are correct ly configured, do t he following.
• On a com put er wit h a wireless client , scan for access point s. You should see t he Gu e st _ SSI D
net work, but not t he SSI D 0 1 and VoI P_ SSI D net works. I f you can see t he SSI D 0 1 and
VoI P_ SSI D net works, go t o it s SSI D Edit screen and m ake sure t o select t he H idde n SSI D
check- box and click Apply.
• Try t o access each net work using t he correct securit y set t ings, and t hen using incorrect securit y
set t ings, such as t he WPA- PSK for anot her act ive net work. I f t he behavior is different from
expect ed ( for exam ple, if you can access t he SSI D 0 1 or VoI P_ SSI D wireless net work using t he
securit y set t ings for t he Gue st _ SSI D wireless net work) check t hat t he SSI D profile is set t o use
t he correct securit y profile, and t hat t he set t ings of t he securit y profile are correct .
4.3 NWA Setup in AP and Wireless Client Modes
This exam ple shows you how t o rest rict wireless access t o your NWA.
4.3.1 Scenario
I n t he figure below, t here are t wo NWAs ( A and B) in t he net work. A is in MBSSI D or root AP m ode
while st at ion B is in wireless client m ode. St at ion B is connect ed t o a File Transfer Prot ocol ( FTP)
server. You want only specified wireless client s t o be able t o access st at ion B. You also want t o allow
38
NWA1120 Series User’s Guide
Chapter 4 Tutorial
wireless t raffic bet ween B and wireless client s connect ed t o A ( W, Y and Z) . Ot her wireless devices
( X) m ust not be able t o connect t o t he FTP server.
Figure 13 FTP Server Connect ed t o a Wireless Client
4.3.2 Configuring the NWA in MBSSID or Root AP Mode
Before set t ing up t he NWA as a wireless client ( B) , you need t o m ake sure t here is an access point
t o connect t o. Use t he Et hernet port on NWA ( A) t o configure it via a wired connect ion.
NWA1120 Series User’s Guide
39
Chapter 4 Tutorial
Log int o t he Web Configurat or on NWA ( A) and go t o t he W ir e le ss LAN > W ir e le ss Se t t ings
screen.
40
Set t he Ope r a t ion M ode t o Root AP.
Select t he W ir e le ss M ode . I n t his exam ple, select 8 0 2 .1 1 b/ g/ n .
Select Pr ofile 1 as t he SSI D Pr ofile .
Choose t he Cha nne l you want NWA ( A) t o use.
Click Apply.
NWA1120 Series User’s Guide
Chapter 4 Tutorial
Go t o W ir e le ss LAN > SSI D. Click t he Edit icon next t o Pr ofile 1 .
Change t he SSI D t o AP- A.
Select Se cPr ofile 1 in t he Se cur it y field.
Select t he check- box for I nt r a - BSS Tr a ffic block ing Ena ble d so t he client cannot access ot her
client s on t he sam e wireless net work.
10 Click Apply.
NWA1120 Series User’s Guide
41
Chapter 4 Tutorial
11 Go t o W ir e le ss LAN > Se cur it y. Click t he Edit icon next t o Se cPr ofile 1 .
12 Configure W PA- PSK as t he Se cur it y M ode and ent er Th isisM yPr e Sh a r e dKe y in t he Pr e Sha r e d Ke y field.
13 Click Apply t o finish configurat ion for NWA ( A) .
4.3.3 Configuring the NWA in Wireless Client Mode
The NWA ( B) should have a wired connect ion before it can be set t o wireless client operat ing m ode.
Connect your NWA t o t he FTP server. Login t o NWA ( B) ’s Web Configurat or and go t o t he W ir e le ss
LAN > W ir e le ss Se t t ings screen. Follow t hese st eps t o configure st at ion B.
42
NWA1120 Series User’s Guide
Chapter 4 Tutorial
Select Clie n t as Ope r a t ion M ode. Click Apply.
Click on t he Sit e Su r ve y but t on. A window should pop up which cont ains a list of all available
wireless devices wit hin your NWA’s range.
Find and select NWA ( A) ’s SSI D: AP- A.
NWA1120 Series User’s Guide
43
Chapter 4 Tutorial
Go t o W ir e le ss LAN > Se cur it y t o configure t he NWA t o use t he sam e securit y m ode and PreShared Key as NWA ( A) : W PA- PSK/ ThisisM yPr e Sha r e dKe y. Click Apply.
Figure 14
4.3.4 MAC Filter Setup
One way t o ensure t hat only specified wireless client s can access t he FTP server is by enabling MAC
filt ering on NWA ( B) ( See Sect ion 6.9 on page 86 for m ore inform at ion on MAC Filt er) .
Go t o W ir e le ss LAN > M AC Filt e r. Click t he Edit icon next t o M a cPr ofile 1 .
Select Allow in t he Acce ss Cont r ol M ode field. Ent er t he MAC addresses of t he wireless client s
( W , Y and Z) you want t o associat e wit h t he NWA. Click Apply.
Now, only t he aut horized wireless client s ( W , Y and Z) can access t he FTP server.
44
NWA1120 Series User’s Guide
Chapter 4 Tutorial
4.3.5 Testing the Connection and Troubleshooting
This sect ion discusses how you can check if you have correct ly configured your net work set up as
described in t his t ut orial.
• Try accessing t he FTP server from wireless client s W , Y or Z. Test if you can send or ret rieve a
file. I f you cannot est ablish a connect ion wit h t he FTP server, do t he following st eps.
Make sure W , Y and Z use t he sam e wireless securit y set t ings as A and can access A.
Make sure B uses t he sam e wireless and wireless securit y set t ings as A and can access A.
Make sure int ra- BSS t raffic is enabled on A.
• Try accessing t he FTP server from X. I f you are able t o access t he FTP server, do t he following.
Make sure MAC filt ering is enabled.
Make sure X’s MAC address is not ent ered in t he list of allowed devices.
NWA1120 Series User’s Guide
45
Chapter 4 Tutorial
46
NWA1120 Series User’s Guide
P ART II
Technical Reference
The appendices provide general inform at ion. Som e det ails m ay not apply t o your NWA.
47
48
C HAPT ER
Monitor
5.1 Overview
This chapt er discusses read- only inform at ion relat ed t o t he device st at e of t he NWA.
Not e: To access t he M on it or screens, you can also click t he links in t he Sum m ary t able of
t he D a sh boa r d screen t o view t he wireless packet s sent / r eceived as well as t he
st at us of client s connect ed t o t he NWA.
5.2 What You Can Do
• Use t he Logs screen t o see t he logs for t he cat egories t hat you select ed in t he Configur a t ion >
Log Se t t ings screen ( see Sect ion 5.3 on page 49) . You can view logs in t his page. Once t he log
ent ries are all used, t he log will wrap around and t he old logs will be delet ed.
• use t he St a t ist ics screen t o view 802.11 m ode, channel num ber, wireless packet specific
st at ist ics and so on ( see Sect ion 5.4 on page 50) .
• Use t he Associa t ion List screen t o view t he wireless devices t hat are current ly associat ed t o t he
NWA ( see Sect ion 5.5 on page 51) .
• Use t he Cha nn e l Usa ge screen t o view whet her a channel is used by anot her wireless net work
or not . I f a channel is being used, you should select a channel rem oved from it by five channels
t o com plet ely avoid overlap ( see Sect ion 5.6 on page 52) .
5.3 View Logs
Use t he Logs screen t o see t he logged m essages for t he NWA.
Log ent ries in red indicat e syst em error logs. The log wraps around and delet es t he old ent ries aft er
it fills.
NWA1120 Series User’s Guide
49
Chapter 5 Monitor
Click M onit or > Logs.
Figure 15 Logs
The following t able describes t he labels in t his screen.
Table 6 Logs
LABEL
DESCRIPTION
Display
Select a cat egory of logs t o view. Select All Log t o view logs from all of t he log
cat egories t hat you select ed in t he Con figu r a t ion > Log Se t t in gs screen.
E- Mail Log Now
Click E- M a il Log N ow t o send t he log screen t o t he e- m ail address specified in t he Log
Set t ings page ( m ake sure t hat you have first filled in t he E- m ail Log Set t ings fields in
Configur a t ion > Log Se t t ings) .
Refresh
Click Re fr e sh t o renew t he log screen.
Clear Log
Click Cle a r Log t o delet e all t he logs.
This field is a sequent ial value and is not associat ed wit h a specific ent ry.
Tim e
This field displays t he t im e t he log was recorded.
Message
This field st at es t he reason for t he log.
Source
This field list s t he source I P address and t he port num ber of t he incom ing packet .
5.4 Statistics
Use t his screen t o view read- only inform at ion, including 802.11 Mode, Channel I D, Ret ry Count and
FCS Error Count . Also provided is t he " poll int erval" . The Poll I nt e r va l field is configurable and is
used for refreshing t he screen.
50
NWA1120 Series User’s Guide
Chapter 5 Monitor
Click M onit or > St a t ist ics. The following screen pops up.
Figure 16 St at ist ics
The following t able describes t he labels in t his screen.
Table 7 St at ist ics
LABEL
DESCRIPTION
Descript ion
This is t he wireless int erface on t he NWA.
802.11 Mode
This field shows which 802.11 m ode t he NWA is using.
Channel I D
This shows t he channel num ber which t he NWA is current ly using over t he wireless
LAN.
RX Pkt s
This is t he num ber of received packet s on t his port .
TX Pkt s
This is t he num ber of t ransm it t ed packet s on t his port .
Ret ry Count
This is t he t ot al num ber of ret ries for t ransm it t ed packet s ( TX) .
FCS Error Count
This is t he t ot al num ber of checksum error of received packet s ( RX) .
Poll I nt erval
Ent er t he t im e int erval for refreshing st at ist ics.
Set I nt erval
Click t his but t on t o apply t he new poll int erval you ent ered above.
St op
Click t his but t on t o st op refreshing st at ist ics.
5.5 Association List
View t he wireless devices t hat are current ly associat ed wit h t he NWA in t he Associa t ion List
screen. Associat ion m eans t hat a wireless client ( for exam ple, your net work or com put er wit h a
wireless net work card) has connect ed successfully t o t he AP ( or wireless rout er) using t he sam e
SSI D, channel and securit y set t ings.
NWA1120 Series User’s Guide
51
Chapter 5 Monitor
Click M onit or > Associa t ion List t o display t he screen as shown next .
Figure 17 Associat ion List
The following t able describes t he labels in t his screen.
Table 8 Associat ion List
LABEL
DESCRIPTION
This is t he index num ber of an associat ed wireless device.
MAC Address
This field displays t he MAC address of an associat ed wireless device.
SSI D
This field displays t he SSI D t o which t he wireless device is associat ed.
Associat ion Tim e
This field displays t he t im e a wireless device first associat ed wit h t he NWA’s wireless
net work.
Signal St rengt h
This field displays t he RSSI ( Received Signal St rengt h I ndicat or) of t he wireless
connect ion.
Refresh
Click Re fr e sh t o reload t he list .
5.6 Channel Usage
Use t his screen t o know whet her a channel is used by anot her wireless net work or not . I f a channel
is being used, you should select a channel rem oved from it by five channels t o com plet ely avoid
overlap.
Click M onit or > Cha nn e l Usa ge t o display t he screen shown next .
52
NWA1120 Series User’s Guide
Chapter 5 Monitor
Wait a m om ent while t he NWA com piles t he inform at ion.
Figure 18 Channel Usage
The following t able describes t he labels in t his screen.
Table 9 Channel Usage
LABEL
DESCRIPTION
SSI D
This is t he Service Set I Dent ificat ion ( SSI D) nam e of t he AP in an I nfrast ruct ure
wireless net work or wireless st at ion in an Ad- Hoc wireless net work. For our purposes,
we define an I nfrast ruct ure net work as a wireless net work t hat uses an AP and an AdHoc net work ( also known as I ndependent Basic Service Set ( I BSS) ) as one t hat
doesn’t . See t he chapt er on wireless configurat ion for m ore inform at ion on basic
service set s ( BSS) and ext ended service set s ( ESS) .
Channel
This is t he index num ber of t he channel current ly used by t he associat ed AP in an
I nfrast ruct ure wireless net work or wireless st at ion in an Ad- Hoc wireless net work.
MAC Address
This field displays t he MAC address of t he AP in an I nfrast ruct ure wireless net work. I t
is random ly generat ed ( so ignore it ) in an Ad- Hoc wireless net work.
Wireless Mode
This is t he I EEE 802.1x st andard used by t he wireless net work.
Signal St rengt h
This field displays t he st rengt h of t he AP’s signal. I f you m ust choose a channel t hat is
current ly in use, choose one wit h low signal st rengt h for m inim um int erference.
Securit y
This is t he wireless securit y m et hod used by t he wireless net work t o prot ect wireless
com m unicat ion bet ween wireless st at ions, access point s and t he wired net work.
Refresh
Click Re fr e sh t o reload t he screen.
NWA1120 Series User’s Guide
53
Chapter 5 Monitor
54
NWA1120 Series User’s Guide
C HAPT ER
Wireless LAN
6.1 Overview
This chapt er discusses t he st eps t o configure t he Wireless Set t ings screen on t he NWA. I t also
int roduces t he wireless LAN ( WLAN) and som e basic scenarios.
Figure 19 Wireless Mode
I n t he figure above, t he NWA allows access t o anot her bridge device ( A) and a not ebook com put er
( B) upon verifying t heir set t ings and credent ials. I t denies access t o ot her devices ( C and D ) wit h
configurat ions t hat do not m at ch t hose specified in your NWA.
6.2 What You Can Do in this Chapter
• Use t he W ir e le ss Se t t ings screen t o configure t he NWA’s operat ion m ode ( see Sect ion 6.4 on
page 60) .
• Uee t he SSI D screen t o configure up t o eight SSI D profiles for your NWA ( see Sect ion 6.5 on
page 74) .
• Use t he Se cu r it y screen t o choose t he wireless securit y m ode for your NWA ( see Sect ion 6.6 on
page 76) .
• Use t he RAD I US screen if you want t o aut hent icat e wireless users using a RADI US Server and/ or
account ing server ( see Sect ion 6.7 on page 82) .
• Use t he La ye r - 2 I sola t ion screen t o configure t he MAC addresses of t he devices t hat you want
t o allow t he associat ed wireless client s t o have access t o when layer- 2 isolat ion is enabled. ( see
Sect ion 6.8 on page 84) .
NWA1120 Series User’s Guide
55
Chapter 6 Wireless LAN
• Use t he M AC Filt e r screen t o specify which wireless st at ion is allowed or denied access t o t he
NWA ( see Sect ion 6.9 on page 86) .
6.3 What You Need To Know
BSS
A Basic Service Set ( BSS) exist s when all com m unicat ions bet ween wireless client s or bet ween a
wireless client and a wired net work client go t hrough one access point ( AP) . I nt ra- BSS t raffic is
t raffic bet ween wireless client s in t he BSS.
ESS
An Ext ended Service Set ( ESS) consist s of a series of overlapping BSSs, each cont aining an access
point , wit h each access point connect ed t oget her by a wired net work. This wired connect ion
bet ween APs is called a Dist ribut ion Syst em ( DS) .
Operating Mode
The NWA can run in four operat ing m odes as follows:
• Root AP. The NWA is a wireless access point t hat allows wireless com m unicat ion t o ot her
devices in t he net work.
• Re pe a t e r. The NWA act s as a wireless repeat er and increase a root AP’s wireless coverage
area.
• Clie nt . The NWA act s as a wireless client t o access a wireless net work.
• M BSSI D. The Mult iple Basic Service Set I dent ifier ( MBSSI D) m ode allows you t o use one
access point t o provide several BSSs sim ult aneously.
Refer t o Chapt er 1 on page 11 for illust rat ions of t hese wireless applicat ions.
SSID
The SSI D ( Service Set I Dent ifier) is t he nam e t hat ident ifies t he Service Set wit h which a wireless
st at ion is associat ed. Wireless st at ions associat ing t o t he access point ( AP) m ust have t he sam e
SSI D. I n ot her words, it is t he nam e of t he wireless net work t hat client s use t o connect t o it .
Norm ally, t he NWA act s like a beacon and regularly broadcast s t he SSI D in t he area. You can hide
t he SSI D inst ead, in which case t he NWA does not broadcast t he SSI D. I n addit ion, you should
change t he default SSI D t o som et hing t hat is difficult t o guess.
This t ype of securit y is fairly weak, however, because t here are ways for unaut horized wireless
devices t o get t he SSI D. I n addit ion, unaut horized wireless devices can st ill see t he inform at ion t hat
is sent in t he wireless net work.
56
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
Channel
A channel is t he radio frequency( ies) used by wireless devices. Channels available depend on your
geographical area. You m ay have a choice of channels ( for your region) so you should use a
different channel t han an adj acent AP ( access point ) t o reduce int erference.
Wireless Mode
The I EEE 802.1x st andard was designed t o ext end t he feat ures of I EEE 802.11 t o support ext ended
aut hent icat ion as well as providing addit ional account ing and cont rol feat ures.
MBSSID
Tradit ionally, you needed t o use different APs t o configure different Basic Service Set s ( BSSs) . As
well as t he cost of buying ext ra APs, t here was also t he possibilit y of channel int erference. The
NWA’s MBSSI D ( Mult iple Basic Service Set I Dent ifier) funct ion allows you t o use one access point t o
provide several BSSs sim ult aneously. You can t hen assign varying levels of privilege t o different
SSI Ds.
Wireless st at ions can use different BSSI Ds t o associat e wit h t he sam e AP.
The following are som e not es on m ult iple BSS.
• A m axim um of four BSSs are allowed on one AP sim ult aneously.
• You m ust use different WEP keys for different BSSs. I f t wo st at ions have different BSSI Ds ( t hey
are in different BSSs) , but have t he sam e WEP keys, t hey m ay hear each ot her ’s com m unicat ions
( but not com m unicat e wit h each ot her) .
• MBSSI D should not replace but rat her be used in conj unct ion wit h 802.1x securit y.
Wireless Security
Wireless securit y is vit al t o your net work. I t prot ect s com m unicat ions bet ween wireless st at ions,
access point s and t he wired net work.
Figure 20 Securing t he Wireless Net work
I n t he figure above, t he NWA checks t he ident it y of devices before giving t hem access t o t he
net work. I n t his scenario, Com put er A is denied access t o t he net work, while Com put er B is
grant ed connect ivit y.
NWA1120 Series User’s Guide
57
Chapter 6 Wireless LAN
The NWA secure com m unicat ions via dat a encrypt ion, wireless client aut hent icat ion and MAC
address filt ering. I t can also hide it s ident it y in t he net work.
User Authentication
Aut hent icat ion is t he process of verifying whet her a wireless device is allowed t o use t he wireless
net work. You can m ake every user log in t o t he wireless net work before t hey can use it . However,
every device in t he wireless net work has t o support I EEE 802.1x t o do t his.
For wireless net works, you can st ore t he user nam es and passwords for each user in a RADI US
server. This is a server used in businesses m ore t han in hom es. I f you do not have a RADI US server,
you cannot set up user nam es and passwords for your users.
Unaut horized wireless devices can st ill see t he inform at ion t hat is sent in t he wireless net work,
even if t hey cannot use t he wireless net work. Furt herm ore, t here are ways for unaut horized
wireless users t o get a valid user nam e and password. Then, t hey can use t hat user nam e and
password t o use t he wireless net work.
The following t able shows t he relat ive effect iveness of wireless securit y m et hods: .
Table 10 Wireless Securit y Levels
SECURITY
LEVEL
Least
Secure
SECURITY TYPE
Unique SSI D ( Default )
Unique SSI D wit h Hide SSI D Enabled
MAC Address Filt ering
WEP Encrypt ion
I EEE802.1x EAP wit h RADI US Server Aut hent icat ion
Wi- Fi Prot ect ed Access ( WPA)
Most Secure
WPA2
The available securit y m odes in your NWA are as follows:
• N one . No dat a encrypt ion.
• W EP. Wired Equivalent Privacy ( WEP) encrypt ion scram bles t he dat a t ransm it t ed bet ween t he
wireless st at ions and t he access point s t o keep net work com m unicat ions privat e.
• W PA. Wi- Fi Prot ect ed Access ( WPA) is a subset of t he I EEE 802.11i st andard.
• W PA2 . WPA2 ( I EEE 802.11i) is a wireless securit y st andard t hat defines st ronger encrypt ion,
aut hent icat ion and key m anagem ent t han WPA.
• W PA2 - M I X. This com m ands t he NWA t o use eit her WPA2 or WPA depending on which securit y
m ode t he wireless client uses.
• W PA- PSK. This adds a pre- shared key on t op of WPA st andard.
• W PA2 - PSK. This adds a pre- shared key on t op of WPA2 st andard.
• W PA2 - PSK- M I X. This com m ands t he NWA t o use eit her WPA- PSK or WPA2- PSK depending on
which securit y m ode t he wireless client uses.
Not e: To guarant ee 802.11n wireless speed, please only use WPA2 or WPA2- PSK securit y
m ode. Ot her securit y m odes m ay degrat e t he w ireless speed perform ance t o
802.11g.
58
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
Passphrase
A passphrase funct ions like a password. I n WEP securit y m ode, it is furt her convert ed by t he NWA
int o a com plicat ed st ring t hat is referred t o as t he “ key”. This key is request ed from all devices
wishing t o connect t o a wireless net work.
PSK
The Pre- Shared Key ( PSK) is a password shared by a wireless access point and a client during a
previous secure connect ion. The key can t hen be used t o est ablish a connect ion bet ween t he t wo
part ies.
Encryption
Wireless net works can use encrypt ion t o prot ect t he inform at ion t hat is sent in t he wireless
net work. Encrypt ion is like a secret code. I f you do not know t he secret code, you cannot
underst and t he m essage. Encrypt ion is t he process of convert ing dat a int o unreadable t ext . This
secures inform at ion in net work com m unicat ions. The int ended recipient of t he dat a can “ unlock” it
wit h a pre- assigned key, m aking t he inform at ion readable only t o him . The NWA when used as a
wireless client em ploys Tem poral Key I nt egrit y Prot ocol ( TKI P) dat a encrypt ion.
EAP
Ext ensible Aut hent icat ion Prot ocol ( EAP) is a prot ocol used by a wireless client , an access point and
an aut hent icat ion server t o negot iat e a connect ion.
The EAP m et hods em ployed by t he NWA when in Wireless Client operat ing m ode are Transport
Layer Securit y ( TLS) , Prot ect ed Ext ensible Aut hent icat ion Prot ocol ( PEAP) , Light weight Ext ensible
Aut hent icat ion Prot ocol ( LEAP) and Tunneled Transport Layer Securit y ( TTLS) . The aut hent icat ion
prot ocol m ay eit her be Microsoft Challenge Handshake Aut hent icat ion Prot ocol Version 2
( MSCHAPv2) or Generic Token Card ( GTC) .
Furt her inform at ion on t hese t erm s can be found in Appendix E on page 187.
RADIUS
Rem ot e Aut hent icat ion Dial I n User Service ( RADI US) is a prot ocol t hat can be used t o m anage user
access t o large net works. I t is based on a client- server m odel t hat support s aut hent icat ion,
aut horizat ion and account ing. The access point is t he client and t he server is t he RADI US server.
Figure 21 RADI US Server Set up
NWA1120 Series User’s Guide
59
Chapter 6 Wireless LAN
I n t he figure above, wireless client s A and B are t rying t o access t he I nt ernet via t he NWA. The
NWA in t urn queries t he RADI US server if t he ident it y of client s A and U are allowed access t o t he
I nt ernet . I n t his scenario, only client U’s ident it y is verified by t he RADI US server and allowed
access t o t he I nt ernet .
The RADI US server handles t he following t asks:
• Aut he nt ica t ion which det erm ines t he ident it y of t he users.
• Au t h or iza t ion which det erm ines t he net work services available t o aut hent icat ed users once
t hey are connect ed t o t he net work.
• Accou nt in g which keeps t rack of t he client ’s net work act ivit y.
RADI US is a sim ple package exchange in which your AP act s as a m essage relay bet ween t he
wireless client and t he net work RADI US server.
You should know t he I P addresses, port s and share secret s of t he ext ernal RADI US server and/ or
t he ext ernal RADI US account ing server you want t o use wit h your NWA. You can configure a
prim ary and backup RADI US and RADI US account ing server for your NWA.
6.4 Wireless Settings Screen
Use t his screen t o choose t he operat ing m ode for your NWA. Click N e t w or k > W ir e le ss LAN >
W ir e le ss Se t t ings, N e t w or k > W ir e le ss LAN > W ir e le ss Se t t ings- 2 .4 G or N e t w or k >
W ir e le ss LAN > W ir e le ss Se t t ings - 5 G. The screen varies depending upon t he operat ing m ode
you select .
60
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
6.4.1 Root AP Mode
Use t his screen t o use your NWA as an access point . Select Root AP as t he Ope r a t ion M ode . The
following screen displays.
Figure 22 Wireless LAN > Wireless Set t ings: Root AP
NWA1120 Series User’s Guide
61
Chapter 6 Wireless LAN
The following t able describes t he general wireless LAN labels in t his screen.
Table 11 Wireless LAN > Wireless Set t ings: Root AP
LABEL
DESCRIPTION
Basic Set t ings
Wireless LAN
I nt erface
Select t he check box t o t urn on t he wireless LAN on t he NWA.
Operat ion Mode
Select Root AP from t he drop- down list .
Wireless Mode
I f you are in t he W ir e le ss LAN > W ir e le ss Se t t in gs or W ir e le ss LAN > W ir e le ss
Se t t in gs- 2 .4 G screen, you can select from t he following:
•
•
•
8 0 2 .1 1 b/ g t o allow bot h I EEE802.11b and I EEE802.11g com pliant WLAN devices t o
associat e wit h t he NWA. The t ransm ission rat e of your NWA m ight be reduced.
8 0 2 .1 1 b/ g/ n t o allow I EEE802.11b, I EEE802.11g and I EEE802.11n com pliant WLAN
devices t o associat e wit h t he NWA. The t ransm ission rat e of t he NWA m ight be
reduced.
8 0 2 .1 1 n t o allow only I EEE802.11n com pliant WLAN devices t o associat e wit h t he
NWA.
I f you are in t he W ir e le ss LAN > W ir e le ss Se t t in gs- 5 G screen, you can select from
t he following:
•
•
•
8 0 2 .1 1 a / n t o allow I EEE802.11a and I EEE802.11n com pliant WLAN devices t o
associat e wit h t he NWA.
8 0 2 .1 1 a t o allow only I EEE802.11a com pliant WLAN devices t o associat e wit h t he
NWA.
8 0 2 .1 1 n t o allow only I EEE802.11n com pliant WLAN devices t o associat e wit h t he
NWA.
Channel
Select t he operat ing frequency/ channel depending on your part icular region from t he
drop- down list box.
Channel Widt h
This field displays only when you select 8 0 2 .1 1 n, 8 0 2 .1 1 a / n or 8 0 2 .1 1 b/ g/ n in t he
W ir e le ss M ode field.
A st andard 20MHz channel offers t ransfer speeds of up t o 150Mbps whereas a 40MHz
channel uses t wo st andard channels and offers speeds of up t o 300Mbps. However, not all
devices support 40MHz channels.
Select t he channel bandwidt h you want t o use for your wireless net work.
I t is recom m ended t hat you select 2 0 / 4 0 M H z. This allows t he NWA t o adj ust t he channel
bandw idt h depending on net work condit ions.
Select 2 0 M H z if you want t o lessen radio int erference wit h ot her wireless devices in your
neighborhood or t he wireless client s do not support channel bonding.
Select SSI D
Profile
The SSI D ( Service Set I Dent ifier) ident ifies t he Service Set wit h which a wireless st at ion is
associat ed. Wireless st at ions associat ing t o t he access point ( AP) m ust have t he sam e
SSI D. You can have up t o four SSI Ds act ive at t he sam e t im e.
Note: If you are configuring the NWA from a computer connected to the wireless LAN and
you change the NWA’s SSID or security settings, you will lose your wireless
connection when you press Apply to confirm. You must then change the wireless
settings of your computer to match the NWA’s new settings.
62
This is t he index num ber of each SSI D profile.
Act ivve
Select t he check box t o enable an SSI D profile. Ot herwise, clear t he check box.
Profile
Select an SSI D Pr ofile from t he drop- down list box.
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
Table 11 Wireless LAN > Wireless Set t ings: Root AP ( cont inued)
LABEL
DESCRIPTION
Universal Repeat er Set t ings
The Universal repeat er funct ion allows t he NWA in root AP or repeat er m ode t o set up a wireless connect ion
bet ween it and anot her NWA in root AP or repeat er m ode.
Note: Universal repeater security is independent of the security settings between the NWA and any wireless
clients.
Local MAC
Address
Loca l M AC Addr e ss is t he MAC address of your NWA.
Universal
Repeat er SSI D
Profile
Select t he SSI D profile you want t o use for universal repeat er connect ions.
Note: You can only configure None, WPA-PSK or WPA2-PSK security mode for the SSID
used by a universal repeater connection.
Advanced Set t ings
Beacon I nt erval
When a wirelessly net work device sends a beacon, it includes wit h it a beacon int erval.
This specifies t he t im e period before t he device sends t he beacon again. The int erval t ells
receiving devices on t he net work how long t hey can wait in lowpower m ode before waking
up t o handle t he beacon. A high value helps save current consum pt ion of t he access point .
DTI M I nt erval
Delivery Traffic I ndicat ion Message ( DTI M) is t he t im e period aft er which broadcast and
m ult icast packet s are t ransm it t ed t o m obile client s in t he Act ive Pow er Managem ent
m ode. A high DTI M value can cause client s t o lose connect ivit y wit h t he net work.
Out put Pow er
Set t he out put power of t he NWA in t his field. I f t here is a high densit y of APs in an area,
decrease t he out put power of t he NWA t o reduce int erference wit h ot her APs. Select one
of t he following Full ( Full Power) , 5 0 % , 2 5 % , or 1 2 .5 % . See t he product specificat ions
for m ore inform at ion on your NWA’s out put power.
Pream ble Type
Select D yn a m ic t o have t he AP aut om at ically use short pream ble when wireless adapt ers
support it , ot herwise t he AP uses long pream ble.
Select Lon g if you are unsure what pream ble m ode t he wireless adapt ers support , and t o
provide m ore reliable com m unicat ions in busy wireless net works.
RTS/ CTS
Threshold
( Request To Send) The t hreshold ( num ber of byt es) for enabling RTS/ CTS handshake.
Dat a wit h it s fram e size larger t han t his value will perform t he RTS/ CTS handshake.
Set t ing t his at t ribut e t o be larger t han t he m axim um MSDU ( MAC service dat a unit ) size
t urns off t he RTS/ CTS handshake. Set t ing t his at t ribut e t o it s sm allest value ( 1) t urns on
t he RTS/ CTS handshake.
Fragm ent at ion
The t hreshold ( num ber of byt es) for t he fragm ent at ion boundary for direct ed m essages. I t
is t he m axim um dat a fragm ent size t hat can be sent .
Ext ension
Channel
Prot ect ion Mode
You can use CTS t o se lf or RTS- CTS prot ect ion m echanism t o reduce conflict s wit h ot her
wireless net works or hidden wireless client s. The t hroughput of RTS- CTS is m uch lower
t han CTS t o se lf. Using t his m ode m ay decrease your wireless perform ance.
A- MPDU
Aggregat ion
This field is available only when 8 0 2 .1 1 n , 8 0 2 .1 1 b/ g/ n or 8 0 2 .1 1 a / n is select ed as
t he W ir e le ss M ode .
Select t o enable A- MPDU aggregat ion.
Message Prot ocol Dat a Unit ( MPDU) aggregat ion collect s Et hernet fram es along wit h t heir
802.11n headers and wraps t hem in a 802.11n MAC header. This m et hod is useful for
increasing bandwidt h t hroughput in environm ent s t hat are prone t o high error rat es.
Short GI
This field is available only when 8 0 2 .1 1 n , 8 0 2 .1 1 b/ g/ n or 8 0 2 .1 1 a / n is select ed as
t he W ir e le ss M ode .
Select En a ble d t o use Sh or t GI ( Guard I nt erval) . The guard int erval is t he gap
int roduced bet ween dat a t ransm ission from users in order t o reduce int erference.
Reducing t he GI increases dat a t ransfer rat es but also increases int erference. I ncreasing
t he GI reduces dat a t ransfer rat es but also reduces int erference.
NWA1120 Series User’s Guide
63
Chapter 6 Wireless LAN
Table 11 Wireless LAN > Wireless Set t ings: Root AP ( cont inued)
LABEL
DESCRIPTION
MCS Rat e
The M CS Ra t e t able is available only when 8 0 2 .1 1 n , 8 0 2 .1 1 b/ g/ n or 8 0 2 .1 1 a / n is
select ed in t he W ir e le ss M ode field.
I EEE 802.11n support s m any different dat a rat es which are called MCS rat es. MCS st ands
for Modulat ion and Coding Schem e. This is an 802.11n feat ure t hat increases t he wireless
net work perform ance in t erm s of t hroughput .
For each MCS Rat e ( 0- 15) , select eit her Ena ble d t o have t he NWA use t he dat a rat e.
Clear t he En a ble d check box if you do not want t he NWA t o use t he dat a rat e.
Turn on t he Aut o opt ion t o have t he NWA set t he dat a rat es aut om at ically t o opt im ize t he
t hroughput .
Note: You can set the NWA to use up to four MCS rates at a time.
64
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
6.4.2 Repeater Mode
Use t his screen t o have t he NWA act as a wireless repeat er. You need t o know t he MAC address of
t he peer device, which also m ust be in Repeat er or Root AP m ode.
Figure 23 Wireless LAN > Wireless Set t ings: Repeat er
The following t able describes t he bridge labels in t his screen.
Table 12 Wireless LAN > Wireless Set t ings: Repeat er
LABEL
DESCRIPTION
Basic Set t ings
Wireless LAN
I nt erface
Select t he check box t o t urn on t he wireless LAN on t he NWA.
Operat ion Mode
Select Re pe a t e r from t he drop- down list .
NWA1120 Series User’s Guide
65
Chapter 6 Wireless LAN
Table 12 Wireless LAN > Wireless Set t ings: Repeat er ( cont inued)
LABEL
DESCRIPTION
Wireless Mode
I f you are in t he W ir e le ss LAN > W ir e le ss Se t t in gs or W ir e le ss LAN > W ir e le ss
Se t t in gs- 2 .4 G screen, you can select from t he following:
•
•
•
8 0 2 .1 1 b/ g t o allow bot h I EEE802.11b and I EEE802.11g com pliant WLAN devices t o
associat e wit h t he NWA. The t ransm ission rat e of your NWA m ight be reduced.
8 0 2 .1 1 b/ g/ n t o allow I EEE802.11b, I EEE802.11g and I EEE802.11n com pliant WLAN
devices t o associat e wit h t he NWA. The t ransm ission rat e of t he NWA m ight be
reduced.
8 0 2 .1 1 n t o allow only I EEE802.11n com pliant WLAN devices t o associat e wit h t he
NWA.
I f you are in t he W ir e le ss LAN > W ir e le ss Se t t in gs- 5 G screen, you can select from
t he following:
•
•
•
8 0 2 .1 1 a / n t o allow I EEE802.11a and I EEE802.11n com pliant WLAN devices t o
associat e wit h t he NWA.
8 0 2 .1 1 a t o allow only I EEE802.11a com pliant WLAN devices t o associat e wit h t he
NWA.
8 0 2 .1 1 n t o allow only I EEE802.11n com pliant WLAN devices t o associat e wit h t he
NWA.
Channel
Select t he operat ing frequency/ channel depending on your part icular region from t he
drop- down list box.
Channel Widt h
This field displays only when you select 8 0 2 .1 1 n, 8 0 2 .1 1 a / n or 8 0 2 .1 1 b/ g/ n in t he
W ir e le ss M ode field.
A st andard 20MHz channel offers t ransfer speeds of up t o 150Mbps whereas a 40MHz
channel uses t wo st andard channels and offers speeds of up t o 300Mbps. However, not all
devices support 40MHz channels.
Select t he channel bandwidt h you want t o use for your wireless net work.
I t is recom m ended t hat you select 2 0 / 4 0 M H z. This allows t he NWA t o adj ust t he channel
bandw idt h depending on net work condit ions.
Select 2 0 M H z if you want t o lessen radio int erference wit h ot her wireless devices in your
neighborhood or t he wireless client s do not support channel bonding.
Universal Repeat er Set t ings
The Universal repeat er funct ion allows t he NWA in root AP or repeat er m ode t o set up a wireless connect ion
bet ween it and anot her NWA in root AP or repeat er m ode.
Note: Universal repeater security is independent of the security settings between the NWA and any wireless
clients.
Local MAC
Address
Loca l M AC Addr e ss is t he MAC address of your NWA.
Universal
Repeat er SSI D
Profile
Select t he SSI D profile you want t o use for universal repeat er connect ions wit h an AP or
repeat er or regular wireless connect ions wit h wireless client s.
Note: You can only configure None, WPA-PSK or WPA2-PSK security mode for the SSID
used by a universal repeater connection.
Root MAC
Address
Specify t he peer device’s MAC address. The peer device can be a NWA in eit her root AP
m ode or repeat er m ode.
Advanced Set t ings
66
Beacon I nt erval
When a wirelessly net work device sends a beacon, it includes wit h it a beacon int erval.
This specifies t he t im e period before t he device sends t he beacon again. The int erval t ells
receiving devices on t he net work how long t hey can wait in lowpower m ode before waking
up t o handle t he beacon. A high value helps save current consum pt ion of t he access point .
DTI M I nt erval
Delivery Traffic I ndicat ion Message ( DTI M) is t he t im e period aft er which broadcast and
m ult icast packet s are t ransm it t ed t o m obile client s in t he Act ive Pow er Managem ent
m ode. A high DTI M value can cause client s t o lose connect ivit y wit h t he net work.
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
Table 12 Wireless LAN > Wireless Set t ings: Repeat er ( cont inued)
LABEL
DESCRIPTION
Out put Pow er
Set t he out put power of t he NWA in t his field. I f t here is a high densit y of APs in an area,
decrease t he out put power of t he NWA t o reduce int erference wit h ot her APs. Select one
of t he following Fu ll ( Full Power) , 5 0 % , 2 5 % or 1 2 .5 % . See t he product specificat ions
for m ore inform at ion on your NWA’s out put power.
Pream ble Type
Select D yn a m ic t o have t he AP aut om at ically use short pream ble when wireless adapt ers
support it , ot herwise t he AP uses long pream ble.
Select Lon g if you are unsure what pream ble m ode t he wireless adapt ers support , and t o
provide m ore reliable com m unicat ions in busy wireless net works.
RTS/ CTS
Threshold
( Request To Send) The t hreshold ( num ber of byt es) for enabling RTS/ CTS handshake.
Dat a wit h it s fram e size larger t han t his value will perform t he RTS/ CTS handshake.
Set t ing t his at t ribut e t o be larger t han t he m axim um MSDU ( MAC service dat a unit ) size
t urns off t he RTS/ CTS handshake. Set t ing t his at t ribut e t o it s sm allest value ( 1) t urns on
t he RTS/ CTS handshake.
Fragm ent at ion
The t hreshold ( num ber of byt es) for t he fragm ent at ion boundary for direct ed m essages. I t
is t he m axim um dat a fragm ent size t hat can be sent .
Ext ension
Channel
Prot ect ion Mode
You can use CTS t o se lf or RTS- CTS prot ect ion m echanism t o reduce conflict s wit h ot her
wireless net works or hidden wireless client s. The t hroughput of RTS- CTS is m uch lower
t han CTS t o se lf. Using t his m ode m ay decrease your wireless perform ance.
A- MPDU
Aggregat ion
This field is available only when 8 0 2 .1 1 n , 8 0 2 .1 1 b/ g/ n or 8 0 2 .1 1 a / n is select ed as
t he W ir e le ss M ode .
Select t o enable A- MPDU aggregat ion.
Message Prot ocol Dat a Unit ( MPDU) aggregat ion collect s Et hernet fram es along wit h t heir
802.11n headers and wraps t hem in a 802.11n MAC header. This m et hod is useful for
increasing bandwidt h t hroughput in environm ent s t hat are prone t o high error rat es.
Short GI
This field is available only when 8 0 2 .1 1 n , 8 0 2 .1 1 b/ g/ n or 8 0 2 .1 1 a / n is select ed as
t he W ir e le ss M ode .
Select En a ble d t o use Sh or t GI ( Guard I nt erval) . The guard int erval is t he gap
int roduced bet ween dat a t ransm ission from users in order t o reduce int erference.
Reducing t he GI increases dat a t ransfer rat es but also increases int erference. I ncreasing
t he GI reduces dat a t ransfer rat es but also reduces int erference.
MCS Rat e
The M CS Ra t e t able is available only when 8 0 2 .1 1 n , 8 0 2 .1 1 b/ g/ n or 8 0 2 .1 1 a / n is
select ed in t he W ir e le ss M ode field.
I EEE 802.11n support s m any different dat a rat es which are called MCS rat es. MCS st ands
for Modulat ion and Coding Schem e. This is an 802.11n feat ure t hat increases t he wireless
net work perform ance in t erm s of t hroughput .
For each MCS Rat e ( 0- 15) , select eit her Ena ble d t o have t he NWA use t he dat a rat e.
Clear t he En a ble d check box if you do not want t he NWA t o use t he dat a rat e.
Turn on t he Aut o opt ion t o have t he NWA set t he dat a rat es aut om at ically t o opt im ize t he
t hroughput .
Note: You can set the NWA to use up to four MCS rates at a time.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1120 Series User’s Guide
67
Chapter 6 Wireless LAN
6.4.3 Wireless Client Mode
Use t his screen t o t urn your NWA int o a wireless client . Select Clie n t as t he Ope r a t ion M ode . The
following screen displays.
Figure 24 Wireless LAN > Wireless Set t ings: Wireless Client
The following t able describes t he general wireless LAN labels in t his screen.
Table 13 Wireless LAN > Wireless Set t ings: Wireless Client
LABEL
DESCRIPTION
Basic Set t ings
Wireless LAN
I nt erface
Select t he check box t o t urn on t he wireless LAN on t he NWA.
Operat ion Mode
Select Clie n t in t his field.
Sit e Survey
Click t his t o view a list of available wireless access point s wit hin t he range. Select t he AP
you want t o use.
Note: After selecting Client as the Operation Mode in the Basic Settings section, you must
click Apply to be able to select from the AP list.
68
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
Table 13 Wireless LAN > Wireless Set t ings: Wireless Client ( cont inued)
LABEL
DESCRIPTION
SSI D Profile
The SSI D ( Service Set I Dent ifier) ident ifies t he Service Set wit h which a wireless st at ion is
associat ed. Wireless st at ions associat ing t o t he access point ( AP) m ust have t he sam e
SSI D.
I n t his field, select t he SSI D profile of t he AP you want t o use. Click Apply.
The SSI D used in t he select ed SSI D profile aut om at ically changes t o be t he one you select
in t he Sit e Sur ve y screen.
Set t he securit y configurat ion for t his operat ing m ode in t he W ir e le ss LAN > Se cu r it y
screen. Check t he D a sh boa r d screen t o check if t he set t ings you set show in t he WLAN
inform at ion.
Note: If you are configuring the NWA from a computer connected to the wireless LAN and you
change the NWA’s SSID or security settings, you will lose your wireless connection
when you press Apply to confirm. You must then change the wireless settings of your
computer to match the NWA’s new settings.
Channel
This shows t he operat ing frequency/ channel in use. This field is read- only when you select
Clie n t as your operat ion m ode.
Channel Widt h
This field is not available in t he NWA1123- NI .
A st andard 20MHz channel offers t ransfer speeds of up t o 150Mbps whereas a 40MHz
channel uses t wo st andard channels and offers speeds of up t o 300Mbps. However, not all
devices support 40MHz channels.
Select t he channel bandwidt h you want t o use for your wireless net work.
I t is recom m ended t hat you select 2 0 / 4 0 M H z . This allows t he NWA t o adj ust t he channel
bandwidt h depending on net work condit ions.
Select 2 0 M H z if you want t o lessen radio int erference wit h ot her wireless devices in your
neighborhood or t he AP do not support channel bonding.
Advanced Set t ings
Out put Pow er
Set t he out put power of t he NWA in t his field. I f t here is a high densit y of APs in an area,
decrease t he out put power of t he NWA t o reduce int erference wit h ot her APs. Select one of
t he following Fu ll ( Full Power) , 5 0 % , 2 5 % or 1 2 .5 % . See t he product specificat ions for
m ore inform at ion on your NWA’s out put power.
Pream ble Type
Select D yn a m ic t o have t he NWA aut om at ically use short pream ble when t he wireless
net work your NWA is connect ed t o support s it , ot herwise t he NWA uses long pream ble.
Select Lon g pream ble if you are unsure what pream ble m ode t he wireless device your NWA
is connect ed t o support s, and t o provide m ore reliable com m unicat ions in busy wireless
net works.
RTS/ CTS
Threshold
( Request To Send) The t hreshold ( num ber of byt es) for enabling RTS/ CTS handshake. Dat a
wit h it s fram e size larger t han t his value will perform t he RTS/ CTS handshake. Set t ing t his
at t ribut e t o be larger t han t he m axim um MSDU ( MAC service dat a unit ) size t urns off t he
RTS/ CTS handshake. Set t ing t his at t ribut e t o it s sm allest value ( 1) t urns on t he RTS/ CTS
handshake.
Fragm ent at ion
This field is not available in t he NWA1123- NI .
The t hreshold ( num ber of byt es) for t he fragm ent at ion boundary for direct ed m essages. I t
is t he m axim um dat a fragm ent size t hat can be sent .
Ext ension
channel
prot ect ion m ode
You can use CTS t o se lf or RTS- CTS prot ect ion m echanism t o reduce conflict s wit h ot her
wireless net works or hidden wireless client s. The t hroughput of RTS- CTS is m uch lower
t han CTS t o se lf. Using t his m ode m ay decrease your wireless perform ance.
NWA1120 Series User’s Guide
69
Chapter 6 Wireless LAN
Table 13 Wireless LAN > Wireless Set t ings: Wireless Client ( cont inued)
LABEL
DESCRIPTION
A- MPDU
Aggregat ion
This field is not available in t he NWA1123- NI .
Select t o enable A- MPDU aggregat ion.
Message Prot ocol Dat a Unit ( MPDU) aggregat ion collect s Et hernet fram es along wit h t heir
802.11n headers and wraps t hem in a 802.11n MAC header. This m et hod is useful for
increasing bandwidt h t hroughput in environm ent s t hat are prone t o high error rat es.
Short GI
This field is not available in t he NWA1123- NI .
Select Ena ble d t o use Sh or t GI ( Guard I nt erval) . The guard int erval is t he gap int roduced
bet ween dat a t ransm ission from users in order t o reduce int erference. Reducing t he GI
increases dat a t ransfer rat es but also increases int erference. I ncreasing t he GI reduces dat a
t ransfer rat es but also reduces int erference.
70
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
6.4.4 MBSSID Mode
Use t his screen t o have t he NWA funct ion in MBSSI D m ode. Select M BSSI D as t he Ope r a t ion
M ode . The following screen diplays.
Figure 25 Wireless LAN > Wireless Set t ings: MBSSI D
The following t able describes t he labels in t his screen.
Table 14 Wireless LAN > Wireless Set t ings: MBSSI D
LABEL
DESCRIPTION
Basic Set t ings
Wireless LAN
I nt erface
Select t he check box t o t urn on t he wireless LAN on t he NWA.
Operat ion Mode
Select M BSSI D from t he drop- down list .
NWA1120 Series User’s Guide
71
Chapter 6 Wireless LAN
Table 14 Wireless LAN > Wireless Set t ings: MBSSI D ( cont inued)
LABEL
DESCRIPTION
Wireless Mode
I f you are in t he W ir e le ss LAN > W ir e le ss Se t t in gs or W ir e le ss LAN > W ir e le ss
Se t t in gs- 2 .4 G screen, you can select from t he following:
•
•
•
8 0 2 .1 1 b/ g t o allow bot h I EEE802.11b and I EEE802.11g com pliant WLAN devices t o
associat e wit h t he NWA. The t ransm ission rat e of your NWA m ight be reduced.
8 0 2 .1 1 b/ g/ n t o allow I EEE802.11b, I EEE802.11g and I EEE802.11n com pliant WLAN
devices t o associat e wit h t he NWA. The t ransm ission rat e of t he NWA m ight be
reduced.
8 0 2 .1 1 n t o allow only I EEE802.11n com pliant WLAN devices t o associat e wit h t he
NWA.
I f you are in t he W ir e le ss LAN > W ir e le ss Se t t in gs- 5 G screen, you can select from
t he following:
•
•
•
8 0 2 .1 1 a / n t o allow I EEE802.11a and I EEE802.11n com pliant WLAN devices t o
associat e wit h t he NWA.
8 0 2 .1 1 a t o allow only I EEE802.11a com pliant WLAN devices t o associat e wit h t he
NWA.
8 0 2 .1 1 n t o allow only I EEE802.11n com pliant WLAN devices t o associat e wit h t he
NWA.
Channel
Select t he operat ing frequency/ channel depending on your part icular region from t he
drop- down list box.
Channel Widt h
This field displays only when you select 8 0 2 .1 1 n, 8 0 2 .1 1 a / n or 8 0 2 .1 1 b/ g/ n in t he
W ir e le ss M ode field.
A st andard 20MHz channel offers t ransfer speeds of up t o 150Mbps whereas a 40MHz
channel uses t wo st andard channels and offers speeds of up t o 300Mbps. However, not all
devices support 40MHz channels.
Select t he channel bandwidt h you want t o use for your wireless net work.
Select 2 0 M H z if you want t o lessen radio int erference wit h ot her wireless devices in your
neighborhood or t he wireless client s do not support channel bonding.
Select SSI D
Profile
The SSI D ( Service Set I Dent ifier) ident ifies t he Service Set wit h which a wireless st at ion is
associat ed. Wireless st at ions associat ing t o t he access point ( AP) m ust have t he sam e
SSI D. You can have up t o eight SSI Ds act ive at t he sam e t im e.
Note: If you are configuring the NWA from a computer connected to the wireless LAN and
you change the NWA’s SSID or security settings, you will lose your wireless
connection when you press Apply to confirm. You must then change the wireless
settings of your computer to match the NWA’s new settings.
This is t he index num ber of each SSI D profile.
Act ivve
Select t he check box t o enable an SSI D profile. Ot herwise, clear t he check box.
Profile
Select an SSI D Pr ofile from t he drop- down list box.
Advanced Set t ings
72
Beacon I nt erval
When a wirelessly net work device sends a beacon, it includes wit h it a beacon int erval.
This specifies t he t im e period before t he device sends t he beacon again. The int erval t ells
receiving devices on t he net work how long t hey can wait in lowpower m ode before waking
up t o handle t he beacon. A high value helps save current consum pt ion of t he access point .
DTI M I nt erval
Delivery Traffic I ndicat ion Message ( DTI M) is t he t im e period aft er which broadcast and
m ult icast packet s are t ransm it t ed t o m obile client s in t he Act ive Pow er Managem ent
m ode. A high DTI M value can cause client s t o lose connect ivit y wit h t he net work.
Out put Pow er
Set t he out put power of t he NWA in t his field. I f t here is a high densit y of APs in an area,
decrease t he out put power of t he NWA t o reduce int erference wit h ot her APs. Select one
of t he following Fu ll ( Full Power) , 5 0 % , 2 5 % or 1 2 .5 % . See t he product specificat ions
for m ore inform at ion on your NWA’s out put power.
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
Table 14 Wireless LAN > Wireless Set t ings: MBSSI D ( cont inued)
LABEL
DESCRIPTION
Pream ble Type
Select D yn a m ic t o have t he AP aut om at ically use short pream ble when wireless adapt ers
support it , ot herwise t he AP uses long pream ble.
Select Lon g if you are unsure what pream ble m ode t he wireless adapt ers support , and t o
provide m ore reliable com m unicat ions in busy wireless net works.
RTS/ CTS
Threshold
( Request To Send) The t hreshold ( num ber of byt es) for enabling RTS/ CTS handshake.
Dat a wit h it s fram e size larger t han t his value will perform t he RTS/ CTS handshake.
Set t ing t his at t ribut e t o be larger t han t he m axim um MSDU ( MAC service dat a unit ) size
t urns off t he RTS/ CTS handshake. Set t ing t his at t ribut e t o it s sm allest value ( 1) t urns on
t he RTS/ CTS handshake.
Ext ension
Channel
Prot ect ion Mode
You can use CTS t o se lf or RTS- CTS prot ect ion m echanism t o reduce conflict s wit h ot her
wireless net works or hidden wireless client s. The t hroughput of RTS- CTS is m uch lower
t han CTS t o se lf. Using t his m ode m ay decrease your wireless perform ance.
A- MPDU
Aggregat ion
This field is available only when 8 0 2 .1 1 n , 8 0 2 .1 1 b/ g/ n or 8 0 2 .1 1 a / n is select ed as
t he W ir e le ss M ode .
Select t o enable A- MPDU aggregat ion.
Message Prot ocol Dat a Unit ( MPDU) aggregat ion collect s Et hernet fram es along wit h t heir
802.11n headers and wraps t hem in a 802.11n MAC header. This m et hod is useful for
increasing bandwidt h t hroughput in environm ent s t hat are prone t o high error rat es.
Short GI
This field is available only when 8 0 2 .1 1 n , 8 0 2 .1 1 b/ g/ n or 8 0 2 .1 1 a / n is select ed as
t he W ir e le ss M ode .
Select En a ble d t o use Sh or t GI ( Guard I nt erval) . The guard int erval is t he gap
int roduced bet ween dat a t ransm ission from users in order t o reduce int erference.
Reducing t he GI increases dat a t ransfer rat es but also increases int erference. I ncreasing
t he GI reduces dat a t ransfer rat es but also reduces int erference.
MCS Rat e
The M CS Ra t e t able is available only when 8 0 2 .1 1 n , 8 0 2 .1 1 b/ g/ n or 8 0 2 .1 1 a / n is
select ed in t he W ir e le ss M ode field.
I EEE 802.11n support s m any different dat a rat es which are called MCS rat es. MCS st ands
for Modulat ion and Coding Schem e. This is an 802.11n feat ure t hat increases t he wireless
net work perform ance in t erm s of t hroughput .
For each MCS Rat e ( 0- 15) , select eit her Ena ble d t o have t he NWA use t he dat a rat e.
Clear t he En a ble d check box if you do not want t he NWA t o use t he dat a rat e.
Turn on t he Aut o opt ion t o have t he NWA set t he dat a rat es aut om at ically t o opt im ize t he
t hroughput .
Note: You can set the NWA to use up to four MCS rates at a time.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1120 Series User’s Guide
73
Chapter 6 Wireless LAN
6.5 SSID Screen
Use t his screen t o view and m odify t he set t ings of t he SSI D profiles on t he NWA. Click W ir e le ss
LAN > SSI D t o display t he screen as shown.
Figure 26 Wireless LAN > SSI D
The following t able describes t he labels in t his screen.
Table 15 Wireless LAN > SSI D
LABEL
DESCRI PTI ON
Profile Set t ings
74
This field displays t he index num ber of each SSI D profile.
Profile Nam e
This field displays t he ident ificat ion nam e of each SSI D profile on t he NWA.
SSI D
This field displays t he SSI D ( Service Set I Dent ifier) , t hat is, t he nam e of t he wireless
net work t o which a wireless client can connect . When a wireless client scans for an AP
t o associat e wit h, t his is t he nam e t hat is broadcast and seen in t he wireless client
ut ilit y.
Securit y
This field indicat es which securit y profile is current ly associat ed wit h each SSI D
profile. See Sect ion 6.6 on page 76 for m ore inform at ion.
RADI US
This field displays which RADI US profile is current ly associat ed wit h each SSI D
profile, if you have a RADI US server configured.
QoS
This field displays t he Qualit y of Service set t ing for t his profile or N ON E if QoS is not
configured on a profile.
MAC Filt er
This field displays which MAC filt er profile is current ly associat ed wit h each SSI D
profile, or D isa ble if MAC filt ering is not configured on an SSI D profile.
Modify
Click Edit t o go t o t he SSI D configurat ion screen where you can m odify set t ings in an
SSI D profile.
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
6.5.1 Configuring SSID
Use t his screen t o configure an SSI D profile. I n t he W ir e le ss LAN > SSI D screen, click Edit next
t o t he SSI D profile you want t o configure t o display t he following screen.
Figure 27 SSI D: Edit
The following t able describes t he labels in t his screen.
Table 16 SSI D: Edit
LABEL
DESCRI PTI ON
Profile Nam e
This is t he nam e t hat ident ifying t his profile.
SSI D
When a wireless client scans for an AP t o associat e wit h, t his is t he nam e t hat is
broadcast and seen in t he wireless client ut ilit y.
Securit y
Select a securit y profile t o use wit h t his SSI D profile. See Sect ion 6.6 on page 76 for
m ore inform at ion. I f you do not want t his profile t o use wireless securit y, select
D isa ble d.
RADI US
Select a RADI US profile from t he drop- down list box, if you have a RADI US server
configured. I f you do not need t o use RADI US aut hent icat ion, ignore t his field. See
Sect ion 6.7 on page 82 for m ore inform at ion.
MAC Filt ering
Select a MAC filt er profile from t he drop- down list box. I f you do not want t o use MAC
filt ering on t his profile, select D isa ble d.
NWA1120 Series User’s Guide
75
Chapter 6 Wireless LAN
Table 16 SSI D: Edit ( cont inued)
LABEL
DESCRI PTI ON
QoS
Select t he Qualit y of Service priorit y for t his BSS’s t raffic.
•
•
•
I f you select W M M from t he QoS list , t he priorit y of a dat a packet depends on t he
packet ’s I EEE 802.1q or DSCP header. I f a packet has no WMM value assigned t o
it , it is assigned t he default priorit y.
I f you select W M M _ VOI CE, W M M _ VI D EO, W M M _ BESTEFFORT or
W M M _ BACKGROUN D, t he NWA applies t hat QoS set t ing t o all of t hat SSI D’s
t raffic.
I f you select N on e , t he NWA applies no priorit y t o t raffic on t his SSI D.
Note: When you configure an SSID profile’s QoS settings, the NWA applies the same
QoS setting to all of the profile’s traffic.
BSSI D VLAN I D
Ent er a VLAN I D for t he SSI D profile.
Packet s com ing from t he WLAN using t his SSI D profile are t agged wit h t he VLAN I D
num ber by t he NWA.
Num ber of Wireless
St at ions Allowed t o
Associat e
Use t his field t o set a m axim um num ber of wireless st at ions t hat m ay connect t o t he
device.
Hidden SSI D
I f you do not select t he checkbox, t he NWA broadcast s t his SSI D ( a wireless client
scanning for an AP will find t his SSI D) . Alt ernat ively, if you select t he checkbox, t he
NWA hides t his SSI D ( a wireless client scanning for an AP will not find t his SSI D) .
I nt ra- BSS Traffic
Blocking
Select t his t o prevent wireless client s in t his profile’s BSS from com m unicat ing wit h
one anot her.
Enable Layer- 2
I solat ion
Select t his t o enable layer- 2 isolat ion for t his profile. Wireless client s t hat connect t o
t he WLAN using t his SSI D can access only cert ain pre- defined devices. See Sect ion
6.8 on page 84.
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
I nt ra- BSS t raffic blocking is enabled aut om at ically when you enable layer- 2 isolat ion.
6.6 Wireless Security Screen
Use t his screen t o choose t he securit y m ode for your NWA.
76
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
Click W ir e le ss LAN > Se cu r it y. Select t he profile t hat you want t o configure and click Edit .
Figure 28 Wireless > Securit y
The Se cur it y Se t t in gs screen varies depending upon t he securit y m ode you select .
Figure 29 Securit y: None
Not e t hat som e screens display different ly depending on t he operat ing m ode select ed in t he
W ir e le ss LAN > W ir e le ss Se t t ings, N e t w or k > W ir e le ss LAN > W ir e le ss Se t t ings- 2 .4 G or
N e t w or k > W ir e le ss LAN > W ir e le ss Se t t ings - 5 G screen.
Not e: You m ust enable t he sam e wireless securit y set t ings on t he NWA and on all w ireless
client s t hat you want t o associat e wit h it .
NWA1120 Series User’s Guide
77
Chapter 6 Wireless LAN
6.6.1 Security: WEP
Use t his screen t o use WEP as t he securit y m ode for your NWA. Select W EP in t he Se cur it y M ode
field t o display t he following screen.
Figure 30 Securit y: WEP
The following t able describes t he labels in t his screen.
Table 17 Securit y: WEP
78
LABEL
DESCRIPTION
Profile Nam e
This is t he nam e t hat ident ifying t his profile.
Securit y Mode
Choose W EP in t his field.
Aut hent icat ion
Type
Select Ope n or Sh a r e d from t he drop- down list box.
Dat a Encrypt ion
Select 6 4 - bit W EP or 1 2 8 - bit W EP t o enable dat a encrypt ion.
Passphrase
Ent er t he passphrase or st ring of t ext used for aut om at ic WEP key generat ion on wireless
client adapt ers.
Generat e
Click t his t o get t he keys from t he Pa ssph r a se you ent ered.
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
Table 17 Securit y: WEP ( cont inued)
LABEL
DESCRIPTION
Key 1 t o
The WEP keys are used t o encrypt dat a. Bot h t he NWA and t he wireless st at ions m ust use
t he sam e WEP key for dat a t ransm ission.
Key 4
I f you chose 6 4 - bit W EP, t hen ent er any 5 ASCI I charact ers or 10 hexadecim al
charact ers ( " 0- 9" , " A- F" ) .
I f you chose 1 2 8 - bit W EP, t hen ent er 13 ASCI I charact ers or 26 hexadecim al charact ers
( " 0- 9" , " A- F" ) .
You can configure up t o four keys, but only one key can be act ivat ed at any one t im e.
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
6.6.2 Security: WPA, WPA2, WPA2-MIX
This screen varies depending on t he operat ing m ode you select in t he W ir e le ss LAN > W ir e le ss
Se t t in gs screen.
6.6.2.1 Access Point
Use t his screen t o em ploy WPA or WPA2 as t he securit y m ode for your NWA t hat is in root AP,
MBSSI D or repeat er operat ing m ode. Select W PA, W PA2 or W PA2 - M I X in t he Se cur it y M ode
field t o display t he following screen.
Figure 31 Securit y: WPA/ WPA2 for Access Point
The following t able describes t he labels in t his screen.
Table 18 Securit y: WPA/ WPA2 for Access Point
LABEL
DESCRIPTION
Securit y Set t ings
Profile Nam e
This is t he nam e t hat ident ifying t his profile.
Securit y Mode
Choose W PA, W PA2 or W PA- M I X in t his field.
Rekey Opt ions
NWA1120 Series User’s Guide
79
Chapter 6 Wireless LAN
Table 18 Securit y: WPA/ WPA2 for Access Point ( cont inued)
LABEL
DESCRIPTION
Reaut hent icat ion
Tim e
Specify how oft en wireless st at ions have t o resend user nam es and passwords in order t o
st ay connect ed.
Ent er a t im e int erval bet ween 100 and 3600 seconds. Alt ernat ively, ent er “ 0” t o t urn
reaut hent icat ion off.
Note: If wireless station authentication is done using a RADIUS server, the reauthentication
timer on the RADIUS server has priority.
Enable Group- Key
Updat e
Select t his opt ion t o have t he NWA aut om at ically disconnect a wireless st at ion from t he
wired net work aft er a period of inact ivit y. The wireless st at ion needs t o ent er t he user
nam e and password again before access t o t he wired net work is allowed.
Ent er a t im e int erval bet ween 100 and 3600 seconds.
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
6.6.2.2 Wireless Client
Use t his screen t o em ploy WPA or WPA2 as t he securit y m ode for your NWA t hat is in wireless client
operat ing m ode. Select W PA or W PA2 in t he Se cur it y M ode field t o display t he following screen.
Figure 32 Securit y: WPA for Wireless Client
80
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
The following t able describes t he labels in t his screen.
Table 19 Securit y: WPA/ WPA2 for Wireless Client
LABEL
DESCRIPTION
Securit y Set t ings
Profile Nam e
This is t he nam e t hat ident ifying t his profile.
Securit y Mode
Choose t he sam e securit y m ode used by t he AP.
Dat a Encrypt ion
This shows t he encrypt ion m et hod used by t he NWA.
I EEE802.1x Aut hent icat ion
Eap Type
The opt ions on t he left refer t o EAP m et hods. You can choose eit her TLS, LEAP, PEAP or
TTLS.
I f you select TTLS or PEAP, t he opt ions on t he right refer t o aut hent icat ion prot ocols. You
can choose bet ween PAP, CH AP, M SCH AP, M SCH APv2 and/ or GTC.
User I nform at ion
Usernam e
Supply t he user nam e of t he account creat ed in t he RADI US server.
Login Nam e
Password
Supply t he password of t he account creat ed in t he RADI US server.
Cert ificat e
User Cert ificat e
I f you select TLS, ent er t he nam e of t he cert ificat e used t o t o verify t he ident it y of client s.
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
6.6.3 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX
Use t his screen t o em ploy WPA- PSK, WPA2- PSK or WPA2- PSK- MI X as t he securit y m ode of your
NWA. Select W PA- PSK, W PA2 - PSK or W PA2 - PSK- M I X in t he Se cur it y M ode field t o display t he
following screen.
Figure 33 Securit y: WPA- PSK, WPA2- PSK or WPA2- PSK- MI X
NWA1120 Series User’s Guide
81
Chapter 6 Wireless LAN
The following t able describes t he labels not previously discussed
Table 20 Securit y: WPA- PSK, WPA2- PSK or WPA2- PSK- MI X
LABEL
DESCRIPTION
Profile Nam e
This is t he nam e t hat ident ifying t his profile.
Securit y Mode
Choose W PA- PSK, W PA2 - PSK or W PA2 - PSK- M I X in t his field.
Pre- Shared Key
The encrypt ion m echanism s used for W PA and W PA- PSK are t he sam e. The only
difference bet ween t he t wo is t hat W PA- PSK uses a sim ple com m on password, inst ead
of user- specific credent ials.
Type a pre- shared key from 8 t o 63 case- sensit ive ASCI I charact ers ( including spaces
and sym bols) .
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
6.7 RADIUS Screen
Use t his screen t o set up your NWA’s RADI US server set t ings. Click W ir e le ss LAN > RAD I US. The
screen appears as shown.
Figure 34 Wireless LAN > RADI US
82
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
Select a profile you want t o configure and click Edit .
Figure 35 Wireless LAN > RADI US
The following t able describes t he labels in t his screen.
Table 21 Wireless LAN > RADI US
LABEL
DESCRIPTION
Profile Nam e
This is t he nam e t hat ident ifying t his RADI US profile.
Prim ary RADI US
Server
Select t he check box t o enable user aut hent icat ion t hrough an ext ernal aut hent icat ion
server.
Prim ary Server I P
Address
Ent er t he I P address of t he RADI US server t o be used for aut hent icat ion.
Prim ary Server
Port
Ent er t he port num ber of t he RADI US server t o be used for aut hent icat ion.
Prim ary Share
Secret
Ent er a password ( up t o 64 alphanum eric charact ers) as t he key t o be shared
bet ween t he ext ernal aut hent icat ion server and t he NWA. The key m ust be t he sam e
on t he ext ernal aut hent icat ion server and your NWA. The key is not sent over t he
net work.
NWA1120 Series User’s Guide
83
Chapter 6 Wireless LAN
Table 21 Wireless LAN > RADI US ( cont inued)
LABEL
DESCRIPTION
Backup RADI US
Server
I f t he NWA cannot com m unicat e wit h t he prim ary RADI US server, you can have t he
NWA use a backup RADI US server. Make sure t he check boxe is select ed if you want
t o use t he backup server.
The NWA will at t em pt t o com m unicat e t hree t im es before using t he backup server.
Request s can be issued from t he client int erface t o use t he backup server. The lengt h
of t im e for each aut hent icat ion is decided by t he wireless client or based on t he
configurat ion of t he Re a u t h e n t ica t ion Tim e field in t he W ir e le ss LAN > Se cu r it y
screen.
Backup Server I P
Address
Ent er t he I P address of t he RADI US server t o be used for aut hent icat ion.
Backup Server
Port
Ent er t he port num ber of t he RADI US server t o be used for aut hent icat ion.
Backup Share
Secret
Ent er a password ( up t o 64 alphanum eric charact ers) as t he key t o be shared
bet ween t he ext ernal aut hent icat ion server and t he NWA. The key m ust be t he sam e
on t he ext ernal aut hent icat ion server and your NWA. The key is not sent over t he
net work.
Prim ary Account ing
Server
Select t he check box t o enable user account ing t hrough an ext ernal aut hent icat ion
server.
Prim ary Server I P
Address
Ent er t he I P address of t he ext ernal account ing server in dot t ed decim al not at ion.
Prim ary Server
Port
Ent er t he port num ber of t he ext ernal account ing server.
Prim ary Share
Secret
Ent er a password ( up t o 64 alphanum eric charact ers) as t he key t o be shared
bet ween t he ext ernal account ing server and t he NWA. The key m ust be t he sam e on
t he ext ernal account ing server and your NWA. The key is not sent over t he net work.
Backup Account ing
Server
I f t he NWA cannot com m unicat e wit h t he prim ary account ing server, you can have
t he NWA use a backup account ing server. Make sure t he check boxe is select ed if you
want t o use t he backup server.
The NWA will at t em pt t o com m unicat e t hree t im es before using t he backup server.
Backup Server I P
Address
Ent er t he I P address of t he ext ernal account ing server in dot t ed decim al not at ion.
Backup Server
Port
Ent er t he port num ber of t he ext ernal account ing server.
Backup Share
Secret
Ent er a password ( up t o 64 alphanum eric charact ers) as t he key t o be shared
bet ween t he ext ernal account ing server and t he NWA. The key m ust be t he sam e on
t he ext ernal account ing and your NWA. The key is not sent over t he net work.
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
6.8 Layer-2 Isolation
Layer- 2 isolat ion is used t o prevent wireless client s associat ed wit h your NWA from com m unicat ing
wit h ot her wireless client s, APs, com put ers or rout ers in a net work.
I n t he following exam ple, layer- 2 isolat ion is enabled on t he NWA t o allow a guest wireless client
( A) t o access t he m ain net work rout er ( B) . The rout er provides access t o t he I nt ernet and t he
net work print er ( C) while prevent ing t he client from accessing ot her com put ers and servers on t he
84
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
net work. The client can com m unicat e wit h ot her wireless client s only if I nt ra- BSS Traffic blocking is
disabled.
Not e: I n t r a - BSS Tr a ffic Block in g is act ivat ed when you enable layer- 2 isolat ion.
Figure 36 Layer- 2 I solat ion Applicat ion
MAC addresses t hat are not list ed in t he layer- 2 isolat ion t able are blocked from com m unicat ing
wit h t he NWA’s wireless client s except for broadcast packet s. Layer- 2 isolat ion does not check t he
t raffic bet ween wireless client s t hat are associat ed wit h t he sam e AP. I nt ra- BSS Traffic allows
wireless client s associat ed wit h t he sam e AP t o com m unicat e wit h each ot her.
6.8.1 Layer-2 Isolation Screen
Use t his screen t o specify devices you want t he users on your wireless net works t o access. Click
W ir e le ss LAN > La ye r - 2 I sola t ion . The screen displays as shown.
NWA1120 Series User’s Guide
85
Chapter 6 Wireless LAN
Not e: You need t o know t he MAC address of each wireless client , AP, com put er or rout er
t hat you want t o allow t o com m unicat e wit h t he NWA's wireless client s.
Figure 37 Wireless LAN > Layer- 2 I solat ion
The following t able describes t he labels in t his screen.
Table 22 Wireless LAN > Layer- 2 I solat ion
LABEL
DESCRIPTION
I ndex
This is t he index num ber of t he MAC address list ed.
MAC Address
Ent er t he MAC addresses of t he wireless client , AP, com put er or rout er t hat you want t o
allow t he associat ed wireless client s t o have access t o in t hese address fields. Ent er t he
MAC address in a valid MAC address form at ( six hexadecim al charact er pairs, for
exam ple 12: 34: 56: 78: 9a: bc) .
Descript ion
Ent er a nam e t o ident ify t his device.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
6.9 MAC Filter Screen
Every Et hernet device has a unique MAC ( Media Access Cont rol) address. The MAC address is
assigned at t he fact ory and consist s of six pairs of hexadecim al charact ers, for exam ple,
86
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
00: A0: C5: 00: 00: 02. You need t o know t he MAC address of each device t o configure MAC filt ering
on t he NWA.
The MAC filt er funct ion allows you t o configure t he NWA t o grant access t o t he NWA from ot her
wireless devices ( Allow Associat ion) or exclude devices from accessing t he NWA ( Deny Associat ion) .
Figure 38 MAC Filt ering
I n t he figure above, wireless client U is able t o connect t o t he I nt ernet because it s MAC address is
in t he allowed associat ion list specified in t he NWA. The MAC address of client A is eit her denied
associat ion or is not in t he list of allowed wireless client s specified in t he NWA.
Use t his screen t o enable MAC address filt ering in your NWA. You can specify MAC addresses t o
eit her allow or deny associat ion wit h your NWA. Click W ir e le ss LAN > M AC Filt e r. The screen
displays as shown.
Figure 39 Wireless LAN > MAC Filt er
NWA1120 Series User’s Guide
87
Chapter 6 Wireless LAN
Select a profile you want t o configure and click Edit .
Figure 40 MAC Filt er: Edit
The following t able describes t he labels in t his screen.
Table 23 Wireless LAN > MAC Filt er
LABEL
DESCRIPTION
Profile Nam e
This is t he nam e t hat ident ifying t his profile.
Access Cont rol Mode
Select D isa ble d if you do not want t o use t his feat ure.
Select Allow t o perm it access t o t he NWA. MAC addresses not list ed will be denied
access t o t he NWA.
Select D e n y t o block access t o t heNWA. MAC addresses not list ed will be allowed t o
access t he NWA.
This is t he index num ber of t he MAC address list ed.
MAC Address
Ent er t he MAC addresses ( in XX: XX: XX: XX: XX: XX form at ) of t he wireless st at ion t o be
allowed or denied access t o t he NWA.
Back
Click Ba ck t o ret urn t o t he previous screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
6.10 Technical Reference
This sect ion provides t echnical background inform at ion about t he t opics covered in t his chapt er.
Refer t o Appendix E on page 187 for furt her readings on Wireless LAN.
88
NWA1120 Series User’s Guide
Chapter 6 Wireless LAN
6.10.1 Additional Wireless Terms
Table 24 Addit ional Wireless Term s
TERM
DESCRIPTION
I nt ra- BSS Traffic
This describes direct com m unicat ion ( not t hrough t he NWA) bet ween t wo wireless
devices wit hin a wireless net work. You m ight disable t his kind of com m unicat ion t o
enhance securit y wit hin your wireless net work.
RTS/ CTS Threshold
I n a wireless net work which covers a large area, wireless devices are som et im es not
aware of each ot her ’s presence. This m ay cause t hem t o send inform at ion t o t he AP
at t he sam e t im e and result in inform at ion colliding and not get t ing t hrough.
By set t ing t his value lower t han t he default value, t he wireless devices m ust
som et im es get perm ission t o send inform at ion t o t he NWA. The lower t he value, t he
m ore oft en t he devices m ust get perm ission.
I f t his value is great er t han t he fragm ent at ion t hreshold value ( see below) , t hen
wireless devices never have t o get perm ission t o send inform at ion t o t he NWA.
Pream ble
A pream ble affect s t he t im ing in your wireless net work. There are t wo pream ble
m odes: long and short . I f a device uses a different pream ble m ode t han t he NWA
does, it cannot com m unicat e wit h t he NWA.
Fragm ent at ion
Threshold
A sm all fragm ent at ion t hreshold is recom m ended for busy net works, while a larger
t hreshold provides fast er perform ance if t he net work is not very busy.
Roam ing
I f you have t wo or m ore NWAs ( or ot her wireless access point s) on your wireless
net work, you can enable t his opt ion so t hat wireless devices can change locat ions
wit hout having t o log in again. This is useful for devices, such as not ebooks, t hat
m ove around a lot .
Ant enna
An ant enna couples Radio Frequency ( RF) signals ont o air. A t ransm it t er wit hin a
wireless device sends an RF signal t o t he ant enna, which propagat es t he signal
t hrough t he air. The ant enna also operat es in reverse by capt uring RF signals from
t he air.
Posit ioning t he ant ennas properly increases t he range and coverage area of a wireless
LAN.
6.10.2 WMM QoS
WMM ( Wi- Fi Mult iMedia) QoS ( Qualit y of Service) ensures qualit y of service in wireless net works. I t
cont rols WLAN t ransm ission priorit y on packet s t o be t ransm it t ed over t he wireless net work.
WMM QoS priorit izes wireless t raffic according t o t he delivery requirem ent s of t he individual and
applicat ions. WMM QoS is a part of t he I EEE 802.11e QoS enhancem ent t o cert ified Wi- Fi wireless
net works.
On APs wit hout WMM QoS, all t raffic st ream s are given t he sam e access priorit y t o t he wireless
net work. I f t he int roduct ion of anot her t raffic st ream creat es a dat a t ransm ission dem and t hat
exceeds t he current net work capacit y, t hen t he new t raffic st ream reduces t he t hroughput of t he
ot her t raffic st ream s.
The NWA uses WMM QoS t o priorit ize t raffic st ream s according t o t he I EEE 802.1q or DSCP
inform at ion in each packet ’s header. The NWA aut om at ically det erm ines t he priorit y t o use for an
individual t raffic st ream . This prevent s reduct ions in dat a t ransm ission for applicat ions t hat are
sensit ive t o lat ency and j it t er ( variat ions in delay) .
NWA1120 Series User’s Guide
89
Chapter 6 Wireless LAN
6.10.2.1 WMM QoS Priorities
The following t able describes t he WMM QoS priorit y levels t hat t he NWA uses.
Table 25 WMM QoS Priorit ies
Priorit y Level
descript ion
voice
Typically used for t raffic t hat is especially sensit ive t o j it t er. Use t his priorit y t o
reduce lat ency for im proved voice qualit y.
( WMM_VOI CE)
video
( WMM_VI DEO)
best effort
( WMM_BESTEFFORT)
background
( WMM_BACKGROUND)
Typically used for t raffic which has som e t olerance for j it t er but needs t o be
priorit ized over ot her dat a t raffic.
Typically used for t raffic from applicat ions or devices t hat lack QoS capabilit ies. Use
best effort priorit y for t raffic t hat is less sensit ive t o lat ency, but is affect ed by long
delays, such as I nt ernet surfing.
This is t ypically used for non- crit ical t raffic such as bulk t ransfers and print j obs
t hat are allowed but t hat should not affect ot her applicat ions and users. Use
background priorit y for applicat ions t hat do not have st rict lat ency and t hroughput
requirem ent s.
6.10.3 Security Mode Guideline
The following is a general guideline in choosing t he securit y m ode for your NWA.
• Use WPA( 2) - PSK if you have WPA( 2) - aware wireless client s but no RADI US server.
• Use WPA( 2) securit y if you have WPA( 2) - aware wireless client s and a RADI US server. WPA has
user aut hent icat ion and im proved dat a encrypt ion over WEP.
• Use WPA( 2) - PSK if you have WPA( 2) - aware wireless client s but no RADI US server.
• I f you don’t have WPA( 2) - aware wireless client s, t hen use WEP key encrypt ing. A higher bit key
offers bet t er securit y. You can m anually ent er 64- bit or 128- bit WEP keys.
More inform at ion on Wireless Securit y can be found in Appendix E on page 187.
90
NWA1120 Series User’s Guide
C HAPT ER
LAN
7.1 Overview
This chapt er describes how you can configure t he I P address of your NWA.
The I nt ernet Prot ocol ( I P) address ident ifies a device on a net work. Every net working device
( including com put ers, servers, rout ers, print ers, et c.) needs an I P address t o com m unicat e across
t he net work. These net working devices are also known as host s.
Figure 41 I Pv4 Set up
The figure above illust rat es one possible set up of your NWA. The gat eway I Pv4 address is
192.168.1.1 and t he I Pv4 address of t he NWA is 192.168.1.2 ( default ) . The gat eway and t he device
m ust belong in t he sam e subnet m ask t o be able t o com m unicat e wit h each ot her.
7.2 What You Can Do in this Chapter
Use t he LAN I P screen t o configure t he I P address of your NWA ( see Sect ion 7.4 on page 93) .
7.3 What You Need to Know
The Et hernet param et ers of t he NWA are preset in t he fact ory wit h t he following values:
I P address of 192.168.1.2
Subnet m ask of 255.255.255.0 ( 24 bit s)
NWA1120 Series User’s Guide
91
Chapter 7 LAN
IPv6
I Pv6 ( I nt ernet Prot ocol version 6) , is designed t o enhance I P address size and feat ures. The
increase in I Pv6 address size t o 128 bit s ( from t he 32- bit I Pv4 address) allows up t o 3.4 x 10 38 I P
addresses.
IPv6 Addressing
The 128- bit I Pv6 address is writ t en as eight 16- bit hexadecim al blocks separat ed by colons ( : ) . This
is an exam ple I Pv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000.
I Pv6 addresses can be abbreviat ed in t wo ways:
• Leading zeros in a block can be om it t ed. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can
be writ t en as 2001:db8:1a2b:15:0:0:1a2f:0.
• Any num ber of consecut ive blocks of zeros can be replaced by a double colon. A double colon can
only appear once in an I Pv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can be
writ t en as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015,
2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.
Prefix and Prefix Length
Sim ilar t o an I Pv4 subnet m ask, I Pv6 uses an address prefix t o represent t he net work address. An
I Pv6 prefix lengt h specifies how m any m ost significant bit s ( st art from t he left ) in t he address
com pose t he net work address. The prefix lengt h is writ t en as “ / x” where x is a num ber. For
exam ple,
2001:db8:1a2b:15::1a2f:0/32
m eans t hat t he first 32 bit s ( 2001:db8) is t he subnet prefix.
Link-local Address
A link- local address uniquely ident ifies a device on t he local net work ( t he LAN) . I t is sim ilar t o a
“ privat e I P address” in I Pv4. You can have t he sam e link- local address on m ult iple int erfaces on a
device. A link- local unicast address has a predefined prefix of fe80: : / 10. The link- local unicast
address form at is as follows.
Table 26 Link- local Unicast Address Form at
1111 1110 10
I nt erface I D
10 bit s
54 bit s
64 bit s
Global Address
A global address uniquely ident ifies a device on t he I nt ernet . I t is sim ilar t o a “ public I P address” in
I Pv4. A global unicast address st art s wit h a 2 or 3.
92
NWA1120 Series User’s Guide
Chapter 7 LAN
7.4 LAN IP Screen
Use t his screen t o configure t he I P address for your NWA. Click N e t w or k > LAN t o display t he
following screen.
Figure 42 LAN I P
The following t able describes t he labels in t his screen.
Table 27 LAN I P
LABEL
DESCRIPTION
I Pv4 Address
Assignm ent
Obt ain I P Address
Aut om at ically
Select t his opt ion if your NWA is using a dynam ically assigned I Pv4 address from a
DHCP server each t im e.
Note: You must know the IP address assigned to the NWA (by the DHCP server) to
access the NWA again.
Use Fixed I P Address
I P Address
Select t his opt ion if your NWA is using a st at ic I Pv4 address. When you select t his
opt ion, fill in t he fields below.
Ent er t he I P address of your NWA in dot t ed decim al not at ion.
Note: If you change the NWA's IP address, you must use the new IP address if you
want to access the web configurator again.
Subnet Mask
Type t he subnet m ask.
Gat eway I P
Address
Type t he I Pv4 address of t he gat eway. The gat eway is an im m ediat e neighbor of your
NWA t hat will forward t he packet t o t he dest inat ion. On t he LAN, t he gat eway m ust
be a rout er on t he sam e segm ent as your NWA; over t he WAN, t he gat eway m ust be
t he I P address of one of t he rem ot e nodes.
NWA1120 Series User’s Guide
93
Chapter 7 LAN
Table 27 LAN I P ( cont inued)
LABEL
DESCRIPTION
I Pv6 Address
Assignm ent
Enable St at eful
Address Aut oconfigurat ion
Select t his t o t urn on I Pv6 st at eful aut oconfigurat ion t o have t he NWA obt ain an I Pv6
global address from a DHCPv6 server in your net work.
I Pv6 Address/ Prefix
Lengt h
Ent er your I Pv6 address and prefix m anually.
Syst em DNS Servers
94
Prim ary DNS Server
Ent er t he I Pv4 address of t he first DNS ( Dom ain Nam e Service) server, if provided.
Secondary DNS Server
Ent er t he I Pv4 address of t he second DNS ( Dom ain Nam e Service) server address, if
provided.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1120 Series User’s Guide
C HAPT ER
VLAN
8.1 Overview
This chapt er discusses how t o configure t he NWA’s VLAN set t ings.
Figure 43 Managem ent VLAN Set up
I n t he figure above, t o access and m anage t he NWA from com put er A, t he NWA and swit ch B’s
port s t o which com put er A and t he NWA are connect ed should be in t he sam e VLAN.
8.1.1 What You Can Do in This Chapter
The VLAN screens let you set up t he NWA’s m angem ent VLAN ( Sect ion 8.3 on page 96) .
8.2 What You Need to Know
Introduction to VLANs
A Virt ual Local Area Net work ( VLAN) allows a physical net work t o be part it ioned int o m ult iple logical
net works. Devices on a logical net work belong t o one group. A device can belong t o m ore t han one
group. Wit h VLAN, a device cannot direct ly t alk t o or hear from devices t hat are not in t he sam e
group( s) ; t he t raffic m ust first go t hrough a rout er.
I n Mult i-Tenant Unit ( MTU) applicat ions, VLAN is vit al in providing isolat ion and securit y am ong t he
subscribers. When properly configured, VLAN prevent s one subscriber from accessing t he net work
resources of anot her on t he sam e LAN, t hus a user will not see t he print ers and hard disks of
anot her user in t he sam e building.
NWA1120 Series User’s Guide
95
Chapter 8 VLAN
VLAN also increases net work perform ance by lim it ing broadcast s t o a sm aller and m ore
m anageable logical broadcast dom ain. I n t radit ional swit ched environm ent s, all broadcast packet s
go t o each and every individual port . Wit h VLAN, all broadcast s are confined t o a specific broadcast
dom ain.
IEEE 802.1Q Tag
The I EEE 802.1Q st andard defines an explicit VLAN t ag in t he MAC header t o ident ify t he VLAN
m em bership of a fram e across bridges. A VLAN t ag includes t he 12- bit VLAN I D and 3- bit user
priorit y. The VLAN I D associat es a fram e wit h a specific VLAN and provides t he inform at ion t hat
devices need t o process t he fram e across t he net work.
8.3 VLAN Screen
Use t his screen t o set up t he VLAN for m anaging t he NWA. Click N e t w or k > VLAN t o display t he
screen as shown.
Figure 44 Net work > VLAN
The following t able describes t he labels in t his screen.
Figure 45 Net work > VLAN
96
LABEL
DESCRI PTI ON
802.1Q VLAN
Select t his t o enable VLAN t agging on t he NWA.
Managem ent VLAN
Select t his t o enable VLAN m anagem ent . Only t raffic t agged wit h t he m anagem ent
VLAN I D can access t he NWA. At least one device in your net work m ust belong t o t he
VLAN specified below in order t o m anage t he NWA.
Managem ent VLAN I D
Ent er a num ber from 1 t o 4094 t o define t he NWA’s m anagem ent VLAN group.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1120 Series User’s Guide
C HAPT ER
System
9.1 Overview
This chapt er shows you how t o enable rem ot e m anagem ent of your NWA. I t provides inform at ion
on det erm ining which services or prot ocols can access which of t he NWA’s int erfaces.
Rem ot e Managem ent allows a user t o adm inist rat e t he device over t he net work. You can m anage
your NWA from a rem ot e locat ion via t he following int erfaces:
• WLAN
• LAN
• Bot h WLAN and LAN
• Neit her ( Disable)
Figure 46 Rem ot e Managem ent Exam ple
I n t he figure above, t he NWA ( A) is being m anaged by a deskt op com put er ( B) connect ed via LAN
( Land Area Net work) . I t is also being accessed by a not ebook (C) connect ed via WLAN ( Wireless
LAN) .
9.2 What You Can Do in this Chapter
• Use t he W W W screen t o configure t hrough which int erface( s) and from which I P address( es) you
can use t he Web Browser t o m anage t he NWA ( see Sect ion 9.4 on page 100) .
• Use t he Ce r t ifica t e s screen t o delet e and im port cert ificat es ( seen Sect ion 9.5 on page 101) .
• Use t he Te lne t screen t o configure t hrough which int erface( s) and from which I P address( es)
you can use Telnet t o m anage t he NWA. A Telnet connect ion is priorit ized by t he NWA over ot her
rem ot e m anagem ent sessions ( see Sect ion 9.6 on page 102) .
NWA1120 Series User’s Guide
97
Chapter 9 System
• Use t he SN M P screen t o configure t hrough which int erface( s) and from which I P address( es) a
net work syst em s m anager can access t he NWA ( see Sect ion 9.7 on page 104) .
• Use t he FTP screen t o configure t hrough which int erface( s) and from which I P address( es) you
can use File Transfer Prot ocol ( FTP) t o m anage t he NWA. You can use FTP t o upload t he lat est
firm ware for exam ple ( see Sect ion 9.8 on page 106) .
9.3 What You Need To Know
WWW
The World Wide Web allows you t o access files host ed in a rem ot e server. For exam ple, you can
view t ext files ( usually referred t o as ‘pages’) using your web browser via HyperText Transfer
Prot ocol ( HTTP) .
Telnet
Telnet is short for Telecom m unicat ions Net work, which is a client- side prot ocol t hat enables you t o
access a device over t he net work.
FTP
File Transfer Prot ocol ( FTP) allows you t o upload or download a file or several files t o and from a
rem ot e locat ion using a client or t he com m and console.
SNMP
Sim ple Net work Managem ent Prot ocol ( SNMP) is a m em ber of t he TCP/ I P prot ocol suit e used for
exchanging m anagem ent inform at ion bet ween net work devices.
Your NWA support s SNMP agent funct ionalit y, which allows a m anager st at ion t o m anage and
m onit or t he NWA t hrough t he net work. The NWA support s SNMP version one ( SNMPv1) , version
t wo ( SNMPv2c) and version t hree ( SNMPv3) .
98
NWA1120 Series User’s Guide
Chapter 9 System
The next figure illust rat es an SNMP m anagem ent operat ion.
Figure 47 SNMP Managem ent Mode
An SNMP m anaged net work consist s of t wo m ain t ypes of com ponent : agent s and a m anager.
An agent is a m anagem ent soft ware m odule t hat resides in a m anaged device ( t he NWA) . An agent
t ranslat es t he local m anagem ent inform at ion from t he m anaged device int o a form com pat ible wit h
SNMP. The m anager is t he console t hrough which net work adm inist rat ors perform net work
m anagem ent funct ions. I t execut es applicat ions t hat cont rol and m onit or m anaged devices.
SNMP allows a m anager and agent s t o com m unicat e for t he purpose of accessing inform at ion such
as packet s received, node port st at us, et c.
SNMP v3 and Security
SNMP v3 enhances securit y for SNMP m anagem ent . SNMP m anagers can be required t o
aut hent icat e wit h agent s before conduct ing SNMP m anagem ent sessions.
Securit y can be furt her enhanced by encrypt ing t he SNMP m essages sent from t he m anagers.
Encrypt ion prot ect s t he cont ent s of t he SNMP m essages. When t he cont ent s of t he SNMP m essages
are encrypt ed, only t he int ended recipient s can read t hem .
Remote Management Limitations
Rem ot e m anagem ent over LAN or WLAN will not work when:
• You have disabled t hat service in one of t he rem ot e m anagem ent screens.
• The I P address in t he Se cu r e d Clie n t I P Addr e ss field does not m at ch t he client I P address. I f
it does not m at ch, t he NWA will disconnect t he session im m ediat ely.
• You m ay only
aut om at ically
m anagem ent
m anagem ent
NWA1120 Series User’s Guide
have one rem ot e m anagem ent session running at one t im e. The NWA
disconnect s a rem ot e m anagem ent session of lower priorit y when anot her rem ot e
session of higher priorit y st art s. The priorit ies for t he different t ypes of rem ot e
sessions are as follows:
99
Chapter 9 System
Telnet
HTTP
Certificate
A cert ificat e cont ains t he cert ificat e owner ’s ident it y and public key. Cert ificat es provide a way t o
exchange public keys for use in aut hent icat ion.
Figure 48 Cert ificat es Exam ple
I n t he figure above, t he NWA ( Z) checks t he ident it y of t he not ebook ( A) using a cert ificat e before
grant ing access t o t he net work.
The cert ificat ion aut horit y cert ificat e t hat you can im port t o your NWA should be in PFX PKCS# 12
file form at . This form at referred t o as t he Personal I nform at ion Exchange Synt ax St andard is
com prised of a privat e key- public cert ificat e pair t hat is furt her encrypt ed wit h a password. Before
you im port a cert ificat e int o t he NWA, you should verify t hat you have t he correct cert ificat e.
Key dist ribut ion is sim ple and very secure since you can freely dist ribut e public keys and you never
need t o t ransm it privat e keys.
9.4 WWW Screen
Use t his screen t o configure your NWA via t he World Wide Web ( W W W ) using a Web browser. This
let s you specify which I P addresses or com put ers are able t o com m unicat e wit h and access t he
NWA.
100
NWA1120 Series User’s Guide
Chapter 9 System
To change your NWA’s W W W set t ings, click Syst e m > W W W. The following screen shows.
Figure 49 Syst em > WWW
The following t able describes t he labels in t his screen.
Table 28 Syst em > WWW
LABEL
DESCRIPTION
WWW
HTTP Port
You m ay change t he server port num ber for a service if needed, however you m ust use
t he sam e port num ber in order t o use t hat service for rem ot e m anagem ent .
HTTPS Port
The HTTPS proxy server list ens on port 443 by default . I f you change t he HTTPS proxy
server port t o a different num ber on t he NWA, for exam ple 8443, t hen you m ust not ify
people who need t o access t he NWA web configurat or t o use “ ht t ps: / / NWA I P
Address: 8443” as t he URL.
Server Access
Select t he int erface( s) t hrough which a com put er m ay access t he NWA using WWW and
t o which t he I P and MAC filt ering rules you specified below are applied. Ot herwise, select
D isa ble t o allow any com put er t o access t he NWA t hrough any int erface using WWW.
Secured Client I P
Address
A secured client is a “ t rust ed” com put er t hat is allowed t o com m unicat e wit h t he NWA
using t his service.
Select All t o allow any com put er t o access t he NWA using t his service.
Choose Se le ct e d t o j ust allow t he com put er wit h t he I P address t hat you specify t o
access t he NWA using t his service.
Secured Client
MAC Address
Select All t o allow any com put er t o access t he NWA using t his service.
Apply
Click Apply t o save your cust om ized set t ings.
Cancel
Click Ca nce l t o begin configuring t his screen afresh.
Choose Se le ct e d t o j ust allow t he com put er wit h t he MAC address t hat you specify t o
access t he NWA using t his service.
9.5 Certificates Screen
Use t his screen t o delet e or im port cert ificat es.
NWA1120 Series User’s Guide
101
Chapter 9 System
Click Syst e m > Ce r t ifica t e s. The following screen shows.
Figure 50 Syst em > Cert ificat es
The following t able describes t he labels in t his screen.
Table 29 Syst em > Cert ificat es
LABEL
DESCRIPTION
I m port Cert ificat e
I m port
Cert ificat e
Ent er t he locat ion of a previously- saved cert ificat e t o upload t o t he NWA. Alt ernat ively,
click t he Br ow se but t on t o locat e a list .
Browse
Click t his but t on t o locat e a previously- saved cert ificat e t o upload t o t he NWA.
I m port
Click t his but t on t o upload t he previously- saved cert ificat e displayed in t he I m por t
Ce r t ifica t e field t o t he NWA.
Delet e Cert ificat e
You can delet e a
cert ificat e
Select t he cert ificat e from t he list t hat you want t o delet e.
Delet e
Click t his t o delet e t he select ed cert ificat e.
9.6 Telnet Screen
Use t his screen t o configure your NWA for rem ot e Telnet access. You can use Telnet t o access t he
NWA’s Com m and Line I nt erface ( CLI ) .
Click Syst e m > Te lne t . The following screen displays.
Figure 51 Syst em > Telnet
102
NWA1120 Series User’s Guide
Chapter 9 System
The following t able describes t he labels in t his screen.
Table 30 Syst em > Telnet
LABEL
DESCRIPTION
TELNET
Port
You can change t he server port num ber for a service if needed, however you m ust use
t he sam e port num ber in order t o use t hat service for rem ot e m anagem ent .
Server Access
Select t he int erface( s) t hrough which a com put er m ay access t he NWA using Telnet and
t o which t he I P and MAC filt ering rules you specified below are applied. Ot herwise, select
D isa ble t o allow any com put er t o access t he NWA t hrough any int erface using Telnet .
Secured Client I P
Address
A secured client is a “ t rust ed” com put er t hat is allowed t o com m unicat e wit h t he NWA
using t his service.
Select All t o allow any com put er t o access t he NWA using t his service.
Choose Se le ct e d t o j ust allow t he com put er wit h t he I P address t hat you specify t o
access t he NWA using t his service.
Secured Client
MAC Address
Select All t o allow any com put er t o access t he NWA using t his service.
Apply
Click Apply t o save your cust om ized set t ings.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1120 Series User’s Guide
Choose Se le ct e d t o j ust allow t he com put er wit h t he MAC address t hat you specify t o
access t he NWA using t his service.
103
Chapter 9 System
9.7 SNMP Screen
Use t his screen t o have a m anager st at ion adm inist rat e your NWA over t he net work and configure
SNMP account s on t he SNMP v3 m anager. An SNMP adm inist rat or/ user is an SNMP m anager. To
change your NWA’s SNMP set t ings, click Syst e m > SN M P. The following screen displays.
Figure 52 Syst em > SNMP
104
NWA1120 Series User’s Guide
Chapter 9 System
The following t able describes t he labels in t his screen.
Table 31 Syst em > SNMP
LABEL
DESCRIPTION
SNMP
Port
You can change t he server port num ber for a service if needed, however you m ust use
t he sam e port num ber in order t o use t hat service for rem ot e m anagem ent .
Server Access
Select t he int erface( s) t hrough which a com put er m ay access t he NWA using SNMP and
t o which t he I P and MAC filt ering rules you specified below are applied. Ot herwise,
select D isa ble t o allow any com put er t o access t he NWA t hrough any int erface using
SNMP.
Secured Client I P
Address
A secured client is a “ t rust ed” com put er t hat is allowed t o com m unicat e wit h t he NWA
using t his service.
Select All t o allow any com put er t o access t he NWA using t his service.
Choose Se le ct e d t o j ust allow t he com put er wit h t he I P address t hat you specify t o
access t he NWA using t his service.
Secured Client MAC
Address
Select All t o allow any com put er t o access t he NWA using t his service.
Choose Se le ct e d t o j ust allow t he com put er wit h t he MAC address t hat you specify t o
access t he NWA using t his service.
SNMP Configurat ion
Prot ocol Version
Select t he SNMP version for t he NWA, which you allow t he SNMP m anager t o use t o
access t he NWA.
The SNMP version on t he NWA m ust m at ch t he version on t he SNMP m anager.
Get Com m unit y
Ent er t he Ge t Com m u n it y, which is t he password for t he incom ing Get and Get Next
request s from t he m anagem ent st at ion.
Set Com m unit y
Ent er t he Se t com m u n it y, which is t he password for incom ing Set request s from t he
m anagem ent st at ion.
Trap Com m unit y
Type t he t rap com m unit y, which is t he password sent wit h each t rap t o t he SNMP
m anager.
Trap Dest inat ion
Type t he I P address of t he st at ion t o send your SNMP t raps t o.
SNMPv3 Adm in
Set t ings
SNMPv3 Adm in
Select t he check box t o enable t he SNMP adm inist rat or account for aut hent icat ion wit h
SNMP m anagers using SNMP v3.
User Nam e
Specify t he user nam e of t he SNMP adm inist rat or account .
Password
Ent er t he password for SNMP adm inist rat or aut hent icat ion.
Confirm Password
Ret ype t he password for confirm at ion.
Access Type
Specify t he SNMP adm inist rat or ’s access right s t o MI Bs.
Re a d/ W r it e - The SNMP adm inist rat or has read and writ e right s, m eaning t hat t he
user can creat e and edit t he MI Bs on t he NWA.
Re a d Only - The SNMP adm inist rat or has read right s only, m eaning t he user can collect
inform at ion from t he NWA.
Aut hent icat ion
Prot ocol
Select an aut hent icat ion algorit hm used for SNMP com m unicat ion wit h t he SNMP
adm inist rat or.
M D 5 ( Message Digest 5) and SH A ( Secure Hash Algorit hm ) are hash algorit hm s used
t o aut hent icat e SNMP dat a. SH A aut hent icat ion is generally considered st ronger t han
M D 5 , but is slower.
NWA1120 Series User’s Guide
105
Chapter 9 System
Table 31 Syst em > SNMP ( cont inued)
LABEL
DESCRIPTION
Privacy Prot ocol
Specify t he encrypt ion m et hod used for SNMP com m unicat ion wit h t he SNMP
adm inist rat or.
D ES - Dat a Encrypt ion St andard is a widely used ( but breakable) m et hod of dat a
encrypt ion. I t applies a 56- bit key t o each 64- bit block of dat a.
AES - Advanced Encrypt ion St andard is anot her m et hod for dat a encrypt ion t hat also
uses a secret key. AES applies a 128- bit key t o 128- bit blocks of dat a.
SNMPv3 User
Set t ings
SNMPv3 User
Select t he check box t o enable t he SNMP user account for aut hent icat ion wit h SNMP
m anagers using SNMP v3.
User Nam e
Specify t he user nam e of t he SNMP user account .
Password
Ent er t he password for SNMP user aut hent icat ion.
Confirm Password
Ret ype t he password for confirm at ion.
Access Type
Specify t he SNMP user ’s access right s t o MI Bs.
Re a d On ly - The SNMP user has read right s only, m eaning t he user can collect
inform at ion from t he NWA.
Re a d/ W r it e - The SNMP user has read and writ e right s, m eaning t hat t he user can
creat e and edit t he MI Bs on t he NWA.
Aut hent icat ion
Prot ocol
Privacy Prot ocol
Select an aut hent icat ion algorit hm used for SNMP com m unicat ion wit h t he SNMP user.
M D 5 ( Message Digest 5) and SH A ( Secure Hash Algorit hm ) are hash algorit hm s used
t o aut hent icat e SNMP dat a. SH A aut hent icat ion is generally considered st ronger t han
M D 5 , but is slower.
Specify t he encrypt ion m et hod used for SNMP com m unicat ion wit h t he SNMP user.
D ES - Dat a Encrypt ion St andard is a widely used ( but breakable) m et hod of dat a
encrypt ion. I t applies a 56- bit key t o each 64- bit block of dat a.
AES - Advanced Encrypt ion St andard is anot her m et hod for dat a encrypt ion t hat also
uses a secret key. AES applies a 128- bit key t o 128- bit blocks of dat a.
Apply
Click Apply t o save your cust om ized set t ings.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
9.8 FTP Screen
Use t his screen t o upload and download t he NWA’s firm ware using FTP. To use t his feat ure, your
com put er m ust have an FTP client .
106
NWA1120 Series User’s Guide
Chapter 9 System
To change your NWA’s FTP set t ings, click Syst e m > FTP. The following screen displays.
Figure 53 Syst em > FTP
The following t able describes t he labels in t his screen.
Table 32 Syst em > FTP
LABEL
DESCRIPTION
FTP
Port
You m ay change t he server port num ber for a service if needed, however you m ust use
t he sam e port num ber in order t o use t hat service for rem ot e m anagem ent .
Server Access
Select t he int erface( s) t hrough which a com put er m ay access t he NWA using t his service
and t o which t he I P and MAC filt ering rules you specified below are applied. Ot herwise,
select D isa ble t o allow any com put er t o access t he NWA t hrough any int erface using t his
service.
Secured Client I P
Address
A secured client is a “ t rust ed” com put er t hat is allowed t o com m unicat e wit h t he NWA
using t his service.
Select All t o allow any com put er t o access t he NWA using t his service.
Choose Se le ct e d t o j ust allow t he com put er wit h t he I P address t hat you specify t o access
t he NWA using t his service.
Secured Client
MAC Address
Select All t o allow any com put er t o access t he NWA using t his service.
Choose Se le ct e d t o j ust allow t he com put er wit h t he MAC address t hat you specify t o
access t he NWAe using t his service.
Apply
Click Apply t o save your cust om ized set t ings.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
9.9 Technical Reference
This sect ion provides som e t echnical background inform at ion about t he t opics covered in t his
chapt er.
9.9.1 MIB
Managed devices in an SMNP m anaged net work cont ain obj ect variables or m anaged obj ect s t hat
define each piece of inform at ion t o be collect ed about a device. Exam ples of variables include such
NWA1120 Series User’s Guide
107
Chapter 9 System
as num ber of packet s received, node port st at us et c. A Managem ent I nform at ion Base ( MI B) is a
collect ion of m anaged obj ect s.SNMP it self is a sim ple request / response prot ocol based on t he
m anager/ agent m odel. The m anager issues a request and t he agent ret urns responses using t he
following prot ocol operat ions:
• Get - Allows t he m anager t o ret rieve an obj ect variable from t he agent .
• Get Next - Allows t he m anager t o ret rieve t he next obj ect variable from a t able or list wit hin an
agent . I n SNMPv1, when a m anager want s t o ret rieve all elem ent s of a t able from an agent , it
init iat es a Get operat ion, followed by a series of Get Next operat ions.
• Set - Allows t he m anager t o set values for obj ect variables wit hin an agent .
• Trap - Used by t he agent t o inform t he m anager of som e event s.
9.9.2 Supported MIBs
The NWA support s MI B I I t hat is defined in RFC- 1213 and RFC- 1215 as well as t he propriet ary
ZyXEL privat e MI B. The purpose of t he MI Bs is t o let adm inist rat ors collect st at ist ical dat a and
m onit or st at us and perform ance.
9.9.3 Private-Public Certificates
When using public- key crypt ology for aut hent icat ion, each host has t wo keys. One key is public and
can be m ade openly available. The ot her key is privat e and m ust be kept secure.
These keys work like a handwrit t en signat ure ( in fact, cert ificat es are oft en referred t o as “ digit al
signat ures” ) . Only you can writ e your signat ure exact ly as it should look. When people know what
your signat ure looks like, t hey can verify whet her som et hing was signed by you, or by som eone
else. I n t he sam e way, your privat e key “ writ es” your digit al signat ure and your public key allows
people t o verify whet her dat a was signed by you, or by som eone else. This process works as
follows.
Tim want s t o send a m essage t o Jenny. He needs her t o be sure t hat it com es from him , and t hat
t he m essage cont ent has not been alt ered by anyone else along t he way. Tim generat es a public
key pair ( one public key and one privat e key) .
Tim keeps t he privat e key and m akes t he public key openly available. This m eans t hat anyone who
receives a m essage seem ing t o com e from Tim can read it and verify whet her it is really from him
or not .
Tim uses his privat e key t o sign t he m essage and sends it t o Jenny.
Jenny receives t he m essage and uses Tim ’s public key t o verify it . Jenny knows t hat t he m essage is
from Tim , and t hat alt hough ot her people m ay have been able t o read t he m essage, no- one can
have alt ered it ( because t hey cannot re- sign t he m essage wit h Tim ’s privat e key) .
Addit ionally, Jenny uses her own privat e key t o sign a m essage and Tim uses Jenny’s public key t o
verify t he m essage.
9.9.4 Certification Authorities
A Cert ificat ion Aut horit y ( CA) issues cert ificat es and guarant ees t he ident it y of each cert ificat e
owner. There are com m ercial cert ificat ion aut horit ies like CyberTrust or VeriSign and governm ent
108
NWA1120 Series User’s Guide
Chapter 9 System
cert ificat ion aut horit ies. You can use t he NWA t o generat e cert ificat ion request s t hat cont ain
ident ifying inform at ion and public keys and t hen send t he cert ificat ion request s t o a cert ificat ion
aut horit y.
9.9.5 Checking the Fingerprint of a Certificate on Your Computer
A cert ificat e’s fingerprint s are m essage digest s calculat ed using t he MD5 or SHA1 algorit hm s. The
following procedure describes how t o check a cert ificat e’s fingerprint t o verify t hat you have t he
act ual cert ificat e.
Browse t o where you have t he cert ificat e saved on your com put er.
Make sure t hat t he cert ificat e has a “ .cer ” or “ .crt ” file nam e ext ension.
Figure 54 Cert ificat es on Your Com put er
Double- click t he cert ificat e’s icon t o open t he Ce r t ifica t e window. Click t he D e t a ils t ab and scroll
down t o t he Thum bpr int Algor it hm and Th um bpr int fields.
Figure 55 Cert ificat e Det ails
Use a secure m et hod t o verify t hat t he cert ificat e owner has t he sam e inform at ion in t he
Th um bpr in t Algor it h m and Th u m bpr in t fields. The secure m et hod m ay vary according t o your
sit uat ion. Possible exam ples would be over t he t elephone or t hrough an HTTPS connect ion.
NWA1120 Series User’s Guide
109
Chapter 9 System
110
NWA1120 Series User’s Guide
C HAPTER
10
Log Settings
10.1 Overview
This chapt er provides inform at ion on viewing and generat ing logs on your NWA.
Logs are files t hat cont ain recorded net work act ivit y over a set period. They are used by
adm inist rat ors t o m onit or t he healt h of t he syst em ( s) t hey are m anaging. Logs enable
adm inist rat ors t o effect ively m onit or event s, errors, progress, et c. so t hat when net work problem s
or syst em failures occur, t he cause or origin can be t raced. Logs are also essent ial for audit ing and
keeping t rack of changes m ade by users.
Figure 56
Accessing Logs in t he Net work
The figure above illust rat es t hree ways t o access logs. The user ( U) can access logs direct ly from
t he NWA ( A) via t he Web configurat or. Logs can also be locat ed in an ext ernal log server ( B) . An
em ail server ( C) can also send harvest ed logs t o t he user ’s em ail account .
10.2 What You Can Do in this Chapter
Use t he Log Se t t in gs screen t o configure where and when t he NWA will send t he logs, and which
logs it will send ( Sect ion 10.4 on page 112) . Use t he M on it or > Logs screen t o display all logs or
logs for a cert ain cat egory.
NWA1120 Series User’s Guide
111
Chapter 10 Log Settings
10.3 What You Need To Know
Alerts and Logs
An alert is a t ype of log t hat warrant s m ore serious at t ent ion. Som e cat egories such as Syst e m
Er r or consist of bot h logs and alert s. You can different iat e t hem by t heir color in t he M onit or >
Logs screen. Alert s are displayed in red and logs are displayed in black.
Receiving Logs via E-mail
I f you want t o receive logs in your e- m ail account , you need t o have t he necessary det ails ready,
such as t he Server Nam e or Sim ple Mail Transfer Prot ocol ( SMTP) Address of your e- m ail account .
Ensure t hat you have a valid e- m ail address.
Enabling Syslog Logging
To enable Syslog Logging, obt ain your Syslog server ’s I P address ( or server nam e) .
10.4 Log Settings Screen
Use t his screen t o configure t o where and when t he NWA is t o send t he logs and which logs and/ or
im m ediat e alert s it is t o send.
112
NWA1120 Series User’s Guide
Chapter 10 Log Settings
To change your NWA’s log set t ings, click Con figu r a t ion > Log Se t t ings. The screen appears as
shown.
Figure 57 Log Set t ings
The following t able describes t he labels in t his screen.
Table 33 Log Set t ings
LABEL
DESCRIPTION
E- m ail Log Set t ings
Mail Server
Ent er t he server nam e or t he I P address of t he m ail server for t he e- m ail addresses
specified below. I f t his field is left blank, logs and alert m essages will not be sent via
e- m ail.
Mail Subj ect
Type a t it le t hat you want t o be in t he subj ect line of t he log e- m ail m essage t hat t he
NWA sends.
Send Log t o
Logs are sent t o t he e- m ail address specified in t his field. I f t his field is left blank, logs
will not be sent via e- m ail.
NWA1120 Series User’s Guide
113
Chapter 10 Log Settings
Table 33 Log Set t ings ( cont inued)
LABEL
DESCRIPTION
SMTP Aut hent icat ion
SMTP ( Sim ple Mail Transfer Prot ocol) is t he m essage- exchange st andard for t he
I nt ernet . Select t he check box t o act ivat e SMTP aut hent icat ion. I f m ail server
aut hent icat ion is needed but t his feat ure is disabled, you will not receive t he e- m ail
logs.
I f you use SMTP aut hent icat ion, t he m ail receiver should be t he owner of t he SMTP
account .
User Nam e
I f your e- m ail account requires SMTP aut hent icat ion, ent er t he usernam e here.
Password
Ent er t he password associat ed wit h t he above usernam e.
Syslog Logging
Syslog logging sends a log t o an ext ernal syslog server used t o st ore logs.
Syslog Logging
Select t he check box t o enable syslog logging.
Syslog Server I P
Address
Ent er t he I P address of t he syslog server t hat will log t he select ed cat egories of logs.
Syslog Port
Num ber
Ent er t he port num ber of t he syslog server t hat will log t he select ed cat egories of
logs.
Send Log
Log Schedule
This drop- down m enu is used t o configure t he frequency of log m essages being sent
as E- m ail:
•
•
•
•
•
When Log is Full
Hourly
Daily
Weekly
None.
I f t he W e e k ly or t he D a ily opt ion is select ed, specify a t im e of day when t he E- m ail
should be sent . I f t he W e e k ly opt ion is select ed, t hen also specify which day of t he
week t he E- m ail should be sent . I f t he W h e n Log is Fu ll opt ion is select ed, an alert
is sent when t he log fills up. I f you select N one , no log m essages are sent .
Day for Sending
Log
This field is only available when you select W e e k ly in t he Log Sch e du le field.
Tim e for Sending
Log
Ent er t he t im e of t he day in 24- hour form at ( for exam ple 23: 00 equals 11: 00 pm ) t o
send t he logs.
Clear log aft er
sending m ail
Select t he check box t o clear all logs aft er logs and alert m essages are sent via em ail.
Use t he drop down list box t o select which day of t he week t o send t he logs.
Log Cat egory
114
Syst em
Maint enance
Click t his t o receive logs relat ed t o syst em m aint enance.
Syst em Error
Click t his t o receive logs relat ed t o syst em errors.
802.1x
Click t his t o receive logs relat ed t o t he 802.1x m ode.
Wireless
Click t his t o receive logs relat ed t o t he wireless funct ion.
Em ail Log Now
Select t he cat egories of alert s for which you want t he NWA t o im m ediat ely send em ail alert s.
Apply
Click Apply t o save your cust om ized set t ings.
Cancel
Click Ca n ce l t o begin configuring t his screen afresh.
NWA1120 Series User’s Guide
C HAPTER
11
Maintenance
11.1 Overview
This chapt er describes t he m aint enance screens. I t discusses how you can upload new firm ware,
m anage configurat ion and rest art your NWA wit hout t urning it off and on.
This chapt er provides inform at ion and inst ruct ions on how t o ident ify and m anage your NWA over
t he net work.
Figure 58 NWA Set up
I n t he figure above, t he NWA connect s t o a Dom ain Nam e Server ( DNS) server t o avail of a dom ain
nam e. I t also connect s t o an Net work Tim e Prot ocol ( NTP) server t o set t he t im e on t he device.
11.2 What You Can Do in this Chapter
• Use t he Ge ne r a l screen t o specify t he syst em nam e ( see Sect ion 11.4 on page 116) .
• Use t he Pa ssw or d screen t o m anage t he password for your NWA ( see Sect ion 11.5 on page
117) .
• Use t he Tim e screen t o change your NWA’s t im e and dat e. This screen allows you t o configure
t he NWA’s t im e based on your local t im e zone ( see Sect ion 11.6 on page 118) .
• Use t he Fir m w a r e Upgr a de screen t o upload t he lat est firm ware for your NWA ( see Sect ion
11.7 on page 119) .
• Use t he Configur a t ion File screen t o view inform at ion relat ed t o fact ory default s, backup
configurat ion, and rest oring configurat ion ( see Sect ion 11.8 on page 120) .
• Use Re st a r t screen t o reboot t he NWA wit hout t urning t he power off ( see Sect ion 11.9 on page
121) .
NWA1120 Series User’s Guide
115
Chapter 11 Maintenance
11.3 What You Need To Know
You can find t he firm ware for your device at www.zyxel.com . I t is a file t hat uses t he syst em proj ect
code wit h a " * .bin" ext ension, for exam ple " V100AAEO0.bin" . The upload process uses HTTP
( Hypert ext Transfer Prot ocol) and m ay t ake up t o t wo m inut es. Aft er a successful upload, t he
syst em will reboot .
11.4 General Screen
Use t he Ge n e r a l screen t o ident ify your NWA over t he net work. Click M a int e na nce > Ge n e r a l.
The following screen displays.
Figure 59 Maint enance > General
The following t able describes t he labels in t his screen.
Table 34 Maint enance > General
LABEL
DESCRIPTION
Syst em Set t ings
Syst em Nam e
Type a descript ive nam e t o ident ify t he NWA in t he Et hernet net work.
This nam e can be up t o 15 alphanum eric charact ers long. Spaces are not allowed, but
dashes " - " are accept ed.
116
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o reload t he previous configurat ion for t his screen.
NWA1120 Series User’s Guide
Chapter 11 Maintenance
11.5 Password Screen
Use t his screen t o cont rol access t o your NWA by assigning a password t o it . Click M a int e n a n ce >
Pa ssw or d. The following screen displays.
Figure 60 Maint enance > Password
The following t able describes t he labels in t his screen.
Table 35 Maint enance > Password
LABEL
DESCRIPTIONS
Current Password
Type in your exist ing syst em password.
New Password
Type your new syst em password. Not e t hat as you t ype a password, t he screen
displays a dot ( .) for each charact er you t ype.
Ret ype t o Confirm
Ret ype your new syst em password for confirm at ion.
Apply
Click Apply t o save your changes.
Cancel
Click Ca nce l t o reload t he previous configurat ion for t his screen.
NWA1120 Series User’s Guide
117
Chapter 11 Maintenance
11.6 Time Screen
Use t his screen t o change your NWA’s t im e and dat e, click M a in t e na nce > Tim e . The following
screen displays.
Figure 61 Maint enance > Tim e
The following t able describes t he labels in t his screen.
Table 36 Maint enance > Tim e
LABEL
DESCRIPTION
Current Tim e and Dat e
Current Tim e
This field displays t he t im e of your NWA.
Each t im e you reload t his page, t he NWA synchronizes t he t im e wit h t he t im e server
( if configured) .
When you disable N TP Clie n t Upda t e , you can m anually ent er t he new t im e in t his
field and t hen click Apply.
Current Dat e
This field displays t he last updat ed dat e from t he t im e server.
When you disable N TP Clie n t Upda t e , you can m anually ent er t he new dat e in t his
field and t hen click Apply.
Tim e and Dat e Set up
NTP Client Updat e
Select t his t o have t he NWA get t he t im e and dat e from t he t im e server you
specified below.
NTP server
Select t his opt ion t o use t he predefined list of Net work Tim e Prot ocol ( NTP) servers.
Select an NTP server from t he drop- list box.
Manual I P
Select t his opt ion t o ent er t he I P address or URL of your t im e server. Check wit h
your I SP/ net work adm inist rat or if you are unsure of t his inform at ion.
Tim e Zone Set up
118
Tim e Zone
Choose t he t im e zone of your locat ion. This will set t he t im e difference bet ween
your t im e zone and Greenwich Mean Tim e ( GMT) .
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o reload t he previous configurat ion for t his screen.
NWA1120 Series User’s Guide
Chapter 11 Maintenance
11.7 Firmware Upgrade Screen
Use t his screen t o upload a firm ware t o your NWA. Click M a int e na nce > Fir m w a r e Upgr a de .
Follow t he inst ruct ions in t his sect ion t o upload firm ware t o your NWA.
Figure 62 Maint enance > Firm ware Upgrade
The following t able describes t he labels in t his screen.
Table 37 Maint enance > Firm ware Upgrade
LABEL
DESCRIPTION
File Pat h
Type in t he locat ion of t he file you want t o upload in t his field or click Br ow se ... t o find
it .
Browse...
Click Br ow se ... t o find t he .bin file you want t o upload. Rem em ber t hat you m ust
decom press com pressed ( .zip) files before you can upload t hem .
Upload
Click Uploa d t o begin t he upload process. This process m ay t ake up t o t wo m inut es.
Do not turn off the NWA while firmware upload is in progress!
Figure 63 Firm ware Upload I n Process
The NWA aut om at ically rest art s in t his t im e causing a t em porary net work disconnect . I n som e
operat ing syst em s, you m ay see t he following icon on your deskt op.
Figure 64 Net work Tem porarily Disconnect ed
Aft er t he upload was finished, log in again and check your new firm ware version in t he D a sh boa r d
screen.
NWA1120 Series User’s Guide
119
Chapter 11 Maintenance
11.8 Configuration File Screen
Use t his screen t o backup, rest ore and reset t he configurat ion of your NWA.
Click M a int e na nce > Con figu r a t ion File . The screen appears as shown next .
Figure 65 Maint enance > Configurat ion File
11.8.1 Backup Configuration
Backup configurat ion allows you t o back up ( save) t he NWA’s current configurat ion t o a file on your
com put er. Once your NWA is configured and funct ioning properly, it is highly recom m ended t hat
you back up your configurat ion file before m aking configurat ion changes. The backup configurat ion
file will be useful in case you need t o ret urn t o your previous set t ings.
Click Ba ck up t o save t he NWA’s current configurat ion t o your com put er.
11.8.2 Restore Configuration
Rest ore configurat ion allows you t o upload a new or previously saved configurat ion file from your
com put er t o your NWA.
Table 38 Rest ore Configurat ion
LABEL
DESCRIPTION
File Pat h
Type in t he locat ion of t he file you want t o upload in t his field or click Br ow se ... t o find
it .
Browse...
Click Br ow se ... t o find t he file you want t o upload. Rem em ber t hat you m ust
decom press com pressed ( .ZI P) files before you can upload t hem .
Upload
Click Uploa d t o begin t he upload process.
Do not turn off the NWA while configuration file upload is in progress.
You m ust t hen wait one m inut e before logging int o t he NWA again.
120
NWA1120 Series User’s Guide
Chapter 11 Maintenance
The NWA aut om at ically rest art s in t his t im e causing a t em porary net work disconnect . I n som e
operat ing syst em s, you m ay see t he following icon on your deskt op.
Figure 66 Net work Tem porarily Disconnect ed
I f you uploaded t he default configurat ion file you m ay need t o change t he I P address of your
com put er t o be in t he sam e subnet as t hat of t he default NWA I P address ( 192.168.1.2) . See
Appendix A on page 129 for det ails on how t o set up your com put er ’s I P address.
11.8.3 Back to Factory Defaults
Pressing t he Re se t but t on in t his sect ion clears all user- ent ered configurat ion inform at ion and
ret urns t he NWA t o it s fact ory default s as shown on t he screen. The following screen will appear.
Figure 67 Reset Message
You can also press t he RESET but t on t o reset your NWA t o it s fact ory default set t ings. Refer t o
Sect ion 2.2 on page 20 for m ore inform at ion.
11.9 Restart Screen
Use t his screen t o reboot t he NWA wit hout t urning t he power off.
Click M a int e na nce > Re st a r t . The following screen displays.
Figure 68 Maint enance > Rest art
Click Re st a r t t o have t he NWA reboot . This does not affect t he NWA's configurat ion.
NWA1120 Series User’s Guide
121
Chapter 11 Maintenance
122
NWA1120 Series User’s Guide
C HAPTER
12
Troubleshooting
This chapt er offers som e suggest ions t o solve problem s you m ight encount er. The pot ent ial
problem s are divided int o t he following cat egories.
• Power, Hardware Connect ions, and LEDs
• NWA Access and Login
• I nt ernet Access
• Wireless LAN
12.1 Power, Hardware Connections, and LEDs
The NWA does not t urn on. None of t he LEDs t urn on.
Make sure you are using t he power adapt or or cord included wit h t he NWA.
Make sure t he power adapt or or cord is connect ed t o t he NWA and plugged in t o an appropriat e
power source. Make sure t he power source is t urned on.
Disconnect and re- connect t he power adapt or or cord t o t he NWA.
I f t he problem cont inues, cont act t he vendor.
One of t he LEDs does not behave as expect ed.
Make sure you underst and t he norm al behavior of t he LED. See Sect ion 1.7 on page 18.
Check t he hardware connect ions. See t he Quick St art Guide.
I nspect your cables for dam age. Cont act t he vendor t o replace any dam aged cables.
Disconnect and re- connect t he power adapt or t o t he NWA.
I f t he problem cont inues, cont act t he vendor.
NWA1120 Series User’s Guide
123
Chapter 12 Troubleshooting
12.2 NWA Access and Login
I forgot t he I P address for t he NWA.
The default I P address is 1 9 2 .1 6 8 .1 .2 .
I f t he NWA is working as a DHCP client and receives an I P address from a DHCP server, check t he
DHCP server for t he NWA’s I P address.
I f you configured a st at ic I P address and have forgot t en it , you have t o reset t he device t o it s
fact ory default s. See Sect ion 2.2 on page 20.
I forgot t he passwor d.
The default password is 1 2 3 4 .
I f t his does not work, you have t o reset t he device t o it s fact ory default s. See Sect ion 2.2 on page
20.
I cannot see or access t he Login screen in t he web configurat or.
Make sure you are using t he correct I P address.
• The default I P address is 192.168.1.2.
• I f you changed t he I P address ( Sect ion 7.4 on page 93) , use t he new I P address.
• I f you changed t he I P address and have forgot t en it , see t he t roubleshoot ing suggest ions for I
forgot t he I P address for t he NWA.
Check t he hardware connect ions, and m ake sure t he LEDs are behaving as expect ed. See t he Quick
St art Guide and Sect ion 1.7 on page 18.
Make sure your I nt ernet browser does not block pop- up windows and has JavaScript and Java
enabled. See Sect ion 12.1 on page 123.
Make sure your com put er is in t he sam e subnet as t he NWA. ( I f you know t hat t here are rout ers
bet ween your com put er and t he NWA, skip t his st ep.)
• I f t here is no DHCP server on your net work, m ake sure your com put er ’s I P address is in t he
sam e subnet as t he NWA.
124
Reset t he device t o it s fact ory default s, and t ry t o access t he NWA wit h t he default I P address. See
Chapt er 2 on page 20.
I f t he problem cont inues, cont act t he net work adm inist rat or or vendor, or t ry one of t he advanced
suggest ions.
NWA1120 Series User’s Guide
Chapter 12 Troubleshooting
Adva n ce d Sugge st ions
• Try t o access t he NWA using anot her service, such as Telnet . I f you can access t he NWA, check
t he rem ot e m anagem ent set t ings t o find out why t he NWA does not respond t o HTTP.
• I f your com put er is connect ed wirelessly, use a com put er t hat is connect ed t o a LAN/ Et hernet
port .
I can see t he Login screen, but I cannot log in t o t he NWA.
Make sure you have ent ered t he user nam e and password correct ly. The default user nam e is
a dm in and default password is 1 2 3 4 . This fields are case- sensit ive, so m ake sure [ Caps Lock] is
not on.
Disconnect and re- connect t he power adapt or or cord t o t he NWA.
I f t his does not work, you have t o reset t he device t o it s fact ory default s. See Sect ion 2.2 on page
20.
I cannot use FTP t o upload new firm ware.
See t he t roubleshoot ing suggest ions for I cannot see or access t he Login screen in t he web
configurat or. I gnore t he suggest ions about your browser.
12.3 Internet Access
I cannot access t he I nt er net t hrough t he NWA.
Check t he hardware connect ions, and m ake sure t he LEDs are behaving as expect ed. See t he Quick
St art Guide and Sect ion 12.1 on page 123.
Make sure your NWA is connect ed t o a net working device t hat provides I nt ernet access.
Make sure your com put er is set t o obt ain a dynam ic I P address or has an I P address which is in t he
sam e subnet as t he broadband m odem or rout er.
I f you are t rying t o access t he I nt ernet wirelessly, m ake sure t he wireless set t ings on t he wireless
client are t he sam e as t he set t ings on t he AP.
Disconnect all t he cables from your device, and follow t he direct ions in t he Quick St art Guide again.
I f t he problem cont inues, cont act your I SP.
NWA1120 Series User’s Guide
125
Chapter 12 Troubleshooting
I cannot access t he I nt er net anym ore. I had access t o t he I nt ernet ( wit h t he NWA) , but m y
I nt ernet connect ion is not available anym ore.
Check t he hardware connect ions, and m ake sure t he LEDs are behaving as expect ed. See t he Quick
St art Guide and Sect ion 1.7 on page 18.
Reboot t he NWA.
I f t he problem cont inues, cont act your I SP or net work adm inist rat or.
The I nt ernet connect ion is slow or int erm it t ent .
There m ight be a lot of t raffic on t he net work. Look at t he LEDs, and check Sect ion 1.7 on page 18.
I f t he NWA is sending or receiving a lot of inform at ion, t ry closing som e program s t hat use t he
I nt ernet , especially peer- t o- peer applicat ions.
Check t he signal st rengt h. I f t he signal is weak, t ry m oving t he NWA ( in wireless client m ode) closer
t o t he AP ( if possible) , and look around t o see if t here are any devices t hat m ight be int erfering wit h
t he wireless net work ( m icrowaves, ot her wireless net works, and so on) .
Reboot t he NWA.
I f t he problem cont inues, cont act t he net work adm inist rat or or vendor, or t ry one of t he advanced
suggest ions.
Adva n ce d Sugge st ions
• Check t he set t ings for QoS. I f it is disabled, you m ight consider act ivat ing it .
12.4 Wireless LAN
I cannot access t he NWA or ping any com put er from t he WLAN.
126
Make sure t he wireless LAN is enabled on t he NWA.
Make sure t he wireless adapt er on t he wireless st at ion is working properly.
Make sure t he wireless adapt er inst alled on your com put er is I EEE 802.11 com pat ible and support s
t he sam e wireless st andard as t he NWA.
Make sure your com put er ( wit h a wireless adapt er inst alled) is wit hin t he t ransm ission range of t he
NWA.
NWA1120 Series User’s Guide
Chapter 12 Troubleshooting
Check t hat bot h t he NWA and your wireless client are using t he sam e wireless and wireless securit y
set t ings.
NWA1120 Series User’s Guide
127
Chapter 12 Troubleshooting
128
NWA1120 Series User’s Guide
A PPENDIX
Setting Up Your Computer’s IP Address
Not e: Your specific NWA m ay not support all of t he operat ing syst em s described in t his
appendix. See t he product specificat ions for m ore inform at ion about which
operat ing syst em s are support ed.
This appendix shows you how t o configure t he I P set t ings on your com put er in order for it t o be
able t o com m unicat e wit h t he ot her devices on your net work. Windows Vist a/ XP/ 2000, Mac OS 9/
OS X, and all versions of UNI X/ LI NUX include t he soft ware com ponent s you need t o use TCP/ I P on
your com put er.
I f you m anually assign I P inform at ion inst ead of using a dynam ic I P, m ake sure t hat your net work’s
com put ers have I P addresses t hat place t hem in t he sam e subnet .
I n t his appendix, you can set up an I P address for:
• Windows XP/ NT/ 2000 on page 129
• Windows Vist a on page 133
• Windows 7 on page 137
• Mac OS X: 10.3 and 10.4 on page 141
• Mac OS X: 10.5 and 10.6 on page 144
• Linux: Ubunt u 8 ( GNOME) on page 147
• Linux: openSUSE 10.3 ( KDE) on page 151
Windows XP/NT/2000
The following exam ple uses t he default Windows XP display t hem e but can also apply t o Windows
2000 and Windows NT.
NWA1120 Series User’s Guide
129
Appendix A Setting Up Your Computer’s IP Address
130
Click St a r t > Con t r ol Pa n e l.
I n t he Cont r ol Pa n e l, click t he N e t w or k Con ne ct ion s icon.
Right- click Loca l Ar e a Conne ct ion and t hen select Pr ope r t ie s.
NWA1120 Series User’s Guide
Appendix A Setting Up Your Computer’s IP Address
On t he Ge n e r a l t ab, select I n t e r n e t Pr ot ocol ( TCP/ I P) and t hen click Pr ope r t ie s.
NWA1120 Series User’s Guide
131
Appendix A Setting Up Your Computer’s IP Address
The I nt e r ne t Pr ot ocol TCP/ I P Pr ope r t ie s window opens.
Select Obt a in a n I P a ddr e ss a ut om a t ica lly if your net work adm inist rat or or I SP assigns your I P
address dynam ically.
Select Use t h e follow in g I P Addr e ss and fill in t he I P a ddr e ss, Subn e t m a sk , and D e fa ult
ga t e w a y fields if you have a st at ic I P address t hat was assigned t o you by your net work
adm inist rat or or I SP. You m ay also have t o ent er a Pr e fe r r e d D N S se r ve r and an Alt e r na t e D N S
se r ve r , if t hat inform at ion was provided.
Click OK t o close t he I n t e r ne t Pr ot ocol ( TCP/ I P) Pr ope r t ie s window.
Click OK t o close t he Loca l Ar e a Con n e ct ion Pr ope r t ie s window.
Verifying Settings
Click St a r t > All Pr ogr a m s > Acce ssor ie s > Com m a nd Pr om pt .
I n t he Com m a nd Pr om pt window, t ype " ipconfig" and t hen press [ ENTER] .
You can also go t o St a r t > Con t r ol Pa n e l > N e t w or k Con n e ct ions, right- click a net work
connect ion, click St a t u s and t hen click t he Suppor t t ab t o view your I P address and connect ion
inform at ion.
132
NWA1120 Series User’s Guide
Appendix A Setting Up Your Computer’s IP Address
Windows Vista
This sect ion shows screens from Windows Vist a Professional.
Click St a r t > Cont r ol Pa n e l.
I n t he Cont r ol Pa n e l, click t he N e t w or k a nd I n t e r n e t icon.
Click t he N e t w or k a n d Sh a r ing Ce n t e r icon.
NWA1120 Series User’s Guide
133
Appendix A Setting Up Your Computer’s IP Address
Click M a n a ge n e t w or k con n e ct ions.
Right- click Loca l Ar e a Conne ct ion and t hen select Pr ope r t ie s.
Not e: During t his procedure, click Con t inu e whenever Windows displays a screen saying
t hat it needs your perm ission t o cont inue.
134
NWA1120 Series User’s Guide
Appendix A Setting Up Your Computer’s IP Address
Select I n t e r n e t Pr ot ocol Ve r sion 4 ( TCP/ I Pv4 ) and t hen select Pr ope r t ie s.
NWA1120 Series User’s Guide
135
Appendix A Setting Up Your Computer’s IP Address
The I nt e r ne t Pr ot ocol Ve r sion 4 ( TCP/ I Pv4 ) Pr ope r t ie s window opens.
Select Obt a in a n I P a ddr e ss a ut om a t ica lly if your net work adm inist rat or or I SP assigns your I P
address dynam ically.
Select Use t h e follow in g I P Addr e ss and fill in t he I P a ddr e ss, Subn e t m a sk , and D e fa ult
ga t e w a y fields if you have a st at ic I P address t hat was assigned t o you by your net work
adm inist rat or or I SP. You m ay also have t o ent er a Pr e fe r r e d D N S se r ve r and an Alt e r na t e D N S
se r ve r , if t hat inform at ion was provided.Click Adva nce d.
Click OK t o close t he I n t e r ne t Pr ot ocol ( TCP/ I P) Pr ope r t ie s window.
10 Click OK t o close t he Loca l Ar e a Con n e ct ion Pr ope r t ie s window.
Verifying Settings
Click St a r t > All Pr ogr a m s > Acce ssor ie s > Com m a nd Pr om pt .
I n t he Com m a nd Pr om pt window, t ype " ipconfig" and t hen press [ ENTER] .
You can also go t o St a r t > Con t r ol Pa n e l > N e t w or k Con n e ct ions, right- click a net work
connect ion, click St a t u s and t hen click t he Suppor t t ab t o view your I P address and connect ion
inform at ion.
136
NWA1120 Series User’s Guide
Appendix A Setting Up Your Computer’s IP Address
Windows 7
This sect ion shows screens from Windows 7 Ent erprise.
Click St a r t > Cont r ol Pa n e l.
I n t he Cont r ol Pa n e l, click Vie w ne t w or k st a t us a nd t a sk s under t he N e t w or k a n d I n t e r n e t
cat egory.
Click Ch a n ge a da pt e r se t t in gs.
NWA1120 Series User’s Guide
137
Appendix A Setting Up Your Computer’s IP Address
Double click Loca l Ar e a Conne ct ion and t hen select Pr ope r t ie s.
Not e: During t his procedure, click Con t inu e whenever Windows displays a screen saying
t hat it needs your perm ission t o cont inue.
138
NWA1120 Series User’s Guide
Appendix A Setting Up Your Computer’s IP Address
Select I n t e r n e t Pr ot ocol Ve r sion 4 ( TCP/ I Pv4 ) and t hen select Pr ope r t ie s.
NWA1120 Series User’s Guide
139
Appendix A Setting Up Your Computer’s IP Address
The I nt e r ne t Pr ot ocol Ve r sion 4 ( TCP/ I Pv4 ) Pr ope r t ie s window opens.
Select Obt a in a n I P a ddr e ss a ut om a t ica lly if your net work adm inist rat or or I SP assigns your I P
address dynam ically.
Select Use t h e follow in g I P Addr e ss and fill in t he I P a ddr e ss, Subn e t m a sk , and D e fa ult
ga t e w a y fields if you have a st at ic I P address t hat was assigned t o you by your net work
adm inist rat or or I SP. You m ay also have t o ent er a Pr e fe r r e d D N S se r ve r and an Alt e r na t e D N S
se r ve r , if t hat inform at ion was provided. Click Adva nce d if you want t o configure advanced
set t ings for I P, DNS and WI NS.
Click OK t o close t he I n t e r ne t Pr ot ocol ( TCP/ I P) Pr ope r t ie s window.
Click OK t o close t he Loca l Ar e a Con n e ct ion Pr ope r t ie s window.
Verifying Settings
140
Click St a r t > All Pr ogr a m s > Acce ssor ie s > Com m a nd Pr om pt .
I n t he Com m a nd Pr om pt window, t ype " ipconfig" and t hen press [ ENTER] .
NWA1120 Series User’s Guide
Appendix A Setting Up Your Computer’s IP Address
The I P set t ings are displayed as follows.
Mac OS X: 10.3 and 10.4
The screens in t his sect ion are from Mac OS X 10.4 but can also apply t o 10.3.
Click Apple > Syst e m Pr e fe r e nce s.
NWA1120 Series User’s Guide
141
Appendix A Setting Up Your Computer’s IP Address
142
I n t he Syst e m Pr e fe r e nce s window, click t he N e t w or k icon.
When t he N e t w or k preferences pane opens, select Built - in Et he r ne t from t he net work
connect ion t ype list , and t hen click Configu r e .
NWA1120 Series User’s Guide
Appendix A Setting Up Your Computer’s IP Address
For dynam ically assigned set t ings, select Usin g D H CP from t he Configu r e I Pv4 list in t he TCP/ I P
t ab.
For st at ically assigned set t ings, do t he following:
• From t he Configu r e I Pv4 list , select M a nua lly.
• I n t he I P Addr e ss field, t ype your I P address.
• I n t he Subn e t M a sk field, t ype your subnet m ask.
• I n t he Rou t e r field, t ype t he I P address of your device.
Click Apply N ow and close t he window.
NWA1120 Series User’s Guide
143
Appendix A Setting Up Your Computer’s IP Address
Verifying Settings
Check your TCP/ I P propert ies by clicking Applica t ions > Ut ilit ie s > N e t w or k Ut ilit ie s, and t hen
select ing t he appropriat e N e t w or k I nt e r fa ce from t he I n fo t ab.
Figure 69 Mac OS X 10.4: Net work Ut ilit y
Mac OS X: 10.5 and 10.6
The screens in t his sect ion are from Mac OS X 10.5 but can also apply t o 10.6.
144
Click Apple > Syst e m Pr e fe r e nce s.
NWA1120 Series User’s Guide
Appendix A Setting Up Your Computer’s IP Address
I n Syst e m Pr e fe r e n ce s, click t he N e t w or k icon.
When t he N e t w or k preferences pane opens, select Et he r ne t from t he list of available connect ion
t ypes.
From t he Configu r e list , select Usin g D H CP for dynam ically assigned set t ings.
For st at ically assigned set t ings, do t he following:
NWA1120 Series User’s Guide
145
Appendix A Setting Up Your Computer’s IP Address
• From t he Configu r e list , select M a nua lly.
• I n t he I P Addr e ss field, ent er your I P address.
• I n t he Subn e t M a sk field, ent er your subnet m ask.
• I n t he Rou t e r field, ent er t he I P address of your NWA.
146
Click Apply and close t he window.
NWA1120 Series User’s Guide
Appendix A Setting Up Your Computer’s IP Address
Verifying Settings
Check your TCP/ I P propert ies by clicking Applica t ions > Ut ilit ie s > N e t w or k Ut ilit ie s, and t hen
select ing t he appropriat e N e t w or k int e r fa ce from t he I nfo t ab.
Figure 70 Mac OS X 10.5: Net work Ut ilit y
Linux: Ubuntu 8 (GNOME)
This sect ion shows you how t o configure your com put er ’s TCP/ I P set t ings in t he GNU Obj ect Model
Environm ent ( GNOME) using t he Ubunt u 8 Linux dist ribut ion. The procedure, screens and file
locat ions m ay vary depending on your specific dist ribut ion, release version, and individual
configurat ion. The following screens use t he default Ubunt u 8 inst allat ion.
Not e: Make sur e you are logged in as t he root adm inist rat or.
Follow t he st eps below t o configure your com put er I P address in GNOME:
Click Syst e m > Adm in ist r a t ion > N e t w or k .
NWA1120 Series User’s Guide
147
Appendix A Setting Up Your Computer’s IP Address
148
When t he N e t w or k Se t t in gs window opens, click Un lock t o open t he Aut he nt ica t e window. ( By
default , t he Unlock but t on is greyed out unt il clicked.) You cannot m ake changes t o your
configurat ion unless you first ent er your adm in password.
I n t he Aut he nt ica t e window, ent er your adm in account nam e and password t hen click t he
Aut he nt ica t e but t on.
NWA1120 Series User’s Guide
Appendix A Setting Up Your Computer’s IP Address
I n t he N e t w or k Se t t ings window, select t he connect ion t hat you want t o configure, t hen click
Pr ope r t ie s.
The Pr ope r t ie s dialog box opens.
• I n t he Configu r a t ion list , select Au t om a t ic Con figu r a t ion ( D H CP) if you have a dynam ic I P
address.
• I n t he Configur a t ion list , select St a t ic I P a ddr e ss if you have a st at ic I P address. Fill in t he
I P a ddr e ss, Subne t m a sk , and Ga t e w a y a ddr e ss fields.
Click OK t o save t he changes and close t he Pr ope r t ie s dialog box and ret urn t o t he N e t w or k
Se t t in gs screen.
NWA1120 Series User’s Guide
149
Appendix A Setting Up Your Computer’s IP Address
150
I f you know your DNS server I P address( es) , click t he D N S t ab in t he N e t w or k Se t t in gs window
and t hen ent er t he DNS server inform at ion in t he fields provided.
Click t he Close but t on t o apply t he changes.
NWA1120 Series User’s Guide
Appendix A Setting Up Your Computer’s IP Address
Verifying Settings
Check your TCP/ I P propert ies by clicking Syst e m > Adm in ist r a t ion > N e t w or k Tools, and t hen
select ing t he appropriat e N e t w or k de vice from t he D e vice s t ab. The I n t e r fa ce St a t ist ics
colum n shows dat a if your connect ion is working properly.
Figure 71 Ubunt u 8: Net work Tools
Linux: openSUSE 10.3 (KDE)
This sect ion shows you how t o configure your com put er ’s TCP/ I P set t ings in t he K Deskt op
Environm ent ( KDE) using t he openSUSE 10.3 Linux dist ribut ion. The procedure, screens and file
locat ions m ay vary depending on your specific dist ribut ion, release version, and individual
configurat ion. The following screens use t he default openSUSE 10.3 inst allat ion.
Not e: Make sur e you are logged in as t he root adm inist rat or.
Follow t he st eps below t o configure your com put er I P address in t he KDE:
NWA1120 Series User’s Guide
151
Appendix A Setting Up Your Computer’s IP Address
152
Click K M e n u > Com pu t e r > Adm in ist r a t or Se t t in gs ( Ya ST) .
When t he Run a s Root - KD E su dialog opens, ent er t he adm in password and click OK.
NWA1120 Series User’s Guide
Appendix A Setting Up Your Computer’s IP Address
When t he Ya ST Cont r ol Ce nt e r window opens, select N e t w or k D e vice s and t hen click t he
N e t w or k Ca r d icon.
When t he N e t w or k Se t t in gs window opens, click t he Ove r vie w t ab, select t he appropriat e
connect ion N a m e from t he list , and t hen click t he Configu r e but t on.
NWA1120 Series User’s Guide
153
Appendix A Setting Up Your Computer’s IP Address
When t he N e t w or k Ca r d Se t u p window opens, click t he Addr e ss t ab
Figure 72 openSUSE 10.3: Net work Card Set up
Select D yna m ic Addr e ss ( D H CP) if you have a dynam ic I P address.
Select St a t ica lly a ssign e d I P Addr e ss if you have a st at ic I P address. Fill in t he I P a ddr e ss,
Subne t m a sk , and H ost na m e fields.
154
Click N e x t t o save t he changes and close t he N e t w or k Ca r d Se t up window.
NWA1120 Series User’s Guide
Appendix A Setting Up Your Computer’s IP Address
I f you know your DNS server I P address( es) , click t he H ost na m e / D N S t ab in N e t w or k Se t t in gs
and t hen ent er t he DNS server inform at ion in t he fields provided.
Click Finish t o save your set t ings and close t he window.
Verifying Settings
Click t he KN e t w or k M a na ge r icon on t he Ta sk ba r t o check your TCP/ I P propert ies. From t he
Opt ion s sub- m enu, select Sh ow Con n e ct ion I n for m a t ion .
Figure 73 openSUSE 10.3: KNet work Manager
NWA1120 Series User’s Guide
155
Appendix A Setting Up Your Computer’s IP Address
When t he Conn e ct ion St a t u s - KN e t w or k M a n a ge r window opens, click t he St a t ist ics t a b t o
see if your connect ion is working properly.
Figure 74 openSUSE: Connect ion St at us - KNet work Manager
156
NWA1120 Series User’s Guide
A PPENDIX
Pop-up Windows, JavaScript and Java
Permissions
I n order t o use t he web configurat or you need t o allow:
• Web browser pop- up windows from your device.
• JavaScript ( enabled by default ) .
• Java perm issions ( enabled by default ) .
Not e: The screens used below belong t o I nt ernet Explorer version 6, 7 and 8. Screens for
ot her I nt ernet Explorer versions m ay vary.
Internet Explorer Pop-up Blockers
You m ay have t o disable pop- up blocking t o log int o your device.
Eit her disable pop- up blocking ( enabled by default in Windows XP SP ( Service Pack) 2) or allow
pop- up blocking and creat e an except ion for your device’s I P address.
Disable Pop-up Blockers
I n I nt ernet Explorer, select Tools, Pop- u p Block e r and t hen select Tur n Off Pop- up Block e r.
Figure 75 Pop- up Blocker
You can also check if pop- up blocking is disabled in t he Pop- u p Block e r sect ion in t he Pr iva cy t ab.
I n I nt ernet Explorer, select Tools, I nt e r ne t Opt ions, Pr iva cy.
NWA1120 Series User’s Guide
157
Appendix B Pop-up Windows, JavaScript and Java Permissions
Clear t he Block pop- ups check box in t he Pop- u p Block e r sect ion of t he screen. This disables any
web pop- up blockers you m ay have enabled.
Figure 76 I nt ernet Opt ions: Privacy
Click Apply t o save t his set t ing.
Enable Pop-up Blockers with Exceptions
Alt ernat ively, if you only want t o allow pop- up windows from your device, see t he following st eps.
158
I n I nt ernet Explorer, select Tools, I nt e r ne t Opt ions and t hen t he Pr iva cy t ab.
NWA1120 Series User’s Guide
Appendix B Pop-up Windows, JavaScript and Java Permissions
Select Se t t ings…t o open t he Pop- up Block e r Se t t ings screen.
Figure 77 I nt ernet Opt ions: Privacy
Type t he I P address of your device ( t he web page t hat you do not want t o have blocked) wit h t he
prefix “ ht t p: / / ”. For exam ple, ht t p: / / 192.168.167.1.
NWA1120 Series User’s Guide
159
Appendix B Pop-up Windows, JavaScript and Java Permissions
Click Add t o m ove t he I P address t o t he list of Allow e d sit e s.
Figure 78 Pop- up Blocker Set t ings
Click Close t o ret urn t o t he Pr iva cy screen.
Click Apply t o save t his set t ing.
JavaScript
I f pages of t he web configurat or do not display properly in I nt ernet Explorer, check t hat JavaScript
are allowed.
160
NWA1120 Series User’s Guide
Appendix B Pop-up Windows, JavaScript and Java Permissions
I n I nt ernet Explorer, click Tools, I n t e r ne t Opt ion s and t hen t he Se cur it y t ab.
Figure 79 I nt ernet Opt ions: Securit y
Click t he Cu st om Le ve l... but t on.
Scroll down t o Scr ipt ing.
Under Act ive scr ipt ing m ake sure t hat Ena ble is select ed ( t he default ) .
Under Scr ipt ing of Ja va a pple t s m ake sure t hat Ena ble is select ed ( t he default ) .
NWA1120 Series User’s Guide
161
Appendix B Pop-up Windows, JavaScript and Java Permissions
Click OK t o close t he window.
Figure 80 Securit y Set t ings - Java Script ing
Java Permissions
162
From I nt ernet Explorer, click Tools, I nt e r ne t Opt ions and t hen t he Se cu r it y t ab.
Click t he Cu st om Le ve l... but t on.
Scroll down t o M icr osoft VM .
Under Ja va pe r m issions m ake sure t hat a safet y level is select ed.
NWA1120 Series User’s Guide
Appendix B Pop-up Windows, JavaScript and Java Permissions
Click OK t o close t he window.
Figure 81 Securit y Set t ings - Java
JAVA (Sun)
From I nt ernet Explorer, click Tools, I nt e r ne t Opt ions and t hen t he Adva n ce d t ab.
Make sure t hat Use Ja va 2 for < a pple t > under Ja va ( Sun) is select ed.
NWA1120 Series User’s Guide
163
Appendix B Pop-up Windows, JavaScript and Java Permissions
Click OK t o close t he window.
Figure 82 Java ( Sun)
Mozilla Firefox
Mozilla Firefox 2.0 screens are used here. Screens for ot her versions m ay vary slight ly. The st eps
below apply t o Mozilla Firefox 3.0 as well.
You can enable Java, Javascript and pop- ups in one screen. Click Tools, t hen click Opt ions in t he
screen t hat appears.
Figure 83 Mozilla Firefox: TOOLS > Opt ions
164
NWA1120 Series User’s Guide
Appendix B Pop-up Windows, JavaScript and Java Permissions
Click Cont e n t t o show t he screen below. Select t he check boxes as shown in t he following screen.
Figure 84 Mozilla Firefox Cont ent Securit y
Opera
Opera 10 screens are used here. Screens for ot her versions m ay vary slight ly.
NWA1120 Series User’s Guide
165
Appendix B Pop-up Windows, JavaScript and Java Permissions
Allowing Pop-Ups
From Opera, click Tools, t hen Pr e fe r e nce s. I n t he Ge n e r a l t ab, go t o Ch oose h ow you pr e fe r
t o h a n dle pop- ups and select Ope n a ll pop- ups.
Figure 85 Opera: Allowing Pop- Ups
Enabling Java
From Opera, click Tools, t hen Pr e fe r e nce s. I n t he Adva nce d t ab, select Cont e nt from t he leftside m enu. Select t he check boxes as shown in t he following screen.
Figure 86 Opera: Enabling Java
166
NWA1120 Series User’s Guide
Appendix B Pop-up Windows, JavaScript and Java Permissions
To cust om ize JavaScript behavior in t he Opera browser, click Ja va Scr ipt Opt ions.
Figure 87 Opera: JavaScript Opt ions
Select t he it em s you want Opera’s JavaScript t o apply.
NWA1120 Series User’s Guide
167
Appendix B Pop-up Windows, JavaScript and Java Permissions
168
NWA1120 Series User’s Guide
A PPENDIX
IP Addresses and Subnetting
This appendix int roduces I P addresses and subnet m asks.
I P addresses ident ify individual devices on a net work. Every net working device ( including
com put ers, servers, rout ers, print ers, et c.) needs an I P address t o com m unicat e across t he
net work. These net working devices are also known as host s.
Subnet m asks det erm ine t he m axim um num ber of possible host s on a net work. You can also use
subnet m asks t o divide one net work int o m ult iple sub- net works.
Introduction to IP Addresses
One part of t he I P address is t he net work num ber, and t he ot her part is t he host I D. I n t he sam e
way t hat houses on a st reet share a com m on st reet nam e, t he host s on a net work share a com m on
net work num ber. Sim ilarly, as each house has it s own house num ber, each host on t he net work has
it s own unique ident ifying num ber - t he host I D. Rout ers use t he net work num ber t o send packet s
t o t he correct net work, while t he host I D det erm ines t o which host on t he net work t he packet s are
delivered.
Structure
An I P address is m ade up of four part s, writ t en in dot t ed decim al not at ion ( for exam ple,
192.168.1.1) . Each of t hese four part s is known as an oct et . An oct et is an eight- digit binary
num ber ( for exam ple 11000000, which is 192 in decim al not at ion) .
Therefore, each oct et has a possible range of 00000000 t o 11111111 in binary, or 0 t o 255 in
decim al.
NWA1120 Series User’s Guide
169
Appendix C IP Addresses and Subnetting
The following figure shows an exam ple I P address in which t he first t hree oct et s ( 192.168.1) are
t he net work num ber, and t he fourt h oct et ( 16) is t he host I D.
Figure 88 Net work Num ber and Host I D
How m uch of t he I P address is t he net work num ber and how m uch is t he host I D varies according
t o t he subnet m ask.
Subnet Masks
A subnet m ask is used t o det erm ine which bit s are part of t he net work num ber, and which bit s are
part of t he host I D ( using a logical AND operat ion) . The t erm “ subnet ” is short for “ sub- net work”.
A subnet m ask has 32 bit s. I f a bit in t he subnet m ask is a “ 1” t hen t he corresponding bit in t he I P
address is part of t he net work num ber. I f a bit in t he subnet m ask is “ 0” t hen t he corresponding bit
in t he I P address is part of t he host I D.
The following exam ple shows a subnet m ask ident ifying t he net work num ber ( in bold t ext ) and host
I D of an I P address ( 192.168.1.2 in decim al) .
Table 39 Subnet Masks
1ST OCTET: 2ND
OCTET:
(192)
(168)
3RD
OCTET:
4TH OCTET
(1)
(2)
I P Address ( Binary)
11000000
10101000
00000001
00000010
Subnet Mask ( Binary)
11111111
11111111
11111111
00000000
Net work Num ber
11000000
10101000
00000001
Host I D
00000010
By convent ion, subnet m asks always consist of a cont inuous sequence of ones beginning from t he
left m ost bit of t he m ask, followed by a cont inuous sequence of zeros, for a t ot al num ber of 32 bit s.
170
NWA1120 Series User’s Guide
Appendix C IP Addresses and Subnetting
Subnet m asks can be referred t o by t he size of t he net work num ber part ( t he bit s wit h a “ 1” value) .
For exam ple, an “ 8- bit m ask” m eans t hat t he first 8 bit s of t he m ask are ones and t he rem aining 24
bit s are zeroes.
Subnet m asks are expressed in dot t ed decim al not at ion j ust like I P addresses. The following
exam ples show t he binary and decim al not at ion for 8- bit , 16- bit , 24- bit and 29- bit subnet m asks.
Table 40 Subnet Masks
BINARY
DECIMAL
1ST
OCTET
2ND
OCTET
3RD
OCTET
4TH OCTET
8- bit m ask
11111111
00000000
00000000
00000000
255.0.0.0
16- bit m ask
11111111
11111111
00000000
00000000
255.255.0.0
24- bit m ask
11111111
11111111
11111111
00000000
255.255.255.0
29- bit m ask
11111111
11111111
11111111
11111000
255.255.255.248
Network Size
The size of t he net work num ber det erm ines t he m axim um num ber of possible host s you can have
on your net work. The larger t he num ber of net work num ber bit s, t he sm aller t he num ber of
rem aining host I D bit s.
An I P address wit h host I Ds of all zeros is t he I P address of t he net work ( 192.168.1.0 wit h a 24- bit
subnet m ask, for exam ple) . An I P address wit h host I Ds of all ones is t he broadcast address for t hat
net work ( 192.168.1.255 wit h a 24- bit subnet m ask, for exam ple) .
As t hese t wo I P addresses cannot be used for individual host s, calculat e t he m axim um num ber of
possible host s in a net work as follows:
Table 41 Maxim um Host Num bers
SUBNET MASK
HOST ID SIZE
MAXIMUM NUMBER OF HOSTS
24
8 bit s
255.0.0.0
24 bit s
16 bit s
255.255.0.0
16 bit s
2 16 – 2
24 bit s
29 bit s
255.255.255.0
255.255.255.24
8 bit s
3 bit s
– 2
16777214
65534
254
2 – 2
2 – 2
Notation
Since t he m ask is always a cont inuous num ber of ones beginning from t he left , followed by a
cont inuous num ber of zeros for t he rem ainder of t he 32 bit m ask, you can sim ply specify t he
num ber of ones inst ead of writ ing t he value of each oct et . This is usually specified by writ ing a “ / ”
followed by t he num ber of bit s in t he m ask aft er t he address.
For exam ple, 192.1.1.0 / 25 is equivalent t o saying 192.1.1.0 wit h subnet m ask 255.255.255.128.
NWA1120 Series User’s Guide
171
Appendix C IP Addresses and Subnetting
The following t able shows som e possible subnet m asks using bot h not at ions.
Table 42 Alt ernat ive Subnet Mask Not at ion
SUBNET MASK
ALTERNATIVE
NOTATION
LAST OCTET
(BINARY)
LAST OCTET
(DECIMAL)
255.255.255.0
/ 24
0000 0000
255.255.255.128
/ 25
1000 0000
128
255.255.255.192
/ 26
1100 0000
192
255.255.255.224
/ 27
1110 0000
224
255.255.255.240
/ 28
1111 0000
240
255.255.255.248
/ 29
1111 1000
248
255.255.255.252
/ 30
1111 1100
252
Subnetting
You can use subnet t ing t o divide one net work int o m ult iple sub- net works. I n t he following exam ple
a net work adm inist rat or creat es t wo sub- net works t o isolat e a group of servers from t he rest of t he
com pany net work for securit y reasons.
I n t his exam ple, t he com pany net work address is 192.168.1.0. The first t hree oct et s of t he address
( 192.168.1) are t he net work num ber, and t he rem aining oct et is t he host I D, allowing a m axim um
of 2 8 – 2 or 254 possible host s.
The following figure shows t he com pany net work before subnet t ing.
Figure 89 Subnet t ing Exam ple: Before Subnet t ing
You can “ borrow” one of t he host I D bit s t o divide t he net work 192.168.1.0 int o t wo separat e subnet works. The subnet m ask is now 25 bit s ( 255.255.255.128 or / 25) .
The “ borrowed” host I D bit can have a value of eit her 0 or 1, allowing t wo subnet s; 192.168.1.0 / 25
and 192.168.1.128 / 25.
172
NWA1120 Series User’s Guide
Appendix C IP Addresses and Subnetting
The following figure shows t he com pany net work aft er subnet t ing. There are now t wo subnet works, A and B.
Figure 90 Subnet t ing Exam ple: Aft er Subnet t ing
I n a 25- bit subnet t he host I D has 7 bit s, so each sub- net work has a m axim um of 2 7 – 2 or 126
possible host s ( a host I D of all zeroes is t he subnet ’s address it self, all ones is t he subnet ’s
broadcast address) .
192.168.1.0 wit h m ask 255.255.255.128 is subnet A it self, and 192.168.1.127 wit h m ask
255.255.255.128 is it s broadcast address. Therefore, t he lowest I P address t hat can be assigned t o
an act ual host for subnet A is 192.168.1.1 and t he highest is 192.168.1.126.
Sim ilarly, t he host I D range for subnet B is 192.168.1.129 t o 192.168.1.254.
Example: Four Subnets
The previous exam ple illust rat ed using a 25- bit subnet m ask t o divide a 24- bit address int o t wo
subnet s. Sim ilarly, t o divide a 24- bit address int o four subnet s, you need t o “ borrow” t wo host I D
bit s t o give four possible com binat ions ( 00, 01, 10 and 11) . The subnet m ask is 26 bit s
( 11111111.11111111.11111111.1 1 000000) or 255.255.255.192.
Each subnet cont ains 6 host I D bit s, giving 2 6 - 2 or 62 host s for each subnet ( a host I D of all
zeroes is t he subnet it self, all ones is t he subnet ’s broadcast address) .
Table 43 Subnet 1
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
I P Address ( Decim al)
192.168.1.
I P Address ( Binary)
11000000.10101000.00000001.
0 0 000000
Subnet Mask ( Binary)
11111111.11111111.11111111.
1 1 000000
NWA1120 Series User’s Guide
173
Appendix C IP Addresses and Subnetting
Table 43 Subnet 1 ( cont inued)
IP/SUBNET MASK
NETWORK NUMBER
Subnet Address:
192.168.1.0
Lowest Host I D: 192.168.1.1
Broadcast Address:
192.168.1.63
Highest Host I D: 192.168.1.62
LAST OCTET BIT
VALUE
Table 44 Subnet 2
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
I P Address
192.168.1.
64
I P Address ( Binary)
11000000.10101000.00000001.
0 1 000000
Subnet Mask ( Binary)
11111111.11111111.11111111.
1 1 000000
Subnet Address:
192.168.1.64
Lowest Host I D: 192.168.1.65
Broadcast Address:
192.168.1.127
Highest Host I D: 192.168.1.126
Table 45 Subnet 3
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
I P Address
192.168.1.
128
I P Address ( Binary)
11000000.10101000.00000001.
1 0 000000
Subnet Mask ( Binary)
11111111.11111111.11111111.
1 1 000000
Subnet Address:
192.168.1.128
Lowest Host I D: 192.168.1.129
Broadcast Address:
192.168.1.191
Highest Host I D: 192.168.1.190
Table 46 Subnet 4
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
I P Address
192.168.1.
192
I P Address ( Binary)
11000000.10101000.00000001.
1 1 000000
Subnet Mask ( Binary)
11111111.11111111.11111111.
1 1 000000
Subnet Address:
192.168.1.192
Lowest Host I D: 192.168.1.193
Broadcast Address:
192.168.1.255
Highest Host I D: 192.168.1.254
Example: Eight Subnets
Sim ilarly, use a 27- bit m ask t o creat e eight subnet s ( 000, 001, 010, 011, 100, 101, 110 and 111) .
174
NWA1120 Series User’s Guide
Appendix C IP Addresses and Subnetting
The following t able shows I P address last oct et values for each subnet .
Table 47 Eight Subnet s
SUBNET
SUBNET
ADDRESS
FIRST ADDRESS
LAST
ADDRESS
BROADCAST
ADDRESS
30
31
32
33
62
63
64
65
94
95
96
97
126
127
128
129
158
159
160
161
190
191
192
193
222
223
224
225
254
255
Subnet Planning
The following t able is a sum m ary for subnet planning on a net work wit h a 24- bit net work num ber.
Table 48 24- bit Net work Num ber Subnet Planning
NO. “BORROWED”
HOST BITS
SUBNET MASK
NO. SUBNETS
NO. HOSTS PER
SUBNET
255.255.255.128 ( / 25)
126
255.255.255.192 ( / 26)
62
255.255.255.224 ( / 27)
30
255.255.255.240 ( / 28)
16
14
255.255.255.248 ( / 29)
32
255.255.255.252 ( / 30)
64
255.255.255.254 ( / 31)
128
The following t able is a sum m ary for subnet planning on a net work wit h a 16- bit net work num ber.
Table 49 16- bit Net work Num ber Subnet Planning
NO. “BORROWED”
HOST BITS
SUBNET MASK
NO. SUBNETS
NO. HOSTS PER
SUBNET
255.255.128.0 ( / 17)
32766
255.255.192.0 ( / 18)
16382
255.255.224.0 ( / 19)
8190
255.255.240.0 ( / 20)
16
4094
255.255.248.0 ( / 21)
32
2046
255.255.252.0 ( / 22)
64
1022
255.255.254.0 ( / 23)
128
510
255.255.255.0 ( / 24)
256
254
255.255.255.128 ( / 25)
512
126
10
255.255.255.192 ( / 26)
1024
62
11
255.255.255.224 ( / 27)
2048
30
12
255.255.255.240 ( / 28)
4096
14
NWA1120 Series User’s Guide
175
Appendix C IP Addresses and Subnetting
Table 49 16- bit Net work Num ber Subnet Planning ( cont inued)
NO. “BORROWED”
HOST BITS
SUBNET MASK
NO. SUBNETS
NO. HOSTS PER
SUBNET
13
255.255.255.248 ( / 29)
8192
14
255.255.255.252 ( / 30)
16384
15
255.255.255.254 ( / 31)
32768
Configuring IP Addresses
Where you obt ain your net work num ber depends on your part icular sit uat ion. I f t he I SP or your
net work adm inist rat or assigns you a block of regist ered I P addresses, follow t heir inst ruct ions in
select ing t he I P addresses and t he subnet m ask.
I f t he I SP did not explicit ly give you an I P net work num ber, t hen m ost likely you have a single user
account and t he I SP will assign you a dynam ic I P address when t he connect ion is est ablished. I f t his
is t he case, it is recom m ended t hat you select a net work num ber from 192.168.0.0 t o
192.168.255.0. The I nt ernet Assigned Num ber Aut horit y ( I ANA) reserved t his block of addresses
specifically for privat e use; please do not use any ot her num ber unless you are t old ot herwise. You
m ust also enable Net work Address Translat ion ( NAT) on t he NWA.
Once you have decided on t he net work num ber, pick an I P address for your NWA t hat is easy t o
rem em ber ( for inst ance, 192.168.1.1) but m ake sure t hat no ot her device on your net work is using
t hat I P address.
The subnet m ask specifies t he net work num ber port ion of an I P address. Your NWA will com put e
t he subnet m ask aut om at ically based on t he I P address t hat you ent ered. You don't need t o change
t he subnet m ask com put ed by t he NWA unless you are inst ruct ed t o do ot herwise.
Private IP Addresses
Every m achine on t he I nt ernet m ust have a unique address. I f your net works are isolat ed from t he
I nt ernet ( running only bet ween t wo branch offices, for exam ple) you can assign any I P addresses t o
t he host s wit hout problem s. However, t he I nt ernet Assigned Num bers Aut horit y ( I ANA) has
reserved t he following t hree blocks of I P addresses specifically for privat e net works:
• 10.0.0.0
• 172.16.0.0
— 10.255.255.255
— 172.31.255.255
• 192.168.0.0 — 192.168.255.255
You can obt ain your I P address from t he I ANA, from an I SP, or it can be assigned from a privat e
net work. I f you belong t o a sm all organizat ion and your I nt ernet access is t hrough an I SP, t he I SP
can provide you wit h t he I nt ernet addresses for your local net works. On t he ot her hand, if you are
part of a m uch larger organizat ion, you should consult your net work adm inist rat or for t he
appropriat e I P addresses.
Regardless of your part icular sit uat ion, do not creat e an arbit rary I P address; always follow t he
guidelines above. For m ore inform at ion on address assignm ent , please refer t o RFC 1597, Address
Allocat ion for Privat e I nt ernet s and RFC 1466, Guidelines for Managem ent of I P Address Space.
176
NWA1120 Series User’s Guide
A PPENDIX
IPv6
Overview
I Pv6 ( I nt ernet Prot ocol version 6) , is designed t o enhance I P address size and feat ures. The
increase in I Pv6 address size t o 128 bit s ( from t he 32- bit I Pv4 address) allows up t o 3.4 x 10 38 I P
addresses.
IPv6 Addressing
The 128- bit I Pv6 address is writ t en as eight 16- bit hexadecim al blocks separat ed by colons ( : ) . This
is an exam ple I Pv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000.
I Pv6 addresses can be abbreviat ed in t wo ways:
• Leading zeros in a block can be om it t ed. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can
be writ t en as 2001:db8:1a2b:15:0:0:1a2f:0.
• Any num ber of consecut ive blocks of zeros can be replaced by a double colon. A double colon can
only appear once in an I Pv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can be
writ t en as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015,
2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.
Prefix and Prefix Length
Sim ilar t o an I Pv4 subnet m ask, I Pv6 uses an address prefix t o represent t he net work address. An
I Pv6 prefix lengt h specifies how m any m ost significant bit s ( st art from t he left ) in t he address
com pose t he net work address. The prefix lengt h is writ t en as “ / x” where x is a num ber. For
exam ple,
2001:db8:1a2b:15::1a2f:0/32
m eans t hat t he first 32 bit s ( 2001:db8) is t he subnet prefix.
Link-local Address
A link- local address uniquely ident ifies a device on t he local net work ( t he LAN) . I t is sim ilar t o a
“ privat e I P address” in I Pv4. You can have t he sam e link- local address on m ult iple int erfaces on a
device. A link- local unicast address has a predefined prefix of fe80: : / 10. The link- local unicast
address form at is as follows.
Table 50 Link- local Unicast Address Form at
1111 1110 10
I nt erface I D
10 bit s
54 bit s
64 bit s
NWA1120 Series User’s Guide
177
Appendix D IPv6
Global Address
A global address uniquely ident ifies a device on t he I nt ernet . I t is sim ilar t o a “ public I P address” in
I Pv4. A global unicast address st art s wit h a 2 or 3.
Unspecified Address
An unspecified address ( 0: 0: 0: 0: 0: 0: 0: 0 or : : ) is used as t he source address when a device does
not have it s own address. I t is sim ilar t o “ 0.0.0.0” in I Pv4.
Loopback Address
A loopback address ( 0: 0: 0: 0: 0: 0: 0: 1 or : : 1) allows a host t o send packet s t o it self. I t is sim ilar t o
“ 127.0.0.1” in I Pv4.
Multicast Address
I n I Pv6, m ult icast addresses provide t he sam e funct ionalit y as I Pv4 broadcast addresses.
Broadcast ing is not support ed in I Pv6. A m ult icast address allows a host t o send packet s t o all host s
in a m ult icast group.
Mult icast scope allows you t o det erm ine t he size of t he m ult icast group. A m ult icast address has a
predefined prefix of ff00: : / 8. The following t able describes som e of t he predefined m ult icast
addresses.
Table 51 Predefined Mult icast Address
MULTICAST ADDRESS
DESCRIPTION
FF01:0:0:0:0:0:0:1
All host s on a local node.
FF01:0:0:0:0:0:0:2
All rout ers on a local node.
FF02:0:0:0:0:0:0:1
All host s on a local connect ed link.
FF02:0:0:0:0:0:0:2
All rout ers on a local connect ed link.
FF05:0:0:0:0:0:0:2
All rout ers on a local sit e.
FF05:0:0:0:0:0:1:3
All DHCP severs on a local sit e.
The following t able describes t he m ult icast addresses which are reserved and can not be assigned
t o a m ult icast group.
Table 52 Reserved Mult icast Address
MULTICAST ADDRESS
FF00:0:0:0:0:0:0:0
FF01:0:0:0:0:0:0:0
FF02:0:0:0:0:0:0:0
FF03:0:0:0:0:0:0:0
FF04:0:0:0:0:0:0:0
FF05:0:0:0:0:0:0:0
FF06:0:0:0:0:0:0:0
FF07:0:0:0:0:0:0:0
FF08:0:0:0:0:0:0:0
FF09:0:0:0:0:0:0:0
178
NWA1120 Series User’s Guide
Appendix D IPv6
Table 52 Reserved Mult icast Address ( cont inued)
MULTICAST ADDRESS
FF0A:0:0:0:0:0:0:0
FF0B:0:0:0:0:0:0:0
FF0C:0:0:0:0:0:0:0
FF0D:0:0:0:0:0:0:0
FF0E:0:0:0:0:0:0:0
FF0F:0:0:0:0:0:0:0
Subnet Masking
Bot h an I Pv6 address and I Pv6 subnet m ask com pose of 128- bit binary digit s, which are divided
int o eight 16- bit blocks and writ t en in hexadecim al not at ion. Hexadecim al uses four bit s for each
charact er ( 1 ~ 10, A ~ F) . Each block’s 16 bit s are t hen represent ed by four hexadecim al
charact ers. For exam ple, FFFF: FFFF: FFFF: FFFF: FC00: 0000: 0000: 0000.
Interface ID
I n I Pv6, an int erface I D is a 64- bit ident ifier. I t ident ifies a physical int erface ( for exam ple, an
Et hernet port ) or a virt ual int erface ( for exam ple, t he m anagem ent I P address for a VLAN) . One
int erface should have a unique int erface I D.
EUI-64
The EUI - 64 ( Ext ended Unique I dent ifier) defined by t he I EEE ( I nst it ut e of Elect rical and Elect ronics
Engineers) is an int erface I D form at designed t o adapt wit h I Pv6. I t is derived from t he 48- bit ( 6byt e) Et hernet MAC address as shown next . EUI - 64 insert s t he hex digit s fffe bet ween t he t hird and
fourt h byt es of t he MAC address and com plem ent s t he sevent h bit of t he first byt e of t he MAC
address. See t he following exam ple.
Table 53
00
: 13
: 49
: 12
: 34
: 56
: 13
: 49
: FF
: FE
: 12
: 34
M AC
Table 54
EUI - 6 4
02
: 56
Stateless Autoconfiguration
Wit h st at eless aut oconfigurat ion in I Pv6, addresses can be uniquely and aut om at ically generat ed.
Unlike DHCPv6 ( Dynam ic Host Configurat ion Prot ocol version six) which is used in I Pv6 st at eful
aut oconfigurat ion, t he owner and st at us of addresses don’t need t o be m aint ained by a DHCP
server. Every I Pv6 device is able t o generat e it s own and unique I P address aut om at ically when
I Pv6 is init iat ed on it s int erface. I t com bines t he prefix and t he int erface I D ( generat ed from it s own
Et hernet MAC address, see I nt erface I D and EUI - 64) t o form a com plet e I Pv6 address.
When I Pv6 is enabled on a device, it s int erface aut om at ically generat es a link- local address
( beginning wit h fe80) .
When t he int erface is connect ed t o a net work wit h a rout er and t he NWA is set t o aut om at ically
obt ain an I Pv6 net work prefix from t he rout er for t he int erface, it generat es 1 anot her address which
NWA1120 Series User’s Guide
179
Appendix D IPv6
com bines it s int erface I D and global and subnet inform at ion advert ised from t he rout er. This is a
rout able global I P address.
DHCPv6
The Dynam ic Host Configurat ion Prot ocol for I Pv6 ( DHCPv6, RFC 3315) is a server- client prot ocol
t hat allows a DHCP server t o assign and pass I Pv6 net work addresses, prefixes and ot her
configurat ion inform at ion t o DHCP client s. DHCPv6 servers and client s exchange DHCP m essages
using UDP.
Each DHCP client and server has a unique DHCP Unique I Dent ifier ( DUI D) , which is used for
ident ificat ion when t hey are exchanging DHCPv6 m essages. The DUI D is generat ed from t he MAC
address, t im e, vendor assigned I D and/ or t he vendor's privat e ent erprise num ber regist ered wit h
t he I ANA. I t should not change over t im e even aft er you reboot t he device.
Identity Association
An I dent it y Associat ion ( I A) is a collect ion of addresses assigned t o a DHCP client , t hrough which
t he server and client can m anage a set of relat ed I P addresses. Each I A m ust be associat ed wit h
exact ly one int erface. The DHCP client uses t he I A assigned t o an int erface t o obt ain configurat ion
from a DHCP server for t hat int erface. Each I A consist s of a unique I AI D and associat ed I P
inform at ion.
The I A t ype is t he t ype of address in t he I A. Each I A holds one t ype of address. I A_NA m eans an
ident it y associat ion for non- t em porary addresses and I A_TA is an ident it y associat ion for t em porary
addresses. An I A_NA opt ion cont ains t he T1 and T2 fields, but an I A_TA opt ion does not . The
DHCPv6 server uses T1 and T2 t o cont rol t he t im e at which t he client cont act s wit h t he server t o
ext end t he lifet im es on any addresses in t he I A_NA before t he lifet im es expire. Aft er T1, t he client
sends t he server ( S1 ) ( from which t he addresses in t he I A_NA were obt ained) a Renew m essage. I f
t he t im e T2 is reached and t he server does not respond, t he client sends a Rebind m essage t o any
available server ( S2 ) . For an I A_TA, t he client m ay send a Renew or Rebind m essage at t he client 's
discret ion.
T2
T1
Renew Renew
to S1
to S1
Renew Renew
to S1
to S1
Renew
to S1
Renew
to S1
Rebind
to S2
Rebind
to S2
DHCP Relay Agent
A DHCP relay agent is on t he sam e net work as t he DHCP client s and helps forward m essages
bet ween t he DHCP server and client s. When a client cannot use it s link- local address and a wellknown m ult icast address t o locat e a DHCP server on it s net work, it t hen needs a DHCP relay agent
t o send a m essage t o a DHCP server t hat is not at t ached t o t he sam e net work.
The DHCP relay agent can add t he rem ot e ident ificat ion ( rem ot e- I D) opt ion and t he int erface- I D
opt ion t o t he Relay- Forward DHCPv6 m essages. The rem ot e- I D opt ion carries a user- defined st ring,
1.
180
In IPv6, all network interfaces can be associated with several addresses.
NWA1120 Series User’s Guide
Appendix D IPv6
such as t he syst em nam e. The int erface- I D opt ion provides slot num ber, port inform at ion and t he
VLAN I D t o t he DHCPv6 server. The rem ot e- I D opt ion ( if any) is st ripped from t he Relay- Reply
m essages before t he relay agent sends t he packet s t o t he client s. The DHCP server copies t he
int erface- I D opt ion from t he Relay- Forward m essage int o t he Relay- Reply m essage and sends it t o
t he relay agent . The int erface- I D should not change even aft er t he relay agent rest art s.
Prefix Delegation
Prefix delegat ion enables an I Pv6 rout er t o use t he I Pv6 prefix ( net work address) received from t he
I SP ( or a connect ed uplink rout er) for it s LAN. The NWA uses t he received I Pv6 prefix ( for exam ple,
2001: db2: : / 48) t o generat e it s LAN I P address. Through sending Rout er Advert isem ent s ( RAs)
regularly by m ult icast , t he NWA passes t he I Pv6 prefix inform at ion t o it s LAN host s. The host s t hen
can use t he prefix t o generat e t heir I Pv6 addresses.
ICMPv6
I nt ernet Cont rol Message Prot ocol for I Pv6 ( I CMPv6 or I CMP for I Pv6) is defined in RFC 4443.
I CMPv6 has a preceding Next Header value of 58, which is different from t he value used t o ident ify
I CMP for I Pv4. I CMPv6 is an int egral part of I Pv6. I Pv6 nodes use I CMPv6 t o report errors
encount ered in packet processing and perform ot her diagnost ic funct ions, such as " ping" .
Neighbor Discovery Protocol (NDP)
The Neighbor Discovery Prot ocol ( NDP) is a prot ocol used t o discover ot her I Pv6 devices and t rack
neighbor ’s reachabilit y in a net work. An I Pv6 device uses t he following I CMPv6 m essages t ypes:
• Neighbor solicit at ion: A request from a host t o det erm ine a neighbor ’s link- layer address ( MAC
address) and det ect if t he neighbor is st ill reachable. A neighbor being “ reachable” m eans it
responds t o a neighbor solicit at ion m essage ( from t he host ) wit h a neighbor advert isem ent
m essage.
• Neighbor advert isem ent : A response from a node t o announce it s link- layer address.
• Rout er solicit at ion: A request from a host t o locat e a rout er t hat can act as t he default rout er and
forward packet s.
• Rout er advert isem ent : A response t o a rout er solicit at ion or a periodical m ult icast advert isem ent
from a rout er t o advert ise it s presence and ot her param et ers.
IPv6 Cache
An I Pv6 host is required t o have a neighbor cache, dest inat ion cache, prefix list and default rout er
list . The NWA m aint ains and updat es it s I Pv6 caches const ant ly using t he inform at ion from
response m essages. I n I Pv6, t he NWA configures a link- local address aut om at ically, and t hen sends
a neighbor solicit at ion m essage t o check if t he address is unique. I f t here is an address t o be
resolved or verified, t he NWA also sends out a neighbor solicit at ion m essage. When t he NWA
receives a neighbor advert isem ent in response, it st ores t he neighbor ’s link- layer address in t he
neighbor cache. When t he NWA uses a rout er solicit at ion m essage t o query for a rout er and
receives a rout er advert isem ent m essage, it adds t he rout er ’s inform at ion t o t he neighbor cache,
prefix list and dest inat ion cache. The NWA creat es an ent ry in t he default rout er list cache if t he
rout er can be used as a default rout er.
When t he NWA needs t o send a packet , it first consult s t he dest inat ion cache t o det erm ine t he next
hop. I f t here is no m at ching ent ry in t he destinat ion cache, t he NWA uses t he prefix list t o
NWA1120 Series User’s Guide
181
Appendix D IPv6
det erm ine whet her t he dest inat ion address is on- link and can be reached direct ly wit hout passing
t hrough a rout er. I f t he address is onlink, t he address is considered as t he next hop. Ot herwise, t he
NWA det erm ines t he next- hop from t he default router list or rout ing t able. Once t he next hop I P
address is known, t he NWA looks int o t he neighbor cache t o get t he link- layer address and sends
t he packet when t he neighbor is reachable. I f t he NWA cannot find an ent ry in t he neighbor cache
or t he st at e for t he neighbor is not reachable, it st art s t he address resolut ion process. This helps
reduce t he num ber of I Pv6 solicit at ion and advert isem ent m essages.
Multicast Listener Discovery
The Mult icast List ener Discovery ( MLD) prot ocol ( defined in RFC 2710) is derived from I Pv4's
I nt ernet Group Managem ent Prot ocol version 2 ( I GMPv2) . MLD uses I CMPv6 m essage t ypes, rat her
t han I GMP m essage t ypes. MLDv1 is equivalent t o I GMPv2 and MLDv2 is equivalent t o I GMPv3.
MLD allows an I Pv6 swit ch or rout er t o discover t he presence of MLD list eners who wish t o receive
m ult icast packet s and t he I P addresses of m ult icast groups t he host s want t o j oin on it s net work.
MLD snooping and MLD proxy are analogous t o I GMP snooping and I GMP proxy in I Pv4.
MLD filt ering cont rols which m ult icast groups a port can j oin.
MLD Messages
A m ult icast rout er or swit ch periodically sends general queries t o MLD host s t o updat e t he m ult icast
forwarding t able. When an MLD host want s t o j oin a m ult icast group, it sends an MLD Report
m essage for t hat address.
An MLD Done m essage is equivalent t o an I GMP Leave m essage. When an MLD host want s t o leave
a m ult icast group, it can send a Done m essage t o t he rout er or swit ch. The rout er or swit ch t hen
sends a group- specific query t o t he port on which t he Done m essage is received t o det erm ine if
ot her devices connect ed t o t his port should rem ain in t he group.
182
NWA1120 Series User’s Guide
Appendix D IPv6
Example - Enabling IPv6 on Windows XP/2003/Vista
By default , Windows XP and Windows 2003 support I Pv6. This exam ple shows you how t o use t he
ipv6 install com m and on Windows XP/ 2003 t o enable I Pv6. This also displays how t o use t he
ipconfig com m and t o see aut o- generat ed I P addresses.
C:\>ipv6 install
Installing...
Succeeded.
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific
IP Address. . . . .
Subnet Mask . . . .
IP Address. . . . .
Default Gateway . .
DNS
. .
. .
. .
. .
Suffix
. . . .
. . . .
. . . .
. . . .
10.1.1.46
255.255.255.0
fe80::2d0:59ff:feb8:103c%4
10.1.1.254
I Pv6 is inst alled and enabled by default in Windows Vist a. Use t he ipconfig com m and t o check
your aut om at ic configured I Pv6 address as well. You should see at least one I Pv6 address available
for t he int erface on your com put er.
Example - Enabling DHCPv6 on Windows XP
Windows XP does not support DHCPv6. I f your net work uses DHCPv6 for I P address assignm ent ,
you have t o addit ionally inst all a DHCPv6 client soft ware on your Windows XP. ( Not e: I f you use
st at ic I P addresses or Rout er Advert isem ent for I Pv6 address assignm ent in your net work, ignore
t his sect ion.)
This exam ple uses Dibbler as t he DHCPv6 client. To enable DHCPv6 client on your com put er:
I nst all Dibbler and select t he DHCPv6 client opt ion on your com put er.
Aft er t he inst allat ion is com plet e, select St a r t > All Pr ogr a m s > D ibble r - D H CPv6 > Clie nt
I nst a ll a s se r vice .
Select St a r t > Cont r ol Pa n e l > Adm in ist r a t ive Tools > Se r vice s.
Double click D ibble r - a D H CPv6 clie nt .
NWA1120 Series User’s Guide
183
Appendix D IPv6
Click St a r t and t hen OK.
Now your com put er can obt ain an I Pv6 address from a DHCPv6 server.
Example - Enabling IPv6 on Windows 7
Windows 7 support s I Pv6 by default . DHCPv6 is also enabled when you enable I Pv6 on a Windows 7
com put er.
To enable I Pv6 in Windows 7:
184
Select Cont r ol Pa ne l > N e t w or k a n d Sh a r in g Ce n t e r > Loca l Ar e a Con ne ct ion.
Select t he I n t e r n e t Pr ot ocol Ve r sion 6 ( TCP/ I Pv6 ) checkbox t o enable it .
Click OK t o save t he change.
NWA1120 Series User’s Guide
Appendix D IPv6
Click Close t o exit t he Loca l Ar e a Conn e ct ion St a t us screen.
Select St a r t > All Pr ogr a m s > Acce ssor ie s > Com m a nd Pr om pt .
Use t he ipconfig com m and t o check your dynam ic I Pv6 address. This exam ple shows a global
address ( 2001: b021: 2d: : 1000) obt ained from a DHCP server.
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS
IPv6 Address. . . . . .
Link-local IPv6 Address
IPv4 Address. . . . . .
Subnet Mask . . . . . .
Default Gateway . . . .
NWA1120 Series User’s Guide
Suffix
. . . .
. . . .
. . . .
. . . .
. . . .
2001:b021:2d::1000
fe80::25d8:dcab:c80a:5189%11
172.16.100.61
255.255.255.0
fe80::213:49ff:feaa:7125%11
172.16.100.254
185
Appendix D IPv6
186
NWA1120 Series User’s Guide
A PPENDIX
Wireless LANs
Wireless LAN Topologies
This sect ion discusses ad- hoc and infrast ruct ure wireless LAN t opologies.
Ad-hoc Wireless LAN Configuration
The sim plest WLAN configurat ion is an independent ( Ad- hoc) WLAN t hat connect s a set of
com put ers wit h wireless adapt ers ( A, B, C) . Any t im e t wo or m ore wireless adapt ers are wit hin
range of each ot her, t hey can set up an independent net work, which is com m only referred t o as an
ad- hoc net work or I ndependent Basic Service Set ( I BSS) . The following diagram shows an exam ple
of not ebook com put ers using wireless adapt ers t o form an ad- hoc wireless LAN.
Figure 91 Peer- t o- Peer Com m unicat ion in an Ad- hoc Net work
BSS
A Basic Service Set ( BSS) exist s when all com m unicat ions bet ween wireless client s or bet ween a
wireless client and a wired net work client go t hrough one access point ( AP) .
I nt ra- BSS t raffic is t raffic bet ween wireless client s in t he BSS. When I nt ra- BSS is enabled, wireless
client A and B can access t he wired net work and com m unicat e wit h each ot her. When I nt ra- BSS is
NWA1120 Series User’s Guide
187
Appendix E Wireless LANs
disabled, wireless client A and B can st ill access t he wired net work but cannot com m unicat e wit h
each ot her.
Figure 92 Basic Service Set
ESS
An Ext ended Service Set ( ESS) consist s of a series of overlapping BSSs, each cont aining an access
point , wit h each access point connect ed t oget her by a wired net work. This wired connect ion
bet ween APs is called a Dist ribut ion Syst em ( DS) .
This t ype of wireless LAN t opology is called an I nfrast ruct ure WLAN. The Access Point s not only
provide com m unicat ion wit h t he wired net work but also m ediat e wireless net work t raffic in t he
im m ediat e neighborhood.
188
NWA1120 Series User’s Guide
Appendix E Wireless LANs
An ESSI D ( ESS I Dent ificat ion) uniquely ident ifies each ESS. All access point s and t heir associat ed
wireless client s wit hin t he sam e ESS m ust have t he sam e ESSI D in order t o com m unicat e.
Figure 93 I nfrast ruct ure WLAN
Channel
A channel is t he radio frequency( ies) used by wireless devices t o t ransm it and receive dat a.
Channels available depend on your geographical area. You m ay have a choice of channels ( for your
region) so you should use a channel different from an adj acent AP ( access point ) t o reduce
int erference. I nt erference occurs when radio signals from different access point s overlap causing
int erference and degrading perform ance.
Adj acent channels part ially overlap however. To avoid int erference due t o overlap, your AP should
be on a channel at least five channels away from a channel t hat an adj acent AP is using. For
exam ple, if your region has 11 channels and an adj acent AP is using channel 1, t hen you need t o
select a channel bet ween 6 or 11.
RTS/CTS
A hidden node occurs when t wo st at ions are wit hin range of t he sam e access point , but are not
wit hin range of each ot her. The following figure illust rat es a hidden node. Bot h st at ions ( STA) are
wit hin range of t he access point ( AP) or wireless gat eway, but out- of- range of each ot her, so t hey
NWA1120 Series User’s Guide
189
Appendix E Wireless LANs
cannot " hear" each ot her, t hat is t hey do not know if t he channel is current ly being used. Therefore,
t hey are considered hidden from each ot her.
Figure 94
RTS/ CTS
When st at ion A sends dat a t o t he AP, it m ight not know t hat t he st at ion B is already using t he
channel. I f t hese t wo st at ions send dat a at t he sam e t im e, collisions m ay occur when bot h set s of
dat a arrive at t he AP at t he sam e t im e, result ing in a loss of m essages for bot h st at ions.
RTS/ CTS is designed t o prevent collisions due t o hidden nodes. An RTS/ CTS defines t he biggest
size dat a fram e you can send before an RTS ( Request To Send) / CTS ( Clear t o Send) handshake is
invoked.
When a dat a fram e exceeds t he RTS/ CTS value you set ( bet ween 0 t o 2432 byt es) , t he st at ion
t hat want s t o t ransm it t his fram e m ust first send an RTS ( Request To Send) m essage t o t he AP for
perm ission t o send it . The AP t hen responds wit h a CTS ( Clear t o Send) m essage t o all ot her
st at ions wit hin it s range t o not ify t hem t o defer t heir t ransm ission. I t also reserves and confirm s
wit h t he request ing st at ion t he t im e fram e for t he request ed t ransm ission.
St at ions can send fram es sm aller t han t he specified RTS/ CTS direct ly t o t he AP wit hout t he RTS
( Request To Send) / CTS ( Clear t o Send) handshake.
You should only configure RTS/ CTS if t he possibilit y of hidden nodes exist s on your net work and
t he " cost " of resending large fram es is m ore t han t he ext ra net work overhead involved in t he RTS
( Request To Send) / CTS ( Clear t o Send) handshake.
I f t he RTS/ CTS value is great er t han t he Fr a gm e nt a t ion Thr e sh old value ( see next ) , t hen t he
RTS ( Request To Send) / CTS ( Clear t o Send) handshake will never occur as dat a fram es will be
fragm ent ed before t hey reach RTS/ CTS size.
Not e: Enabling t he RTS Threshold causes redundant net w ork overhead t hat could
negat ively affect t he t hroughput perfor m ance inst ead of pr oviding a rem edy.
Fragmentation Threshold
A Fr a gm e nt a t ion Thr e sh old is t he m axim um dat a fragm ent size ( bet ween 256 and 2432 byt es)
t hat can be sent in t he wireless net work before t he AP will fragm ent t he packet int o sm aller dat a
fram es.
A large Fr a gm e n t a t ion Th r e sh old is recom m ended for net works not prone t o int erference while
you should set a sm aller t hreshold for busy net works or net works t hat are prone t o int erference.
190
NWA1120 Series User’s Guide
Appendix E Wireless LANs
I f t he Fr a gm e nt a t ion Thr e shold value is sm aller t han t he RTS/ CTS value ( see previously) you
set t hen t he RTS ( Request To Send) / CTS ( Clear t o Send) handshake will never occur as dat a fram es
will be fragm ent ed before t hey reach RTS/ CTS size.
Preamble Type
Pream ble is used t o signal t hat dat a is com ing t o t he receiver. Short and long refer t o t he lengt h of
t he synchronizat ion field in a packet .
Short pream ble increases perform ance as less t im e sending pream ble m eans m ore t im e for sending
dat a. All I EEE 802.11 com pliant wireless adapt ers support long pream ble, but not all support short
pream ble.
Use long pream ble if you are unsure what pream ble m ode ot her wireless devices on t he net work
support , and t o provide m ore reliable com m unicat ions in busy wireless net works.
Use short pream ble if you are sure all wireless devices on t he net work support it , and t o provide
m ore efficient com m unicat ions.
Use t he dynam ic set t ing t o aut om at ically use short pream ble when all wireless devices on t he
net work support it , ot herwise t he NWA uses long pream ble.
Not e: The wireless devices MUST use t he sam e pream ble m ode in order t o com m unicat e.
Wireless LAN Standards
The I EEE 802.11b wireless access st andard was first published in 1999. I EEE 802.11b has a
m axim um dat a rat e of 11 Mbps and uses t he 2.4 GHz band.
I EEE 802.11g also works in t he 2.4 GHz band and is fully com pat ible wit h t he I EEE 802.11b
st andard. This m eans an I EEE 802.11b adapt er can int erface direct ly wit h an I EEE 802.11g access
point ( and vice versa) at 11 Mbps or lower depending on range. I EEE 802.11g has several
int erm ediat e rat e st eps bet ween t he m axim um and m inim um dat a rat es ( 54 Mbps and 1 Mbps
respect ively) .
I EEE 802.11a has a dat a rat e of up t o 54 Mbps using t he 5 GHz band. I EEE 802.11a is not
int eroperable wit h I EEE 802.11b or I EEE 802.11g.
I EEE 802.11n can operat e bot h in t he 2.4 GHz and 5 GHz bands and is backward com pat ible wit h
t he I EEE 802.11a, I EEE 802.11b, and I EEE 802.11g st andards. I t im proves net work t hroughput and
increases t he m axim um raw dat a rat e from 54 Mbps t o 300 Mbps by using m ult iple- input m ult ipleout put ( MI MO) , a channel widt h of 40 MHz, fram e aggregat ion and short guard int erval.
Table 55 Wireless LAN St andards Com parison Table
WIRELESS LAN
STANDARD
MAXIMUM NET
DATA RATE
FREQUENCY
BAND
COMPATIBILITY
I EEE 802.11b
11 Mbps
2.4 GHz
I EEE 802.11g
I EEE 802.11n
I EEE 802.11g
54 Mbps
2.4 GHz
I EEE 802.11b
I EEE 802.11n
NWA1120 Series User’s Guide
191
Appendix E Wireless LANs
Table 55 Wireless LAN St andards Com parison Table
WIRELESS LAN
STANDARD
MAXIMUM NET
DATA RATE
FREQUENCY
BAND
COMPATIBILITY
I EEE 802.11a
54 Mbps
5 GHz
I EEE 802.11n
I EEE 802.11n
300 Mbps
2.4 GHz, 5 GHz
I EEE 802.11b
I EEE 802.11g
I EEE 802.11a
Wireless Security Overview
Wireless securit y is vit al t o your net work t o prot ect wireless com m unicat ion bet ween wireless
client s, access point s and t he wired net work.
Wireless securit y m et hods available on t he NWA are dat a encrypt ion, wireless client aut hent icat ion,
rest rict ing access by device MAC address and hiding t he NWA ident it y.
The following figure shows t he relat ive effect iveness of t hese wireless securit y m et hods available on
your NWA.
Table 56 Wireless Securit y Levels
SECURITY
LEVEL
Least
Secure
SECURITY TYPE
Unique SSI D ( Default )
Unique SSI D wit h Hide SSI D Enabled
MAC Address Filt ering
WEP Encrypt ion
I EEE802.1x EAP wit h RADI US Server Aut hent icat ion
Wi- Fi Prot ect ed Access ( WPA)
Most Secure
WPA2
Not e: You m ust enable t he sam e wireless securit y set t ings on t he NWA and on all w ireless
client s t hat you want t o associat e wit h it .
IEEE 802.1x
I n June 2001, t he I EEE 802.1x st andard was designed t o ext end t he feat ures of I EEE 802.11 t o
support ext ended aut hent icat ion as well as providing addit ional account ing and cont rol feat ures. I t
is support ed by Windows XP and a num ber of net work devices. Som e advant ages of I EEE 802.1x
are:
• User based ident ificat ion t hat allows for roam ing.
• Support for RADI US ( Rem ot e Aut hent icat ion Dial I n User Service, RFC 2138, 2139) for
cent ralized user profile and account ing m anagem ent on a net work RADI US server.
• Support for EAP ( Ext ensible Aut hent icat ion Prot ocol, RFC 2486) t hat allows addit ional
aut hent icat ion m et hods t o be deployed wit h no changes t o t he access point or t he wireless
client s.
192
NWA1120 Series User’s Guide
Appendix E Wireless LANs
RADIUS
RADI US is based on a client- server m odel t hat support s aut hent icat ion, aut horizat ion and
account ing. The access point is t he client and t he server is t he RADI US server. The RADI US server
handles t he following t asks:
• Aut hent icat ion
Det erm ines t he ident it y of t he users.
• Aut horizat ion
Det erm ines t he net work services available t o aut hent icat ed users once t hey are connect ed t o t he
net work.
• Account ing
Keeps t rack of t he client ’s net work act ivit y.
RADI US is a sim ple package exchange in which your AP act s as a m essage relay bet ween t he
wireless client and t he net work RADI US server.
Types of RADIUS Messages
The following t ypes of RADI US m essages are exchanged bet ween t he access point and t he RADI US
server for user aut hent icat ion:
• Access- Request
Sent by an access point request ing aut hent icat ion.
• Access- Rej ect
Sent by a RADI US server rej ect ing access.
• Access-Accept
Sent by a RADI US server allowing access.
• Access- Challenge
Sent by a RADI US server request ing m ore inform at ion in order t o allow access. The access point
sends a proper response from t he user and t hen sends anot her Access- Request m essage.
The following t ypes of RADI US m essages are exchanged bet ween t he access point and t he RADI US
server for user account ing:
• Account ing- Request
Sent by t he access point request ing account ing.
• Account ing- Response
Sent by t he RADI US server t o indicat e t hat it has st art ed or st opped account ing.
I n order t o ensure net work securit y, t he access point and t he RADI US server use a shared secret
key, which is a password, t hey bot h know. The key is not sent over t he net work. I n addit ion t o t he
shared key, password inform at ion exchanged is also encrypt ed t o prot ect t he net work from
unaut horized access.
Types of EAP Authentication
This sect ion discusses som e popular aut hent icat ion t ypes: EAP- MD5, EAP-TLS, EAP-TTLS, PEAP and
LEAP. Your wireless LAN device m ay not support all aut hent icat ion t ypes.
NWA1120 Series User’s Guide
193
Appendix E Wireless LANs
EAP ( Ext ensible Aut hent icat ion Prot ocol) is an aut hent icat ion prot ocol t hat runs on t op of t he I EEE
802.1x t ransport m echanism in order t o support m ult iple t ypes of user aut hent icat ion. By using EAP
t o int eract wit h an EAP- com pat ible RADI US server, an access point helps a wireless st at ion and a
RADI US server perform aut hent icat ion.
The t ype of aut hent icat ion you use depends on t he RADI US server and an int erm ediary AP( s) t hat
support s I EEE 802.1x.
For EAP-TLS aut hent icat ion t ype, you m ust first have a wired connect ion t o t he net work and obt ain
t he cert ificat e( s) from a cert ificat e aut horit y ( CA) . A cert ificat e ( also called digit al I Ds) can be used
t o aut hent icat e users and a CA issues cert ificat es and guarant ees t he ident it y of each cert ificat e
owner.
EAP-MD5 (Message-Digest Algorithm 5)
MD5 aut hent icat ion is t he sim plest one- way aut hent icat ion m et hod. The aut hent icat ion server
sends a challenge t o t he wireless client . The wireless client ‘proves’ t hat it knows t he password by
encrypt ing t he password wit h t he challenge and sends back t he inform at ion. Password is not sent in
plain t ext .
However, MD5 aut hent icat ion has som e weaknesses. Since t he aut hent icat ion server needs t o get
t he plaint ext passwords, t he passwords m ust be st ored. Thus som eone ot her t han t he
aut hent icat ion server m ay access t he password file. I n addit ion, it is possible t o im personat e an
aut hent icat ion server as MD5 aut hent icat ion m et hod does not perform m ut ual aut hent icat ion.
Finally, MD5 aut hent icat ion m et hod does not support dat a encrypt ion wit h dynam ic session key. You
m ust configure WEP encrypt ion keys for dat a encrypt ion.
EAP-TLS (Transport Layer Security)
Wit h EAP-TLS, digit al cert ificat ions are needed by bot h t he server and t he wireless client s for
m ut ual aut hent icat ion. The server present s a cert ificat e t o t he client . Aft er validat ing t he ident it y of
t he server, t he client sends a different cert ificat e t o t he server. The exchange of cert ificat es is done
in t he open before a secured t unnel is creat ed. This m akes user ident it y vulnerable t o passive
at t acks. A digit al cert ificat e is an elect ronic I D card t hat aut hent icat es t he sender ’s ident it y.
However, t o im plem ent EAP-TLS, you need a Cert ificat e Aut horit y ( CA) t o handle cert ificat es, which
im poses a m anagem ent overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an ext ension of t he EAP-TLS aut hent icat ion t hat uses cert ificat es for only t he serverside aut hent icat ions t o est ablish a secure connect ion. Client aut hent icat ion is t hen done by sending
usernam e and password t hrough t he secure connect ion, t hus client ident it y is prot ect ed. For client
aut hent icat ion, EAP-TTLS support s EAP m et hods and legacy aut hent icat ion m et hods such as PAP,
CHAP, MS- CHAP and MS- CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server- side cert ificat e aut hent icat ion is used t o est ablish a secure connect ion, t hen
use sim ple usernam e and password m et hods t hrough t he secured connect ion t o aut hent icat e t he
client s, t hus hiding client ident it y. However, PEAP only support s EAP m et hods, such as EAP- MD5,
EAP- MSCHAPv2 and EAP- GTC ( EAP- Generic Token Card) , for client aut hent icat ion. EAP- GTC is
im plem ent ed only by Cisco.
194
NWA1120 Series User’s Guide
Appendix E Wireless LANs
LEAP
LEAP ( Light weight Ext ensible Aut hent icat ion Prot ocol) is a Cisco im plem ent at ion of I EEE 802.1x.
Dynamic WEP Key Exchange
The AP m aps a unique key t hat is generat ed wit h t he RADI US server. This key expires when t he
wireless connect ion t im es out , disconnect s or reaut hent icat ion t im es out . A new WEP key is
generat ed each t im e reaut hent icat ion is perform ed.
I f t his feat ure is enabled, it is not necessary t o configure a default encrypt ion key in t he wireless
securit y configurat ion screen. You m ay st ill configure and st ore keys, but t hey will not be used while
dynam ic WEP is enabled.
Not e: EAP- MD5 cannot be used wit h Dynam ic WEP Key Exchange
For added securit y, cert ificat e- based aut hent icat ions ( EAP-TLS, EAP-TTLS and PEAP) use dynam ic
keys for dat a encrypt ion. They are oft en deployed in corporat e environm ent s, but for public
deploym ent , a sim ple user nam e and password pair is m ore pract ical. The following t able is a
com parison of t he feat ures of aut hent icat ion t ypes.
Table 57 Com parison of EAP Aut hent icat ion Types
EAP-MD5
EAP-TLS
EAP-TTLS
PEAP
LEAP
Mut ual Aut hent icat ion
No
Yes
Yes
Yes
Yes
Cert ificat e – Client
No
Yes
Opt ional
Opt ional
No
Cert ificat e – Server
No
Yes
Yes
Yes
No
Dynam ic Key Exchange
No
Yes
Yes
Yes
Yes
Credent ial I nt egrit y
None
St rong
St rong
St rong
Moderat e
Deploym ent Difficult y
Easy
Hard
Moderat e
Moderat e
Moderat e
Client I dent it y Prot ect ion
No
No
Yes
Yes
No
WPA and WPA2
Wi- Fi Prot ect ed Access ( WPA) is a subset of t he I EEE 802.11i st andard. WPA2 ( I EEE 802.11i) is a
wireless securit y st andard t hat defines st ronger encrypt ion, aut hent icat ion and key m anagem ent
t han WPA.
Key differences bet ween WPA or WPA2 and WEP are im proved dat a encrypt ion and user
aut hent icat ion.
I f bot h an AP and t he wireless client s support WPA2 and you have an ext ernal RADI US server, use
WPA2 for st ronger dat a encrypt ion. I f you don't have an ext ernal RADI US server, you should use
WPA2- PSK ( WPA2- Pre- Shared Key) t hat only requires a single ( ident ical) password ent ered int o
each access point , wireless gat eway and wireless client . As long as t he passwords m at ch, a wireless
client will be grant ed access t o a WLAN.
I f t he AP or t he wireless client s do not support WPA2, j ust use WPA or WPA- PSK depending on
whet her you have an ext ernal RADI US server or not .
Select WEP only when t he AP and/ or wireless client s do not support WPA or WPA2. WEP is less
secure t han WPA or WPA2.
NWA1120 Series User’s Guide
195
Appendix E Wireless LANs
Encryption
WPA im proves dat a encrypt ion by using Tem poral Key I nt egrit y Prot ocol ( TKI P) , Message I nt egrit y
Check ( MI C) and I EEE 802.1x. WPA2 also uses TKI P when required for com pat ibilit y reasons, but
offers st ronger encrypt ion t han TKI P wit h Advanced Encrypt ion St andard ( AES) in t he Count er
m ode wit h Cipher block chaining Message aut hent icat ion code Prot ocol ( CCMP) .
TKI P uses 128- bit keys t hat are dynam ically generat ed and dist ribut ed by t he aut hent icat ion server.
AES ( Advanced Encrypt ion St andard) is a block cipher t hat uses a 256- bit m at hem at ical algorit hm
called Rij ndael. They bot h include a per- packet key m ixing funct ion, a Message I nt egrit y Check
( MI C) nam ed Michael, an ext ended init ializat ion vect or ( I V) wit h sequencing rules, and a re- keying
m echanism .
WPA and WPA2 regularly change and rot at e t he encrypt ion keys so t hat t he sam e encrypt ion key is
never used t wice.
The RADI US server dist ribut es a Pairwise Mast er Key ( PMK) key t o t he AP t hat t hen set s up a key
hierarchy and m anagem ent syst em , using t he PMK t o dynam ically generat e unique dat a encrypt ion
keys t o encrypt every dat a packet t hat is wirelessly com m unicat ed bet ween t he AP and t he wireless
client s. This all happens in t he background aut om at ically.
The Message I nt egrit y Check ( MI C) is designed t o prevent an at t acker from capt uring dat a packet s,
alt ering t hem and resending t hem . The MI C provides a st rong m at hem at ical funct ion in which t he
receiver and t he t ransm it t er each com put e and t hen com pare t he MI C. I f t hey do not m at ch, it is
assum ed t hat t he dat a has been t am pered wit h and t he packet is dropped.
By generat ing unique dat a encrypt ion keys for every dat a packet and by creat ing an int egrit y
checking m echanism ( MI C) , wit h TKI P and AES it is m ore difficult t o decrypt dat a on a Wi- Fi
net work t han WEP and difficult for an int ruder t o break int o t he net work.
The encrypt ion m echanism s used for WPA( 2) and WPA( 2) - PSK are t he sam e. The only difference
bet ween t he t wo is t hat WPA( 2) - PSK uses a sim ple com m on password, inst ead of user- specific
credent ials. The com m on- password approach m akes WPA( 2) - PSK suscept ible t o brut e- force
password- guessing at t acks but it ’s st ill an im provem ent over WEP as it em ploys a consist ent ,
single, alphanum eric password t o derive a PMK which is used t o generat e unique t em poral
encrypt ion keys. This prevent all wireless devices sharing t he sam e encrypt ion keys. ( a weakness of
WEP)
User Authentication
WPA and WPA2 apply I EEE 802.1x and Ext ensible Aut hent icat ion Prot ocol ( EAP) t o aut hent icat e
wireless client s using an ext ernal RADI US dat abase. WPA2 reduces t he num ber of key exchange
m essages from six t o four ( CCMP 4- way handshake) and short ens t he t im e required t o connect t o a
net work. Ot her WPA2 aut hent icat ion feat ures t hat are different from WPA include key caching and
pre- aut hent icat ion. These t wo feat ures are opt ional and m ay not be support ed in all wireless
devices.
Key caching allows a wireless client t o st ore t he PMK it derived t hrough a successful aut hent icat ion
wit h an AP. The wireless client uses t he PMK when it t ries t o connect t o t he sam e AP and does not
need t o go wit h t he aut hent icat ion process again.
Pre- aut hent icat ion enables fast roam ing by allowing t he wireless client ( already connect ing t o an
AP) t o perform I EEE 802.1x aut hent icat ion wit h anot her AP before connect ing t o it .
196
NWA1120 Series User’s Guide
Appendix E Wireless LANs
Wireless Client WPA Supplicants
A wireless client supplicant is t he soft ware t hat runs on an operat ing syst em inst ruct ing t he wireless
client how t o use WPA. At t he t im e of writ ing, t he m ost widely available supplicant is t he WPA pat ch
for Windows XP, Funk Soft ware's Odyssey client .
The Windows XP pat ch is a free download t hat adds WPA capabilit y t o Windows XP's built- in " Zero
Configurat ion" wireless client . However, you m ust run Windows XP t o use it .
WPA(2) with RADIUS Application Example
To set up WPA( 2) , you need t he I P address of t he RADI US server, it s port num ber ( default is 1812) ,
and t he RADI US shared secret . A WPA( 2) applicat ion exam ple wit h an ext ernal RADI US server
looks as follows. " A" is t he RADI US server. " DS" is t he dist ribut ion syst em .
The AP passes t he wireless client 's aut hent icat ion request t o t he RADI US server.
The RADI US server t hen checks t he user's ident ificat ion against it s dat abase and grant s or denies
net work access accordingly.
A 256- bit Pairwise Mast er Key ( PMK) is derived from t he aut hent icat ion process by t he RADI US
server and t he client .
The RADI US server dist ribut es t he PMK t o t he AP. The AP t hen set s up a key hierarchy and
m anagem ent syst em , using t he PMK t o dynam ically generat e unique dat a encrypt ion keys. The
keys are used t o encrypt every dat a packet t hat is wirelessly com m unicat ed bet ween t he AP and
t he wireless client s.
Figure 95 WPA( 2) wit h RADI US Applicat ion Exam ple
WPA(2)-PSK Application Example
A WPA( 2) - PSK applicat ion looks as follows.
NWA1120 Series User’s Guide
197
Appendix E Wireless LANs
First ent er ident ical passwords int o t he AP and all wireless client s. The Pre- Shared Key ( PSK) m ust
consist of bet ween 8 and 63 ASCI I charact ers or 64 hexadecim al charact ers ( including spaces and
sym bols) .
The AP checks each wireless client 's password and allows it t o j oin t he net work only if t he password
m at ches.
The AP and wireless client s generat e a com m on PMK ( Pairwise Mast er Key) . The key it self is not
sent over t he net work, but is derived from t he PSK and t he SSI D.
The AP and wireless client s use t he TKI P or AES encrypt ion process, t he PMK and inform at ion
exchanged in a handshake t o creat e t em poral encrypt ion keys. They use t hese keys t o encrypt dat a
exchanged bet ween t hem .
Figure 96 WPA( 2) - PSK Aut hent icat ion
Security Parameters Summary
Refer t o t his t able t o see what ot her securit y param et ers you should configure for each
aut hent icat ion m et hod or key m anagem ent prot ocol t ype. MAC address filt ers are not dependent on
how you configure t hese securit y feat ures.
Table 58 Wireless Securit y Relat ional Mat rix
AUTHENTICATION
ENCRYPTIO
METHOD/ KEY
MANAGEMENT PROTOCOL N METHOD
ENTER
MANUAL KEY
Open
No
None
IEEE 802.1X
Disable
Enable wit hout Dynam ic WEP Key
Open
Shared
198
WEP
WEP
No
Enable wit h Dynam ic WEP Key
Yes
Enable wit hout Dynam ic WEP Key
Yes
Disable
No
Enable wit h Dynam ic WEP Key
Yes
Enable wit hout Dynam ic WEP Key
Yes
Disable
WPA
TKI P/ AES
No
Enable
WPA- PSK
TKI P/ AES
Yes
Disable
NWA1120 Series User’s Guide
Appendix E Wireless LANs
Table 58 Wireless Securit y Relat ional Mat rix ( cont inued)
AUTHENTICATION
ENCRYPTIO
METHOD/ KEY
MANAGEMENT PROTOCOL N METHOD
ENTER
MANUAL KEY
IEEE 802.1X
WPA2
TKI P/ AES
No
Enable
WPA2- PSK
TKI P/ AES
Yes
Disable
Antenna Overview
An ant enna couples RF signals ont o air. A t ransm it t er wit hin a wireless device sends an RF signal t o
t he ant enna, which propagat es t he signal t hrough t he air. The ant enna also operat es in reverse by
capt uring RF signals from t he air.
Posit ioning t he ant ennas properly increases t he range and coverage area of a wireless LAN.
Antenna Characteristics
Frequency
An ant enna in t he frequency of 2.4GHz or 5GHz is needed t o com m unicat e efficient ly in a wireless
LAN
Radiation Pattern
A radiat ion pat t ern is a diagram t hat allows you t o visualize t he shape of t he ant enna’s coverage
area.
Antenna Gain
Ant enna gain, m easured in dB ( decibel) , is t he increase in coverage wit hin t he RF beam widt h.
Higher ant enna gain im proves t he range of t he signal for bet t er com m unicat ions.
For an indoor sit e, each 1 dB increase in ant enna gain result s in a range increase of approxim at ely
2.5% . For an unobst ruct ed out door sit e, each 1dB increase in gain result s in a range increase of
approxim at ely 5% . Act ual result s m ay vary depending on t he net work environm ent .
Ant enna gain is som et im es specified in dBi, which is how m uch t he ant enna increases t he signal
power com pared t o using an isot ropic ant enna. An isot ropic ant enna is a t heoret ical perfect ant enna
t hat sends out radio signals equally well in all direct ions. dBi represent s t he t rue gain t hat t he
ant enna provides.
Types of Antennas for WLAN
There are t wo t ypes of ant ennas used for wireless LAN applicat ions.
• Om ni- direct ional ant ennas send t he RF signal out in all direct ions on a horizont al plane. The
coverage area is t orus- shaped ( like a donut ) which m akes t hese ant ennas ideal for a room
environm ent . Wit h a wide coverage area, it is possible t o m ake circular overlapping coverage
areas wit h m ult iple access point s.
NWA1120 Series User’s Guide
199
Appendix E Wireless LANs
• Direct ional ant ennas concent rat e t he RF signal in a beam , like a flashlight does wit h t he light
from it s bulb. The angle of t he beam det erm ines t he widt h of t he coverage pat t ern. Angles
t ypically range from 20 degrees ( very direct ional) t o 120 degrees ( less direct ional) . Direct ional
ant ennas are ideal for hallways and out door point- t o- point applicat ions.
Positioning Antennas
I n general, ant ennas should be m ount ed as high as pract ically possible and free of obst ruct ions. I n
point- t o–point applicat ion, posit ion bot h ant ennas at t he sam e height and in a direct line of sight t o
each ot her t o at t ain t he best perform ance.
For om ni- direct ional ant ennas m ount ed on a t able, desk, and so on, point t he ant enna up. For
om ni- direct ional ant ennas m ount ed on a wall or ceiling, point t he ant enna down. For a single AP
applicat ion, place om ni- direct ional ant ennas as close t o t he cent er of t he coverage area as possible.
For direct ional ant ennas, point t he ant enna in t he direct ion of t he desired coverage area.
200
NWA1120 Series User’s Guide
A PPENDIX
Legal Information
Copyright
Copyright © 2012 by ZyXEL Com m unicat ions Cor porat ion.
The cont ent s of t his publicat ion m ay not be reproduced in any part or as a whole, t ranscribed, st ored in a ret rieval syst em , t ranslat ed int o
any language, or t ransm it t ed in any form or by any m eans, elect ronic, m echanical, m agnet ic, opt ical, chem ical, phot ocopying, m anual, or
ot herwise, wit hout t he prior writ t en perm ission of ZyXEL Com m unicat ions Corporat ion.
Published by ZyXEL Com m unicat ions Corporat ion. All right s reserved.
Disclaimers
ZyXEL does not assum e any liabilit y arising out of t he applicat ion or use of any product s, or soft ware described her ein. Neit her does it
convey any license under it s pat ent right s nor t he pat ent right s of ot hers. ZyXEL furt her reserves t he right t o m ake changes in any
product s described herein wit hout not ice. This publicat ion is subj ect t o change w it hout not ice.
Your use of t he NWA is subj ect t o t he t erm s and condit ions of any relat ed service provider s.
Trademarks
Tradem arks m ent ioned in t his publicat ion are used for ident ificat ion purposes only and m ay be pr opert ies of t heir respect ive owner s.
Certifications
Federal Communications Commission (FCC) Interference Statement
The device com plies wit h Part 15 of FCC rules. Operat ion is subj ect t o t he following t w o condit ions:
• This device m ay not cause harm ful int erference.
• This device m ust accept any int erfer ence received, including int erference t hat m ay cause undesired operat ions.
This device has been t est ed and found t o com ply wit h t he lim it s for a Class B digit al device pursuant t o Part 15 of t he FCC Rules. These
lim it s are designed t o provide reasonable prot ect ion against harm ful int erfer ence in a resident ial inst allat ion. This device generat es, uses,
and can radiat e radio frequency ener gy, and if not inst alled and used in accordance wit h t he inst ruct ions, m ay cause harm ful int erference
t o radio com m unicat ions. However, t her e is no guarant ee t hat int erference will not occur in a part icular inst allat ion.
I f t his device does cause harm ful int erference t o radio/ t elevision recept ion, w hich can be det erm ined by t urning t he device off and on, t he
user is encouraged t o t r y t o correct t he int erference by one or m ore of t he following m easures:
Reor ient or relocat e t he receiving ant enna.
I ncrease t he separat ion bet ween t he equipm ent and t he receiver.
Connect t he equipm ent int o an out let on a circuit different from t hat t o w hich t he receiver is connect ed.
Consult t he dealer or an experienced radio/ TV t echnician for help.
FCC Caut ion: Any changes or m odificat ions not expressly approved by t he part y responsible for com pliance could void t he user's aut horit y
t o operat e t his equipm ent .
FCC Radiation Exposure Statement
•
•
•
•
This t ransm it t er m ust not be co- locat ed or operat ing in conj unct ion w it h any ot her ant enna or t ransm it t er.
For operat ion wit hin 5.15 ~ 5.25GHz frequency range, it is rest rict ed t o indoor environm ent .
I EEE 802.11b, 802.11g or 802.11n ( 20MHz) operat ion of t his product in t he U.S.A. is firm ware- lim it ed t o channels 1 t hrough 11. I EEE
802.11n ( 40MHz) operat ion of t his product in t he U.S.A. is fir m ware- lim it ed t o channels 3 t hrough 9.
22 cm m ust be m aint ained bet w een t he
To com ply wit h FCC RF exposure com pliance requirem ent s, a separat ion dist ance of at least 20
ant enna of t his device and all persons.
Industry Canada Statement
This device com plies wit h RSS- 210 of t he I ndust ry Canada Rules. Operat ion is subj ect t o t he following t w o condit ions:
1) t his device m ay not cause int erference and
2) t his device m ust accept any int erference, including int erference t hat m ay cause undesired operat ion of t he device
This device has been designed t o operat e w it h an ant enna having a m axim um gain of 3dBi.
Ant enna having a higher gain is st rict ly prohibit ed per regulat ions of I ndust ry Canada. The required ant enna im pedance is 50 ohm s.
To reduce pot ent ial radio int erference t o ot her users, t he ant enna t ype and it s gain should be so chosen t hat t he EI RP is not m ore t han
required for successful com m unicat ion.
NWA1120 Series User’s Guide
201
Appendix F Legal Information
IC Radiation Exposure Statement
This equipm ent com plies wit h I C radiat ion exposure lim it s set fort h for an uncont r olled environm ent . End users m ust follow t he specific
operat ing inst ruct ions for sat isfying RF exposure com pliance.
注意 !
依據 低功率電波輻射性電機管理辦法
第十二條 經型式認證合格之低功率射頻電機，非經許可，公司
者均不得擅自變更頻率 加大功率或變更原設計之特性及功能
商號或使用
第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信；經發現
有干擾現象時，應立即停用，並改善至無干擾時方得繼續使用
前項合法通信，指依電信規定作業之無線電信 低功率射頻電機須忍
受合法通信或工業 科學及醫療用電波輻射性電機設備之干擾
本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用
減少電磁波影響，請妥適使用
在 5.25-5.35 (GHz) 頻帶內操作之無線資訊傳輸設備，限於室內使用
Notices
Changes or m odificat ions not expressly approved by t he part y responsible for com pliance could void t he user's aut horit y t o operat e t he
equipm ent .
This Class B digit al apparat us com plies w it h Canadian I CES- 003.
Cet appareil num érique de la classe B est conform e à la norm e NMB- 003 du Canada.
ErP (Energy-related Products) Declaration of Conformity
All ZyXEL product s put on t he EU m arket in com pliance wit h t he requir em ent of t he European Parliam ent and t he Council published
Direct ive 2009/ 125/ EC est ablishing a fram ework for t he set t ing of ecodesign requirem ent s for ener gy- relat ed product s ( r ecast ) , so called
as " ErP Dir ect ive ( Energy- relat ed Product s direct ive) .
This product has been out side t he scope of Energy efficiency lim it at ion requirem ent in t he light of t he t erm s of Regulat ion ( EC) No 1275/
2008, Annex I I :
2. Four years aft er t his Regulat ion has com e int o force:
( c) Availabilit y of off m ode and/ or st andby m ode
Equipm ent shall, except where t his is inappropr iat e for t he int ended use, provide off m ode and/ or st andby m ode, and/ or anot her
condit ion which does not exceed t he applicable power consum pt ion requirem ent s for off m ode and/ or st andby m ode when t he equipm ent
is connect ed t o t he m ains power source.
( d) Power m anagem ent
- anot her condit ion which does not exceed t he applicable pow er consum pt ion r equirem ent s for off m ode and/ or st andby m ode when t he
equipm ent is connect ed t o t he m ains power source. The power anagem ent funct ion shall be act ivat ed before delivery.
4. I nform at ion t o be provided by m anufact urers:
( c) t he charact erist ics of equipm ent relevant for assessing confor m it y w it h t he requirem ent s set out in point 1( c) , or t he requirem ent s set
out in point s 2( c) and/ or 2( d) , as applicable, including t he t im e t aken t o aut om at ically reach st andby, or off m ode, or anot her condit ion
which does not exceed t he applicable pow er consum pt ion requirem ent s for off m ode and/ or st andby m ode.
I n part icular, if applicable, t he t echnical j ust ificat ion shall be provided t hat t he requirem ent s set out in point 1( c) , or t he requirem ent s set
out in point s 2( c) and/ or 2( d) , are inappropriat e for t he int ended use of equipm ent .
EU Direct ive & Regulat ion:
ErP Dir ect ive: Direct ive 2009/ 125/ EC
St andby & off m ode: Regulat ion ( EC) No 1275/ 2008,
Guidance accom panying Com m ission Regulat ion ( EC) No 1275/ 2008,
source: ht t p: / / ec.europa.eu/ energy/ efficiency/ ecodesign/ eco_design_en.ht m
Viewing Certifications
Go t o ht t p: / / www.zyxel.com t o view t his product ’s docum ent at ion and cert ificat ions.
ZyXEL Limited Warranty
ZyXEL warrant s t o t he original end user ( pur chaser) t hat t his product is free from any defect s in m at erial or workm anship for a specific
period ( t he War rant y Period) from t he dat e of pur chase. The War rant y Period varies by region. Check w it h your vendor and/ or t he
aut horized ZyXEL local dist ribut or for det ails about t he Warrant y Period of t his product . During t he warrant y period, and upon proof of
purchase, should t he pr oduct have indicat ions of failure due t o fault y w orkm anship and/ or m at erials, ZyXEL will, at it s discretion, repair or
replace t he defect ive product s or com ponent s wit hout charge for eit her part s or labor, and t o what ever ext ent it shall deem necessar y t o
rest ore t he product or com ponent s t o pr oper operat ing condit ion. Any replacem ent will consist of a new or re- m anufact ured funct ionally
equivalent product of equal or higher value, and will be solely at t he discret ion of ZyXEL. This warrant y shall not apply if t he pr oduct has
been m odified, m isused, t am per ed w it h, dam aged by an act of God, or subj ect ed t o abnor m al w or king condit ions.
Note
Repair or replacem ent , as provided under t his warrant y, is t he exclusive rem edy of t he purchaser. This warrant y is in lieu of all ot her
warrant ies, expr ess or im plied, including any im plied warrant y of m erchant abilit y or fit ness for a part icular use or purpose. ZyXEL shall in
no event be held liable for indirect or consequent ial dam ages of any kind t o t he purchaser.
To obt ain t he services of t his warrant y, cont act your vendor. You m ay also refer t o t he war rant y policy for t he region in which you bought
t he device at ht t p: / / w ww.zyxel.com / web/ support _warrant y_info.php.
Registration
Regist er your product online t o receive e- m ail not ices of firm ware upgrades and inform at ion at www.zyxel.com .
202
NWA1120 Series User’s Guide
Appendix F Legal Information
Open Source Licenses
This product cont ains in part som e free soft ware dist ribut ed under GPL license t erm s and/ or GPL like licenses. Open source licenses are
provided wit h t he firm ware package. You can download t he lat est firm ware at w ww.zyxel.com . To obt ain t he source code covered under
t hose Licenses, please cont act support @zyxel.com .t w t o get it .
Regulatory Information
European Union
The following inform at ion applies if you use t he product wit hin t he European Union.
Declaration of Conformity with Regard to EU Directive 1999/5/EC (R&TTE Directive)
Com pliance I nform at ion for 2.4GHz and 5GHz Wireless Product s Relevant t o t he EU and Ot her Count ries Following the EU Directive 1999/5/EC
(R&TTE Directive)
[ Czech]
ZyXEL t ím t o prohlašuj e, že t ent o zařízení j e ve shodě se základním i požadavky a dalším i příslušným i ust anovením i
sm ěrnice 1999/ 5/ EC.
[ Danish]
Undert egnede ZyXEL erklærer herved, at følgende udst yr udst yr overholder de væsent lige krav og øvrige relevant e
krav i direkt iv 1999/ 5/ EF.
[ Germ an]
Hierm it erklärt ZyXEL, dass sich das Gerät Ausst at t ung in Über einst im m ung m it den grundlegenden Anforderungen
und den übrigen einschlägigen Best im m ungen der Richt linie 1999/ 5/ EU befindet .
[ Est onian]
Käesolevaga kinnit ab ZyXEL seadm e seadm ed vast avust direkt iivi 1999/ 5/ EÜ põhinõuet ele j a nim et at ud direkt iivist
t ulenevat ele t eist ele asj akohast ele sät et ele.
English
Hereby, ZyXEL declares t hat t his equipm ent is in com pliance w it h t he essent ial requir em ent s and ot her relevant
provisions of Direct ive 1999/ 5/ EC.
[ Spanish]
Por m edio de la present e ZyXEL declara que el equipo cum ple con los requisit os esenciales y cualesquiera ot ras
disposiciones aplicables o exigibles de la Direct iva 1999/ 5/ CE.
Η
[ Greek]
Α
Χ
Α ZyXEL Η Ω
Α Α
Η
ε π ισ ός
ΗΓ Α 1999/ 5/ C.
ΦΩ
Α
Ω
Α Α
Η
Α
[ French]
Par la présent e ZyXEL déclare que l'appareil équipem ent s est conform e aux exigences essent ielles et aux aut res
disposit ions pert inent es de la direct ive 1999/ 5/ EC.
[ I t alian]
Con la present e ZyXEL dichiara che quest o at t rezzat ura è conform e ai requisit i essenziali ed alle alt re disposizioni
pert inent i st abilit e dalla diret t iva 1999/ 5/ CE.
[ Lat vian]
Ar šo ZyXEL deklarē, ka iekārt as at bilst Direkt īvas 1999/ 5/ EK būt iskaj ām prasībām un cit iem ar t o saist īt aj iem
not eikum iem .
[ Lit huanian]
Šiuo ZyXEL deklaruoj a, kad šis įranga at it inka esm inius reikalavim us ir kit as 1999/ 5/ EB Direkt yvos nuost at as.
[ Dut ch]
Hierbij verklaart ZyXEL dat het t oest el uit rust ing in overeenst em m ing is m et de essent iële eisen en de andere
relevant e bepalingen van richt lij n 1999/ 5/ EC.
[ Malt ese]
Haw nhekk, ZyXEL, j iddikj ara li dan t agħm ir j ikkonform a m al- ħt iġij iet essenzj ali u m a provvedim ent i oħraj n relevant i li
hem m fid- Dirret t iva 1999/ 5/ EC.
[ Hungarian]
Alulírot t , ZyXEL nyilat kozom , hogy a ber endezés m egfelel a vonat kozó alapvet õ követ elm ényeknek és az 1999/ 5/ EK
irányelv egyéb elõírásainak.
[ Polish]
Niniej szym ZyXEL oświadcza, że sprzęt j est zgodny z zasadniczym i wym ogam i oraz pozost ałym i st osow nym i
post anow ieniam i Dyrekt ywy 1999/ 5/ EC.
[ Port uguese]
ZyXEL declara que est e equipam ent o est á conform e com os requisit os essenciais e out ras disposições da Direct iva
1999/ 5/ EC.
[ Slovenian]
ZyXEL izj avlj a, da j e t a oprem a v skladu z bist venim i zaht evam i in ost alim i relevant nim i določili dir ekt ive 1999/ 5/ EC.
[ Slovak]
ZyXEL t ým t o vyhlasuj e, že zariadenia spĺňa základné požiadavky a všet ky príslušné ust anovenia Sm ernice 1999/ 5/ EC.
[ Finnish]
ZyXEL vakuut t aa t ät en et t ä lait t eet t yyppinen lait e on direkt iivin 1999/ 5/ EY oleellist en vaat im ust en j a sit ä koskevien
direkt iivin m uiden eht oj en m ukainen.
[ Sw edish]
Härm ed int ygar ZyXEL at t denna ut rust ning st år I överensst äm m else m ed de väsent liga egenskapskrav och övriga
relevant a best äm m elser som fram går av direkt iv 1999/ 5/ EC.
[ Bulgarian]
С
[ I celandic]
Hér m eð lýsir, ZyXEL því yfir að þessi búnaður er í sam ræm i við grunnkröfur og önnur viðeigandi ákvæði t ilskipunar
1999/ 5/ EC.
[ Norw egian]
Erklærer herved ZyXEL at det t e ut st yret er I sam svar m ed de grunnleggende kravene og andre relevant e
best em m elser I dir ekt iv 1999/ 5/ EF.
[ Rom anian]
Prin pr ezent a, ZyXEL declară că acest echipam ent est e în conform it at e cu cerinţele esenţiale şi alt e pr evederi
relevant e ale Dir ect ivei 1999/ 5/ EC.
NWA1120 Series User’s Guide
я
ZyXEL
, ч
я
1999/ 5/ C.
203
Appendix F Legal Information
National Restrictions
This pr oduct m ay be used in all EU count ries ( and ot her count ries following t he EU direct ive 1999/ 5/ EC) wit hout any lim it at ion except for
t he count ries m ent ioned below :
Ce produit peut êt re ut ilisé dans t ous les pays de l’UE ( et dans t ous les pays ayant t ransposés la direct ive 1999/ 5/ CE) sans aucune
lim it at ion, except é pour les pays m ent ionnés ci- dessous:
Quest o prodot t o è ut ilizzabile in t ut t e i paesi EU ( ed in t ut t i gli alt ri paesi che seguono le diret t ive EU 1999/ 5/ EC) senza nessuna
lim it azione, eccet t o per i paesii m enzionat i di seguit o:
Das Produkt kann in allen EU St aat en ohne Einschränkungen eingeset zt werden ( sowie in anderen St aat en die der EU Dir ekt ive 1995/ 5/ CE
folgen) m it Außnahm e der folgenden aufgeführt en St aat en:
I n t he m aj orit y of t he EU and ot her European count ries, t he 2, 4- and 5- GHz bands have been m ade available for t he use of wireless local
area net works ( LANs) . Lat er in t his docum ent you will find an overview of count ries inw hich addit ional rest rict ions or requirem ent s or bot h
are applicable.
The requirem ent s for any count ry m ay evolve. ZyXEL r ecom m ends t hat you check wit h t he local aut horit ies for t he lat est st at us of t heir
nat ional regulat ions for bot h t he 2,4- and 5- GHz wireless LANs.
The following count ries have rest rict ions and/ or requirem ent s in addit ion t o t hose given in t he t able labeled “ Overview of Regulat ory
Requirem ent s for Wireless LANs” : .
Overview of Regulat ory Requirem ent s for Wireless LANs
Frequency Band ( MHz)
Max Power Level
( EI RP) 1 ( m W)
2400- 2483.5
100
5150- 5350
200
5470- 5725
1000
I ndoor ONLY
I ndoor and Out door
Belgium
The Belgian I nst it ut e for Post al Services and Telecom m unicat ions ( BI PT) m ust be not ified of any out door wireless link having a range
exceeding 300 m et ers. Please check ht t p: / / w ww.bipt .be for m ore det ails.
Draadloze verbindingen voor buit engebruik en m et een reikw ij dt e van m eer dan 300 m et er dienen aangem eld t e w or den bij het Belgisch
I nst it uut voor post dienst en en t elecom m unicat ie ( BI PT) . Zie ht t p: / / ww w.bipt .be voor m eer gegevens.
Les liaisons sans fil pour une ut ilisat ion en ext érieur d’une dist ance supérieure à 300 m èt res doivent êt re not ifiées à l’I nst it ut Belge des
services Post aux et des Télécom m unicat ions ( I BPT) . Visit ez ht t p: / / ww w.ibpt .be pour de plus am ples dét ails.
Denm ark
I n Denm ark, t he band 5150 - 5350 MHz is also allowed for out door usage.
I Danm ark m å frekvensbåndet 5150 - 5350 også anvendes udendørs.
I t aly
This product m eet s t he Nat ional Radio I nt erface and t he requirem ent s specified in t he Nat ional Frequency Allocat ion Table for I t aly. Unless
t his wireless LAN pr oduct is operat ing w it hin t he boundaries of t he ow ner's propert y, it s use r equir es a “ general aut hor izat ion.” Please
check ht t p: / / w ww.sviluppoeconom ico.gov.it / for m ore det ails.
Quest o prodot t o è conform e alla specifiche di I nt erfaccia Radio Nazionali e rispet t a il Piano Nazionale di ripart izione delle frequenze in
I t alia. Se non viene inst allat o all 'int erno del proprio fondo, l'ut ilizzo di prodot t i Wireless LAN richiede una “Aut orizzazione Generale”.
Consult are ht t p: / / ww w.sviluppoeconom ico.gov.it / per m aggiori det t agli.
Lat via
The out door usage of t he 2.4 GHz band requires an aut hor izat ion from t he Elect ronic Com m unicat ions Office. Please check ht t p: / /
ww w.esd.lv for m or e det ails.
2.4 GHz frekvenèu joslas izmantoðanai ârpus telpâm nepiecieðama atïauja no Elektronisko sakaru direkcijas. Vairâk informâcijas: http://www.esd.lv.
Not es:
1. Alt hough Norway, Sw it zer land and Liecht enst ein are not EU m em ber st at es, t he EU Direct ive 1999/ 5/ EC has also been im plem ent ed in
t hose count ries.
2. The regulat or y lim it s for m axim um out put pow er are specified in EI RP. The EI RP level ( in dBm ) of a device can be calculat ed by adding
t he gain of t he ant enna used( specified in dBi) t o t he out put pow er available at t he connect or ( specified in dBm ) .
204
NWA1120 Series User’s Guide
Appendix F Legal Information
List of national codes
COUNTRY
ISO 3166 2 LETTER CODE
COUNTRY
ISO 3166 2 LETTER CODE
Aust ria
AT
Malt a
MT
Belgium
BE
Net herlands
NL
Cyprus
CY
Poland
PL
Czech Republic
CR
Port ugal
PT
Denm ark
DK
Slovakia
SK
Est onia
EE
Slovenia
SI
Finland
FI
Spain
ES
France
FR
Sweden
SE
Germ any
DE
Unit ed Kingdom
GB
Greece
GR
I celand
IS
Hungary
HU
Liecht enst ein
LI
NO
I reland
IE
Nor way
I t aly
IT
Swit zerland
CH
Lat via
LV
Bulgaria
BG
Lit huania
LT
Rom ania
RO
Luxem bourg
LU
Turkey
TR
Safety Warnings
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Do NOT use t his product near wat er, for exam ple, in a wet basem ent or near a swim m ing pool.
Do NOT expose your device t o dam pness, dust or corrosive liquids.
Do NOT st ore t hings on t he device.
Do NOT inst all, use, or ser vice t his device during a t hunderst orm . There is a r em ot e risk of elect ric shock from light ning.
Connect ONLY suit able accessories t o t he device.
Do NOT open t he device or unit . Opening or rem oving covers can expose you t o dangerous high volt age point s or ot her risks. ONLY
qualified service personnel should service or disassem ble t his device. Please cont act your vendor for furt her inform at ion.
Make sure t o connect t he cables t o t he correct port s.
Place connect ing cables carefully so t hat no one will st ep on t hem or st um ble over t hem .
Always disconnect all cables from t his device befor e servicing or disassem bling.
Use ONLY an appr opriat e power adapt or or cord for your device. Connect it t o t he right supply volt age ( for exam ple, 110V AC in Nort h
Am er ica or 230V AC in Europe) .
Do NOT allow anyt hing t o rest on t he power adapt or or cord and do NOT place t he product where anyone can walk on t he power
adapt or or cord.
Do NOT use t he device if t he power adapt or or cor d is dam aged as it m ight cause elect rocut ion.
I f t he power adapt or or cord is dam aged, rem ove it fr om t he device and t he pow er source.
Do NOT at t em pt t o repair t he power adapt or or cord. Cont act your local vendor t o order a new one.
Do not use t he device out side, and m ake sure all t he connect ions are indoors. There is a rem ot e risk of elect ric shock from light ning.
Do NOT obst ruct t he device vent ilat ion slot s, as insufficient airflow m ay harm your device.
Ant enna Warning! This device m eet s ETSI and FCC cert ificat ion requirem ent s when using t he included ant enna( s) . Only use t he
included ant enna( s) .
I f you wall m ount your device, m ake sure t hat no elect rical lines, gas or wat er pipes w ill be dam aged.
The PoE ( Pow er over Et her net ) devices t hat supply or receive pow er and t heir connect ed Et hernet cables m ust all be com plet ely
indoor s.
This product is for indoor use only ( ut ilisat ion int érieure exclusivem ent ) .
FOR COUNTRY CODE SELECTI ON USAGE ( WLAN DEVI CES)
Not e: The count ry code select ion is for non- US m odel only and is not available t o all US m odel. Per FCC regulat ion, all Wi- Fi product
m arket ed in US m ust fixed t o US operat ion channels only.
Your product is m arked w it h t his sym bol, which is known as t he WEEE m ark. WEEE st ands for Wast e Elect ronics and Elect r ical
Equipm ent . I t m eans t hat used elect rical and elect ronic product s should not be m ixed w it h general wast e. Used elect rical and
elect ronic equipm ent should be t reat ed separat ely.
NWA1120 Series User’s Guide
205
Appendix F Legal Information
RoHS
ENGLISH
DEUTSCH
ESPAÑOL
FRANÇAIS
Green Product Declaration
Grünes Produkt Erklärung
Declaración de Producto Ecológico
Déclaration de Produit Vert
RoHS Directive 2011/65/EU
RoHS Richtlinie 2011/65/EU
Directiva RoHS 2011/65/UE
Directive RoHS 2011/65/UE
WEEE Directive 2002/96/EC
(WEEE: Waste Electrical and Electronic
Equipment)
2003/108/EC;2008/34/EC
ElektroG Richtlinie 2002/96/EG
(ElektroG: Über Elektro- und
Elektronik-Altgeräte)
2003/108/EG;2008/34/EG
Directiva RAEE 2002/96/CE
(RAEE : Residuos de Aparatos
Eléctricos y Electrónicos)
2003/108/CE;2008/34/CE
Directive DEEE 2002/96/CE
(DEEE : déchets d'équipements
électriques et électroniques)
2003/108/CE;2008/34/CE
Unterschrift des Erklärenden:
Name/Title: Thomas Wei / Quality Management
Department/ Senior Director.
Date (yyyy/mm/dd): 2012/07/09
Firma de declaración:
Nombre/Título: Thomas Wei / Quality Management
Department/ Senior Director.
Fecha (aaaa/mm/dd): 2012/07/09
Signature de la déclaration :
Nom/Titre : Thomas Wei / Quality Management
Department/ Senior Director.
Date (aaaa/mm/jj) : 2012/07/09
Declaration Signature:
Name/Title: Thomas Wei / Quality Management
Department/ Senior Director.
Date (yyyy/mm/dd): 2012/07/09
ITALIANO
Prodotto dichiarazione di verde
206
NEDERLANDS
SVENSKA
Productmilieuverklaring
Miljödeklaration
Direttiva RoHS 2011/65/UE
RoHS Richtlijn 2011/65/EU
RoHS Direktiv 2011/65/EU
Direttiva RAEE 2002/96/CE
(RAEE: Rifiuti di Apparecchiature
Elettriche ed Elettroniche)
2003/108/CE;2008/34/CE
AEEA-Richtlijn 2002/96/EG
(AEEA: Afgedankte Elektrische en
Elektronische apparatuur)
2003/108/EG;2008/34/EG
WEEE Direktiv 2002/96/EG
(WEEE: om avfall som utgörs av eller
innehåller elektriska eller elektroniska
produkter)
2003/108/EG;2008/34/EG
Firma dichiarazione:
Nome/titolo: Thomas Wei / Quality Management
Department/ Senior Director.
Data (aaaa/mm/gg): 2012/07/09
Verklaringshandtekening:
Naam/titel: Thomas Wei / Quality Management
Department/ Senior Director.
Datum(jjjj/mm/dd): 2012/07/09
Deklaration undertecknad av:
Namn/Titel: Thomas Wei / Quality Management
Department/ Senior Director.
Datum (åååå/mm/dd): 2012/07/09
NWA1120 Series User’s Guide
Index
Index
access privileges 13
Account ing Server 84
aut hent icat ion 100
file form at 100
Cert ificat e Aut horit y
See CA.
Alert s 112
Cert ificat es
Fingerprint 109
MD5 109
public key 100
SHA1 109
Alt ernat ive subnet m ask not at ion 172
Cert ificat ion Aut horit y 108
Ant enna 89
cert ificat ions 201
not ices 202
viewing 202
Advanced Encrypt ion St andard
See AES.
AES 196
ant enna
direct ional 200
gain 199
om ni- direct ional 199
AP ( access point ) 189
Applicat ions
Access Point 15
AP + Bridge 15
applicat ions
MBSSI D 12
Repeat er 15
ATC 76
Channel 57
channel 189
int erference 189
Cont rolling net work access, Ways of 11
copyright 201
CTS ( Clear t o Send) 190
ATC+ WMM 76
disclaim er 201
Dist ribut ion Syst em 56
Basic Service Set 56
see BSS
DNS 94, 115
docum ent at ion
relat ed 2
Dom ain Nam e Server ( DNS) 115
Basic Service Set , See BSS 187
DS 56
beacon 56
DTI M I nt erval 63, 66, 72
Beacon I nt erval 63, 66, 72
dynam ic WEP key exchange 195
BSS 12, 13, 56, 187
EAP 59
CA 194
EAP Aut hent icat ion 193
Cert ificat e
Encrypt ion 59, 78, 81
encrypt ion 15, 196
NWA1120 Series User’s Guide
207
Index
ESS 56, 188
Et hernet device 86
I nt ernet Assigned Num bers Aut horit y
See I ANA
Ext ended Service Set 56
I nt ernet Prot ocol version 6, see I Pv6
Ext ended Service Set , See ESS 188
I nt ernet t elephony 13
Ext ensible Aut hent icat ion Prot ocol 59
I P Address 91
Gat eway I P address 91
Fact ory Default s 121
rest oring 21
FCC int erference st at em ent 201
Firm ware 116
Fragm ent at ion 63, 67, 69, 73
Fragm ent at ion t hreshold 89
fragm ent at ion t hreshold 190
FTP 99
rest rict ions 99
Generic Token Card 59
GTC 59
Guide
Quick St art 2
I P Screen 91
DHCP 93
I Pv6 92, 177
addressing 92, 177
EUI - 64 179
global address 92, 178
int erface I D 179
link- local address 92, 177
Neighbor Discovery Prot ocol 92, 177
ping 92, 177
prefix 92, 177
prefix lengt h 92, 177
st at eless aut oconfigurat ion 179
unspecified address 178
key 59, 79
layer- 2 isolat ion 84
exam ple 84
MAC address 85
hidden node 189
LEAP 59
LEDs 18, 123
Blinking 18
Flashing 18
Off 18
I ANA 176
Light weight Ext ensible Aut hent icat ion Prot ocol 59
I BSS 187
Log 49
I EEE 802.11g 191
Log Screens 111
I EEE 802.1x 57
Logs
accessing logs 111
receiving logs via e- m ail 112
I m port Cert ificat e 102
I ndependent Basic Service Set
See I BSS 187
init ializat ion vect or ( I V) 196
208
Logs Screen
Mail Server 113
Mail Subj ect 113
NWA1120 Series User’s Guide
Index
Send Log t o 113
Syslog 114
Logs, Uses of 111
Passphrase 59
Password 124
PEAP 59
Personal I nform at ion Exchange Synt ax
St andard 100
PFX PKCS# 12 100
MAC Filt er
Allow Associat ion 87
Deny Associat ion 87
pream ble m ode 191
Maint enance 115
Associat ion List 116
Backup 120
Rest ore 120
Managem ent I nform at ion Base ( MI B) 108
m anaging t he device
good habit s 17
MBSSI D 12
Media Access Cont rol 86
Message I nt egrit y Check ( MI C) 196
m essage relay 60
Pream ble 89
Pream ble Type 63, 67, 69, 73
Pre- Shared Key 59
priorit ies 90
product regist rat ion 202
Prot ect ed Ext ensible Aut hent icat ion Prot ocol 59
PSK 59, 196
QoS 76
Quick St art Guide 2
Microsoft Challenge Handshake Aut hent icat ion
Prot ocol Version 2 59
MSCHAPv2 59
MSDU 63, 67, 73
Radio Frequency 89
NAT 176
Net work Tim e Prot ocol ( NTP) 115
NTP 115
Operat ing Mode 56
ot her docum ent at ion 2
Out put Power Managem ent 63, 67, 69, 72
Pairwise Mast er Key ( PMK) 196, 198
NWA1120 Series User’s Guide
RADI US 59, 193
Account ing 60
Aut hent icat ion 60
Aut horizat ion 60
m essage t ypes 193
m essages 193
shared secret key 193
RADI US Screen
Account ing Server 84
Account ing Server I P Address 84
RADI US server 58
Backup 84
Prim ary 83
Rat es Configurat ion 63, 67, 70, 73
regist rat ion
product 202
relat ed docum ent at ion 2
Rem ot e Aut hent icat ion Dial I n User Service 59
rem ot e m anagem ent 17
rem ot e m anagem ent lim it at ions 98
209
Index
Roam ing 89
General 116
Password 117
Tim e
Tim e and Dat e Set up 118
Tim e Zone 118
Root AP 15
RTS ( Request To Send) 190
t hreshold 189, 190
RTS/ CTS Threshold 63, 67, 69, 73, 89
Securit y Mode, Choosing t he 90
Securit y Modes
None 58
WEP 58
WPA 58
WPA2 58
WPA2- MI X 58
WPA2- PSK 58
t elnet 102
Tem poral Key I nt egrit y Prot ocol 59
Tem poral Key I nt egrit y Prot ocol ( TKI P) 196
TFTP rest rict ions 99
Thum bprint Algorit hm 109
TKI P 59
TLS 59
Service Set I Dent ifier 56
Service Set I dent ifier
see SSI D
Sim ple Mail Transfer Prot ocol 112
SMTP 112, 114
SNMP
MI Bs 108
Spanning Tree Prot ocol 89
SSI D 12, 56
SSI D profile
pre- configured 13
t radem arks 201
Transport Layer Securit y 59
Troubleshoot ing 123
connect ion is slow or int erm it t ent 126
DHCP 124
fact ory default s 125
firm ware 125
I nt ernet 125
LAN/ ETHERNET port 125
QoS 126
Web Configurat or 124
TTLS 59
SSI D profiles 12
Tunneled Transport Layer Securit y 59
St at us Screens 25
802.11 Mode 50
Channel I D 50
Et hernet 25
FCS Error Count
Firm ware Version
I nt erface St at us
Poll I nt erval 50
Ret ry Count 50
St at ist ics 51
syst em st at ist ics
WLAN 25
Tut orial 29
50
27
28
25
Subnet 169
User Aut hent icat ion 58
Virt ual Local Area Net work 95
Subnet Mask 91, 170
VLAN 95
int roduct ion 95
subnet t ing 172
VoI P 13, 76
Syslog Logging 112
Syst em Screens
210
NWA1120 Series User’s Guide
Index
WMM QoS 89
warrant y 202
not e 202
WLAN
int erference 189
securit y param et ers 198
WDS 15
WMM 76
Web Configurat or 19
password 19
WMM QoS 89
WEP 58
WEP key encrypt ing 90
Wi- Fi Mult im edia QoS 89
Wi- Fi Prot ect ed Access 58, 195
Wired Equivalent Privacy 58
Wireless Client 42
wireless client WPA supplicant s 197
Wireless Dist ribut ion Syst em ( WDS) 15
Wireless Mode 57
Wireless Mode, Choosing t he
Access Point 29
Bridge 29
Wireless Client 29
Wireless Securit y 17
how t o im prove 17
Levels 58
wireless securit y 13, 192
Wireless Securit y Screen
WEP 78
WPA 79
Access Point 79
Wireless Client 80
WPA- PSK, WPA2- PSK, WPA2- PSK- MI X 81
Wireless Set t ings Screen 55
Access Point Mode 61
Ant enna 89
AP + Bridge Mode 68
Bridge Mode 65
BSS 56
Channel 57
ESS 56
Fragm ent at ion Threshold 89
I nt ra- BSS Traffic 89
Operat ing Mode 56
Pream ble 89
Roam ing 89
RTS/ CTS Threshold 89
SSI D 56
Wireless Client Mode 68
Wireless Mode 57
NWA1120 Series User’s Guide
WPA 58, 195
key caching 196
pre- aut hent icat ion 196
user aut hent icat ion 196
vs WPA- PSK 196
wireless client supplicant 197
wit h RADI US applicat ion exam ple 197
WPA2 58, 195
user aut hent icat ion 196
vs WPA2- PSK 196
wireless client supplicant 197
wit h RADI US applicat ion exam ple 197
WPA2- MI X 58
WPA2- Pre- Shared Key 195
WPA2- PSK 195, 196
applicat ion exam ple 197
WPA2- PSK- MI X 58
WPA- PSK 195, 196
applicat ion exam ple 197
ZyXEL Device
Et hernet param et ers 91
good habit s 17
I nt roduct ion 11
m anaging 16
reset t ing 20, 121
Securit y Feat ures 17
211
Index
212
NWA1120 Series User’s Guide

---

Source Exif Data:

File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.7
Linearized                      : No
Warning                         : Unsupported PNG filter 0

EXIF Metadata provided by EXIF.tools