ZyXEL Communications NWA1123AC 802.11 a/b/g/n/ac Dual-Radio Ceiling Mount PoE Access Point User Manual Book
ZyXEL Communications Corporation 802.11 a/b/g/n/ac Dual-Radio Ceiling Mount PoE Access Point Book
Contents
- 1. User Manual Part 1.pdf
- 2. User Manual Part 2.pdf
User Manual Part 2.pdf
NWA1120 Series User’s Guide 129
APPENDIX A
Setting Up Your Computer’s IP Address
Note: Your specific NWA may not support all of the operating systems described in this
appendix. See the product specifications for more information about which
operating systems are supported.
This appendix shows you how to configure the IP settings on your computer in order for it to be
able to communicate with the other devices on your network. Windows Vista/XP/2000, Mac OS 9/
OS X, and all versions of UNIX/LINUX include the software components you need to use TCP/IP on
your computer.
If you manually assign IP information instead of using a dynamic IP, make sure that your network’s
computers have IP addresses that place them in the same subnet.
In this appendix, you can set up an IP address for:
•Windows XP/NT/2000 on page 129
•Windows Vista on page 133
•Windows 7 on page 137
•Mac OS X: 10.3 and 10.4 on page 141
•Mac OS X: 10.5 and 10.6 on page 144
•Linux: Ubuntu 8 (GNOME) on page 147
•Linux: openSUSE 10.3 (KDE) on page 151
Windows XP/NT/2000
The following example uses the default Windows XP display theme but can also apply to Windows
2000 and Windows NT.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide
130
1Click Start > Control Panel.
2In the Control Panel, click the Network Connections icon.
3Right-click Local Area Connection and then select Properties.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide 131
4On the General tab, select Internet Protocol (TCP/IP) and then click Properties.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide
132
5The Internet Protocol TCP/IP Properties window opens.
6Select Obtain an IP address automatically if your network administrator or ISP assigns your IP
address dynamically.
Select Use the following IP Address and fill in the IP address, Subnet mask, and Default
gateway fields if you have a static IP address that was assigned to you by your network
administrator or ISP. You may also have to enter a Preferred DNS server and an Alternate DNS
server, if that information was provided.
7Click OK to close the Internet Protocol (TCP/IP) Properties window.
8Click OK to close the Local Area Connection Properties window.
Verifying Settings
1Click Start > All Programs > Accessories > Command Prompt.
2In the Command Prompt window, type "ipconfig" and then press [ENTER].
You can also go to Start > Control Panel > Network Connections, right-click a network
connection, click Status and then click the Support tab to view your IP address and connection
information.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide 133
Windows Vista
This section shows screens from Windows Vista Professional.
1Click Start > Control Panel.
2In the Control Panel, click the Network and Internet icon.
3Click the Network and Sharing Center icon.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide
134
4Click Manage network connections.
5Right-click Local Area Connection and then select Properties.
Note: During this procedure, click Continue whenever Windows displays a screen saying
that it needs your permission to continue.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide 135
6Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide
136
7The Internet Protocol Version 4 (TCP/IPv4) Properties window opens.
8Select Obtain an IP address automatically if your network administrator or ISP assigns your IP
address dynamically.
Select Use the following IP Address and fill in the IP address, Subnet mask, and Default
gateway fields if you have a static IP address that was assigned to you by your network
administrator or ISP. You may also have to enter a Preferred DNS server and an Alternate DNS
server, if that information was provided.Click Advanced.
9Click OK to close the Internet Protocol (TCP/IP) Properties window.
10 Click OK to close the Local Area Connection Properties window.
Verifying Settings
1Click Start > All Programs > Accessories > Command Prompt.
2In the Command Prompt window, type "ipconfig" and then press [ENTER].
You can also go to Start > Control Panel > Network Connections, right-click a network
connection, click Status and then click the Support tab to view your IP address and connection
information.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide 137
Windows 7
This section shows screens from Windows 7 Enterprise.
1Click Start > Control Panel.
2In the Control Panel, click View network status and tasks under the Network and Internet
category.
3Click Change adapter settings.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide
138
4Double click Local Area Connection and then select Properties.
Note: During this procedure, click Continue whenever Windows displays a screen saying
that it needs your permission to continue.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide 139
5Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide
140
6The Internet Protocol Version 4 (TCP/IPv4) Properties window opens.
7Select Obtain an IP address automatically if your network administrator or ISP assigns your IP
address dynamically.
Select Use the following IP Address and fill in the IP address, Subnet mask, and Default
gateway fields if you have a static IP address that was assigned to you by your network
administrator or ISP. You may also have to enter a Preferred DNS server and an Alternate DNS
server, if that information was provided. Click Advanced if you want to configure advanced
settings for IP, DNS and WINS.
8Click OK to close the Internet Protocol (TCP/IP) Properties window.
9Click OK to close the Local Area Connection Properties window.
Verifying Settings
1Click Start > All Programs > Accessories > Command Prompt.
2In the Command Prompt window, type "ipconfig" and then press [ENTER].
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide 141
3The IP settings are displayed as follows.
Mac OS X: 10.3 and 10.4
The screens in this section are from Mac OS X 10.4 but can also apply to 10.3.
1Click Apple > System Preferences.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide
142
2In the System Preferences window, click the Network icon.
3When the Network preferences pane opens, select Built-in Ethernet from the network
connection type list, and then click Configure.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide 143
4For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IP
tab.
5For statically assigned settings, do the following:
•From the Configure IPv4 list, select Manually.
•In the IP Address field, type your IP address.
•In the Subnet Mask field, type your subnet mask.
•In the Router field, type the IP address of your device.
6Click Apply Now and close the window.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide
144
Verifying Settings
Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then
selecting the appropriate Network Interface from the Info tab.
Figure 69 Mac OS X 10.4: Network Utility
Mac OS X: 10.5 and 10.6
The screens in this section are from Mac OS X 10.5 but can also apply to 10.6.
1Click Apple > System Preferences.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide 145
2In System Preferences, click the Network icon.
3When the Network preferences pane opens, select Ethernet from the list of available connection
types.
4From the Configure list, select Using DHCP for dynamically assigned settings.
5For statically assigned settings, do the following:
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide
146
•From the Configure list, select Manually.
•In the IP Address field, enter your IP address.
•In the Subnet Mask field, enter your subnet mask.
•In the Router field, enter the IP address of your NWA.
6Click Apply and close the window.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide 147
Verifying Settings
Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then
selecting the appropriate Network interface from the Info tab.
Figure 70 Mac OS X 10.5: Network Utility
Linux: Ubuntu 8 (GNOME)
This section shows you how to configure your computer’s TCP/IP settings in the GNU Object Model
Environment (GNOME) using the Ubuntu 8 Linux distribution. The procedure, screens and file
locations may vary depending on your specific distribution, release version, and individual
configuration. The following screens use the default Ubuntu 8 installation.
Note: Make sure you are logged in as the root administrator.
Follow the steps below to configure your computer IP address in GNOME:
1Click System > Administration > Network.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide
148
2When the Network Settings window opens, click Unlock to open the Authenticate window. (By
default, the Unlock button is greyed out until clicked.) You cannot make changes to your
configuration unless you first enter your admin password.
3In the Authenticate window, enter your admin account name and password then click the
Authenticate button.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide 149
4In the Network Settings window, select the connection that you want to configure, then click
Properties.
5The Properties dialog box opens.
•In the Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP
address.
•In the Configuration list, select Static IP address if you have a static IP address. Fill in the
IP address, Subnet mask, and Gateway address fields.
6Click OK to save the changes and close the Properties dialog box and return to the Network
Settings screen.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide
150
7If you know your DNS server IP address(es), click the DNS tab in the Network Settings window
and then enter the DNS server information in the fields provided.
8Click the Close button to apply the changes.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide 151
Verifying Settings
Check your TCP/IP properties by clicking System > Administration > Network Tools, and then
selecting the appropriate Network device from the Devices tab. The Interface Statistics
column shows data if your connection is working properly.
Figure 71 Ubuntu 8: Network Tools
Linux: openSUSE 10.3 (KDE)
This section shows you how to configure your computer’s TCP/IP settings in the K Desktop
Environment (KDE) using the openSUSE 10.3 Linux distribution. The procedure, screens and file
locations may vary depending on your specific distribution, release version, and individual
configuration. The following screens use the default openSUSE 10.3 installation.
Note: Make sure you are logged in as the root administrator.
Follow the steps below to configure your computer IP address in the KDE:
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide
152
1Click K Menu > Computer > Administrator Settings (YaST).
2When the Run as Root - KDE su dialog opens, enter the admin password and click OK.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide 153
3When the YaST Control Center window opens, select Network Devices and then click the
Network Card icon.
4When the Network Settings window opens, click the Overview tab, select the appropriate
connection Name from the list, and then click the Configure button.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide
154
5When the Network Card Setup window opens, click the Address tab
Figure 72 openSUSE 10.3: Network Card Setup
6Select Dynamic Address (DHCP) if you have a dynamic IP address.
Select Statically assigned IP Address if you have a static IP address. Fill in the IP address,
Subnet mask, and Hostname fields.
7Click Next to save the changes and close the Network Card Setup window.
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide 155
8If you know your DNS server IP address(es), click the Hostname/DNS tab in Network Settings
and then enter the DNS server information in the fields provided.
9Click Finish to save your settings and close the window.
Verifying Settings
Click the KNetwork Manager icon on the Task bar to check your TCP/IP properties. From the
Options sub-menu, select Show Connection Information.
Figure 73 openSUSE 10.3: KNetwork Manager
Appendix A Setting Up Your Computer’s IP Address
NWA1120 Series User’s Guide
156
When the Connection Status - KNetwork Manager window opens, click the Statistics tab to
see if your connection is working properly.
Figure 74 openSUSE: Connection Status - KNetwork Manager
NWA1120 Series User’s Guide 157
APPENDIX B
Pop-up Windows, JavaScript and Java
Permissions
In order to use the web configurator you need to allow:
• Web browser pop-up windows from your device.
• JavaScript (enabled by default).
• Java permissions (enabled by default).
Note: The screens used below belong to Internet Explorer version 6, 7 and 8. Screens for
other Internet Explorer versions may vary.
Internet Explorer Pop-up Blockers
You may have to disable pop-up blocking to log into your device.
Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow
pop-up blocking and create an exception for your device’s IP address.
Disable Pop-up Blockers
1In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker.
Figure 75 Pop-up Blocker
You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab.
1In Internet Explorer, select Tools, Internet Options, Privacy.
Appendix B Pop-up Windows, JavaScript and Java Permissions
NWA1120 Series User’s Guide
158
2Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any
web pop-up blockers you may have enabled.
Figure 76 Internet Options: Privacy
3Click Apply to save this setting.
Enable Pop-up Blockers with Exceptions
Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
1In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Appendix B Pop-up Windows, JavaScript and Java Permissions
NWA1120 Series User’s Guide 159
2Select Settings…to open the Pop-up Blocker Settings screen.
Figure 77 Internet Options: Privacy
3Type the IP address of your device (the web page that you do not want to have blocked) with the
prefix “http://”. For example, http://192.168.167.1.
Appendix B Pop-up Windows, JavaScript and Java Permissions
NWA1120 Series User’s Guide
160
4Click Add to move the IP address to the list of Allowed sites.
Figure 78 Pop-up Blocker Settings
5Click Close to return to the Privacy screen.
6Click Apply to save this setting.
JavaScript
If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript
are allowed.
Appendix B Pop-up Windows, JavaScript and Java Permissions
NWA1120 Series User’s Guide 161
1In Internet Explorer, click Tools, Internet Options and then the Security tab.
Figure 79 Internet Options: Security
2Click the Custom Level... button.
3Scroll down to Scripting.
4Under Active scripting make sure that Enable is selected (the default).
5Under Scripting of Java applets make sure that Enable is selected (the default).
Appendix B Pop-up Windows, JavaScript and Java Permissions
NWA1120 Series User’s Guide
162
6Click OK to close the window.
Figure 80 Security Settings - Java Scripting
Java Permissions
1From Internet Explorer, click Tools, Internet Options and then the Security tab.
2Click the Custom Level... button.
3Scroll down to Microsoft VM.
4Under Java permissions make sure that a safety level is selected.
Appendix B Pop-up Windows, JavaScript and Java Permissions
NWA1120 Series User’s Guide 163
5Click OK to close the window.
Figure 81 Security Settings - Java
JAVA (Sun)
1From Internet Explorer, click Tools, Internet Options and then the Advanced tab.
2Make sure that Use Java 2 for <applet> under Java (Sun) is selected.
Appendix B Pop-up Windows, JavaScript and Java Permissions
NWA1120 Series User’s Guide
164
3Click OK to close the window.
Figure 82 Java (Sun)
Mozilla Firefox
Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary slightly. The steps
below apply to Mozilla Firefox 3.0 as well.
You can enable Java, Javascript and pop-ups in one screen. Click Tools, then click Options in the
screen that appears.
Figure 83 Mozilla Firefox: TOOLS > Options
Appendix B Pop-up Windows, JavaScript and Java Permissions
NWA1120 Series User’s Guide 165
Click Content to show the screen below. Select the check boxes as shown in the following screen.
Figure 84 Mozilla Firefox Content Security
Opera
Opera 10 screens are used here. Screens for other versions may vary slightly.
Appendix B Pop-up Windows, JavaScript and Java Permissions
NWA1120 Series User’s Guide
166
Allowing Pop-Ups
From Opera, click Tools, then Preferences. In the General tab, go to Choose how you prefer
to handle pop-ups and select Open all pop-ups.
Figure 85 Opera: Allowing Pop-Ups
Enabling Java
From Opera, click Tools, then Preferences. In the Advanced tab, select Content from the left-
side menu. Select the check boxes as shown in the following screen.
Figure 86 Opera: Enabling Java
Appendix B Pop-up Windows, JavaScript and Java Permissions
NWA1120 Series User’s Guide 167
To customize JavaScript behavior in the Opera browser, click JavaScript Options.
Figure 87 Opera: JavaScript Options
Select the items you want Opera’s JavaScript to apply.
Appendix B Pop-up Windows, JavaScript and Java Permissions
NWA1120 Series User’s Guide
168
NWA1120 Series User’s Guide 169
APPENDIX C
IP Addresses and Subnetting
This appendix introduces IP addresses and subnet masks.
IP addresses identify individual devices on a network. Every networking device (including
computers, servers, routers, printers, etc.) needs an IP address to communicate across the
network. These networking devices are also known as hosts.
Subnet masks determine the maximum number of possible hosts on a network. You can also use
subnet masks to divide one network into multiple sub-networks.
Introduction to IP Addresses
One part of the IP address is the network number, and the other part is the host ID. In the same
way that houses on a street share a common street name, the hosts on a network share a common
network number. Similarly, as each house has its own house number, each host on the network has
its own unique identifying number - the host ID. Routers use the network number to send packets
to the correct network, while the host ID determines to which host on the network the packets are
delivered.
Structure
An IP address is made up of four parts, written in dotted decimal notation (for example,
192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary
number (for example 11000000, which is 192 in decimal notation).
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in
decimal.
Appendix C IP Addresses and Subnetting
NWA1120 Series User’s Guide
170
The following figure shows an example IP address in which the first three octets (192.168.1) are
the network number, and the fourth octet (16) is the host ID.
Figure 88 Network Number and Host ID
How much of the IP address is the network number and how much is the host ID varies according
to the subnet mask.
Subnet Masks
A subnet mask is used to determine which bits are part of the network number, and which bits are
part of the host ID (using a logical AND operation). The term “subnet” is short for “sub-network”.
A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP
address is part of the network number. If a bit in the subnet mask is “0” then the corresponding bit
in the IP address is part of the host ID.
The following example shows a subnet mask identifying the network number (in bold text) and host
ID of an IP address (192.168.1.2 in decimal).
By convention, subnet masks always consist of a continuous sequence of ones beginning from the
leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits.
Table 39 Subnet Masks
1ST OCTET:
(192)
2ND
OCTET:
(168)
3RD
OCTET:
(1)
4TH OCTET
(2)
IP Address (Binary) 11000000 10101000 00000001 00000010
Subnet Mask (Binary) 11111111 11111111 11111111 00000000
Network Number 11000000 10101000 00000001
Host ID 00000010
Appendix C IP Addresses and Subnetting
NWA1120 Series User’s Guide 171
Subnet masks can be referred to by the size of the network number part (the bits with a “1” value).
For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24
bits are zeroes.
Subnet masks are expressed in dotted decimal notation just like IP addresses. The following
examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks.
Network Size
The size of the network number determines the maximum number of possible hosts you can have
on your network. The larger the number of network number bits, the smaller the number of
remaining host ID bits.
An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 with a 24-bit
subnet mask, for example). An IP address with host IDs of all ones is the broadcast address for that
network (192.168.1.255 with a 24-bit subnet mask, for example).
As these two IP addresses cannot be used for individual hosts, calculate the maximum number of
possible hosts in a network as follows:
Notation
Since the mask is always a continuous number of ones beginning from the left, followed by a
continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the
number of ones instead of writing the value of each octet. This is usually specified by writing a “/”
followed by the number of bits in the mask after the address.
For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128.
Table 40 Subnet Masks
BINARY
DECIMAL
1ST
OCTET 2ND
OCTET 3RD
OCTET 4TH OCTET
8-bit mask 11111111 00000000 00000000 00000000 255.0.0.0
16-bit mask 11111111 11111111 00000000 00000000 255.255.0.0
24-bit mask 11111111 11111111 11111111 00000000 255.255.255.0
29-bit mask 11111111 11111111 11111111 11111000 255.255.255.248
Table 41 Maximum Host Numbers
SUBNET MASK HOST ID SIZE MAXIMUM NUMBER OF HOSTS
8 bits 255.0.0.0 24 bits 224 – 2 16777214
16 bits 255.255.0.0 16 bits 216 – 2 65534
24 bits 255.255.255.0 8 bits 28 – 2 254
29 bits 255.255.255.24
83 bits 23 – 2 6
Appendix C IP Addresses and Subnetting
NWA1120 Series User’s Guide
172
The following table shows some possible subnet masks using both notations.
Subnetting
You can use subnetting to divide one network into multiple sub-networks. In the following example
a network administrator creates two sub-networks to isolate a group of servers from the rest of the
company network for security reasons.
In this example, the company network address is 192.168.1.0. The first three octets of the address
(192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum
of 28 – 2 or 254 possible hosts.
The following figure shows the company network before subnetting.
Figure 89 Subnetting Example: Before Subnetting
You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-
networks. The subnet mask is now 25 bits (255.255.255.128 or /25).
The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25
and 192.168.1.128 /25.
Table 42 Alternative Subnet Mask Notation
SUBNET MASK ALTERNATIVE
NOTATION LAST OCTET
(BINARY) LAST OCTET
(DECIMAL)
255.255.255.0 /24 0000 0000 0
255.255.255.128 /25 1000 0000 128
255.255.255.192 /26 1100 0000 192
255.255.255.224 /27 1110 0000 224
255.255.255.240 /28 1111 0000 240
255.255.255.248 /29 1111 1000 248
255.255.255.252 /30 1111 1100 252
Appendix C IP Addresses and Subnetting
NWA1120 Series User’s Guide 173
The following figure shows the company network after subnetting. There are now two sub-
networks, A and B.
Figure 90 Subnetting Example: After Subnetting
In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126
possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s
broadcast address).
192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask
255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned to
an actual host for subnet A is 192.168.1.1 and the highest is 192.168.1.126.
Similarly, the host ID range for subnet B is 192.168.1.129 to 192.168.1.254.
Example: Four Subnets
The previous example illustrated using a 25-bit subnet mask to divide a 24-bit address into two
subnets. Similarly, to divide a 24-bit address into four subnets, you need to “borrow” two host ID
bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits
(11111111.11111111.11111111.11000000) or 255.255.255.192.
Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all
zeroes is the subnet itself, all ones is the subnet’s broadcast address).
Table 43 Subnet 1
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
IP Address (Decimal) 192.168.1. 0
IP Address (Binary) 11000000.10101000.00000001. 00000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Appendix C IP Addresses and Subnetting
NWA1120 Series User’s Guide
174
Example: Eight Subnets
Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111).
Subnet Address:
192.168.1.0 Lowest Host ID: 192.168.1.1
Broadcast Address:
192.168.1.63 Highest Host ID: 192.168.1.62
Table 44 Subnet 2
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
IP Address 192.168.1. 64
IP Address (Binary) 11000000.10101000.00000001. 01000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:
192.168.1.64 Lowest Host ID: 192.168.1.65
Broadcast Address:
192.168.1.127 Highest Host ID: 192.168.1.126
Table 45 Subnet 3
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
IP Address 192.168.1. 128
IP Address (Binary) 11000000.10101000.00000001. 10000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:
192.168.1.128 Lowest Host ID: 192.168.1.129
Broadcast Address:
192.168.1.191 Highest Host ID: 192.168.1.190
Table 46 Subnet 4
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
IP Address 192.168.1. 192
IP Address (Binary) 11000000.10101000.00000001. 11000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:
192.168.1.192 Lowest Host ID: 192.168.1.193
Broadcast Address:
192.168.1.255 Highest Host ID: 192.168.1.254
Table 43 Subnet 1 (continued)
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
Appendix C IP Addresses and Subnetting
NWA1120 Series User’s Guide 175
The following table shows IP address last octet values for each subnet.
Subnet Planning
The following table is a summary for subnet planning on a network with a 24-bit network number.
The following table is a summary for subnet planning on a network with a 16-bit network number.
Table 47 Eight Subnets
SUBNET SUBNET
ADDRESS FIRST ADDRESS LAST
ADDRESS BROADCAST
ADDRESS
1 0 1 30 31
232 33 62 63
364 65 94 95
496 97 126 127
5128 129 158 159
6160 161 190 191
7192 193 222 223
8224 225 254 255
Table 48 24-bit Network Number Subnet Planning
NO. “BORROWED”
HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER
SUBNET
1255.255.255.128 (/25) 2126
2255.255.255.192 (/26) 462
3255.255.255.224 (/27) 830
4255.255.255.240 (/28) 16 14
5255.255.255.248 (/29) 32 6
6255.255.255.252 (/30) 64 2
7255.255.255.254 (/31) 128 1
Table 49 16-bit Network Number Subnet Planning
NO. “BORROWED”
HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER
SUBNET
1255.255.128.0 (/17) 232766
2255.255.192.0 (/18) 416382
3255.255.224.0 (/19) 88190
4255.255.240.0 (/20) 16 4094
5255.255.248.0 (/21) 32 2046
6255.255.252.0 (/22) 64 1022
7255.255.254.0 (/23) 128 510
8255.255.255.0 (/24) 256 254
9255.255.255.128 (/25) 512 126
10 255.255.255.192 (/26) 1024 62
11 255.255.255.224 (/27) 2048 30
12 255.255.255.240 (/28) 4096 14
Appendix C IP Addresses and Subnetting
NWA1120 Series User’s Guide
176
Configuring IP Addresses
Where you obtain your network number depends on your particular situation. If the ISP or your
network administrator assigns you a block of registered IP addresses, follow their instructions in
selecting the IP addresses and the subnet mask.
If the ISP did not explicitly give you an IP network number, then most likely you have a single user
account and the ISP will assign you a dynamic IP address when the connection is established. If this
is the case, it is recommended that you select a network number from 192.168.0.0 to
192.168.255.0. The Internet Assigned Number Authority (IANA) reserved this block of addresses
specifically for private use; please do not use any other number unless you are told otherwise. You
must also enable Network Address Translation (NAT) on the NWA.
Once you have decided on the network number, pick an IP address for your NWA that is easy to
remember (for instance, 192.168.1.1) but make sure that no other device on your network is using
that IP address.
The subnet mask specifies the network number portion of an IP address. Your NWA will compute
the subnet mask automatically based on the IP address that you entered. You don't need to change
the subnet mask computed by the NWA unless you are instructed to do otherwise.
Private IP Addresses
Every machine on the Internet must have a unique address. If your networks are isolated from the
Internet (running only between two branch offices, for example) you can assign any IP addresses to
the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has
reserved the following three blocks of IP addresses specifically for private networks:
• 10.0.0.0 — 10.255.255.255
• 172.16.0.0 — 172.31.255.255
• 192.168.0.0 — 192.168.255.255
You can obtain your IP address from the IANA, from an ISP, or it can be assigned from a private
network. If you belong to a small organization and your Internet access is through an ISP, the ISP
can provide you with the Internet addresses for your local networks. On the other hand, if you are
part of a much larger organization, you should consult your network administrator for the
appropriate IP addresses.
Regardless of your particular situation, do not create an arbitrary IP address; always follow the
guidelines above. For more information on address assignment, please refer to RFC 1597, Address
Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.
13 255.255.255.248 (/29) 8192 6
14 255.255.255.252 (/30) 16384 2
15 255.255.255.254 (/31) 32768 1
Table 49 16-bit Network Number Subnet Planning (continued)
NO. “BORROWED”
HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER
SUBNET
NWA1120 Series User’s Guide 177
APPENDIX D
IPv6
Overview
IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The
increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP
addresses.
IPv6 Addressing
The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This
is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000.
IPv6 addresses can be abbreviated in two ways:
• Leading zeros in a block can be omitted. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can
be written as 2001:db8:1a2b:15:0:0:1a2f:0.
• Any number of consecutive blocks of zeros can be replaced by a double colon. A double colon can
only appear once in an IPv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can be
written as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015,
2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.
Prefix and Prefix Length
Similar to an IPv4 subnet mask, IPv6 uses an address prefix to represent the network address. An
IPv6 prefix length specifies how many most significant bits (start from the left) in the address
compose the network address. The prefix length is written as “/x” where x is a number. For
example,
2001:db8:1a2b:15::1a2f:0/32
means that the first 32 bits (2001:db8) is the subnet prefix.
Link-local Address
A link-local address uniquely identifies a device on the local network (the LAN). It is similar to a
“private IP address” in IPv4. You can have the same link-local address on multiple interfaces on a
device. A link-local unicast address has a predefined prefix of fe80::/10. The link-local unicast
address format is as follows.
Table 50 Link-local Unicast Address Format
1111 1110 10 0 Interface ID
10 bits 54 bits 64 bits
Appendix D IPv6
NWA1120 Series User’s Guide
178
Global Address
A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in
IPv4. A global unicast address starts with a 2 or 3.
Unspecified Address
An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does
not have its own address. It is similar to “0.0.0.0” in IPv4.
Loopback Address
A loopback address (0:0:0:0:0:0:0:1 or ::1) allows a host to send packets to itself. It is similar to
“127.0.0.1” in IPv4.
Multicast Address
In IPv6, multicast addresses provide the same functionality as IPv4 broadcast addresses.
Broadcasting is not supported in IPv6. A multicast address allows a host to send packets to all hosts
in a multicast group.
Multicast scope allows you to determine the size of the multicast group. A multicast address has a
predefined prefix of ff00::/8. The following table describes some of the predefined multicast
addresses.
The following table describes the multicast addresses which are reserved and can not be assigned
to a multicast group.
Table 51 Predefined Multicast Address
MULTICAST ADDRESS DESCRIPTION
FF01:0:0:0:0:0:0:1 All hosts on a local node.
FF01:0:0:0:0:0:0:2 All routers on a local node.
FF02:0:0:0:0:0:0:1 All hosts on a local connected link.
FF02:0:0:0:0:0:0:2 All routers on a local connected link.
FF05:0:0:0:0:0:0:2 All routers on a local site.
FF05:0:0:0:0:0:1:3 All DHCP severs on a local site.
Table 52 Reserved Multicast Address
MULTICAST ADDRESS
FF00:0:0:0:0:0:0:0
FF01:0:0:0:0:0:0:0
FF02:0:0:0:0:0:0:0
FF03:0:0:0:0:0:0:0
FF04:0:0:0:0:0:0:0
FF05:0:0:0:0:0:0:0
FF06:0:0:0:0:0:0:0
FF07:0:0:0:0:0:0:0
FF08:0:0:0:0:0:0:0
FF09:0:0:0:0:0:0:0
Appendix D IPv6
NWA1120 Series User’s Guide 179
Subnet Masking
Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided
into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each
character (1 ~ 10, A ~ F). Each block’s 16 bits are then represented by four hexadecimal
characters. For example, FFFF:FFFF:FFFF:FFFF:FC00:0000:0000:0000.
Interface ID
In IPv6, an interface ID is a 64-bit identifier. It identifies a physical interface (for example, an
Ethernet port) or a virtual interface (for example, the management IP address for a VLAN). One
interface should have a unique interface ID.
EUI-64
The EUI-64 (Extended Unique Identifier) defined by the IEEE (Institute of Electrical and Electronics
Engineers) is an interface ID format designed to adapt with IPv6. It is derived from the 48-bit (6-
byte) Ethernet MAC address as shown next. EUI-64 inserts the hex digits fffe between the third and
fourth bytes of the MAC address and complements the seventh bit of the first byte of the MAC
address. See the following example.
Stateless Autoconfiguration
With stateless autoconfiguration in IPv6, addresses can be uniquely and automatically generated.
Unlike DHCPv6 (Dynamic Host Configuration Protocol version six) which is used in IPv6 stateful
autoconfiguration, the owner and status of addresses don’t need to be maintained by a DHCP
server. Every IPv6 device is able to generate its own and unique IP address automatically when
IPv6 is initiated on its interface. It combines the prefix and the interface ID (generated from its own
Ethernet MAC address, see Interface ID and EUI-64) to form a complete IPv6 address.
When IPv6 is enabled on a device, its interface automatically generates a link-local address
(beginning with fe80).
When the interface is connected to a network with a router and the NWA is set to automatically
obtain an IPv6 network prefix from the router for the interface, it generates 1another address which
FF0A:0:0:0:0:0:0:0
FF0B:0:0:0:0:0:0:0
FF0C:0:0:0:0:0:0:0
FF0D:0:0:0:0:0:0:0
FF0E:0:0:0:0:0:0:0
FF0F:0:0:0:0:0:0:0
Table 52 Reserved Multicast Address (continued)
MULTICAST ADDRESS
Table 53
MAC 00 : 13 : 49 : 12 : 34 : 56
Table 54
EUI-64 02: 13 : 49 : FF : FE : 12 : 34 : 56
Appendix D IPv6
NWA1120 Series User’s Guide
180
combines its interface ID and global and subnet information advertised from the router. This is a
routable global IP address.
DHCPv6
The Dynamic Host Configuration Protocol for IPv6 (DHCPv6, RFC 3315) is a server-client protocol
that allows a DHCP server to assign and pass IPv6 network addresses, prefixes and other
configuration information to DHCP clients. DHCPv6 servers and clients exchange DHCP messages
using UDP.
Each DHCP client and server has a unique DHCP Unique IDentifier (DUID), which is used for
identification when they are exchanging DHCPv6 messages. The DUID is generated from the MAC
address, time, vendor assigned ID and/or the vendor's private enterprise number registered with
the IANA. It should not change over time even after you reboot the device.
Identity Association
An Identity Association (IA) is a collection of addresses assigned to a DHCP client, through which
the server and client can manage a set of related IP addresses. Each IA must be associated with
exactly one interface. The DHCP client uses the IA assigned to an interface to obtain configuration
from a DHCP server for that interface. Each IA consists of a unique IAID and associated IP
information.
The IA type is the type of address in the IA. Each IA holds one type of address. IA_NA means an
identity association for non-temporary addresses and IA_TA is an identity association for temporary
addresses. An IA_NA option contains the T1 and T2 fields, but an IA_TA option does not. The
DHCPv6 server uses T1 and T2 to control the time at which the client contacts with the server to
extend the lifetimes on any addresses in the IA_NA before the lifetimes expire. After T1, the client
sends the server (S1) (from which the addresses in the IA_NA were obtained) a Renew message. If
the time T2 is reached and the server does not respond, the client sends a Rebind message to any
available server (S2). For an IA_TA, the client may send a Renew or Rebind message at the client's
discretion.
DHCP Relay Agent
A DHCP relay agent is on the same network as the DHCP clients and helps forward messages
between the DHCP server and clients. When a client cannot use its link-local address and a well-
known multicast address to locate a DHCP server on its network, it then needs a DHCP relay agent
to send a message to a DHCP server that is not attached to the same network.
The DHCP relay agent can add the remote identification (remote-ID) option and the interface-ID
option to the Relay-Forward DHCPv6 messages. The remote-ID option carries a user-defined string,
1. In IPv6, all network interfaces can be associated with several addresses.
T1
T2
Renew Rebind
Rebind
to S1
Renew
to S1
Renew
to S1
Renew
to S1
Renew
to S1
Renew
to S1
to S2
to S2
Appendix D IPv6
NWA1120 Series User’s Guide 181
such as the system name. The interface-ID option provides slot number, port information and the
VLAN ID to the DHCPv6 server. The remote-ID option (if any) is stripped from the Relay-Reply
messages before the relay agent sends the packets to the clients. The DHCP server copies the
interface-ID option from the Relay-Forward message into the Relay-Reply message and sends it to
the relay agent. The interface-ID should not change even after the relay agent restarts.
Prefix Delegation
Prefix delegation enables an IPv6 router to use the IPv6 prefix (network address) received from the
ISP (or a connected uplink router) for its LAN. The NWA uses the received IPv6 prefix (for example,
2001:db2::/48) to generate its LAN IP address. Through sending Router Advertisements (RAs)
regularly by multicast, the NWA passes the IPv6 prefix information to its LAN hosts. The hosts then
can use the prefix to generate their IPv6 addresses.
ICMPv6
Internet Control Message Protocol for IPv6 (ICMPv6 or ICMP for IPv6) is defined in RFC 4443.
ICMPv6 has a preceding Next Header value of 58, which is different from the value used to identify
ICMP for IPv4. ICMPv6 is an integral part of IPv6. IPv6 nodes use ICMPv6 to report errors
encountered in packet processing and perform other diagnostic functions, such as "ping".
Neighbor Discovery Protocol (NDP)
The Neighbor Discovery Protocol (NDP) is a protocol used to discover other IPv6 devices and track
neighbor’s reachability in a network. An IPv6 device uses the following ICMPv6 messages types:
• Neighbor solicitation: A request from a host to determine a neighbor’s link-layer address (MAC
address) and detect if the neighbor is still reachable. A neighbor being “reachable” means it
responds to a neighbor solicitation message (from the host) with a neighbor advertisement
message.
• Neighbor advertisement: A response from a node to announce its link-layer address.
• Router solicitation: A request from a host to locate a router that can act as the default router and
forward packets.
• Router advertisement: A response to a router solicitation or a periodical multicast advertisement
from a router to advertise its presence and other parameters.
IPv6 Cache
An IPv6 host is required to have a neighbor cache, destination cache, prefix list and default router
list. The NWA maintains and updates its IPv6 caches constantly using the information from
response messages. In IPv6, the NWA configures a link-local address automatically, and then sends
a neighbor solicitation message to check if the address is unique. If there is an address to be
resolved or verified, the NWA also sends out a neighbor solicitation message. When the NWA
receives a neighbor advertisement in response, it stores the neighbor’s link-layer address in the
neighbor cache. When the NWA uses a router solicitation message to query for a router and
receives a router advertisement message, it adds the router’s information to the neighbor cache,
prefix list and destination cache. The NWA creates an entry in the default router list cache if the
router can be used as a default router.
When the NWA needs to send a packet, it first consults the destination cache to determine the next
hop. If there is no matching entry in the destination cache, the NWA uses the prefix list to
Appendix D IPv6
NWA1120 Series User’s Guide
182
determine whether the destination address is on-link and can be reached directly without passing
through a router. If the address is onlink, the address is considered as the next hop. Otherwise, the
NWA determines the next-hop from the default router list or routing table. Once the next hop IP
address is known, the NWA looks into the neighbor cache to get the link-layer address and sends
the packet when the neighbor is reachable. If the NWA cannot find an entry in the neighbor cache
or the state for the neighbor is not reachable, it starts the address resolution process. This helps
reduce the number of IPv6 solicitation and advertisement messages.
Multicast Listener Discovery
The Multicast Listener Discovery (MLD) protocol (defined in RFC 2710) is derived from IPv4's
Internet Group Management Protocol version 2 (IGMPv2). MLD uses ICMPv6 message types, rather
than IGMP message types. MLDv1 is equivalent to IGMPv2 and MLDv2 is equivalent to IGMPv3.
MLD allows an IPv6 switch or router to discover the presence of MLD listeners who wish to receive
multicast packets and the IP addresses of multicast groups the hosts want to join on its network.
MLD snooping and MLD proxy are analogous to IGMP snooping and IGMP proxy in IPv4.
MLD filtering controls which multicast groups a port can join.
MLD Messages
A multicast router or switch periodically sends general queries to MLD hosts to update the multicast
forwarding table. When an MLD host wants to join a multicast group, it sends an MLD Report
message for that address.
An MLD Done message is equivalent to an IGMP Leave message. When an MLD host wants to leave
a multicast group, it can send a Done message to the router or switch. The router or switch then
sends a group-specific query to the port on which the Done message is received to determine if
other devices connected to this port should remain in the group.
Appendix D IPv6
NWA1120 Series User’s Guide 183
Example - Enabling IPv6 on Windows XP/2003/Vista
By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the
ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the
ipconfig command to see auto-generated IP addresses.
IPv6 is installed and enabled by default in Windows Vista. Use the ipconfig command to check
your automatic configured IPv6 address as well. You should see at least one IPv6 address available
for the interface on your computer.
Example - Enabling DHCPv6 on Windows XP
Windows XP does not support DHCPv6. If your network uses DHCPv6 for IP address assignment,
you have to additionally install a DHCPv6 client software on your Windows XP. (Note: If you use
static IP addresses or Router Advertisement for IPv6 address assignment in your network, ignore
this section.)
This example uses Dibbler as the DHCPv6 client. To enable DHCPv6 client on your computer:
1Install Dibbler and select the DHCPv6 client option on your computer.
2After the installation is complete, select Start > All Programs > Dibbler-DHCPv6 > Client
Install as service.
3Select Start > Control Panel > Administrative Tools > Services.
4Double click Dibbler - a DHCPv6 client.
C:\>ipv6 install
Installing...
Succeeded.
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.1.1.46
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::2d0:59ff:feb8:103c%4
Default Gateway . . . . . . . . . : 10.1.1.254
Appendix D IPv6
NWA1120 Series User’s Guide
184
5Click Start and then OK.
6Now your computer can obtain an IPv6 address from a DHCPv6 server.
Example - Enabling IPv6 on Windows 7
Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7
computer.
To enable IPv6 in Windows 7:
1Select Control Panel > Network and Sharing Center > Local Area Connection.
2Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it.
3Click OK to save the change.
Appendix D IPv6
NWA1120 Series User’s Guide 185
4Click Close to exit the Local Area Connection Status screen.
5Select Start > All Programs > Accessories > Command Prompt.
6Use the ipconfig command to check your dynamic IPv6 address. This example shows a global
address (2001:b021:2d::1000) obtained from a DHCP server.
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:b021:2d::1000
Link-local IPv6 Address . . . . . : fe80::25d8:dcab:c80a:5189%11
IPv4 Address. . . . . . . . . . . : 172.16.100.61
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::213:49ff:feaa:7125%11
172.16.100.254
Appendix D IPv6
NWA1120 Series User’s Guide
186
NWA1120 Series User’s Guide 187
APPENDIX E
Wireless LANs
Wireless LAN Topologies
This section discusses ad-hoc and infrastructure wireless LAN topologies.
Ad-hoc Wireless LAN Configuration
The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of
computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within
range of each other, they can set up an independent network, which is commonly referred to as an
ad-hoc network or Independent Basic Service Set (IBSS). The following diagram shows an example
of notebook computers using wireless adapters to form an ad-hoc wireless LAN.
Figure 91 Peer-to-Peer Communication in an Ad-hoc Network
BSS
A Basic Service Set (BSS) exists when all communications between wireless clients or between a
wireless client and a wired network client go through one access point (AP).
Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless
client A and B can access the wired network and communicate with each other. When Intra-BSS is
Appendix E Wireless LANs
NWA1120 Series User’s Guide
188
disabled, wireless client A and B can still access the wired network but cannot communicate with
each other.
Figure 92 Basic Service Set
ESS
An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access
point, with each access point connected together by a wired network. This wired connection
between APs is called a Distribution System (DS).
This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only
provide communication with the wired network but also mediate wireless network traffic in the
immediate neighborhood.
Appendix E Wireless LANs
NWA1120 Series User’s Guide 189
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated
wireless clients within the same ESS must have the same ESSID in order to communicate.
Figure 93 Infrastructure WLAN
Channel
A channel is the radio frequency(ies) used by wireless devices to transmit and receive data.
Channels available depend on your geographical area. You may have a choice of channels (for your
region) so you should use a channel different from an adjacent AP (access point) to reduce
interference. Interference occurs when radio signals from different access points overlap causing
interference and degrading performance.
Adjacent channels partially overlap however. To avoid interference due to overlap, your AP should
be on a channel at least five channels away from a channel that an adjacent AP is using. For
example, if your region has 11 channels and an adjacent AP is using channel 1, then you need to
select a channel between 6 or 11.
RTS/CTS
A hidden node occurs when two stations are within range of the same access point, but are not
within range of each other. The following figure illustrates a hidden node. Both stations (STA) are
within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they
Appendix E Wireless LANs
NWA1120 Series User’s Guide
190
cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore,
they are considered hidden from each other.
Figure 94 RTS/CTS
When station A sends data to the AP, it might not know that the station B is already using the
channel. If these two stations send data at the same time, collisions may occur when both sets of
data arrive at the AP at the same time, resulting in a loss of messages for both stations.
RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the biggest
size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send) handshake is
invoked.
When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station
that wants to transmit this frame must first send an RTS (Request To Send) message to the AP for
permission to send it. The AP then responds with a CTS (Clear to Send) message to all other
stations within its range to notify them to defer their transmission. It also reserves and confirms
with the requesting station the time frame for the requested transmission.
Stations can send frames smaller than the specified RTS/CTS directly to the AP without the RTS
(Request To Send)/CTS (Clear to Send) handshake.
You should only configure RTS/CTS if the possibility of hidden nodes exists on your network and
the "cost" of resending large frames is more than the extra network overhead involved in the RTS
(Request To Send)/CTS (Clear to Send) handshake.
If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the
RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be
fragmented before they reach RTS/CTS size.
Note: Enabling the RTS Threshold causes redundant network overhead that could
negatively affect the throughput performance instead of providing a remedy.
Fragmentation Threshold
A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes)
that can be sent in the wireless network before the AP will fragment the packet into smaller data
frames.
A large Fragmentation Threshold is recommended for networks not prone to interference while
you should set a smaller threshold for busy networks or networks that are prone to interference.
Appendix E Wireless LANs
NWA1120 Series User’s Guide 191
If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you
set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames
will be fragmented before they reach RTS/CTS size.
Preamble Type
Preamble is used to signal that data is coming to the receiver. Short and long refer to the length of
the synchronization field in a packet.
Short preamble increases performance as less time sending preamble means more time for sending
data. All IEEE 802.11 compliant wireless adapters support long preamble, but not all support short
preamble.
Use long preamble if you are unsure what preamble mode other wireless devices on the network
support, and to provide more reliable communications in busy wireless networks.
Use short preamble if you are sure all wireless devices on the network support it, and to provide
more efficient communications.
Use the dynamic setting to automatically use short preamble when all wireless devices on the
network support it, otherwise the NWA uses long preamble.
Note: The wireless devices MUST use the same preamble mode in order to communicate.
Wireless LAN Standards
The IEEE 802.11b wireless access standard was first published in 1999. IEEE 802.11b has a
maximum data rate of 11 Mbps and uses the 2.4 GHz band.
IEEE 802.11g also works in the 2.4 GHz band and is fully compatible with the IEEE 802.11b
standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access
point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has several
intermediate rate steps between the maximum and minimum data rates (54 Mbps and 1 Mbps
respectively).
IEEE 802.11a has a data rate of up to 54 Mbps using the 5 GHz band. IEEE 802.11a is not
interoperable with IEEE 802.11b or IEEE 802.11g.
IEEE 802.11n can operate both in the 2.4 GHz and 5 GHz bands and is backward compatible with
the IEEE 802.11a, IEEE 802.11b, and IEEE 802.11g standards. It improves network throughput and
increases the maximum raw data rate from 54 Mbps to 300 Mbps by using multiple-input multiple-
output (MIMO), a channel width of 40 MHz, frame aggregation and short guard interval.
Table 55 Wireless LAN Standards Comparison Table
WIRELESS LAN
STANDARD MAXIMUM NET
DATA RATE FREQUENCY
BAND COMPATIBILITY
IEEE 802.11b 11 Mbps 2.4 GHz IEEE 802.11g
IEEE 802.11n
IEEE 802.11g 54 Mbps 2.4 GHz IEEE 802.11b
IEEE 802.11n
Appendix E Wireless LANs
NWA1120 Series User’s Guide
192
Wireless Security Overview
Wireless security is vital to your network to protect wireless communication between wireless
clients, access points and the wired network.
Wireless security methods available on the NWA are data encryption, wireless client authentication,
restricting access by device MAC address and hiding the NWA identity.
The following figure shows the relative effectiveness of these wireless security methods available on
your NWA.
Note: You must enable the same wireless security settings on the NWA and on all wireless
clients that you want to associate with it.
IEEE 802.1x
In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to
support extended authentication as well as providing additional accounting and control features. It
is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x
are:
• User based identification that allows for roaming.
• Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for
centralized user profile and accounting management on a network RADIUS server.
• Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional
authentication methods to be deployed with no changes to the access point or the wireless
clients.
IEEE 802.11a
54 Mbps 5 GHz IEEE 802.11n
IEEE 802.11n 300 Mbps 2.4 GHz, 5 GHz IEEE 802.11b
IEEE 802.11g
IEEE 802.11a
Table 55 Wireless LAN Standards Comparison Table
WIRELESS LAN
STANDARD MAXIMUM NET
DATA RATE FREQUENCY
BAND COMPATIBILITY
Table 56 Wireless Security Levels
SECURITY
LEVEL SECURITY TYPE
Least
Secure
Most Secure
Unique SSID (Default)
Unique SSID with Hide SSID Enabled
MAC Address Filtering
WEP Encryption
IEEE802.1x EAP with RADIUS Server Authentication
Wi-Fi Protected Access (WPA)
WPA2
Appendix E Wireless LANs
NWA1120 Series User’s Guide 193
RADIUS
RADIUS is based on a client-server model that supports authentication, authorization and
accounting. The access point is the client and the server is the RADIUS server. The RADIUS server
handles the following tasks:
• Authentication
Determines the identity of the users.
•Authorization
Determines the network services available to authenticated users once they are connected to the
network.
• Accounting
Keeps track of the client’s network activity.
RADIUS is a simple package exchange in which your AP acts as a message relay between the
wireless client and the network RADIUS server.
Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the access point and the RADIUS
server for user authentication:
• Access-Request
Sent by an access point requesting authentication.
• Access-Reject
Sent by a RADIUS server rejecting access.
• Access-Accept
Sent by a RADIUS server allowing access.
• Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access. The access point
sends a proper response from the user and then sends another Access-Request message.
The following types of RADIUS messages are exchanged between the access point and the RADIUS
server for user accounting:
• Accounting-Request
Sent by the access point requesting accounting.
• Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
In order to ensure network security, the access point and the RADIUS server use a shared secret
key, which is a password, they both know. The key is not sent over the network. In addition to the
shared key, password information exchanged is also encrypted to protect the network from
unauthorized access.
Types of EAP Authentication
This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and
LEAP. Your wireless LAN device may not support all authentication types.
Appendix E Wireless LANs
NWA1120 Series User’s Guide
194
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE
802.1x transport mechanism in order to support multiple types of user authentication. By using EAP
to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a
RADIUS server perform authentication.
The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that
supports IEEE 802.1x.
For EAP-TLS authentication type, you must first have a wired connection to the network and obtain
the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used
to authenticate users and a CA issues certificates and guarantees the identity of each certificate
owner.
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The authentication server
sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by
encrypting the password with the challenge and sends back the information. Password is not sent in
plain text.
However, MD5 authentication has some weaknesses. Since the authentication server needs to get
the plaintext passwords, the passwords must be stored. Thus someone other than the
authentication server may access the password file. In addition, it is possible to impersonate an
authentication server as MD5 authentication method does not perform mutual authentication.
Finally, MD5 authentication method does not support data encryption with dynamic session key. You
must configure WEP encryption keys for data encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless clients for
mutual authentication. The server presents a certificate to the client. After validating the identity of
the server, the client sends a different certificate to the server. The exchange of certificates is done
in the open before a secured tunnel is created. This makes user identity vulnerable to passive
attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity.
However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which
imposes a management overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-
side authentications to establish a secure connection. Client authentication is then done by sending
username and password through the secure connection, thus client identity is protected. For client
authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP,
CHAP, MS-CHAP and MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then
use simple username and password methods through the secured connection to authenticate the
clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5,
EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is
implemented only by Cisco.
Appendix E Wireless LANs
NWA1120 Series User’s Guide 195
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x.
Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key expires when the
wireless connection times out, disconnects or reauthentication times out. A new WEP key is
generated each time reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default encryption key in the wireless
security configuration screen. You may still configure and store keys, but they will not be used while
dynamic WEP is enabled.
Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic
keys for data encryption. They are often deployed in corporate environments, but for public
deployment, a simple user name and password pair is more practical. The following table is a
comparison of the features of authentication types.
WPA and WPA2
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a
wireless security standard that defines stronger encryption, authentication and key management
than WPA.
Key differences between WPA or WPA2 and WEP are improved data encryption and user
authentication.
If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use
WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use
WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into
each access point, wireless gateway and wireless client. As long as the passwords match, a wireless
client will be granted access to a WLAN.
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on
whether you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less
secure than WPA or WPA2.
Table 57 Comparison of EAP Authentication Types
EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP
Mutual Authentication No Yes Yes Yes Yes
Certificate – Client No Yes Optional Optional No
Certificate – Server No Yes Yes Yes No
Dynamic Key Exchange No Yes Yes Yes Yes
Credential Integrity None Strong Strong Strong Moderate
Deployment Difficulty Easy Hard Moderate Moderate Moderate
Client Identity Protection No No Yes Yes No
Appendix E Wireless LANs
NWA1120 Series User’s Guide
196
Encryption
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity
Check (MIC) and IEEE 802.1x. WPA2 also uses TKIP when required for compatibility reasons, but
offers stronger encryption than TKIP with Advanced Encryption Standard (AES) in the Counter
mode with Cipher block chaining Message authentication code Protocol (CCMP).
TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server.
AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm
called Rijndael. They both include a per-packet key mixing function, a Message Integrity Check
(MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying
mechanism.
WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is
never used twice.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key
hierarchy and management system, using the PMK to dynamically generate unique data encryption
keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless
clients. This all happens in the background automatically.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets,
altering them and resending them. The MIC provides a strong mathematical function in which the
receiver and the transmitter each compute and then compare the MIC. If they do not match, it is
assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity
checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a Wi-Fi
network than WEP and difficult for an intruder to break into the network.
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference
between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force
password-guessing attacks but it’s still an improvement over WEP as it employs a consistent,
single, alphanumeric password to derive a PMK which is used to generate unique temporal
encryption keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of
WEP)
User Authentication
WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless clients using an external RADIUS database. WPA2 reduces the number of key exchange
messages from six to four (CCMP 4-way handshake) and shortens the time required to connect to a
network. Other WPA2 authentication features that are different from WPA include key caching and
pre-authentication. These two features are optional and may not be supported in all wireless
devices.
Key caching allows a wireless client to store the PMK it derived through a successful authentication
with an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not
need to go with the authentication process again.
Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an
AP) to perform IEEE 802.1x authentication with another AP before connecting to it.
Appendix E Wireless LANs
NWA1120 Series User’s Guide 197
Wireless Client WPA Supplicants
A wireless client supplicant is the software that runs on an operating system instructing the wireless
client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch
for Windows XP, Funk Software's Odyssey client.
The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero
Configuration" wireless client. However, you must run Windows XP to use it.
WPA(2) with RADIUS Application Example
To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812),
and the RADIUS shared secret. A WPA(2) application example with an external RADIUS server
looks as follows. "A" is the RADIUS server. "DS" is the distribution system.
1The AP passes the wireless client's authentication request to the RADIUS server.
2The RADIUS server then checks the user's identification against its database and grants or denies
network access accordingly.
3A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS
server and the client.
4The RADIUS server distributes the PMK to the AP. The AP then sets up a key hierarchy and
management system, using the PMK to dynamically generate unique data encryption keys. The
keys are used to encrypt every data packet that is wirelessly communicated between the AP and
the wireless clients.
Figure 95 WPA(2) with RADIUS Application Example
WPA(2)-PSK Application Example
A WPA(2)-PSK application looks as follows.
Appendix E Wireless LANs
NWA1120 Series User’s Guide
198
1First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must
consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and
symbols).
2The AP checks each wireless client's password and allows it to join the network only if the password
matches.
3The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not
sent over the network, but is derived from the PSK and the SSID.
4The AP and wireless clients use the TKIP or AES encryption process, the PMK and information
exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data
exchanged between them.
Figure 96 WPA(2)-PSK Authentication
Security Parameters Summary
Refer to this table to see what other security parameters you should configure for each
authentication method or key management protocol type. MAC address filters are not dependent on
how you configure these security features.
Table 58 Wireless Security Relational Matrix
AUTHENTICATION
METHOD/ KEY
MANAGEMENT PROTOCOL
ENCRYPTIO
N METHOD ENTER
MANUAL KEY IEEE 802.1X
Open None No Disable
Enable without Dynamic WEP Key
Open WEP No Enable with Dynamic WEP Key
Yes Enable without Dynamic WEP Key
Yes Disable
Shared WEP No Enable with Dynamic WEP Key
Yes Enable without Dynamic WEP Key
Yes Disable
WPA TKIP/AES No Enable
WPA-PSK TKIP/AES Yes Disable
Appendix E Wireless LANs
NWA1120 Series User’s Guide 199
Antenna Overview
An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to
the antenna, which propagates the signal through the air. The antenna also operates in reverse by
capturing RF signals from the air.
Positioning the antennas properly increases the range and coverage area of a wireless LAN.
Antenna Characteristics
Frequency
An antenna in the frequency of 2.4GHz or 5GHz is needed to communicate efficiently in a wireless
LAN
Radiation Pattern
A radiation pattern is a diagram that allows you to visualize the shape of the antenna’s coverage
area.
Antenna Gain
Antenna gain, measured in dB (decibel), is the increase in coverage within the RF beam width.
Higher antenna gain improves the range of the signal for better communications.
For an indoor site, each 1 dB increase in antenna gain results in a range increase of approximately
2.5%. For an unobstructed outdoor site, each 1dB increase in gain results in a range increase of
approximately 5%. Actual results may vary depending on the network environment.
Antenna gain is sometimes specified in dBi, which is how much the antenna increases the signal
power compared to using an isotropic antenna. An isotropic antenna is a theoretical perfect antenna
that sends out radio signals equally well in all directions. dBi represents the true gain that the
antenna provides.
Types of Antennas for WLAN
There are two types of antennas used for wireless LAN applications.
• Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The
coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room
environment. With a wide coverage area, it is possible to make circular overlapping coverage
areas with multiple access points.
WPA2 TKIP/AES No Enable
WPA2-PSK TKIP/AES Yes Disable
Table 58 Wireless Security Relational Matrix (continued)
AUTHENTICATION
METHOD/ KEY
MANAGEMENT PROTOCOL
ENCRYPTIO
N METHOD ENTER
MANUAL KEY IEEE 802.1X
Appendix E Wireless LANs
NWA1120 Series User’s Guide
200
• Directional antennas concentrate the RF signal in a beam, like a flashlight does with the light
from its bulb. The angle of the beam determines the width of the coverage pattern. Angles
typically range from 20 degrees (very directional) to 120 degrees (less directional). Directional
antennas are ideal for hallways and outdoor point-to-point applications.
Positioning Antennas
In general, antennas should be mounted as high as practically possible and free of obstructions. In
point-to–point application, position both antennas at the same height and in a direct line of sight to
each other to attain the best performance.
For omni-directional antennas mounted on a table, desk, and so on, point the antenna up. For
omni-directional antennas mounted on a wall or ceiling, point the antenna down. For a single AP
application, place omni-directional antennas as close to the center of the coverage area as possible.
For directional antennas, point the antenna in the direction of the desired coverage area.
NWA1120 Series User’s Guide 201
APPENDIX F
Customer Support
In the event of problems that cannot be solved by using this manual, you should contact your
vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you
bought the device. Regional websites are listed below (see also http://www.zyxel.com/
about_zyxel/zyxel_worldwide.shtml). Please have the following information ready when you
contact an office.
Required Information
• Product model and serial number.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
Corporate Headquarters (Worldwide)
Taiwan
• ZyXEL Communications Corporation
• http://www.zyxel.com
Asia
China
• ZyXEL Communications (Shanghai) Corp.
ZyXEL Communications (Beijing) Corp.
ZyXEL Communications (Tianjin) Corp.
• http://www.zyxel.cn
India
• ZyXEL Technology India Pvt Ltd
• http://www.zyxel.in
Kazakhstan
•ZyXEL Kazakhstan
• http://www.zyxel.kz
Appendix F Customer Support
NWA1120 Series User’s Guide
202
Korea
• ZyXEL Korea Corp.
• http://www.zyxel.kr
Malaysia
• ZyXEL Malaysia Sdn Bhd.
• http://www.zyxel.com.my
Pakistan
• ZyXEL Pakistan (Pvt.) Ltd.
• http://www.zyxel.com.pk
Philipines
• ZyXEL Philippines
• http://www.zyxel.com.ph
Singapore
• ZyXEL Singapore Pte Ltd.
• http://www.zyxel.com.sg
Taiwan
• ZyXEL Communications Corporation
• http://www.zyxel.com
Thailand
• ZyXEL Thailand Co., Ltd
• http://www.zyxel.co.th
Vietnam
• ZyXEL Communications Corporation-Vietnam Office
• http://www.zyxel.com/vn/vi
Europe
Austria
• ZyXEL Deutschland GmbH
• http://www.zyxel.de
Belarus
•ZyXEL BY
• http://www.zyxel.by
Appendix F Customer Support
NWA1120 Series User’s Guide 203
Belgium
• ZyXEL Communications B.V.
• http://www.zyxel.com/be/nl/
Bulgaria
•ZyXEL България
• http://www.zyxel.com/bg/bg/
Czech
• ZyXEL Communications Czech s.r.o
• http://www.zyxel.cz
Denmark
• ZyXEL Communications A/S
• http://www.zyxel.dk
Estonia
•ZyXEL Estonia
• http://www.zyxel.com/ee/et/
Finland
• ZyXEL Communications
• http://www.zyxel.fi
France
•ZyXEL France
• http://www.zyxel.fr
Germany
• ZyXEL Deutschland GmbH
• http://www.zyxel.de
Hungary
• ZyXEL Hungary & SEE
• http://www.zyxel.hu
Latvia
•ZyXEL Latvia
• http://www.zyxel.com/lv/lv/homepage.shtml
Appendix F Customer Support
NWA1120 Series User’s Guide
204
Lithuania
• ZyXEL Lithuania
• http://www.zyxel.com/lt/lt/homepage.shtml
Netherlands
•ZyXEL Benelux
• http://www.zyxel.nl
Norway
• ZyXEL Communications
• http://www.zyxel.no
Poland
• ZyXEL Communications Poland
• http://www.zyxel.pl
Romania
•ZyXEL Romania
• http://www.zyxel.com/ro/ro
Russia
• ZyXEL Russia
• http://www.zyxel.ru
Slovakia
• ZyXEL Communications Czech s.r.o. organizacna zlozka
• http://www.zyxel.sk
Spain
•ZyXEL Spain
• http://www.zyxel.es
Sweden
• ZyXEL Communications
• http://www.zyxel.se
Switzerland
•Studerus AG
• http://www.zyxel.ch/
Appendix F Customer Support
NWA1120 Series User’s Guide 205
Turkey
•ZyXEL Turkey A.S.
• http://www.zyxel.com.tr
UK
• ZyXEL Communications UK Ltd.
• http://www.zyxel.co.uk
Ukraine
•ZyXEL Ukraine
• http://www.ua.zyxel.com
Latin America
Argentina
• ZyXEL Communication Corporation
• http://www.zyxel.com/ec/es/
Ecuador
• ZyXEL Communication Corporation
• http://www.zyxel.com/ec/es/
Middle East
Egypt
• ZyXEL Communication Corporation
• http://www.zyxel.com/homepage.shtml
Middle East
• ZyXEL Communication Corporation
• http://www.zyxel.com/homepage.shtml
North America
USA
• ZyXEL Communications, Inc. - North America Headquarters
• http://www.us.zyxel.com/
Appendix F Customer Support
NWA1120 Series User’s Guide
206
Oceania
Australia
• ZyXEL Communications Corporation
• http://www.zyxel.com/au/en/
Africa
South Africa
• Nology (Pty) Ltd.
• http://www.zyxel.co.za
NWA1120 Series User’s Guide 207
APPENDIX G
Legal Information
Copyright
Copyright © 2013 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into
any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimers
ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it
convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any
products described herein without notice. This publication is subject to change without notice.
Your use of the NWA is subject to the terms and conditions of any related service providers.
Trademarks
Trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Certifications
Federal Communications Commission (FCC) Interference Statement
The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause undesired operations.
This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These
limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses,
and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference
to radio communications. However, there is no guarantee that interference will not occur in a particular installation.
If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the
user is encouraged to try to correct the interference by one or more of the following measures:
1Reorient or relocate the receiving antenna.
2Increase the separation between the equipment and the receiver.
3Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
4Consult the dealer or an experienced radio/TV technician for help.
FCC Caution: Any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority
to operate this equipment.
FCC Radiation Exposure Statement
• This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
• For operation within 5.15 ~ 5.25GHz frequency range, it is restricted to indoor environment.
• IEEE 802.11b, 802.11g or 802.11n (20MHz) operation of this product in the U.S.A. is firmware-limited to channels 1 through 11. IEEE
802.11n (40MHz) operation of this product in the U.S.A. is firmware-limited to channels 3 through 9.
• To comply with FCC RF exposure compliance requirements, a separation distance of at least 20 cm must be maintained between the
antenna of this device and all persons.
Industry Canada Statement
This device complies with RSS-210 of the Industry Canada Rules. Operation is subject to the following two conditions:
1) this device may not cause interference and
2) this device must accept any interference, including interference that may cause undesired operation of the device
This device has been designed to operate with an antenna having a maximum gain of 3dBi.
Antenna having a higher gain is strictly prohibited per regulations of Industry Canada. The required antenna impedance is 50 ohms.
To reduce potential radio interference to other users, the antenna type and its gain should be so chosen that the EIRP is not more than
required for successful communication.
Appendix G Legal Information
NWA1120 Series User’s Guide
208
IC Radiation Exposure Statement
This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. End users must follow the specific
operating instructions for satisfying RF exposure compliance.
注意 ! 依據 低功率電波輻射性電機管理辦法
第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用
者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。
第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現
有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。
前項合法通信,指依電信規定作業之無線電信。低功率射頻電機須忍
受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。
本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。
減少電磁波影響,請妥適使用。
在 5.25-5.35 (GHz) 頻帶內操作之無線資訊傳輸設備,限於室內使用。
Notices
Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the
equipment.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
ErP (Energy-related Products) Declaration of Conformity
All ZyXEL products put on the EU market in compliance with the requirement of the European Parliament and the Council published
Directive 2009/125/EC establishing a framework for the setting of ecodesign requirements for energy-related products (recast), so called
as "ErP Directive (Energy-related Products directive).
This product has been outside the scope of Energy efficiency limitation requirement in the light of the terms of Regulation (EC) No 1275/
2008, Annex II:
2. Four years after this Regulation has come into force:
(c) Availability of off mode and/or standby mode
Equipment shall, except where this is inappropriate for the intended use, provide off mode and/or standby mode, and/or another
condition which does not exceed the applicable power consumption requirements for off mode and/or standby mode when the equipment
is connected to the mains power source.
(d) Power management
-another condition which does not exceed the applicable power consumption requirements for off mode and/or standby mode when the
equipment is connected to the mains power source. The power anagement function shall be activated before delivery.
4. Information to be provided by manufacturers:
(c) the characteristics of equipment relevant for assessing conformity with the requirements set out in point 1(c), or the requirements set
out in points 2(c) and/or 2(d), as applicable, including the time taken to automatically reach standby, or off mode, or another condition
which does not exceed the applicable power consumption requirements for off mode and/or standby mode.
In particular, if applicable, the technical justification shall be provided that the requirements set out in point 1(c), or the requirements set
out in points 2(c) and/or 2(d), are inappropriate for the intended use of equipment.
EU Directive & Regulation:
ErP Directive: Directive 2009/125/EC
Standby & off mode: Regulation (EC) No 1275/2008,
Guidance accompanying Commission Regulation (EC) No 1275/2008,
source: http://ec.europa.eu/energy/efficiency/ecodesign/eco_design_en.htm
Viewing Certifications
Go to http://www.zyxel.com to view this product’s documentation and certifications.
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in material or workmanship for a specific
period (the Warranty Period) from the date of purchase. The Warranty Period varies by region. Check with your vendor and/or the
authorized ZyXEL local distributor for details about the Warranty Period of this product. During the warranty period, and upon proof of
purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or
replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to
restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally
equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has
been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other
warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in
no event be held liable for indirect or consequential damages of any kind to the purchaser.
To obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought
the device at http://www.zyxel.com/web/support_warranty_info.php.
Registration
Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com.
Appendix G Legal Information
NWA1120 Series User’s Guide 209
Open Source Licenses
This product contains in part some free software distributed under GPL license terms and/or GPL like licenses. Open source licenses are
provided with the firmware package. You can download the latest firmware at www.zyxel.com. To obtain the source code covered under
those Licenses, please contact support@zyxel.com.tw to get it.
Regulatory Information
European Union
The following information applies if you use the product within the European Union.
Declaration of Conformity with Regard to EU Directive 1999/5/EC (R&TTE Directive)
Compliance Information for 2.4GHz and 5GHz Wireless Products Relevant to the EU and Other Countries Following the EU Directive 1999/5/EC
(R&TTE Directive)
[Czech] ZyXEL tímto prohlašuje, že tento zařízení je ve shodě se základními požadavky a dalšími příslušnými ustanoveními
směrnice 1999/5/EC.
[Danish] Undertegnede ZyXEL erklærer herved, at følgende udstyr udstyr overholder de væsentlige krav og øvrige relevante
krav i direktiv 1999/5/EF.
[German] Hiermit erklärt ZyXEL, dass sich das Gerät Ausstattung in Übereinstimmung mit den grundlegenden Anforderungen
und den übrigen einschlägigen Bestimmungen der Richtlinie 1999/5/EU befindet.
[Estonian] Käesolevaga kinnitab ZyXEL seadme seadmed vastavust direktiivi 1999/5/EÜ põhinõuetele ja nimetatud direktiivist
tulenevatele teistele asjakohastele sätetele.
English Hereby, ZyXEL declares that this equipment is in compliance with the essential requirements and other relevant
provisions of Directive 1999/5/EC.
[Spanish] Por medio de la presente ZyXEL declara que el equipo cumple con los requisitos esenciales y cualesquiera otras
disposiciones aplicables o exigibles de la Directiva 1999/5/CE.
[Greek] ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ ZyXEL ΔΗΛΩΝΕΙ ΟΤΙ εξοπλισμός ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ
ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999/5/ΕC.
[French] Par la présente ZyXEL déclare que l'appareil équipements est conforme aux exigences essentielles et aux autres
dispositions pertinentes de la directive 1999/5/EC.
[Italian] Con la presente ZyXEL dichiara che questo attrezzatura è conforme ai requisiti essenziali ed alle altre disposizioni
pertinenti stabilite dalla direttiva 1999/5/CE.
[Latvian] Ar šo ZyXEL deklarē, ka iekārtas atbilst Direktīvas 1999/5/EK būtiskajām prasībām un citiem ar to saistītajiem
noteikumiem.
[Lithuanian] Šiuo ZyXEL deklaruoja, kad šis įranga atitinka esminius reikalavimus ir kitas 1999/5/EB Direktyvos nuostatas.
[Dutch] Hierbij verklaart ZyXEL dat het toestel uitrusting in overeenstemming is met de essentiële eisen en de andere
relevante bepalingen van richtlijn 1999/5/EC.
[Maltese] Hawnhekk, ZyXEL, jiddikjara li dan tagħmir jikkonforma mal-ħtiġijiet essenzjali u ma provvedimenti oħrajn relevanti li
hemm fid-Dirrettiva 1999/5/EC.
[Hungarian] Alulírott, ZyXEL nyilatkozom, hogy a berendezés megfelel a vonatkozó alapvetõ követelményeknek és az 1999/5/EK
irányelv egyéb elõírásainak.
[Polish] Niniejszym ZyXEL oświadcza, że sprzęt jest zgodny z zasadniczymi wymogami oraz pozostałymi stosownymi
postanowieniami Dyrektywy 1999/5/EC.
[Portuguese] ZyXEL declara que este equipamento está conforme com os requisitos essenciais e outras disposições da Directiva
1999/5/EC.
[Slovenian] ZyXEL izjavlja, da je ta oprema v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 1999/5/EC.
[Slovak] ZyXEL týmto vyhlasuje, že zariadenia spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 1999/5/EC.
[Finnish] ZyXEL vakuuttaa täten että laitteet tyyppinen laite on direktiivin 1999/5/EY oleellisten vaatimusten ja sitä koskevien
direktiivin muiden ehtojen mukainen.
[Swedish] Härmed intygar ZyXEL att denna utrustning står I överensstämmelse med de väsentliga egenskapskrav och övriga
relevanta bestämmelser som framgår av direktiv 1999/5/EC.
[Bulgarian] С настоящото ZyXEL декларира, че това оборудване е в съответствие със съществените изисквания и другите
приложими разпоредбите на Директива 1999/5/ЕC.
[Icelandic] Hér með lýsir, ZyXEL því yfir að þessi búnaður er í samræmi við grunnkröfur og önnur viðeigandi ákvæði tilskipunar
1999/5/EC.
[Norwegian] Erklærer herved ZyXEL at dette utstyret er I samsvar med de grunnleggende kravene og andre relevante
bestemmelser I direktiv 1999/5/EF.
[Romanian] Prin prezenta, ZyXEL declară că acest echipament este în conformitate cu cerinţele esenţiale şi alte prevederi
relevante ale Directivei 1999/5/EC.
Appendix G Legal Information
NWA1120 Series User’s Guide
210
National Restrictions
This product may be used in all EU countries (and other countries following the EU directive 1999/5/EC) without any limitation except for
the countries mentioned below:
Ce produit peut être utilisé dans tous les pays de l’UE (et dans tous les pays ayant transposés la directive 1999/5/CE) sans aucune
limitation, excepté pour les pays mentionnés ci-dessous:
Questo prodotto è utilizzabile in tutte i paesi EU (ed in tutti gli altri paesi che seguono le direttive EU 1999/5/EC) senza nessuna
limitazione, eccetto per i paesii menzionati di seguito:
Das Produkt kann in allen EU Staaten ohne Einschränkungen eingesetzt werden (sowie in anderen Staaten die der EU Direktive 1995/5/CE
folgen) mit Außnahme der folgenden aufgeführten Staaten:
In the majority of the EU and other European countries, the 2, 4- and 5-GHz bands have been made available for the use of wireless local
area networks (LANs). Later in this document you will find an overview of countries inwhich additional restrictions or requirements or both
are applicable.
The requirements for any country may evolve. ZyXEL recommends that you check with the local authorities for the latest status of their
national regulations for both the 2,4- and 5-GHz wireless LANs.
The following countries have restrictions and/or requirements in addition to those given in the table labeled “Overview of Regulatory
Requirements for Wireless LANs”:.
Belgium
The Belgian Institute for Postal Services and Telecommunications (BIPT) must be notified of any outdoor wireless link having a range
exceeding 300 meters. Please check http://www.bipt.be for more details.
Draadloze verbindingen voor buitengebruik en met een reikwijdte van meer dan 300 meter dienen aangemeld te worden bij het Belgisch
Instituut voor postdiensten en telecommunicatie (BIPT). Zie http://www.bipt.be voor meer gegevens.
Les liaisons sans fil pour une utilisation en extérieur d’une distance supérieure à 300 mètres doivent être notifiées à l’Institut Belge des
services Postaux et des Télécommunications (IBPT). Visitez http://www.ibpt.be pour de plus amples détails.
Denmark
In Denmark, the band 5150 - 5350 MHz is also allowed for outdoor usage.
I Danmark må frekvensbåndet 5150 - 5350 også anvendes udendørs.
Italy
This product meets the National Radio Interface and the requirements specified in the National Frequency Allocation Table for Italy. Unless
this wireless LAN product is operating within the boundaries of the owner's property, its use requires a “general authorization.” Please
check http://www.sviluppoeconomico.gov.it/ for more details.
Questo prodotto è conforme alla specifiche di Interfaccia Radio Nazionali e rispetta il Piano Nazionale di ripartizione delle frequenze in
Italia. Se non viene installato all 'interno del proprio fondo, l'utilizzo di prodotti Wireless LAN richiede una “Autorizzazione Generale”.
Consultare http://www.sviluppoeconomico.gov.it/ per maggiori dettagli.
Latvia
The outdoor usage of the 2.4 GHz band requires an authorization from the Electronic Communications Office. Please check http://
www.esd.lv for more details.
2.4 GHz frekvenèu joslas izmantoðanai ârpus telpâm nepiecieðama atïauja no Elektronisko sakaru direkcijas. Vairâk informâcijas: http://www.esd.lv.
Notes:
1. Although Norway, Switzerland and Liechtenstein are not EU member states, the EU Directive 1999/5/EC has also been implemented in
those countries.
2. The regulatory limits for maximum output power are specified in EIRP. The EIRP level (in dBm) of a device can be calculated by adding
the gain of the antenna used(specified in dBi) to the output power available at the connector (specified in dBm).
Overview of Regulatory Requirements for Wireless LANs
Frequency Band (MHz) Max Power Level
(EIRP)1 (mW) Indoor ONLY Indoor and Outdoor
2400-2483.5 100 V
5150-5350 200 V
5470-5725 1000 V
Appendix G Legal Information
NWA1120 Series User’s Guide 211
List of national codes
Safety Warnings
• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT store things on the device.
• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.
• Connect ONLY suitable accessories to the device.
• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY
qualified service personnel should service or disassemble this device. Please contact your vendor for further information.
• Make sure to connect the cables to the correct ports.
• Place connecting cables carefully so that no one will step on them or stumble over them.
• Always disconnect all cables from this device before servicing or disassembling.
• Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right supply voltage (for example, 110V AC in North
America or 230V AC in Europe).
• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power
adaptor or cord.
• Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.
• If the power adaptor or cord is damaged, remove it from the device and the power source.
• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.
• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.
• Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the
included antenna(s).
• If you wall mount your device, make sure that no electrical lines, gas or water pipes will be damaged.
• The PoE (Power over Ethernet) devices that supply or receive power and their connected Ethernet cables must all be completely
indoors.
• This product is for indoor use only (utilisation intérieure exclusivement).
• FOR COUNTRY CODE SELECTION USAGE (WLAN DEVICES)
Note: The country code selection is for non-US model only and is not available to all US model. Per FCC regulation, all Wi-Fi product
marketed in US must fixed to US operation channels only.
Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical
Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and
electronic equipment should be treated separately.
COUNTRY ISO 3166 2 LETTER CODE COUNTRY ISO 3166 2 LETTER CODE
Austria AT Malta MT
Belgium BE Netherlands NL
Cyprus CY Poland PL
Czech Republic CR Portugal PT
Denmark DK Slovakia SK
Estonia EE Slovenia SI
Finland FI Spain ES
France FR Sweden SE
Germany DE United Kingdom GB
Greece GR Iceland IS
Hungary HU Liechtenstein LI
Ireland IE Norway NO
Italy IT Switzerland CH
Latvia LV Bulgaria BG
Lithuania LT Romania RO
Luxembourg LU Turkey TR
Appendix G Legal Information
NWA1120 Series User’s Guide
212
Environmental Product Declaration
Index
NWA1120 Series User’s Guide 213
Index
A
access privileges 12
Accounting Server 84
Advanced Encryption Standard
See AES.
AES 196
Alerts 112
Alternative subnet mask notation 172
Antenna 89
antenna
directional 200
gain 199
omni-directional 199
AP (access point) 189
Applications
Access Point 15
AP + Bridge 15
applications
MBSSID 12
Repeater 15
ATC 76
ATC+WMM 76
B
Basic Service Set 56
see BSS
Basic Service Set, See BSS 187
beacon 56
Beacon Interval 63, 66, 72
BSS 12, 56, 187
C
CA 194
Certificate
authentication 100
file format 100
Certificate Authority
See CA.
Certificates
Fingerprint 109
MD5 109
public key 100
SHA1 109
Certification Authority 108
certifications 207
notices 208
viewing 208
Channel 57
channel 189
interference 189
contact information 201
Controlling network access, Ways of 11
cookies 19
copyright 207
CTS (Clear to Send) 190
customer support 201
D
disclaimer 207
Distribution System 56
DNS 94, 115
documentation
related 2
Domain Name Server (DNS) 115
DS 56
DTIM Interval 63, 67, 72
dynamic WEP key exchange 195
E
EAP 59
Index
NWA1120 Series User’s Guide214
EAP Authentication 193
Encryption 59, 78, 81
encryption 15, 196
ESS 56, 188
Ethernet device 86
Extended Service Set 56
Extended Service Set, See ESS 188
Extensible Authentication Protocol 59
F
Factory Defaults 121
restoring 21
FCC interference statement 207
Firefox 19
Firmware 116
Fragmentation 63, 67, 69, 73
Fragmentation threshold 89
fragmentation threshold 190
FTP 99
restrictions 99
G
Generic Token Card 59
GTC 59
Guide
Quick Start 2
H
hidden node 189
I
IANA 176
IBSS 187
IEEE 802.11g 191
IEEE 802.1x 57
Import Certificate 102
Independent Basic Service Set
See IBSS 187
initialization vector (IV) 196
Internet Assigned Numbers Authority
See IANA
Internet Explorer 19
Internet Protocol version 6, see IPv6
Internet telephony 13
IP Address 91
Gateway IP address 91
IP Screen 91
DHCP 93
IPv6 92, 177
addressing 92, 177
EUI-64 179
global address 92, 178
interface ID 179
link-local address 92, 177
Neighbor Discovery Protocol 92, 177
ping 92, 177
prefix 92, 177
prefix length 92, 177
stateless autoconfiguration 179
unspecified address 178
J
Java
permissions 19
JavaScripts 19
K
key 59, 79
L
layer-2 isolation 84
example 84
MAC address 85
LEAP 59
Index
NWA1120 Series User’s Guide 215
LEDs 18, 123
Blinking 18
Flashing 18
Off 18
Lightweight Extensible Authentication Protocol 59
Log 49
Log Screens 111
Logs
accessing logs 111
receiving logs via e-mail 112
Logs Screen
Mail Server 113
Mail Subject 113
Send Log to 113
Syslog 114
Logs, Uses of 111
M
MAC Filter
Allow Association 87
Deny Association 87
Maintenance 115
Association List 116
Backup 120
Restore 120
Management Information Base (MIB) 108
managing the device
good habits 17
MBSSID 12
Media Access Control 86
Message Integrity Check (MIC) 196
message relay 60
Microsoft Challenge Handshake Authentication
Protocol Version 2 59
MSCHAPv2 59
MSDU 63, 67, 73
N
NAT 176
Netscape Navigator 19
Network Time Protocol (NTP) 115
NTP 115
O
Operating Mode 56
other documentation 2
Output Power Management 63, 67, 69, 72
P
Pairwise Master Key (PMK) 196, 198
Passphrase 59
Password 124
PEAP 59
Personal Information Exchange Syntax
Standard 100
PFX PKCS#12 100
pop-up windows 19
Preamble 89
preamble mode 191
Preamble Type 63, 67, 69, 73
Pre-Shared Key 59
priorities 90
product registration 208
Protected Extensible Authentication Protocol 59
PSK 59, 196
Q
QoS 76
Quick Start Guide 2
R
Radio Frequency 89
RADIUS 59, 193
Accounting 60
Authentication 60
Authorization 60
message types 193
Index
NWA1120 Series User’s Guide216
messages 193
shared secret key 193
RADIUS Screen
Accounting Server 84
Accounting Server IP Address 84
RADIUS server 58
Backup 84
Primary 83
Rates Configuration 63, 67, 70, 73
registration
product 208
related documentation 2
Remote Authentication Dial In User Service 59
remote management 17
remote management limitations 98
Roaming 89
RootAP 15
RTS (Request To Send) 190
threshold 189, 190
RTS/CTS Threshold 63, 67, 69, 73, 89
S
screen resolution 19
Security Mode, Choosing the 90
Security Modes
None 58
WEP 58
WPA 58
WPA2 58
WPA2-MIX 58
WPA2-PSK 58
Service Set IDentifier 56
Service Set Identifier
see SSID
Simple Mail Transfer Protocol 112
SMTP 112, 114
SNMP
MIBs 108
Spanning Tree Protocol 89
SSID 12, 56
SSID profile
pre-configured 13
SSID profiles 12
Status Screens 25
802.11 Mode 50
Channel ID 50
Ethernet 25
FCS Error Count 50
Firmware Version 27
Interface Status 28
Poll Interval 50
Retry Count 50
Statistics 51
system statistics 25
WLAN 25
Subnet 169
Subnet Mask 91, 170
subnetting 172
supported browsers 19
Syslog Logging 112
System Screens
General 116
Password 117
Time
Time and Date Setup 118
Time Zone 118
T
telnet 102
Temporal Key Integrity Protocol 59
Temporal Key Integrity Protocol (TKIP) 196
TFTP restrictions 99
Thumbprint Algorithm 109
TKIP 59
TLS 59
trademarks 207
Transport Layer Security 59
Troubleshooting 123
connection is slow or intermittent 126
DHCP 124
factory defaults 125
firmware 125
Internet 125
LAN/ETHERNET port 125
QoS 126
Web Configurator 124
TTLS 59
Index
NWA1120 Series User’s Guide 217
Tunneled Transport Layer Security 59
Tutorial 29
U
User Authentication 58
V
Virtual Local Area Network 95
VLAN 95
introduction 95
VoIP 13, 76
W
warranty 208
note 208
WDS 15
Web Configurator 19
password 20
requirements 19
supported browsers 19
WEP 58
WEP key encrypting 90
Wi-Fi Multimedia QoS 89
Wi-Fi Protected Access 58, 195
Wired Equivalent Privacy 58
Wireless Client 42
wireless client WPA supplicants 197
Wireless Distribution System (WDS) 15
Wireless Mode 57
Wireless Mode, Choosing the
Access Point 29
Bridge 29
Wireless Client 29
Wireless Security 17
how to improve 17
Levels 58
wireless security 13, 192
Wireless Security Screen
WEP 78
WPA 79
Access Point 79
Wireless Client 80
WPA-PSK, WPA2-PSK, WPA2-PSK-MIX 81
Wireless Settings Screen 55
Access Point Mode 61
Antenna 89
AP + Bridge Mode 68
Bridge Mode 65
BSS 56
Channel 57
ESS 56
Fragmentation Threshold 89
Intra-BSS Traffic 89
Operating Mode 56
Preamble 89
Roaming 89
RTS/CTS Threshold 89
SSID 56
Wireless Client Mode 68
Wireless Mode 57
WMM QoS 89
WLAN
interference 189
security parameters 198
WMM 76
WMM QoS 89
WPA58, 195
key caching 196
pre-authentication 196
user authentication 196
vs WPA-PSK 196
wireless client supplicant 197
with RADIUS application example 197
WPA2 58, 195
user authentication 196
vs WPA2-PSK 196
wireless client supplicant 197
with RADIUS application example 197
WPA2-MIX 58
WPA2-Pre-Shared Key 195
WPA2-PSK 195, 196
application example 197
WPA2-PSK-MIX 58
WPA-PSK 195, 196
application example 197
Index
NWA1120 Series User’s Guide218
Z
ZyXEL Device
Ethernet parameters 91
good habits 17
Introduction 11
managing 16
resetting 21, 121
Security Features 17