ZyXEL Communications NWD310N Wireless LAN PCI card User Manual SMG 700 User s Guide V1 00 Nov 2004
ZyXEL Communications Corporation Wireless LAN PCI card SMG 700 User s Guide V1 00 Nov 2004
Contents
- 1. Users Manual Part 1 of 2
- 2. Users Manual Part 2 of 2
Users Manual Part 2 of 2
Appendix A Setting up Your Computer’s IP Address
NWD310N User’s Guide 91
5Right-click Local Area Connection and then click Properties.
"During this procedure, click Continue whenever Windows displays a screen
saying that it needs your permission to continue.
Figure 67 Windows Vista: Network and Sharing Center
6Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
Figure 68 Windows Vista: Local Area Connection Properties
Appendix A Setting up Your Computer’s IP Address
NWD310N User’s Guide
92
7The Internet Protocol Version 4 (TCP/IPv4) Properties window opens (the General
tab).
• If you have a dynamic IP address click Obtain an IP address automatically.
• If you have a static IP address click Use the following IP address and fill in the IP
address, Subnet mask, and Default gateway fields.
• Click Advanced.
Figure 69 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties
8 If you do not know your gateway's IP address, remove any previously installed
gateways in the IP Settings tab and click OK.
Do one or more of the following if you want to configure additional IP addresses:
•In the IP Settings tab, in IP addresses, click Add.
•In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet
mask, and then click Add.
• Repeat the above two steps for each IP address you want to add.
• Configure additional default gateways in the IP Settings tab by clicking Add in
Default gateways.
•In TCP/IP Gateway Address, type the IP address of the default gateway in Gateway.
To manually configure a default metric (the number of transmission hops), clear the
Automatic metric check box and type a metric in Metric.
• Click Add.
• Repeat the previous three steps for each default gateway you want to add.
• Click OK when finished.
Appendix A Setting up Your Computer’s IP Address
NWD310N User’s Guide 93
Figure 70 Windows Vista: Advanced TCP/IP Properties
9In the Internet Protocol Version 4 (TCP/IPv4) Properties window, (the General tab):
• Click Obtain DNS server address automatically if you do not know your DNS
server IP address(es).
• If you know your DNS server IP address(es), click Use the following DNS server
addresses, and type them in the Preferred DNS server and Alternate DNS server
fields.
If you have previously configured DNS servers, click Advanced and then the DNS
tab to order them.
Appendix A Setting up Your Computer’s IP Address
NWD310N User’s Guide
94
Figure 71 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties
10 Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties window.
11 Click Close to close the Local Area Connection Properties window.
12 Close the Network Connections window.
13 Turn on your NWD310N and restart your computer (if prompted).
Verifying Settings
1Click Start, All Programs, Accessories and then Command Prompt.
2In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can
also open Network Connections, right-click a network connection, click Status and
then click the Support tab.
Macintosh OS 8/9
1Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP
Control Panel.
Appendix A Setting up Your Computer’s IP Address
NWD310N User’s Guide 95
Figure 72 Macintosh OS 8/9: Apple Menu
2Select Ethernet built-in from the Connect via list.
Figure 73 Macintosh OS 8/9: TCP/IP
3For dynamically assigned settings, select Using DHCP Server from the Configure: list.
4For statically assigned settings, do the following:
•From the Configure box, select Manually.
Appendix A Setting up Your Computer’s IP Address
NWD310N User’s Guide
96
• Type your IP address in the IP Address box.
• Type your subnet mask in the Subnet mask box.
• Type the IP address of your NWD310N in the Router address box.
5Close the TCP/IP Control Panel.
6Click Save if prompted, to save changes to your configuration.
7Turn on your NWD310N and restart your computer (if prompted).
Verifying Settings
Check your TCP/IP properties in the TCP/IP Control Panel window.
Macintosh OS X
1Click the Apple menu, and click System Preferences to open the System Preferences
window.
Figure 74 Macintosh OS X: Apple Menu
2Click Network in the icon bar.
• Select Automatic from the Location list.
• Select Built-in Ethernet from the Show list.
• Click the TCP/IP tab.
3For dynamically assigned settings, select Using DHCP from the Configure list.
Appendix A Setting up Your Computer’s IP Address
NWD310N User’s Guide 97
Figure 75 Macintosh OS X: Network
4For statically assigned settings, do the following:
•From the Configure box, select Manually.
• Type your IP address in the IP Address box.
• Type your subnet mask in the Subnet mask box.
• Type the IP address of your NWD310N in the Router address box.
5Click Apply Now and close the window.
6Turn on your NWD310N and restart your computer (if prompted).
Verifying Settings
Check your TCP/IP properties in the Network window.
Linux
This section shows you how to configure your computer’s TCP/IP settings in Red Hat Linux
9.0. Procedure, screens and file location may vary depending on your Linux distribution and
release version.
Appendix A Setting up Your Computer’s IP Address
NWD310N User’s Guide
98
"Make sure you are logged in as the root administrator.
Using the K Desktop Environment (KDE)
Follow the steps below to configure your computer IP address using the KDE.
1Click the Red Hat button (located on the bottom left corner), select System Setting and
click Network.
Figure 76 Red Hat 9.0: KDE: Network Configuration: Devices
2Double-click on the profile of the network card you wish to configure. The Ethernet
Device General screen displays as shown.
Figure 77 Red Hat 9.0: KDE: Ethernet Device: General
Appendix A Setting up Your Computer’s IP Address
NWD310N User’s Guide 99
• If you have a dynamic IP address, click Automatically obtain IP address settings
with and select dhcp from the drop down list.
• If you have a static IP address, click Statically set IP Addresses and fill in the
Address, Subnet mask, and Default Gateway Address fields.
3Click OK to save the changes and close the Ethernet Device General screen.
4If you know your DNS server IP address(es), click the DNS tab in the Network
Configuration screen. Enter the DNS server information in the fields provided.
Figure 78 Red Hat 9.0: KDE: Network Configuration: DNS
5Click the Devices tab.
6Click the Activate button to apply the changes. The following screen displays. Click Yes
to save the changes in all screens.
Figure 79 Red Hat 9.0: KDE: Network Configuration: Activate
7After the network card restart process is complete, make sure the Status is Active in the
Network Configuration screen.
Using Configuration Files
Follow the steps below to edit the network configuration files and set your computer IP
address.
1Assuming that you have only one network card on the computer, locate the ifconfig-
eth0 configuration file (where eth0 is the name of the Ethernet card). Open the
configuration file with any plain text editor.
• If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The
following figure shows an example.
Appendix A Setting up Your Computer’s IP Address
NWD310N User’s Guide
100
Figure 80 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0
• If you have a static IP address, enter static in the BOOTPROTO= field. Type
IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK=
followed by the subnet mask. The following example shows an example where the
static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0.
Figure 81 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0
2If you know your DNS server IP address(es), enter the DNS server information in the
resolv.conf file in the /etc directory. The following figure shows an example where
two DNS server IP addresses are specified.
Figure 82 Red Hat 9.0: DNS Settings in resolv.conf
3After you edit and save the configuration files, you must restart the network card. Enter
./network restart in the /etc/rc.d/init.d directory. The following figure
shows an example.
Figure 83 Red Hat 9.0: Restart Ethernet Card
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
USERCTL=no
PEERDNS=yes
TYPE=Ethernet
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.10
NETMASK=255.255.255.0
USERCTL=no
PEERDNS=yes
TYPE=Ethernet
nameserver 172.23.5.1
nameserver 172.23.5.2
[root@localhost init.d]# network restart
Shutting down interface eth0: [OK]
Shutting down loopback interface: [OK]
Setting network parameters: [OK]
Bringing up loopback interface: [OK]
Bringing up interface eth0: [OK]
Appendix A Setting up Your Computer’s IP Address
NWD310N User’s Guide 101
Verifying Settings
Enter ifconfig in a terminal screen to check your TCP/IP properties.
Figure 84 Red Hat 9.0: Checking TCP/IP Properties
[root@localhost]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44
inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:717 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb)
Interrupt:10 Base address:0x1000
[root@localhost]#
Appendix A Setting up Your Computer’s IP Address
NWD310N User’s Guide
102
NWD310N User’s Guide 103
APPENDIX B
Wireless LANs
Wireless LAN Topologies
This section discusses ad-hoc and infrastructure wireless LAN topologies.
Ad-hoc Wireless LAN Configuration
The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of
computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within
range of each other, they can set up an independent network, which is commonly referred to as
an ad-hoc network or Independent Basic Service Set (IBSS). The following diagram shows an
example of notebook computers using wireless adapters to form an ad-hoc wireless LAN.
Figure 85 Peer-to-Peer Communication in an Ad-hoc Network
BSS
A Basic Service Set (BSS) exists when all communications between wireless clients or
between a wireless client and a wired network client go through one access point (AP).
Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled,
wireless client A and B can access the wired network and communicate with each other. When
Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot
communicate with each other.
Appendix B Wireless LANs
NWD310N User’s Guide
104
Figure 86 Basic Service Set
ESS
An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an
access point, with each access point connected together by a wired network. This wired
connection between APs is called a Distribution System (DS).
This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not
only provide communication with the wired network but also mediate wireless network traffic
in the immediate neighborhood.
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their
associated wireless clients within the same ESS must have the same ESSID in order to
communicate.
Appendix B Wireless LANs
NWD310N User’s Guide 105
Figure 87 Infrastructure WLAN
Channel
A channel is the radio frequency(ies) used by wireless devices to transmit and receive data.
Channels available depend on your geographical area. You may have a choice of channels (for
your region) so you should use a channel different from an adjacent AP (access point) to
reduce interference. Interference occurs when radio signals from different access points
overlap causing interference and degrading performance.
Adjacent channels partially overlap however. To avoid interference due to overlap, your AP
should be on a channel at least five channels away from a channel that an adjacent AP is using.
For example, if your region has 11 channels and an adjacent AP is using channel 1, then you
need to select a channel between 6 or 11.
RTS/CTS
A hidden node occurs when two stations are within range of the same access point, but are not
within range of each other. The following figure illustrates a hidden node. Both stations (STA)
are within range of the access point (AP) or wireless gateway, but out-of-range of each other,
so they cannot "hear" each other, that is they do not know if the channel is currently being
used. Therefore, they are considered hidden from each other.
Appendix B Wireless LANs
NWD310N User’s Guide
106
Figure 88 RTS/CTS
When station A sends data to the AP, it might not know that the station B is already using the
channel. If these two stations send data at the same time, collisions may occur when both sets
of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the
biggest size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send)
handshake is invoked.
When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station
that wants to transmit this frame must first send an RTS (Request To Send) message to the AP
for permission to send it. The AP then responds with a CTS (Clear to Send) message to all
other stations within its range to notify them to defer their transmission. It also reserves and
confirms with the requesting station the time frame for the requested transmission.
Stations can send frames smaller than the specified RTS/CTS directly to the AP without the
RTS (Request To Send)/CTS (Clear to Send) handshake.
You should only configure RTS/CTS if the possibility of hidden nodes exists on your network
and the "cost" of resending large frames is more than the extra network overhead involved in
the RTS (Request To Send)/CTS (Clear to Send) handshake.
If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the
RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will
be fragmented before they reach RTS/CTS size.
"Enabling the RTS Threshold causes redundant network overhead that could
negatively affect the throughput performance instead of providing a remedy.
Fragmentation Threshold
A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432
bytes) that can be sent in the wireless network before the AP will fragment the packet into
smaller data frames.
A large Fragmentation Threshold is recommended for networks not prone to interference
while you should set a smaller threshold for busy networks or networks that are prone to
interference.
Appendix B Wireless LANs
NWD310N User’s Guide 107
If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously)
you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as
data frames will be fragmented before they reach RTS/CTS size.
Preamble Type
Preamble is used to signal that data is coming to the receiver. Short and long refer to the length
of the synchronization field in a packet.
Short preamble increases performance as less time sending preamble means more time for
sending data. All IEEE 802.11 compliant wireless adapters support long preamble, but not all
support short preamble.
Use long preamble if you are unsure what preamble mode other wireless devices on the
network support, and to provide more reliable communications in busy wireless networks.
Use short preamble if you are sure all wireless devices on the network support it, and to
provide more efficient communications.
Use the dynamic setting to automatically use short preamble when all wireless devices on the
network support it, otherwise the NWD310N uses long preamble.
"The wireless devices MUST use the same preamble mode in order to
communicate.
IEEE 802.11g Wireless LAN
IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE
802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at
11 Mbps or lower depending on range. IEEE 802.11g has several intermediate rate steps
between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation
are as follows:
Wireless Security Overview
Wireless security is vital to your network to protect wireless communication between wireless
clients, access points and the wired network.
Table 22 IEEE 802.11g
DATA RATE (MBPS) MODULATION
1 DBPSK (Differential Binary Phase Shift Keyed)
2 DQPSK (Differential Quadrature Phase Shift Keying)
5.5 / 11 CCK (Complementary Code Keying)
6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing)
Appendix B Wireless LANs
NWD310N User’s Guide
108
Wireless security methods available on the NWD310N are data encryption, wireless client
authentication, restricting access by device MAC address and hiding the NWD310N identity.
The following figure shows the relative effectiveness of these wireless security methods
available on your NWD310N.
"You must enable the same wireless security settings on the NWD310N and on
all wireless clients that you want to associate with it.
IEEE 802.1x
In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to
support extended authentication as well as providing additional accounting and control
features. It is supported by Windows XP and a number of network devices. Some advantages
of IEEE 802.1x are:
• User based identification that allows for roaming.
• Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for
centralized user profile and accounting management on a network RADIUS server.
• Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional
authentication methods to be deployed with no changes to the access point or the wireless
clients.
RADIUS
RADIUS is based on a client-server model that supports authentication, authorization and
accounting. The access point is the client and the server is the RADIUS server. The RADIUS
server handles the following tasks:
• Authentication
Determines the identity of the users.
• Authorization
Table 23 Wireless Security Levels
SECURITY
LEVEL SECURITY TYPE
Least
S e c u r e
Most Secure
Unique SSID (Default)
Unique SSID with Hide SSID Enabled
MAC Address Filtering
WEP Encryption
IEEE802.1x EAP with RADIUS Server Authentication
Wi-Fi Protected Access (WPA)
WPA2
Appendix B Wireless LANs
NWD310N User’s Guide 109
Determines the network services available to authenticated users once they are connected
to the network.
• Accounting
Keeps track of the client’s network activity.
RADIUS is a simple package exchange in which your AP acts as a message relay between the
wireless client and the network RADIUS server.
Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the access point and the
RADIUS server for user authentication:
• Access-Request
Sent by an access point requesting authentication.
• Access-Reject
Sent by a RADIUS server rejecting access.
• Access-Accept
Sent by a RADIUS server allowing access.
• Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access. The
access point sends a proper response from the user and then sends another Access-Request
message.
The following types of RADIUS messages are exchanged between the access point and the
RADIUS server for user accounting:
• Accounting-Request
Sent by the access point requesting accounting.
• Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
In order to ensure network security, the access point and the RADIUS server use a shared
secret key, which is a password, they both know. The key is not sent over the network. In
addition to the shared key, password information exchanged is also encrypted to protect the
network from unauthorized access.
Types of EAP Authentication
This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS,
PEAP and LEAP. Your wireless LAN device may not support all authentication types.
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the
IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By
using EAP to interact with an EAP-compatible RADIUS server, an access point helps a
wireless station and a RADIUS server perform authentication.
The type of authentication you use depends on the RADIUS server and an intermediary AP(s)
that supports IEEE 802.1x. .
Appendix B Wireless LANs
NWD310N User’s Guide
110
For EAP-TLS authentication type, you must first have a wired connection to the network and
obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs)
can be used to authenticate users and a CA issues certificates and guarantees the identity of
each certificate owner.
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The authentication server
sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password
by encrypting the password with the challenge and sends back the information. Password is
not sent in plain text.
However, MD5 authentication has some weaknesses. Since the authentication server needs to
get the plaintext passwords, the passwords must be stored. Thus someone other than the
authentication server may access the password file. In addition, it is possible to impersonate an
authentication server as MD5 authentication method does not perform mutual authentication.
Finally, MD5 authentication method does not support data encryption with dynamic session
key. You must configure WEP encryption keys for data encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless clients for
mutual authentication. The server presents a certificate to the client. After validating the
identity of the server, the client sends a different certificate to the server. The exchange of
certificates is done in the open before a secured tunnel is created. This makes user identity
vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the
sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to
handle certificates, which imposes a management overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the
server-side authentications to establish a secure connection. Client authentication is then done
by sending username and password through the secure connection, thus client identity is
protected. For client authentication, EAP-TTLS supports EAP methods and legacy
authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection,
then use simple username and password methods through the secured connection to
authenticate the clients, thus hiding client identity. However, PEAP only supports EAP
methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card),
for client authentication. EAP-GTC is implemented only by Cisco.
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE
802.1x.
Appendix B Wireless LANs
NWD310N User’s Guide 111
Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key expires when
the wireless connection times out, disconnects or reauthentication times out. A new WEP key
is generated each time reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default encryption key in the
wireless security configuration screen. You may still configure and store keys, but they will
not be used while dynamic WEP is enabled.
"EAP-MD5 cannot be used with Dynamic WEP Key Exchange
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use
dynamic keys for data encryption. They are often deployed in corporate environments, but for
public deployment, a simple user name and password pair is more practical. The following
table is a comparison of the features of authentication types.
WPA and WPA2
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE
802.11i) is a wireless security standard that defines stronger encryption, authentication and
key management than WPA.
Key differences between WPA or WPA2 and WEP are improved data encryption and user
authentication.
If both an AP and the wireless clients support WPA2 and you have an external RADIUS
server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server,
you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical)
password entered into each access point, wireless gateway and wireless client. As long as the
passwords match, a wireless client will be granted access to a WLAN.
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending
on whether you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is
less secure than WPA or WPA2.
Table 24 Comparison of EAP Authentication Types
EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP
Mutual Authentication No Yes Yes Yes Yes
Certificate – Client No Yes Optional Optional No
Certificate – Server No Yes Yes Yes No
Dynamic Key Exchange No Yes Yes Yes Yes
Credential Integrity None Strong Strong Strong Moderate
Deployment Difficulty Easy Hard Moderate Moderate Moderate
Client Identity Protection No No Yes Yes No
Appendix B Wireless LANs
NWD310N User’s Guide
112
Encryption
Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol
(TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced
Encryption Standard (AES) in the Counter mode with Cipher block chaining Message
authentication code Protocol (CCMP) to offer stronger encryption than TKIP.
TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication
server. AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit
mathematical algorithm called Rijndael. They both include a per-packet key mixing function,
a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with
sequencing rules, and a re-keying mechanism.
WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption
key is never used twice.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up
a key hierarchy and management system, using the PMK to dynamically generate unique data
encryption keys to encrypt every data packet that is wirelessly communicated between the AP
and the wireless clients. This all happens in the background automatically.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data
packets, altering them and resending them. The MIC provides a strong mathematical function
in which the receiver and the transmitter each compute and then compare the MIC. If they do
not match, it is assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity
checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a Wi-Fi
network than WEP and difficult for an intruder to break into the network.
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only
difference between the two is that WPA(2)-PSK uses a simple common password, instead of
user-specific credentials. The common-password approach makes WPA(2)-PSK susceptible to
brute-force password-guessing attacks but it’s still an improvement over WEP as it employs a
consistent, single, alphanumeric password to derive a PMK which is used to generate unique
temporal encryption keys. This prevent all wireless devices sharing the same encryption keys.
(a weakness of WEP)
User Authentication
WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to
authenticate wireless clients using an external RADIUS database. WPA2 reduces the number
of key exchange messages from six to four (CCMP 4-way handshake) and shortens the time
required to connect to a network. Other WPA2 authentication features that are different from
WPA include key caching and pre-authentication. These two features are optional and may not
be supported in all wireless devices.
Key caching allows a wireless client to store the PMK it derived through a successful
authentication with an AP. The wireless client uses the PMK when it tries to connect to the
same AP and does not need to go with the authentication process again.
Pre-authentication enables fast roaming by allowing the wireless client (already connecting to
an AP) to perform IEEE 802.1x authentication with another AP before connecting to it.
Appendix B Wireless LANs
NWD310N User’s Guide 113
Wireless Client WPA Supplicants
A wireless client supplicant is the software that runs on an operating system instructing the
wireless client how to use WPA. At the time of writing, the most widely available supplicant is
the WPA patch for Windows XP, Funk Software's Odyssey client.
The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in
"Zero Configuration" wireless client. However, you must run Windows XP to use it.
WPA(2) with RADIUS Application Example
To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is
1812), and the RADIUS shared secret. A WPA(2) application example with an external
RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system.
1The AP passes the wireless client's authentication request to the RADIUS server.
2The RADIUS server then checks the user's identification against its database and grants
or denies network access accordingly.
3A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the
RADIUS server and the client.
4The RADIUS server distributes the PMK to the AP. The AP then sets up a key hierarchy
and management system, using the PMK to dynamically generate unique data encryption
keys. The keys are used to encrypt every data packet that is wirelessly communicated
between the AP and the wireless clients.
Figure 89 WPA(2) with RADIUS Application Example
WPA(2)-PSK Application Example
A WPA(2)-PSK application looks as follows.
1First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key
(PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters
(including spaces and symbols).
2The AP checks each wireless client's password and allows it to join the network only if
the password matches.
Appendix B Wireless LANs
NWD310N User’s Guide
114
3The AP and wireless clients generate a common PMK (Pairwise Master Key). The key
itself is not sent over the network, but is derived from the PSK and the SSID.
4The AP and wireless clients use the TKIP or AES encryption process, the PMK and
information exchanged in a handshake to create temporal encryption keys. They use
these keys to encrypt data exchanged between them.
Figure 90 WPA(2)-PSK Authentication
Security Parameters Summary
Refer to this table to see what other security parameters you should configure for each
authentication method or key management protocol type. MAC address filters are not
dependent on how you configure these security features.
Table 25 Wireless Security Relational Matrix
AUTHENTICATION
METHOD/ KEY
MANAGEMENT PROTOCOL
ENCRYPTIO
N METHOD
ENTER
MANUAL KEY IEEE 802.1X
Open None No Disable
Enable without Dynamic WEP Key
Open WEP No Enable with Dynamic WEP Key
Yes Enable without Dynamic WEP Key
Yes Disable
Shared WEP No Enable with Dynamic WEP Key
Yes Enable without Dynamic WEP Key
Yes Disable
WPA TKIP/AES No Enable
WPA-PSK TKIP/AES Yes Disable
WPA2 TKIP/AES No Enable
WPA2-PSK TKIP/AES Yes Disable
Appendix B Wireless LANs
NWD310N User’s Guide 115
Antenna Overview
An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF
signal to the antenna, which propagates the signal through the air. The antenna also operates in
reverse by capturing RF signals from the air.
Positioning the antennas properly increases the range and coverage area of a wireless LAN.
Antenna Characteristics
Frequency
An antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz (IEEE
802.11a) is needed to communicate efficiently in a wireless LAN
Radiation Pattern
A radiation pattern is a diagram that allows you to visualize the shape of the antenna’s
coverage area.
Antenna Gain
Antenna gain, measured in dB (decibel), is the increase in coverage within the RF beam width.
Higher antenna gain improves the range of the signal for better communications.
For an indoor site, each 1 dB increase in antenna gain results in a range increase of
approximately 2.5%. For an unobstructed outdoor site, each 1dB increase in gain results in a
range increase of approximately 5%. Actual results may vary depending on the network
environment.
Antenna gain is sometimes specified in dBi, which is how much the antenna increases the
signal power compared to using an isotropic antenna. An isotropic antenna is a theoretical
perfect antenna that sends out radio signals equally well in all directions. dBi represents the
true gain that the antenna provides.
Types of Antennas for WLAN
There are two types of antennas used for wireless LAN applications.
• Omni-directional antennas send the RF signal out in all directions on a horizontal plane.
The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a
room environment. With a wide coverage area, it is possible to make circular overlapping
coverage areas with multiple access points.
• Directional antennas concentrate the RF signal in a beam, like a flashlight does with the
light from its bulb. The angle of the beam determines the width of the coverage pattern.
Angles typically range from 20 degrees (very directional) to 120 degrees (less directional).
Directional antennas are ideal for hallways and outdoor point-to-point applications.
Appendix B Wireless LANs
NWD310N User’s Guide
116
Positioning Antennas
In general, antennas should be mounted as high as practically possible and free of
obstructions. In point-to–point application, position both antennas at the same height and in a
direct line of sight to each other to attain the best performance.
For omni-directional antennas mounted on a table, desk, and so on, point the antenna up. For
omni-directional antennas mounted on a wall or ceiling, point the antenna down. For a single
AP application, place omni-directional antennas as close to the center of the coverage area as
possible.
For directional antennas, point the antenna in the direction of the desired coverage area.
NWD310N User’s Guide 117
APPENDIX C
Windows Wireless Management
This appendix shows you how to manage your NWD310N using the Windows Vista and
Windows XP wireless configuration tools.
Windows Vista
Take the following steps to connect to a wireless network using the Windows Vista wireless
configuration tool (WLAN AutoConfig).
Connecting to a Wireless Network
1In the Windows Vista taskbar, click Start () > Connect To.
Figure 91 Vista: Start Menu
The Connect To window displays, showing all available networks.
Appendix C Windows Wireless Management
NWD310N User’s Guide
118
Figure 92 Vista: The Connect To Window
The security status of each wireless network displays, as well as an indication of its
signal strength. If you use the mouse pointer to hover over a network’s entry, additional
information about the network displays.
Figure 93 Vista: Additional Information
2Double-click the network’s name to join the network, or select a network and click
Connect.
"If the network to which you want to connect does not display, see the section
on setting up a connection manually on page 120.
3If security is enabled, you may be prompted to enter your security key.
Appendix C Windows Wireless Management
NWD310N User’s Guide 119
Figure 94 Vista: Enter Security Key
Your computer tries to connect to the wireless network.
Figure 95 Vista: Connecting
If your computer has connected to the wireless network successfully, the following
screen displays.
Appendix C Windows Wireless Management
NWD310N User’s Guide
120
Figure 96 Vista: Successful Connection
4If you will use this network again, ensure that Save this network is selected. If you save
the network, you do not have to configure its settings again.
5Select Start this connection automatically if you want Windows to always try to use
this network when you start up your computer. If you do not select this (but select Save
this network) you can connect manually each time by clicking Start > Connect to and
selecting the network’s name from the list.
Connecting to a Network Manually
If the wireless network to which you want to connect does not appear in the Connect to
window (if your network’s SSID is hidden, for example), take the following steps to configure
your network connection manually
1Click Set up a connection or network at the bottom of the Connect to screen. The
following screen displays.
Appendix C Windows Wireless Management
NWD310N User’s Guide 121
Figure 97 Vista: Choose a Connection Option
2Click Manually connect to a wireless network. The following screen displays.
Figure 98 Vista: Connect Manually
The following table describes the labels in this screen.
Table 26 Vista: Connect Manually
LABEL DESCRIPTION
Network name Enter your network’s SSID (Service Set IDentifier).
Security type Select the type of security used by the network to which you want to
connect. The types of available security shown depend on your computer’s
wireless client.
In this field, WPA(2)-Personal is the same as WPA(2)-PSK, and WPA(2)-
Enterprise is the same as WPA(2)
Appendix C Windows Wireless Management
NWD310N User’s Guide
122
3When you have finished filling in the fields, click Next. the following screen displays.
Figure 99 Vista: Successfully Added Network
4If you want to make any changes to the settings you just configured, click Change
connection settings. Otherwise, click Connect to.... In the window that displays,
double-click the new network’s name to connect to the network.
Setting Up An Ad-Hoc Network
Take the following steps to set up a wireless connection between two computers in Windows
Vista.
Encryption type Select the type of encryption used by the network.
When you use WEP or 802.1x, WEP displays.
When you use a WPA mode (WPA(2)-Personal or WPA(2)-Enterprise)
you can choose AES or TKIP (if supported by your computer’s wireless
client).
Security Key /
Passphrase
If your network uses WEP or WPA(2)-Personal security, enter the key
here.
Display Characters Select this if you do not want the security key characters to be hidden.
Start this connection
automatically
Select this box if you always want to try to connect to this network at
startup. If you leave this box unchecked, you will need to connect manually
each time.
Connect even if the
network is not
broadcasting
Select this box if you always want to try to connect to this network at
startup, even if the network is not broadcasting its SSID. The warning in
this field refers to the fact that if you do this, your computer sends out probe
request packets, which contain the network’s SSID and could be used by
an attacker to access the network.
Next Click this to save your settings and move on to the next page.
Cancel Click this to stop setting up your network.
Table 26 Vista: Connect Manually
LABEL DESCRIPTION
Appendix C Windows Wireless Management
NWD310N User’s Guide 123
1Click Start () > Connect To. In the Connect to screen, click Set up a connection
or network. The following screen displays.
Figure 100 Vista: Set Up An Ad-hoc Network
2Select Set up a wireless ad hoc (computer-to-computer) network and click Next. The
following screen displays.
Figure 101 Vista: Ad-hoc Options
3Enter the Network name (SSID) you want to use for your network. Select a Security
type. If you are not sure what kind of security you want to use, click the Help me choose
link.
Appendix C Windows Wireless Management
NWD310N User’s Guide
124
"Make sure all the wireless clients on your ad-hoc network can support the type
of security you select.
4Enter the Security key/Passphrase. Everybody on the network must enter this key in
their computer’s wireless client in order to access the network. If you want to see the
characters you entered, select the Display characters box. Otherwise, leave it empty
(dots display instead of the characters).
5If you will use this ad-hoc network again, select the Save this network box. If you do
this, the next time you click Start > Connect to, you can select the network from the list.
6Click Next. The following screen displays.
Figure 102 Vista: Ad-hoc Network Ready
7If you want to share files with other computers on the ad-hoc network, or let other
computers use your Internet connection, click the Network and Sharing Center link.
Otherwise, click Close.
Windows XP
Be sure you have the Windows XP service pack 2 installed on your computer. Otherwise, you
should at least have the Windows XP service pack 1 already on your computer and download
the support patch for WPA from the Microsoft web site.
Windows XP SP2 screen shots are shown unless otherwise specified. Click the help icon ( )
in most screens, move the cursor to the item that you want the information about and click to
view the help.
Activating Wireless Zero Configuration
1Click Start, Control Panel and double-click Network Connections.
Appendix C Windows Wireless Management
NWD310N User’s Guide 125
2Double-click on the icon for wireless network connection.
3The status window displays as shown below. Click Properties.
Figure 103 Windows XP SP1: Wireless Network Connection Status
Figure 104 Windows XP SP2: Wireless Network Connection Status
4The Wireless Network Connection Properties screen displays. Click the Wireless
Networks tab.
Make sure the Use Windows to configure my wireless network settings check box is
selected.
Appendix C Windows Wireless Management
NWD310N User’s Guide
126
Figure 105 Windows XP SP1: Wireless Network Connection Properties
Figure 106 Windows XP SP2: Wireless Network Connection Properties
If you see the following screen, refer to article 871122 on the Microsoft web site for
information on starting WZC.
Appendix C Windows Wireless Management
NWD310N User’s Guide 127
Figure 107 Windows XP SP2: WZC Not Available
Connecting to a Wireless Network
1Double-click the network icon for wireless connections in the system tray to open the
Wireless Network Connection Status screen.
Figure 108 Windows XP SP2: System Tray Icon
The type of the wireless network icon in Windows XP SP2 indicates the status of the
NWD310N. Refer to the following table for details.
2Windows XP SP2: In the Wireless Network Connection Status screen, click View
Wireless Networks to open the Wireless Network Connection screen.
Table 27 Windows XP SP2: System Tray Icon
ICON DESCRIPTION
The NWD310N is connected to a wireless network.
The NWD310N is in the process of connecting to a wireless network.
The connection to a wireless network is limited because the network did not assign a
network address to the computer.
The NWD310N is not connected to a wireless network.
Appendix C Windows Wireless Management
NWD310N User’s Guide
128
Figure 109 Windows XP SP2: Wireless Network Connection Status
Windows XP SP1: In the Wireless Network Connection Status screen, click
Properties and the Wireless Networks tab to open the Wireless Network Connection
Properties screen.
Figure 110 Windows XP SP1: Wireless Network Connection Status
3Windows XP SP2: Click Refresh network list to reload and search for available
wireless devices within transmission range. Select a wireless network in the list and click
Connect to join the selected wireless network.
Appendix C Windows Wireless Management
NWD310N User’s Guide 129
Figure 111 Windows XP SP2: Wireless Network Connection
The following table describes the icons in the wireless network list.
Windows XP SP1: Click Refresh to reload and search for available wireless devices
within transmission range. Select a wireless network in the Available networks list,
click Configure and set the related fields to the same security settings as the associated
AP to add the selected network into the Preferred networks table. Click OK to join the
selected wireless network. Refer to the section on security settings (discussed later) for
more information.
Table 28 Windows XP SP2: Wireless Network Connection
ICON DESCRIPTION
This denotes that wireless security is activated for the wireless network.
This denotes that this wireless network is your preferred network. Ordering your
preferred networks is important because the NWD310N tries to associate to the
preferred network first in the order that you specify. Refer to the section on ordering the
preferred networks for detailed information.
This denotes the signal strength of the wireless network.
Move your cursor to the icon to see details on the signal strength.
Appendix C Windows Wireless Management
NWD310N User’s Guide
130
Figure 112 Windows XP SP1: Wireless Network Connection Properties
44.Windows XP SP2: If the wireless security is activated for the selected wireless
network, the Wireless Network Connection screen displays. You must set the related
fields in the Wireless Network Connection screen to the same security settings as the
associated AP and click Connect. Refer to the section about security settings for more
information. Otherwise click Cancel and connect to another wireless network without
data encryption. If there is no security activated for the selected wireless network, a
warning screen appears. Click Connect Anyway if wireless security is not your concern.
Figure 113 Windows XP SP2: Wireless Network Connection: WEP or WPA-PSK
Appendix C Windows Wireless Management
NWD310N User’s Guide 131
Figure 114 Windows XP SP2: Wireless Network Connection: No Security
5Verify that you have successfully connected to the selected network and check the
connection status in the wireless network list or the connection icon in the Preferred
networks or Available networks list.
The following table describes the connection icons.
Security Settings
When you configure the NWD310N to connect to a secure network but the security settings
are not yet enabled on the NWD310N, you will see different screens according to the
authentication and encryption methods used by the selected network.
Association
Select a network in the Preferred networks list and click Properties to view or configure
security.
Figure 115 Windows XP: Wireless (network) properties: Association
Table 29 Windows XP: Wireless Networks
ICON DESCRIPTION
This denotes the wireless network is an available wireless network.
This denotes the NWD310N is associated to the wireless network.
This denotes the wireless network is not available.
Appendix C Windows Wireless Management
NWD310N User’s Guide
132
The following table describes the labels in this screen.
Authentication
Click the Authentication tab in the Wireless (network) properties screen to display the
screen shown next. The fields on this screen are grayed out when the network is in Ad-Hoc
mode or data encryption is disabled.
Table 30 Windows XP: Wireless (network) properties: Association
LABEL DESCRIPTION
Network name
(SSID)
This field displays the SSID (Service Set IDentifier) of each wireless network.
Network
Authentication
This field automatically shows the authentication method (Share, Open, WPA or
WPA-PSK) used by the selected network.
Data Encryption This field automatically shows the encryption type (TKIP, WEP or Disable) used
by the selected network.
Network Key Enter the pre-shared key or WEP key.
The values for the keys must be set up exactly the same on all wireless devices in
the same wireless LAN.
Confirm network
key
Enter the key again for confirmation.
Key index
(advanced)
Select a default WEP key to use for data encryption.
This field is available only when the network use WEP encryption method and the
The key is provided for me automatically check box is not selected.
The key is
provided for me
automatically
If this check box is selected, the wireless AP assigns the NWD310N a key.
This is a
computer-to-
computer (ad hoc)
network; wireless
access points are
not used
If this check box is selected, you are connecting to another computer directly.
OK Click OK to save your changes.
Cancel Click Cancel to leave this screen without saving any changes you may have
made.
Appendix C Windows Wireless Management
NWD310N User’s Guide 133
Figure 116 Windows XP: Wireless (network) properties: Authentication
The following table describes the labels in this screen.
Authentication Properties
Select an EAP authentication type in the Wireless (network) properties: Authentication
screen and click the Properties button to display the following screen.
Table 31 Windows XP: Wireless (network) properties: Authentication
LABEL DESCRIPTION
Enable IEEE
802.1x
authentication for
this network
This field displays whether the IEEE 802.1x authentication is active.
If the network authentication is set to Open in the previous screen, you can
choose to disable or enable this feature.
EAP Type Select the type of EAP authentication. Options are Protected EAP (PEAP) and
Smart Card or other Certificate.
Properties Click this button to open the properties screen and configure certificates. The
screen varies depending on what you select in the EAP type field.
Authenticate as
computer when
computer
information is
available
Select this check box to have the computer send its information to the network for
authentication when a user is not logged on.
Authenticate as
guest when user
or computer
information is
unavailable
Select this check box to have the computer access to the network as a guest when
a user is not logged on or computer information is not available.
OK Click OK to save your changes.
Cancel Click Cancel to leave this screen without saving any changes you may have
made.
Appendix C Windows Wireless Management
NWD310N User’s Guide
134
Protected EAP Properties
Figure 117 Windows XP: Protected EAP Properties
The following table describes the labels in this screen.
Table 32 Windows XP: Protected EAP Properties
LABEL DESCRIPTION
Validate server
certificate
Select the check box to verify the certificate of the authentication server.
Connect to these
servers
Select the check box and specify a domain in the field below to have your
computer connect to a server which resides only within this domain.
Trusted Root
Certification
Authorities:
Select a trusted certification authority from the list below.
Note: You must first have a wired connection to a network and
obtain the certificate(s) from a certificate authority (CA).
Consult your network administrator for more information.
Do not prompt
user to authorize
new server or
trusted
certification
authorities.
Select this check box to verify a new authentication server or trusted CA without
prompting.
This field is available only if you installed the Windows XP server pack 2.
Select
Authentication
Method:
Select an authentication method from the drop-down list box and click Configure
to do settings.
Enable Fast
Reconnect
Select the check box to automatically reconnect to the network (without re-
authentication) if the wireless connection goes down.
OK Click OK to save your changes.
Cancel Click Cancel to leave this screen without saving any changes you may have
made.
Appendix C Windows Wireless Management
NWD310N User’s Guide 135
Smart Card or other Certificate Properties
Figure 118 Windows XP: Smart Card or other Certificate Properties
The following table describes the labels in this screen.
Ordering the Preferred Networks
Follow the steps below to manage your preferred networks.
Table 33 Windows XP: Smart Card or other Certificate Properties
LABEL DESCRIPTION
Use my smart
card
Select this check box to use the smart card for authentication.
Use a certificate
on this computer
Select this check box to use a certificate on your computer for authentication.
Validate server
certificate
Select the check box to check the certificate of the authentication server.
Connect to these
servers
Select the check box and specify a domain in the field below to have your
computer connect to a server which resides only within this domain.
Trusted Root
Certification
Authorities:
Select a trusted certification authority from the list below.
Note: You must first have a wired connection to a network and
obtain the certificate(s) from a certificate authority (CA).
Consult your network administrator for more information.
View Certificate Click this button if you want to verify the selected certificate.
Use a different
user name for the
connection:
Select the check box to use a different user name when the user name in the
smart card or certificate is not the same as the user name in the domain that you
are logged on to.
OK Click OK to save your changes.
Cancel Click Cancel to leave this screen without saving any changes you may have
made.
Appendix C Windows Wireless Management
NWD310N User’s Guide
136
1Windows XP SP2: Click Change the order of preferred networks in the Wireless
Network Connection screen (see Figure 111 on page 129). The screen displays as
shown.
Figure 119 Windows XP SP2: Wireless Networks: Preferred Networks
Windows XP SP1: In the Wireless Network Connection Status screen, click
Properties and the Wireless Networks tab to open the screen as shown.
Figure 120 Windows XP SP1: Wireless Networks: Preferred Networks
2Whenever the NWD310N tries to connect to a new network, the new network is added in
the Preferred networks table automatically. Select a network and click Move up or
Appendix C Windows Wireless Management
NWD310N User’s Guide 137
Move down to change it's order, click Remove to delete it or click Properties to view
the security, authentication or connection information of the selected network. Click
Add to add a preferred network into the list manually.
Appendix C Windows Wireless Management
NWD310N User’s Guide
138
NWD310N User’s Guide 139
APPENDIX D
Legal Information
Copyright
Copyright © 2007 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed,
stored in a retrieval system, translated into any language, or transmitted in any form or by any
means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimers
ZyXEL does not assume any liability arising out of the application or use of any products, or
software described herein. Neither does it convey any license under its patent rights nor the
patent rights of others. ZyXEL further reserves the right to make changes in any products
described herein without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL
Communications, Inc. Other trademarks mentioned in this publication are used for
identification purposes only and may be properties of their respective owners.
Certifications
Federal Communications Commission (FCC) Interference Statement
The device complies with Part 15 of FCC rules. Operation is subject to the following two
conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause
undesired operations.
This device has been tested and found to comply with the limits for a Class B digital device
pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a residential installation. This device generates,
uses, and can radiate radio frequency energy, and if not installed and used in accordance with
the instructions, may cause harmful interference to radio communications. However, there is
no guarantee that interference will not occur in a particular installation.
Appendix D Legal Information
NWD310N User’s Guide
140
If this device does cause harmful interference to radio/television reception, which can be
determined by turning the device off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
1Reorient or relocate the receiving antenna.
2Increase the separation between the equipment and the receiver.
3Connect the equipment into an outlet on a circuit different from that to which the
receiver is connected.
4Consult the dealer or an experienced radio/TV technician for help.
FCC Radiation Exposure Statement
• This transmitter must not be co-located or operating in conjunction with any other antenna
or transmitter.
• IEEE 802.11b or 802.11g operation of this product in the U.S.A. is firmware-limited to
channels 1 through 11.
• To comply with FCC RF exposure compliance requirements, a separation distance of at
least 20 cm must be maintained between the antenna of this device and all persons.
注意 !
依據 低功率電波輻射性電機管理辦法
第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用
者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。
第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現
有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。
前項合法通信,指依電信規定作業之無線電信。低功率射頻電機須忍
受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。
在 5250MHz~5350MHz 頻帶內操作之無線資訊傳輸設備,限於室內使用。
本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。
Notices
Changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate the equipment.
This device has been designed for the WLAN 2.4 GHz network throughout the EC region and
Switzerland, with restrictions in France.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Viewing Certifications
1Go to http://www.zyxel.com.
Appendix D Legal Information
NWD310N User’s Guide 141
2Select your product on the ZyXEL home page to go to that product's page.
3Select the certification you wish to view from this page.
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects
in materials or workmanship for a period of up to two years from the date of purchase. During
the warranty period, and upon proof of purchase, should the product have indications of failure
due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the
defective products or components without charge for either parts or labor, and to whatever
extent it shall deem necessary to restore the product or components to proper operating
condition. Any replacement will consist of a new or re-manufactured functionally equivalent
product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty
shall not apply if the product has been modified, misused, tampered with, damaged by an act
of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the
purchaser. This warranty is in lieu of all other warranties, express or implied, including any
implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in
no event be held liable for indirect or consequential damages of any kind to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return
Material Authorization number (RMA). Products must be returned Postage Prepaid. It is
recommended that the unit be insured when shipped. Any returned products without proof of
purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of
ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products
will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty
gives you specific legal rights, and you may also have other rights that vary from country to
country.
Registration
Register your product online to receive e-mail notices of firmware upgrades and information
at www.zyxel.com.
Appendix D Legal Information
NWD310N User’s Guide
142
NWD310N User’s Guide 143
APPENDIX E
Customer Support
Please have the following information ready when you contact customer support.
Required Information
• Product model and serial number.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
“+” is the (prefix) number you dial to make an international telephone call.
Corporate Headquarters (Worldwide)
• Support E-mail: support@zyxel.com.tw
• Sales E-mail: sales@zyxel.com.tw
• Telephone: +886-3-578-3942
• Fax: +886-3-578-2439
• Web: www.zyxel.com, www.europe.zyxel.com
• FTP: ftp.zyxel.com, ftp.europe.zyxel.com
• Regular Mail: ZyXEL Communications Corp., 6 Innovation Road II, Science Park,
Hsinchu 300, Taiwan
Costa Rica
• Support E-mail: soporte@zyxel.co.cr
• Sales E-mail: sales@zyxel.co.cr
• Telephone: +506-2017878
• Fax: +506-2015098
• Web: www.zyxel.co.cr
• FTP: ftp.zyxel.co.cr
• Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San
José, Costa Rica
Czech Republic
• E-mail: info@cz.zyxel.com
• Telephone: +420-241-091-350
• Fax: +420-241-091-359
• Web: www.zyxel.cz
Appendix E Customer Support
NWD310N User’s Guide
144
• Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 -
Modrany, Ceská Republika
Denmark
• Support E-mail: support@zyxel.dk
• Sales E-mail: sales@zyxel.dk
• Telephone: +45-39-55-07-00
• Fax: +45-39-55-07-07
• Web: www.zyxel.dk
• Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, Denmark
Finland
• Support E-mail: support@zyxel.fi
• Sales E-mail: sales@zyxel.fi
• Telephone: +358-9-4780-8411
• Fax: +358-9-4780-8448
• Web: www.zyxel.fi
• Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland
France
• E-mail: info@zyxel.fr
• Telephone: +33-4-72-52-97-97
• Fax: +33-4-72-52-19-20
• Web: www.zyxel.fr
• Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France
Germany
• Support E-mail: support@zyxel.de
• Sales E-mail: sales@zyxel.de
• Telephone: +49-2405-6909-69
• Fax: +49-2405-6909-99
• Web: www.zyxel.de
• Regular Mail: ZyXEL Deutschland GmbH., Adenauerstr. 20/A2 D-52146, Wuerselen,
Germany
Hungary
• Support E-mail: support@zyxel.hu
• Sales E-mail: info@zyxel.hu
• Telephone: +36-1-3361649
• Fax: +36-1-3259100
• Web: www.zyxel.hu
• Regular Mail: ZyXEL Hungary, 48, Zoldlomb Str., H-1025, Budapest, Hungary
Appendix E Customer Support
NWD310N User’s Guide 145
India
• Support E-mail: support@zyxel.in
• Sales E-mail: sales@zyxel.in
• Telephone: +91-11-30888144 to +91-11-30888153
• Fax: +91-11-30888149, +91-11-26810715
• Web: http://www.zyxel.in
• Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1,
New Delhi 110020, India
Japan
• Support E-mail: support@zyxel.co.jp
• Sales E-mail: zyp@zyxel.co.jp
• Telephone: +81-3-6847-3700
• Fax: +81-3-6847-3705
• Web: www.zyxel.co.jp
• Regular Mail: ZyXEL Japan, 3F, Office T&U, 1-10-10 Higashi-Gotanda, Shinagawa-ku,
Tokyo 141-0022, Japan
Kazakhstan
• Support: http://zyxel.kz/support
• Sales E-mail: sales@zyxel.kz
• Telephone: +7-3272-590-698
• Fax: +7-3272-590-689
• Web: www.zyxel.kz
• Regular Mail: ZyXEL Kazakhstan, 43 Dostyk Ave., Office 414, Dostyk Business Centre,
050010 Almaty, Republic of Kazakhstan
Malaysia
• Support E-mail: support@zyxel.com.my
• Sales E-mail: sales@zyxel.com.my
• Telephone: +603-8076-9933
• Fax: +603-8076-9833
• Web: http://www.zyxel.com.my
• Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F, Bandar
Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia
North America
• Support E-mail: support@zyxel.com
• Support Telephone: +1-800-978-7222
• Sales E-mail: sales@zyxel.com
• Sales Telephone: +1-714-632-0882
• Fax: +1-714-632-0858
• Web: www.zyxel.com
Appendix E Customer Support
NWD310N User’s Guide
146
• Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806-
2001, U.S.A.
Norway
• Support E-mail: support@zyxel.no
• Sales E-mail: sales@zyxel.no
• Telephone: +47-22-80-61-80
• Fax: +47-22-80-61-81
• Web: www.zyxel.no
• Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, Norway
Poland
• E-mail: info@pl.zyxel.com
• Telephone: +48-22-333 8250
• Fax: +48-22-333 8251
• Web: www.pl.zyxel.com
• Regular Mail: ZyXEL Communications, ul. Okrzei 1A, 03-715 Warszawa, Poland
Russia
• Support: http://zyxel.ru/support
• Sales E-mail: sales@zyxel.ru
• Telephone: +7-095-542-89-29
• Fax: +7-095-542-89-25
• Web: www.zyxel.ru
• Regular Mail: ZyXEL Russia, Ostrovityanova 37a Str., Moscow 117279, Russia
Singapore
• Support E-mail: support@zyxel.com.sg
• Sales E-mail: sales@zyxel.com.sg
• Telephone: +65-6899-6678
• Fax: +65-6899-8887
• Web: http://www.zyxel.com.sg
• Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy
#03-28, Singapore 609930
Spain
• Support E-mail: support@zyxel.es
• Sales E-mail: sales@zyxel.es
• Telephone: +34-902-195-420
• Fax: +34-913-005-345
• Web: www.zyxel.es
• Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain
Appendix E Customer Support
NWD310N User’s Guide 147
Sweden
• Support E-mail: support@zyxel.se
• Sales E-mail: sales@zyxel.se
• Telephone: +46-31-744-7700
• Fax: +46-31-744-7701
• Web: www.zyxel.se
• Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, Sweden
Thailand
• Support E-mail: support@zyxel.co.th
• Sales E-mail: sales@zyxel.co.th
• Telephone: +662-831-5315
• Fax: +662-831-5395
• Web: http://www.zyxel.co.th
• Regular Mail: ZyXEL Thailand Co., Ltd., 1/1 Moo 2, Ratchaphruk Road, Bangrak-Noi,
Muang, Nonthaburi 11000, Thailand.
Ukraine
• Support E-mail: support@ua.zyxel.com
• Sales E-mail: sales@ua.zyxel.com
• Telephone: +380-44-247-69-78
• Fax: +380-44-494-49-32
• Web: www.ua.zyxel.com
• Regular Mail: ZyXEL Ukraine, 13, Pimonenko Str., Kiev 04050, Ukraine
United Kingdom
• Support E-mail: support@zyxel.co.uk
• Sales E-mail: sales@zyxel.co.uk
• Telephone: +44-1344-303044, 08707-555779 (UK only)
• Fax: +44-1344-303034
• Web: www.zyxel.co.uk
• FTP: ftp.zyxel.co.uk
• Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road,
Bracknell, Berkshire RG12 2XB, United Kingdom (UK)
Appendix E Customer Support
NWD310N User’s Guide
148
Index
NWD310N User’s Guide 149
Index
A
About 67
about your ZyXEL Device 21
Access Point (AP) 37
Access point (AP) 37
Access Point. See also AP.
ACT LED 22
activating a profile 61
adapter 61
Ad-Hoc 23, 59
Advanced Encryption Standard 39
See AES.
advanced settings 61
AES 112
antenna
directional 115
gain 115
omni-directional 115
AP 105
See also access point.
AP MAC address 48
authentication 48
authentication type 39
auto 39
open system 39
shared key 39
auto authentication 39
automatic connection 49
automatic network scan 32, 56
B
band 77
Basic Service Set, See BSS 103
BSS 103
C
CA 39, 110
CCMP 39
Certificate Authority
See CA.
certifications 139
notices 140
viewing 140
channel 38, 48, 50, 59, 77, 105
interference 105
configuration method 25
important note 25
Wireless Zero Configuration (WZC) 24, 25
ZyXEL utility 25
configuration status 47
connection status 47
contact information 143
continuous access mode 62
copyright 139
creating a new profile 58
credentials 65
CTS (Clear to Send) 106
current configuration 47
current connection status 47
customer support 143
D
data encryption 50
data rate 77
digital ID 39
dimensions 77
disclaimer 139
download 68
driver version 67
dynamic WEP key exchange 111
E
EAP (Extensible Authentication Protocol) 39
EAP Authentication 109
EAP authentication 39
EAP type 64
EAP-PEAP 39
EAP-TLS 39
Index
NWD310N User’s Guide
150
EAP-TTLS 39
encryption 112
encryption type 39, 51, 53
environmental specifications 77
ESS 104
Extended Service Set, See ESS 104
F
fast power save 62
FCC interference statement 139
fragmentation threshold 106
frequency 38, 77
G
getting started 21
H
hardware connections 24
help 26
hidden node 105
humidity 77
I
IBSS 103
IEEE 802.11g 107
IEEE 802.1x 39, 54, 64
Independent Basic Service Set
See IBSS 103
Industrial Scientific Medical Band 77
infrastructure 23
Initialization Vector (IV) 112
installation 24
interface 77
Internet access 23
L
LEDs 22
lights 22
link information 47
LINK LED 22
link quality 48, 49
M
manual network connection 32
Message Integrity Check (MIC) 39, 112
modulation 77
N
network mode 48
network name 48
network overlap 37
network scan 56
network type 48, 50
O
online help 26
output power 77
P
packet collisions 49
Pairwise Master Key (PMK) 112, 114
passphrase 38, 51
password 38
PEAP 64
peer computer 23, 59
physical specifications 77
power consumption 77
power saving 62
power saving mode 62
preamble 61
preamble mode 107
product registration 141
Index
NWD310N User’s Guide 151
product specifications 77
profile 48, 57
activation 61
add new 58
configure 32, 34
default 56
delete 57
edit 57
information 57
new 57, 58
PSK 112
Q
Quick Start Guide 24, 74
R
radio band 77
radio interference 74
radio specifications 77
RADIUS 39, 40, 108
message types 109
messages 109
shared secret key 109
real-time data traffic statistics 49
receive rate 48
registration
product 141
related documentation 3
RTS (Request To Send) 106
threshold 105, 106
S
safety warnings 6
save power 62
scan 49
scan info 59
search 49
security 38, 48, 78
data encryption 38
security settings and Vista 64
sensitivity 78
Service Set Identity (SSID) 32, 37
signal strength 49, 50
site information 50
site survey 49
scan 50
security settings 51
sleep mode 62
SSID 32, 37, 48, 50, 74
statistics 48
syntax conventions 4
system tray 24
T
temperature 77
Temporal Key Integrity Protocol (TKIP) 39, 112
The 64
TLS 64, 65
total receive 48
total transmit 48
trademarks 139
transmission rate 48, 57
transmit key 51
transmit rate 48
trend chart 48, 49
TTLS 64
U
uninstalling the ZyXEL utility 67
upgrading the ZyXEL utility 68
important step 69
user authentication 38
utility installation 24
utility version 67
V
Vista 64, 65
voltage 77
W
warranty 141
note 141
Index
NWD310N User’s Guide
152
weight 77
WEP 38, 51
automatic setup 38
manual setup 38, 51
passphrase 38, 51
WEP (Wired Equivalent Privacy) 38
WEP Encryption 51
WEP key generation 38
Wi-Fi Protected Access 39, 111
Wi-Fi Protected Setup 47
Windows 64
Windows XP 25
wireless client 37
wireless client WPA supplicants 113
wireless LAN
introduction 37
security 38
wireless LAN (WLAN) 37
wireless network 37
wireless security 107
wireless standard 48, 77
wireless station mode
adapter 61
security settings 51
site survey 49
trend chart 49
wireless tutorial 27
WLAN
interference 105
security parameters 114
WPA 39, 52, 64, 111
key caching 112
pre-authentication 112
user authentication 112
vs WPA-PSK 112
wireless client supplicant 113
with RADIUS application example 113
WPA2 39, 52, 64, 111
user authentication 112
vs WPA2-PSK 112
wireless client supplicant 113
with RADIUS application example 113
WPA2-Pre-Shared Key 40, 111
WPA2-PSK 40, 52, 111, 112
application example 113
WPA-PSK 40, 52, 111, 112
application example 113
WPS
see also Wi-Fi Protected Setup 47
WZC
activating 124
network connection 127
not available 126
preferred network 135
security setting 131
system tray icon 127
WZC (Wireless Zero Configuration) 25
Z
ZyXEL Utility
accessing 26
ZyXEL utility 25
accessing 26
driver version number 67
exiting 25
help 26
reactivating 25
status 25
system tray icon 24
upgrading 68
version number 67