Manuel d'utilisation / d'entretien du produit NWA-3163 & NWA-3166 du fabricant ZyXEL Communications
Aller à la page of 372
www.zyxel.com www.zyxel.com NWA-3160 Series Models: NWA-3160, NWA-3163 & NWA-3166 Copyright © 2009 ZyXEL Communications Corporation Firmware Version 3.
.
About This User's Guide NWA-3160 Series User’s Guide 3 About This User's Guide Intended Audience This manual is intended for peo ple who want to configure the NWA using the web configurator.
About This User's Guide NWA-3160 Series User’s Guide 4 • Support Disc Refer to the included CD for sup port documents. Documentation Feedback Send your comments, questions or su ggest ions to: techwriters@zyxel.com. tw Thank you! The Technical Writing Team, ZyXEL Communications Corp.
About This User's Guide NWA-3160 Series User’s Guide 5 Customer Support Should problems arise that cannot be solved by the methods listed above, you should contact your ve ndor. If you canno t contact your vendor, then contact a ZyXEL office for the region i n which you bought the device.
Document Conventions NWA-3160 Series User’s Guide 6 Document Conventions Warnings and Notes These are how warnings and notes ar e shown in this User’s Guide.
Document Conventions NWA-3160 Series User’s Guide 7 Icons Used in Figures Figures in this User’s Guide use t he follo wing generic icons. The NWA icon is not an exact representation of your NWA.
Safety Warnings NWA-3160 Series User’s Guide 8 Safety Warnings • Do NOT use this product near water, for exam ple, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, du st or corrosive liquids. • Do NOT store things on the device.
Contents Overview New Template User’s Guide 9 Contents Overview Introduction .......................................... .......................................... .............................. .. ........ 21 Introduction ............ ............. .
Contents Overview New Template User’s Guide 10.
Table of Contents NWA-3160 Series User’s Guide 11 Table of Contents About This User's Guide ..................................................... ................................................... .. 3 Document Conventions.....................
Table of Contents NWA-3160 Series User’s Guide 12 3.1 Overview ... ............. ............. ................ ............. ............. ................ ............. ............. . ............ 39 3.2 How to Configure the Wirele ss LAN .......
Table of Contents NWA-3160 Series User’s Guide 13 Part II: The Web Configurat or ............................................................... 79 Chapter 4 Status Screen .............................................................................
Table of Contents NWA-3160 Series User’s Guide 14 7.5.1 Administrator Authentic ation on RADIUS ......... ................ ................ ................ ........ 117 7.5.2 Pre-defined NTP Time Servers List ....................... ............. .
Table of Contents NWA-3160 Series User’s Guide 15 10.1 Overview .............. ............. ............. ................ ............. ............. ................ ............. .. ......... 159 10.1.1 What You Can Do in the Wireless Securi ty Screen .
Table of Contents NWA-3160 Series User’s Guide 16 14.3.1 WAN IP Address Assign ment .............. ............. ............. ................ ............. ........... 189 Chapter 15 Rogue AP Detection ........................ ....................
Table of Contents NWA-3160 Series User’s Guide 17 18.2.2 My Certificates Create Screen ... ................. ............. ............ ................. ............ ..... 226 18.2.3 My Certificates Details Screen ....... ................ .........
Table of Contents NWA-3160 Series User’s Guide 18 21.1.1 What You Need to Kn ow About Load Balancing ......... ................ ............. .............. 269 21.2 The Load Bala nc ing Screen ................ ............. ............. ..........
Table of Contents NWA-3160 Series User’s Guide 19 Appendix C IP Addresses and Subnetting .......................................................... ................. 327 Appendix D Text File Based Auto Configuration .................................
Table of Contents NWA-3160 Series User’s Guide 20.
21 P ART I Introduction Introduction (23) The Web Configurator (35) Tutorials (39).
22.
NWA-3160 Series User’s Guide 23 C HAPTER 1 Introduction Note: This User’s Guide includes the NW A-3160, NWA-3163 and the NWA-3166. Illustrations used throughout this book are based on the NWA-3160 (unless otherwise stated). The Web Configuration scree ns are based on the NWA-3166 (unless otherwise stated).
Chapter 1 Intro duction NWA-3160 Series User’s Guide 24 1.2 Applications for the NWA The NWA can be configured to use the following WLAN operating modes • Access Point •B r i d g e / R e p e a t e r •A P + B r i d g e •M B S S I D Applications for each operati ng mode are shown below.
Chapter 1 Introduction NWA-3160 Series User’s Guide 25 1.2.2 Bridge / Repeater The NWA can act as a wirele ss network bridge and establish wireless links with other APs. In the fig ure below, the tw o NWAs ( A and B ) are connected to independent wired net works and have a bridge connect ion ( A can communic ate with B ) at the same time.
Chapter 1 Intro duction NWA-3160 Series User’s Guide 26 Figure 3 Repeater Application 1.2.2.1 Bridge / Re peater Mode Example In the example below, when both NWAs are in Bridge / Repeate r mode, th ey form a WDS (Wireless Distribution Syst em) allowing the computers in LAN 1 to connect to the computers in LAN 2 .
Chapter 1 Introduction NWA-3160 Series User’s Guide 27 • If two or more NWAs (in bridge mo de) are connected to the same hub. Figure 5 Bridge Loo p: Two Bridges Connected to Hub • If your NWA (in bridge mod e ) is connected to a wired LAN while communicating with another wireless bridge that is also connected to the same wired LAN.
Chapter 1 Intro duction NWA-3160 Series User’s Guide 28 1.2.3 AP + Bridge In AP + Bridge mode, the NWA supports bo th AP and b ridge connection at the same time. In the figure below, A and B use X as an AP to access the wired network , while X and Y communicate in bridge mode.
Chapter 1 Introduction NWA-3160 Series User’s Guide 29 provides multiple virtual APs, each forming its own BSS and using its own individual SSID profile. You can configure up to sixt een SSID profil es, and hav e up to eight active at any one time. You can assign different wireless and secu rity settings to each SSID prof ile.
Chapter 1 Intro duction NWA-3160 Series User’s Guide 30 1.2.5 Pre-Configured SSID Profiles The NWA has two pre-configured SSID profiles. • VoIP_SSID . This profile is intended for use by wireless clients requiring the highest QoS level for VoIP telephony and other applications requiring low latency.
Chapter 1 Introduction NWA-3160 Series User’s Guide 31 The following figure ill ustrates a CA PWAP wireless network. The user ( U ) configures the controller AP ( C ), which then automatically updates the configura tions of the ma naged APs ( M1 ~ M4 ).
Chapter 1 Intro duction NWA-3160 Series User’s Guide 32 • Back up the configuration (and mak e sure you know how to restore it). Restorin g an ea rlier wo rking conf igurat io n may be useful if the device becomes unstable or even crashes. If you forget your password, yo u will have to reset the NWA to its factory default settings.
Chapter 1 Introduction NWA-3160 Series User’s Guide 33 1.7 LEDs Note: The figures shown in this section are from the NWA-31 60. Your device may differ in minor ways. Figure 11 LEDs Table 1 LEDs LABEL COLOR STATUS DESCRIPTION WDS Off Either • The NWA is in Acce ss Point or MBSSID mode and is functioning normally.
Chapter 1 Intro duction NWA-3160 Series User’s Guide 34 WLAN Green On The wireless LAN is active. Blinking The wireless LAN is active, and transmitting or receiving data. Off The wireless LAN is not active. ETHERNET Green On The NWA has a 10 Mbps Ethernet connection.
NWA-3160 Series User’s Guide 35 C HAPTER 2 The Web Configurator 2.1 Overview This chapter describes how t o access the NWA’s web configurator and provides an overview of its screens.
Chapter 2 The Web Configurator NWA-3160 Series User’s Guide 36 6 Click Apply in the Replace Certificate screen to create a certificate using your NWA’s MAC address that will be specific to this device. You should now see the Status screen. Se e Chapter 2 on page 35 for details about the Status screen.
Chapter 2 The Web Configurator NWA-3160 Series User’s Guide 37 2.4 Navigating the Web Configurator The following summarizes how to navigate the web configurator from the Status screen.
Chapter 2 The Web Configurator NWA-3160 Series User’s Guide 38.
NWA-3160 Series User’s Guide 39 C HAPTER 3 Tutorials 3.1 Overview This chapter first provides a basic overvi ew of how to configure the wireless LAN on your NWA, and then gives step-by-st ep guidelines showing how to configure your NWA for some example scenarios.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 40 3.2.2 Wireless LAN Configuration Overview The following figure shows the steps you should take to configure the wireless settings according to the operating mode you select.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 41 3.2.3 Further Reading Use these links to find more information on the steps: • Choosing 802.11 Mode : see Section 8.2.1 on page 123 . • Choosing a wireless Channel ID : see Section 8.2.1 on page 123 .
Chapter 3 Tutorials NWA-3160 Series User’s Guide 42 The following figure shows the multip le networks you want to set up. Your NWA is marked Z , the main network router is marked A , and your network pri nter is marked B . Figure 14 Tutorial: Example MBSSID Setup The standard network ( SSID04 ) has access to all resources.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 43 3.3.1 Change the Operating Mode Log in to the NWA (see Section 2.2 on pag e 35 ). Click Wireless > Wireless . The Wireless screen appears. 3.3.1.1 Access Point Set the NWA is in Access Point operating mode, and is currently set to use the SSID03 profile.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 44 3.3.1.2 MBSSID Select MBSSID from the Operat ing Mode drop-down list box. The screen displays as foll ows. Figure 16 Tutorial: Wireless LAN: Change Mode This Select SSID Profile table allows you to activate or deactivate SSID pr ofiles.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 45 3.3.2 Configure the VoIP Network Next, click Wireless > SSID . The following screen displays . Note that the SSID03 SSID profile (the standard network) is using t he security01 security profile.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 46 1 Choose a new SSID for the VoIP netw ork. In this example, enter VOIP_SSID_Example . Note that although the SSID changes, the SSID profile name ( VoIP_SSID ) remains the same as before. 2 Select Enable from the Hide Name (SSID) list box.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 47 You already chose to us e the security02 profile for thi s network, so select the radio button for security02 and click Edit .
Chapter 3 Tutorials NWA-3160 Series User’s Guide 48 3.3.2.2 Activate the VoIP Profile You need to activate the VoIP_SSID profile before it can be used. Click the Wireless tab. In the Select SSID Profile table, select th e VoIP_SSID profile and click Apply .
Chapter 3 Tutorials NWA-3160 Series User’s Guide 49 Click Wireless > SSID . Select Guest_SSID ’s entry in the list an d click Edit . The following screen appears. Figure 23 Tutorial: Guest Edit 1 Choose a new SSID for the guest ne tw ork. In this example, enter Guest_SSID_Example .
Chapter 3 Tutorials NWA-3160 Series User’s Guide 50 3.3.3.1 Set Up Security for the Guest Profile Now you need to configure the security settings t o use on the guest wireless network. Click the Security tab. You already chose to us e the security03 profile for thi s network, so select security03 ’s entry in the list and cli ck Edit .
Chapter 3 Tutorials NWA-3160 Series User’s Guide 51 3.3.3.2 Set up Layer 2 Isolation Configure layer 2 isolation to control the specific devices you want the users on your guest network to access. Click Wireless > Layer-2 Isolation . The following screen appears.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 52 3.3.3.3 Activate the Guest Profile You need to activate the Guest_SSID profile before it can be used. Cl ick the Wireless tab. In the Select SSID Profile table, select th e check box for the Guest_SSID profile and click Apply .
Chapter 3 Tutorials NWA-3160 Series User’s Guide 53 3.4 How to Set Up and Use Rogue AP Detection This example shows you how to configure the rogue AP detecti on feature on the NWA. A rogue AP is a wireless access point oper ati ng in a network’s coverage area that is not a sanctioned part of that networ k.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 54 marked E , and a computer, marked F , connected to the wi re d network. The coffee shop’s access point is marked 1 .
Chapter 3 Tutorials NWA-3160 Series User’s Guide 55 Note: The NWA can detect the MAC addresses o f APs automatically. However, it is more secure to obtain the correct MAC addresse s from another source and add them to the friendly AP list manually.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 56 Note: You can add APs t hat are not part of yo ur network to the friendly AP list, as lo ng as you know that they do not pose a threat to your network’s security. The Friendly AP screen now appears as follows.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 57 4 Click Export . If a window si milar to the following appears, click Save . Figure 33 Tutorial: Warn ing 5 Save the friendly AP list somewhere it can be accessed by all the other access points on the network.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 58 3.4.2 Activate Periodic Rogue AP Detection Take the following steps to activate rogue AP detection on the first of your NWAs. 1 In the ROGUE AP > Configuration screen, sele ct Enable from the Rogue AP Period Detection field.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 59 3.4.3 Set Up E-mail Logs In this section, you will configure the firs t of your four APs to send a log m essage t o y o u r e - m a i l i n b o x w h e n e v e r a r o g u e A P i s d i s c o v e r e d i n y o u r w i r e l e s s n e t w o r k ’ s coverage area.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 60 5 In the Send Immediate Alert section, select the events you want to trigger immediate e-mails. Ensure that Rogue AP is selected. 6 Click Apply . 3.4.4 Configure Your Other Access Points Access point A is now configured to do the foll owing.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 61 3.4.5 Test the Setup Next, test your setup to ensure it is correctly configured. • Log into each AP’s Web configurator and clic k ROGUE AP > Rogue AP . Click Refresh . If any of the MAC addresses from Section 3.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 62 NWA is marked Z . C is a workstation on your wired network, D is your main network switch, and E is the securi ty gateway you use to co nnect to the Internet . Figure 37 Tutorial: Example Network 3.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 63 Each SSID profile already uses a different pre-share d key. In this example, you will configure access limitations for each SSID profile.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 64 Take the following steps to configure the SERVER_1 network. 1 Log into the NWA’s Web Configurator and click Wireless > SSID . The following screen displays, s howing the SSID profiles you already configured.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 65 2 Select SERVER_1 ’s entry and click Edit . The following screen displa ys. Figure 39 Tutorial: SSID Edit Select l2Isolation03 in the L2 Isolation field, and select macfilter03 in the MAC Filtering field.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 66 8 Enter the MAC address of the devic e Alice uses to connect to the network in Index 1 ’s MAC Address field and enter her name i n the Description field, as shown in the following figure. Change the Profile Name to “MacFilter_SERVER_1”.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 67 3.5.6 Checking your Settings and Testing the Configuration Use the following sections to ensure th at your wireless networks are set up correctly. 3.5.6.1 Checking Settings Take the following steps to check that the NWA is using the correct SS IDs, MAC filters and layer-2 isolation profiles.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 68 If the settings are not as s hown, follow the steps in t he relevant section of this tutorial again. 3.5.6.2 Testing the Configuration Before you allow employees to use the ne twork, you need to thoroughly test whether the setup behaves as it shoul d.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 69 3.6 How to Configure Management Modes This example shows you how to configur e the NWA’s controller AP and managed AP modes. 3.6.1 Scenario In this example, you are the administra tor of a company network wherein a group of users need stable wireless connecti on.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 70 2 You want to have a backup of the NWA control ler AP configuration. 3.6.3 Setup In this example, each of yo ur NWA standalone AP mirror each other. They all have the same SSID profiles stored. First you need to download t he configuration file from one of your NWAs for backup purposes.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 71 3.6.4 Configure Your NWA in Controller AP Mode The NWA is set to Standalone AP mode by default. After you have made sure you have the correct conf.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 72 1 To set your NWA in secondary controll er AP mode, ope n the Controller > Redundacy screen (this screen only appears when the NWA is in Controller AP mode) in the Web Configurator of the NW A that you want to serve as backup.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 73 3.6.5 Setting Your NW A in Managed AP Mode After setting the NWAs ( A and E ) to control ler AP modes, you can now transform the NWAs ( B , C and D ) in the 2nd, 3rd and 4th floors of your company b u ilding to manage d APs.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 74 3.6.6 Configuring the Managed Access Points List At this point, you have 3 NWA managed APs ( B , C and D ) that can now be managed by the primary controller AP. First in the Web Configurator of your primary controller AP ( A ), go t o Controller > Configuration .
Chapter 3 Tutorials NWA-3160 Series User’s Guide 75 2 Select the NWA managed APs from the Un-Managed Access Points List as shown in the screen above.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 76 4 In the screen that opens, choose the radi o profile for each WLAN radio and click Apply . Figure 52 Tutorial: Ma naged AP WLAN Radio Prof ile In this example, the 1st floor NWA managed AP uses radio06 for its WLAN1 Radio Profile .
Chapter 3 Tutorials NWA-3160 Series User’s Guide 77 Open the wireless client’s screen that list the available networks within range. In the image above, we can see Mktg Grp 6 which is the SSID in the WLAN1 radio profile enabled for the 1s t floor NWA managed AP.
Chapter 3 Tutorials NWA-3160 Series User’s Guide 78.
79 P ART II The Web Configurator Status Screen (81) Management Mode (87) System Screens (109) Wireless Screen (119) SSID Screen (149) Wireless Security Screen (159) RADIUS Screen (173) Layer-2 Isolati.
80.
NWA-3160 Series User’s Guide 81 C HAPTER 4 Status Screen 4.1 Overview The Status screen displays when you log i nto the NWA or click Status in the navigation me nu. Use this screen to look at the cu rrent status of the device, system resources, and interfaces .
Chapter 4 Status Screen NWA-3160 Series User’s Guide 82 The following table describes t h e labels in this screen. Table 8 The Status Screen LABEL DESCRIPTION Automatic Refresh Interval Enter how often you want the NWA to update this screen. Refresh Click this to update this screen immediately.
Chapter 4 Status Screen NWA-3160 Series User’s Guide 83 Status This field indicates whether or not the NWA is using the interfac e. For each interface, this field displays Up when the NWA is using the interface and Down when the NWA is not using the interface.
Chapter 4 Status Screen NWA-3160 Series User’s Guide 84 4.2.1 System Statistics Screen Use this screen to view di agnostic information about the NWA. Click Show Statistics in the Status screen. The following screen pops up. Note: The Poll Interval field is configurable.
Chapter 4 Status Screen NWA-3160 Series User’s Guide 85 Remote Bridge MAC This is the MAC address of the peer device in bridge mode. Status This shows the current status of the bridge connection, which can be Up or Down . TxPkts This is the number of transmitte d packets on the wireless bridge.
Chapter 4 Status Screen NWA-3160 Series User’s Guide 86.
NWA-3160 Series User’s Guide 87 C HAPTER 5 Management Mode 5.1 Overview This chapter discusses using the NWA in manag ement mode. This screen determines whether the NWA is used in its default st andalone mode, or as part of a Control And Provisioning of Wirele ss Access Points (CAPWAP) network.
Chapter 5 Manage ment Mode NWA-3160 Series User’s Guide 88 Note: The NWA can be a controller AP, standalo ne AP (default) or a CAPWAP managed AP. 5.2.1 CAPWAP Discovery and Management The link between CAPWAP-enabled a ccess points proceeds as follows: 1 An AP in managed AP mode joins a wi red network (receives a dynamic IP address).
Chapter 5 Manag ement Mode NWA-3160 Series User’s Guide 89 DHCP Option 43 allows the CAPWAP ma nagement request (from the AP in managed AP mode) to reach th e AP cont roller in a diff erent subnet, as shown in the following figure . Figure 57 CAPWAP and DHCP Option 43 5.
Chapter 5 Manage ment Mode NWA-3160 Series User’s Guide 90 5.3 The Management Mode Screen Use this screen to configure the NWA as a CAPWAP controller AP, a CAPWAP managed A P, or to use it in it s default st andalon e mode. Click MGNT MODE in the NWA’s navigation menu .
Chapter 5 Manag ement Mode NWA-3160 Series User’s Guide 91 Apply Click this to save your changes. If you change the mode in this screen, the NWA restarts.
Chapter 5 Manage ment Mode NWA-3160 Series User’s Guide 92.
NWA-3160 Series User’s Guide 93 C HAPTER 6 AP Controller Mode 6.1 Overview This chapter discusses the Controller AP management mode. When the NWA is used as a CAPWAP (Control And Provisioni ng of Wireless Access Points) controller AP, the Web Configurator changes to reflect this by including the Controller and Profile Edit screens.
Chapter 6 AP Controller Mode NWA-3160 Series User’s Guide 94 In the figure below, an administrator is able to manage the security settings of 5 APs (1 controller AP and 4 managed APs ). He changes the s ecurity mode to WPA- PSK just by accessing the Web Conf igurator of the cont roller AP ( C ).
Chapter 6 AP Controller Mode NWA-3160 Series User’s Guide 95 After logging in again, the navigation menu changes to include links for the Controller and Profile Edit screens. The items marked below are screens that can be configured for all APs managed by t he NWA.
Chapter 6 AP Controller Mode NWA-3160 Series User’s Guide 96 Click Status . The following screen displays. Figure 62 Status Screen The following table describes t he new labels in this screen. Table 11 Status Screen LABEL DESCRIPTION System Information Registration Type This field displays how the managed APs are registered with the NWA.
Chapter 6 AP Controller Mode NWA-3160 Series User’s Guide 97 6.4 AP Lists Screen Use this screen to view and add managed APs. By default, the controller NWA is always included in this table. Although you cannot remove it, you can edit its settings. 2.
Chapter 6 AP Controller Mode NWA-3160 Series User’s Guide 98 Click Controller > AP Lists . The following screen displays. Figure 63 AP Lists Screen The following table describes t h e labels in this screen.
Chapter 6 AP Controller Mode NWA-3160 Series User’s Guide 99 Status This displays whether the managed AP is activ e, not active or upgrading its firmware. • Red : the AP is not active. • Green : the AP is active. • Yellow : the AP is upgrading its firmware.
Chapter 6 AP Controller Mode NWA-3160 Series User’s Guide 100 6.4.1 The AP Lists Edit Screen Use this screen to change the description or radio profile of an AP managed by the NWA. Click Edit in the CONTROLL ER > AP Lists scre en. The following screen displays.
Chapter 6 AP Controller Mode NWA-3160 Series User’s Guide 101 6.5 Configuration Screen Use this screen to control the way in wh ich the NWA accepts new APs to manage. You can also configure t he pre-shared key (PSK) that is us ed to secure the data transmitted between the NWA and the APs it manages.
Chapter 6 AP Controller Mode NWA-3160 Series User’s Guide 102 6.6 Redundancy Screen Use this screen to set t he controller AP as a primary or secondary controller. If you set your NWA as a primary controller AP, you can have a secondary controller AP to serve as a backup .
Chapter 6 AP Controller Mode NWA-3160 Series User’s Guide 103 6.7 The Profile Edit Screens This section describes the Profile Edit screens, which are available only in AP controller mode. The following Profile Edit screens are ide ntical to those in standalone mode: •T h e Profile Edit > SSID screen (see Section 9.
Chapter 6 AP Controller Mode NWA-3160 Series User’s Guide 104 The following table describes t h e labels in this screen. 6.7.2 The Radio Profile Edit Screen Use this screen to conf igure a specific radio profile. In the Profile Edit > Radio screen, select a profile and click Ed it .
Chapter 6 AP Controller Mode NWA-3160 Series User’s Guide 105 The following table describes t h e labels in this screen. Table 17 Radio Edit Screen LABEL DESCRIPTION Profile Name Enter a name identifying this profile. Radio Mode This makes sure that only compliant WLAN devices can associate with the NWA.
Chapter 6 AP Controller Mode NWA-3160 Series User’s Guide 106 Disable channel switching for DFS This field displays only when you select 802.11a or 802.11n/a in the 802.11 Radio Mode field. Select this if you do not want to use DFS (Dynamic Frequency Selection).
Chapter 6 AP Controller Mode NWA-3160 Series User’s Guide 107 RTS/CTS Threshold Use RTS/CTS to reduce data collis ions on the wireless net work if you have wireless clients that are associated with the same AP but out of range of one another .
Chapter 6 AP Controller Mode NWA-3160 Series User’s Guide 108 MCS Table The MCS Rate table is available only when 802.11n/g or 802.11n/a is selected as the 802.11 Radio Mode . IEEE 802.11n supports many different data rates which are c alled MCS rates.
NWA-3160 Series User’s Guide 109 C HAPTER 7 System Screens 7.1 Overview This chapter provides information and inst ructions on how to identify and manage your NWA over the network. Figure 69 NWA Setup In the figure above, the NWA ( ZyXEL Device ) connects to a Domain Name Server (DNS) server to avail of a domain name .
Chapter 7 System Screens NWA-3160 Series User’s Guide 110 7.1.2 What You Need To Know About the System Screens The following terms and conc epts may help as you read through the chapter. IP Address Assignment Every computer on the Internet must have a unique IP address.
Chapter 7 S ystem Scre ens NWA-3160 Series User’s Guide 111 Once you have decided on the network number , pick an IP address that is easy to remember, for instance, 192.16 8.1.2, for your device, but make sure that no other device on your networ k is using that IP address.
Chapter 7 System Screens NWA-3160 Series User’s Guide 112 Administrator Inactivity Timer Type how many minutes a management session can be left idle before the session times out. The default is 5 minutes. After it times out you have to log in with your password again.
Chapter 7 S ystem Scre ens NWA-3160 Series User’s Guide 113 7.3 Password Screen Use this screen to control access to your NWA by assigni n g a password to it. Click System > Password . The following screen displays. Figure 71 System > Password.
Chapter 7 System Screens NWA-3160 Series User’s Guide 114 Use new setting Select this if you want to change the RADIUS username and password the NWA uses to authenticate management logon . User Name Enter the username for this user accoun t. This name can be up to 31 ASCII characters long, including spaces.
Chapter 7 S ystem Scre ens NWA-3160 Series User’s Guide 115 7.4 Time Setting Screen Use this screen to change your NWA’s time and date, click Sy stem > Time Setting . The following screen displays. Figure 72 System > Time Setting The following table describes t h e labels in this screen.
Chapter 7 System Screens NWA-3160 Series User’s Guide 116 New Date (yyyy:mm:dd) This field displays the last updated date from the time server or the last date configured manually. When you set Time and Date Setup to Manual , enter the new date in this field and then click Apply .
Chapter 7 S ystem Scre ens NWA-3160 Series User’s Guide 117 7.5 Technical Reference This section provides some technical info rmation about th e topics co vered in th is chapter.
Chapter 7 System Screens NWA-3160 Series User’s Guide 118 The NWA continues to use the following pre-defined lis t of NTP time servers if you do not specify a time server or it cann ot synchronize with the time server you specified .
NWA-3160 Series User’s Guide 119 C HAPTER 8 Wireless Screen 8.1 Overview This chapter discusses the steps to confi g ure the Wireless Settings screen on the NWA.
Chapter 8 Wireles s Screen NWA-3160 Series User’s Guide 120 8.1.2 What You Need To Know About the Wireless Screen The following terms and conc epts may help as you read through this chapter.
Chapter 8 Wireless Scre en NWA-3160 Series User’s Guide 121 An ESSID (ESS IDentification ) uniquely identifies each ESS. All ac cess points and their associated wireless stations within the same ESS must have the same ESSID in order to comm unicate.
Chapter 8 Wireles s Screen NWA-3160 Series User’s Guide 122 SSID The SSID (Service Set IDenti fier) identifies the Service Set with which a wireless station is associated. Wireless stations a ssoci ating to the access point (AP) must have the same SSID.
Chapter 8 Wireless Scre en NWA-3160 Series User’s Guide 123 • You must us e different WE P keys for different BSSs. If two stations have different BSSIDs (they are in differen t BSSs), but have the same WEP keys, they may hear each other’s communicati ons (but not communicate with each other).
Chapter 8 Wireles s Screen NWA-3160 Series User’s Guide 124 The following table describes t he genera l wireless LAN labels in this screen. Table 23 Wireless: Acc ess Point LABEL DESCRIPTION Operating Mode Select Access Point from the drop-down list.
Chapter 8 Wireless Scre en NWA-3160 Series User’s Guide 125 Disable channel switching for DFS This field displays only when you select 802.11a or 802.11 n/a in the 802.11 Radio Mode field. Select this if you do not want to use DFS (Dynamic Frequency Selection).
Chapter 8 Wireles s Screen NWA-3160 Series User’s Guide 126 Beacon Interval When a wirelessly networked device sends a beacon, it includes with it a beacon interval.
Chapter 8 Wireless Scre en NWA-3160 Series User’s Guide 127 8.2.2 Bridge / Repeater Mode Use this screen to have the NWA act as a wireless network bridge / repeater and establish wireless links with ot her APs. You need to know the MAC address of t he peer device, which also must be in bridge / repeater mode.
Chapter 8 Wireles s Screen NWA-3160 Series User’s Guide 128 Note: You can view an example of this se tup in Section 8.3.3 on page 146 . Figure 77 Wireless: Bridge / Repeater.
Chapter 8 Wireless Scre en NWA-3160 Series User’s Guide 129 The following table describes t he bridge labels in this s creen. Table 24 Wireless: Bridge / Repeater LABEL DESCRIPTIONS Operating Mode Select Bridge / Repeater in this field. 802.11 mode This makes sure that only compliant WLAN devices can associate with the NWA.
Chapter 8 Wireles s Screen NWA-3160 Series User’s Guide 130 Disable channel switching for DFS This field displays only when you select 802.11a or 80 2.11n/a in the 802.11 Radi o Mode field. Sel ect this if you do not want to use DFS (Dynamic Frequency Selection).
Chapter 8 Wireless Scre en NWA-3160 Series User’s Guide 131 Output Po wer Set the output power of the NWA in this field. If there is a high density of APs in an area, decrease the output power of the NWA to reduce interference with other APs. Select from 100% (Full Power) , 50% , 25% , 12 .
Chapter 8 Wireles s Screen NWA-3160 Series User’s Guide 132 TKIP Select this to enable Temporal Key Integrity Protocol (TKIP) s ecurity on your WDS. This option is compatible with other ZyXEL access points that support WDS security. Use this if the other access points on your network support WDS security but do not have an AES option.
Chapter 8 Wireless Scre en NWA-3160 Series User’s Guide 133 8.2.3 AP + Bridge Mode Use this screen to have the NWA function as a bridge and access point simultaneously.
Chapter 8 Wireles s Screen NWA-3160 Series User’s Guide 134 The following table describes t he bridge labels in this s creen. Table 25 Wireless: AP + Bridge LABEL DESCRIPTIONS Operating Mode Select AP + Repeater in this field. 802.11 mode This makes sure that only compliant WLAN devices can associate with the NWA.
Chapter 8 Wireless Scre en NWA-3160 Series User’s Guide 135 Disable channel switching for DFS This field displays only when you select 802.11a or 80 2.11n/a in the 802.11 Radi o Mode field. Sel ect this if you do not want to use DFS (Dynamic Frequency Selection).
Chapter 8 Wireles s Screen NWA-3160 Series User’s Guide 136 Beacon Interval When a wirelessly networked device sends a beacon, it includes with it a beacon interval.
Chapter 8 Wireless Scre en NWA-3160 Series User’s Guide 137 MCS Table The MCS Rate table is available only when 802. 11n/g or 802.11n/a is selected as the 802.11 Radio Mode . IEEE 802.11n supports many different data rates which are called MCS rates.
Chapter 8 Wireles s Screen NWA-3160 Series User’s Guide 138 Enable Antenna Diversity (For NWA-3160 and NWA-3163 only) Select this to use antenna diversity. Antenna diversity uses multiple antennas to reduce signal interference. Enable Spanning Tree Control (STP) (R)STP ( Section 8.
Chapter 8 Wireless Scre en NWA-3160 Series User’s Guide 139 8.2.4 MBSSID Mode Use this screen to have the NWA function in MBSSID mode. Select MBSSID as the Operating Mode .
Chapter 8 Wireles s Screen NWA-3160 Series User’s Guide 140 The following table describes t h e labels in this screen. Table 26 Wireless: MBSSID LABEL DESCRIPTION Operating Mode Select MBSSID in this field to display the screen as shown 802.11 Mode This makes sure that only compliant WLAN devices can associate with the NWA.
Chapter 8 Wireless Scre en NWA-3160 Series User’s Guide 141 Disable channel switching for DFS This field displays only when you select 802.11a or 802.11n/a in the 802.11 Radio Mode field. Select this if you do not want to use DFS (Dynamic Frequency Selection).
Chapter 8 Wireles s Screen NWA-3160 Series User’s Guide 142 Beacon Interval When a wirelessly networked device sends a beacon, it includes with it a beacon interval.
Chapter 8 Wireless Scre en NWA-3160 Series User’s Guide 143 8.3 Technical Reference This section provides technical backg round information about the topics covered in this chapter. Select SSID Profile An SSID profile is the set of parameters relating to one of the NWA’s BSSs.
Chapter 8 Wireles s Screen NWA-3160 Series User’s Guide 144 8.3.1 Spanning Tree Protocol (STP) Spanning Tree Protocol (STP) detects an d breaks network loops and provides backup links between switches, bridg es or ro uters.
Chapter 8 Wireless Scre en NWA-3160 Series User’s Guide 145 8.3.1.3 How STP Works After a bridge determines the lowest cost - spanning tree with STP, it enables the root port and the ports that are the designated ports for connected LANs, and disables all other ports that participate in STP.
Chapter 8 Wireles s Screen NWA-3160 Series User’s Guide 146 radar activity on the channel you select, it automatically instructs the wireless clients to move to another channel , th en resumes communications on the new channel. 8.3.3 Roaming A wireless station is a device with an IEEE 802.
Chapter 8 Wireless Scre en NWA-3160 Series User’s Guide 147 with other APs (Non-ZyXEL APs may no t be able to perform this). 802.1x authentication information is not ex changed (a t the time of writing). Figure 80 Roaming Example The steps below des cribe the roaming process.
Chapter 8 Wireles s Screen NWA-3160 Series User’s Guide 148 • The adjacent access points should us e different radio channels when thei r coverage areas overlap.
NWA-3160 Series User’s Guide 149 C HAPTER 9 SSID Screen 9.1 Overview This chapter describes how you can conf igure Service Set Identifier (SSID) profiles in your NWA.
Chapter 9 SSID Screen NWA-3160 Series User’s Guide 150 9.1.2 What You Need To Know About SSID The following terms and conc epts may help as you read through this chapter.
Chapter 9 SSID Screen NWA-3160 Series User’s Guide 151 9.2 The SSID Screen Use this screen to select the SSID pr ofile you want to configure. Click Wireless > SSID to display the screen as shown. Figure 83 SSID The following table describes t h e labels in this screen.
Chapter 9 SSID Screen NWA-3160 Series User’s Guide 152 9.2.1 Configuring SSID Use this screen to configure an SSID profile. Select an SSID profile in Wireless > SSID and click Edit to display the following screen. Figure 84 Configuring SSID The following table describes t h e labels in this screen.
Chapter 9 SSID Screen NWA-3160 Series User’s Guide 153 9.3 Technical Reference This section provides technical backg round information about the topics covered in this chapter. 9.3.1 WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Servi ce) ensures quality of service in wireless networks.
Chapter 9 SSID Screen NWA-3160 Series User’s Guide 154 On APs without WMM QoS, all traffic stream s are gi ven the same access priori ty to the wireless network.
Chapter 9 SSID Screen NWA-3160 Series User’s Guide 155 typical data packet sizes. Note that the figures given are mere ly exa mples - sizes may differ according to app lication and ci rcumstances. When ATC is activated, the devi ce sends tr af fic with smaller packets before t raffic with larger packets if t he network is congested.
Chapter 9 SSID Screen NWA-3160 Series User’s Guide 156 9.3.3.1 ATC+WMM from LAN to WLAN ATC +W MM fro m LA N ( th e wi re d Lo ca l A rea Ne two rk ) to WL AN ( th e Wi re les s Lo ca l Area Network) allow s WMM prioritizati on of packets that do not already have WMM QoS priorities assi gned.
Chapter 9 SSID Screen NWA-3160 Series User’s Guide 157 based on the application types and traffi c flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the leve l of service desire d.
Chapter 9 SSID Screen NWA-3160 Series User’s Guide 158 The followin g table lis ts which WM M QoS pr iority level the NWA uses for specific DSCP values. Table 36 ToS and IEEE 802.1d t o WMM QoS Priority Level Mapping DSCP VALUE WMM QOS PRIORITY LEVEL 224, 192 voice 160, 128 video 96, 0 A A.
NWA-3160 Series User’s Guide 159 C HAPTER 10 Wireless Security Screen 10.1 Overview This chapter describes how to use t h e Wireless Securit y screen. This screen allows you to configure the security mode for your NWA. Wireless security is vital t o your net w ork.
Chapter 10 Wire less Security Screen NWA-3160 Series User’s Guide 160 10.1.2 What You Need To Know About Wireless Security The following terms and conc epts may help as you read through this chapter. User Authentication Authentication is the process of verifyin g whether a wireless device is allowed to use the w ireless net work.
Chapter 10 Wire less Security Sc reen NWA-3160 Series User’s Guide 161 • 802.1x-Static64. This provides 802.1x-Only authentication with a static 64bit WEP key and an au thentic ation server. • 802.1x-Static128 . This provides 802.1x-Only authentication with a static 128bit WEP key and an au thenti cation server.
Chapter 10 Wire less Security Screen NWA-3160 Series User’s Guide 162 Use this screen to choose and edi t a security profil e. Click Wirele ss > Security . The following screen displays. Figure 87 Wirele ss Security The following table describes t h e labels in this screen.
Chapter 10 Wire less Security Sc reen NWA-3160 Series User’s Guide 163 After sele cting t he securi ty profile y ou wa nt to edit, the following screen appears. Enter the name you want to call this security profile in the Profile Name field. Figure 88 Security Profile The next screen varies according to the Security Mode you select.
Chapter 10 Wire less Security Screen NWA-3160 Series User’s Guide 164 Authentication Method There are two types of WEP authentication namely, O pen System and Shared Key. Open system is implemented for ease-of-use and when security is not an issue. The wireless station and the AP or peer computer do not share a secret key.
Chapter 10 Wire less Security Sc reen NWA-3160 Series User’s Guide 165 10.2.2 Security: 802.1x Only Use this screen to set t he selected profile to 802.1x Only securi ty mode. Select 802.1x-Only in the Security Mode field to dis p lay the following screen.
Chapter 10 Wire less Security Screen NWA-3160 Series User’s Guide 166 10.2.3 Security: 802.1x Static 64-bit, 802.1x Static 128-bit Use this screen to set the selected prof ile to 802.1x Static 64 or 802.1x Stati c 128 security mode. Select 802. 1x Static 64 or 802.
Chapter 10 Wire less Security Sc reen NWA-3160 Series User’s Guide 167 10.2.4 Security: WPA Use this screen to set the selected profil e t o Wi-Fi Protected Access (WPA) security mode. Select WPA in the Security Mode field to display the followi ng screen.
Chapter 10 Wire less Security Screen NWA-3160 Series User’s Guide 168 10.2.5 Security: WPA2 or WPA2-MIX Use this screen to set the selected prof ile to WPA2 or WPA2-MIX security mode. Select WPA2 or WPA2-MIX in the Security Mode field to display the following screen.
Chapter 10 Wire less Security Sc reen NWA-3160 Series User’s Guide 169 The following table descri bes the labels not previously discussed Table 43 Security: WPA2 or WPA2-MI X LABEL DESCRIPTIONS Profile Name Type a name to identify this security profile.
Chapter 10 Wire less Security Screen NWA-3160 Series User’s Guide 170 10.2.6 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX Use this screen to set the selected prof ile to WP A-PSK, WPA2 -PSK or WPA2-PSK- MIX security mode. Select WPA-PSK , WP A2-PSK or WPA2-PSK-MIX in the Security Mode field to display the following screen.
Chapter 10 Wire less Security Sc reen NWA-3160 Series User’s Guide 171 10.3 Technical Reference This section provides technical background information on the topics discuss e d in this chapter. The following is a general guideline in ch oosing the security mode for your NWA.
Chapter 10 Wire less Security Screen NWA-3160 Series User’s Guide 172.
NWA-3160 Series User’s Guide 173 C HAPTER 11 RADIUS Screen 11.1 Overview This chapter describes how you can use the Wireless > RADIUS scr een. Remote Authentication Dial In User Serv ice (RADIUS) is a protocol that can be used to manage user access to large ne tworks.
Chapter 11 RADIUS Screen NWA-3160 Series User’s Guide 174 11.1.1 What You Can Do in the RADIUS Screen Use the Security > RADIUS screen (see Section 11.2 on page 175 ) if you want to authen ticate w ireless users usi ng a RADIUS Server and/or Accounting Server.
Chapter 11 RADIUS Screen NWA-3160 Series User’s Guide 175 11.2 The RADIUS Screen Use this screen to set up your NWA’s RADIUS server settings. Click Wireless > RADIUS . The screen appears as shown. Figure 96 RADIUS The following table describes t h e labels in this screen.
Chapter 11 RADIUS Screen NWA-3160 Series User’s Guide 176 Internal Select this check box to use the NWA’s internal authentication server. The Active , RADIUS Server IP Address , RADIUS S erver Port and Share Secret fields are not available when you use the internal authentication server.
NWA-3160 Series User’s Guide 177 C HAPTER 12 Layer-2 Isolation Screen 12.1 Overview Layer-2 isolation is used t o prevent wireless clients associat ed with your NWA from communicating with other wireless c lients, APs, computers or routers in a network.
Chapter 12 Layer-2 Iso lation Screen NWA-3160 Series User’s Guide 178 communicating with the NWA’s wireless clients except for broadcast packets . Layer-2 isolation does not check the traffic between wireless clients that are associated with the same AP.
Chapter 12 Layer-2 Isolation Screen NWA-3160 Series User’s Guide 179 12.2 The Layer-2 Isolation Screen Use this screen to select and configure a layer-2 isolation profile. Click Wire less > Layer-2 Isolation . The screen appears as shown next. Figure 98 Layer 2 Isolati on The following table describes t h e labels in this screen.
Chapter 12 Layer-2 Iso lation Screen NWA-3160 Series User’s Guide 180 12.2.1 Configuring Layer-2 Isolation Use this scre en to specify th e configura tion for your lay er-2 isolat ion profile. Select a layer-2 isolation profile in Wireless > Layer-2 Isolation and click Edit to display the following screen.
Chapter 12 Layer-2 Isolation Screen NWA-3160 Series User’s Guide 181 12.3 Technical Reference This section provides technical background information on the topics discuss e d in this chapter. The figure that follows i llustrates two ex ample layer-2 isol ation configurations on your NWA ( A ).
Chapter 12 Layer-2 Iso lation Screen NWA-3160 Series User’s Guide 182 Example 1: Restricti ng Access to Server In the following example wireless clients 1 and 2 can communicate with file server C , but not access point B or wireless client 3 .
NWA-3160 Series User’s Guide 183 C HAPTER 13 MAC Filter Screen 13.1 Overview This chapter discusses how you can use the Wireless > MAC Filter sc reen. The MAC filter function allows you to co nfigure the NWA t o grant access to devices (Allow Association) or excl ude devices from acc essing the NWA (Deny Association).
Chapter 13 MAC Filt er Screen NWA-3160 Series User’s Guide 184 characters, for example, 00:A0:C5:00:00: 02. You need to know the MAC address of each device to configure MAC fi ltering on the NWA. 13.2 The MAC Filter Screen The MAC filter profile is a user-configured list of MAC addresse s.
Chapter 13 MAC Filter Scr een NWA-3160 Series User’s Guide 185 13.2.1 Configuring the MAC Filter To change your NWA’s MAC filter setti ngs, click WIRELESS > MAC Filter > Edit .
Chapter 13 MAC Filt er Screen NWA-3160 Series User’s Guide 186 Note: If you configure both the MAC Address Filter table and Group Settings table and a client matches a MAC address specified in both table s, the settings in the Group Settings is applied by the NWA first.
NWA-3160 Series User’s Guide 187 C HAPTER 14 IP Screen 14.1 Overview The Internet Protocol (IP) address iden tifies a devi ce on a network. Every networking device (including comput ers, se rvers, routers, printers, etc.) needs an IP address to communicate across the netw ork.
Chapter 14 IP Screen NWA-3160 Series User’s Guide 188 These parameters should work fo r the majority of installations. 14.2 The IP Screen Use this screen to configure the IP address for y our NWA . Click IP to display the following screen. Figure 107 IP Setup The following table describes t h e labels in this screen.
Chapter 14 IP Scree n NWA-3160 Series User’s Guide 189 14.3 Technical Reference This section provides technical backg round information about the topics covered in this chapter. 14.3.1 WAN IP Address Assignment Every computer on the Internet must have a unique IP address.
Chapter 14 IP Screen NWA-3160 Series User’s Guide 190.
NWA-3160 Series User’s Guide 191 C HAPTER 15 Rogue AP Detection 15.1 Overview Rogue APs are wireless access points operat ing in a network’s co verage area t hat are not under the control of the network’s administrators, and can open up holes in a network’s security.
Chapter 15 Rogue AP Detection NWA-3160 Series User’s Guide 192 In the example above, a corporate networ k’ s security is compromised by a rogue AP ( R ) set up by an employee at his workst ation in order to allow him to connect his notebook computer wirelessly ( A ).
Chapter 15 Rogue AP Detectio n NWA-3160 Series User’s Guide 193 The friend ly AP list d isplays d etails of a ll the acce ss point s in your area t hat you k n o w a r e n o t a t h r e a t . I f y o u h a v e m o r e t h a n o n e A P i n y o u r n e t w o r k , y o u n e e d t o configure this list to include your ot her AP s.
Chapter 15 Rogue AP Detection NWA-3160 Series User’s Guide 194 This scenario can also be part of a wirele ss deni al of service (DoS) at tack, in which associated wireless clients are deprived of network access. Other opportunities for the attacker include the in troduction of malware (malicious software) into t he network.
Chapter 15 Rogue AP Detectio n NWA-3160 Series User’s Guide 195 15.2.1 Friendly AP Screen Use this screen to specif y APs as trusted. Click Ro gue AP > Friendly AP . Th e following screen appears: Figure 111 Rogue AP Friendly AP The following table describes t h e labels in this screen.
Chapter 15 Rogue AP Detection NWA-3160 Series User’s Guide 196 15.2.2 Rogue AP Screen Use this scren to dis play details of all wireless access p oints within the NWA’s coverage area. Click Rogue AP > Rogue AP . The following screen displays. Figure 112 Rogue AP The following table describes t h e labels in this screen.
Chapter 15 Rogue AP Detectio n NWA-3160 Series User’s Guide 197 MAC Address This field displays the Medi a Access Control (MAC) address of the AP. All wireless devices have a MAC address that uniquely identifies them. SSID This field displays the Service Set IDentifier (also known as the networ k name) of the AP.
Chapter 15 Rogue AP Detection NWA-3160 Series User’s Guide 198.
NWA-3160 Series User’s Guide 199 C HAPTER 16 Remote Management Screens 16.1 Overview This chapter shows you how to enable remote management of your NWA. It provides information on dete rmining which services or protocols can access which of the NWA’s interfac es.
Chapter 16 Remo te Management Screens NWA-3160 Series User’s Guide 200 16.1.1 What You Can Do in th e Remote Management Screens •U s e t h e Telnet screen (see Section 16.2 on page 202 ) to con figure through which interface(s) and from which IP a ddress(es) you can use Telnet to manage the NWA.
Chapter 16 Remot e Manageme nt Screens NWA-3160 Series User’s Guide 201 Note: SNMP is only available if TCP/IP is con figured. Figure 114 SNMP Manageme nt Mode An SNMP managed network consists of tw o main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the NWA).
Chapter 16 Remo te Management Screens NWA-3160 Series User’s Guide 202 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The NWA automatically logs you out if the management session remains idle for longer t han this timeout period.
Chapter 16 Remot e Manageme nt Screens NWA-3160 Series User’s Guide 203 16.3 The FTP Screen You can uplo ad and download t he NWA’s firmware and conf iguration files usi ng FTP.
Chapter 16 Remo te Management Screens NWA-3160 Series User’s Guide 204 To change your NWA’s FTP settings, cl ick REMOTE MGMT > FTP . The following screen displays. Figure 116 Remote Manageme nt: FTP The following table describes t h e labels in this screen.
Chapter 16 Remot e Manageme nt Screens NWA-3160 Series User’s Guide 205 To change your NWA’s WWW settings, click REMOTE MGNT > WWW . The following screen shows. Figure 117 Remote Manageme nt: WWW The following table describes t h e labels in this screen.
Chapter 16 Remo te Management Screens NWA-3160 Series User’s Guide 206 Server Port The HTTPS proxy server listens on port 443 by default. If you change the HTTPS proxy serv er port to a different n .
Chapter 16 Remot e Manageme nt Screens NWA-3160 Series User’s Guide 207 16.5 The SNMP Screen Use this screen to have a manager st ation administrate your NWA over the network. To change your NWA’s SNMP settings, click REMOTE MGMT > SNMP . The following screen displays.
Chapter 16 Remo te Management Screens NWA-3160 Series User’s Guide 208 SNMP Version Select the SNMP version for the NW A. The SNMP version on the NWA must match the version on the SNMP manager. Choose SNMP version 1 ( SNMPv1 ), SNMP version 2 ( SNMPv2 ) or SNMP version 3 ( SNMPv3 ).
Chapter 16 Remot e Manageme nt Screens NWA-3160 Series User’s Guide 209 16.5.1 SNMPv3 User Profile Use this screen to configure the SNMPv3 profile. Click Conf igure SNMPv3 User Profile in the REMOTE MGMT > SNMP screen, the following screen displays.
Chapter 16 Remo te Management Screens NWA-3160 Series User’s Guide 210 16.6 Technical Reference This section provides some technical ba ckground information about the topic s covered in this chapter.
Chapter 16 Remot e Manageme nt Screens NWA-3160 Series User’s Guide 211 device. Examples of variables incl ude such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP itself is a si mple reques t/response protocol based on the manager/ agent model.
Chapter 16 Remo te Management Screens NWA-3160 Series User’s Guide 212 Some traps include an SNMP interface index. The following table maps the SNMP interface indexes to the NWA’s physical and virtual ports. authenticationFailure (defined in RFC-1215 ) 1.
NWA-3160 Series User’s Guide 213 C HAPTER 17 Internal RADIUS Server 17.1 Overview This chapter describes how the NWA can use its internal RADIUS s e rver to authenticate wireless clients. Remote Authentication Dial In User Serv ice (RADIUS) is a protocol that enables you to control acce ss to a network b y authentica ting user creden tials.
Chapter 17 Internal RADIUS Server NWA-3160 Series User’s Guide 214 17.1.1 What You Can Do in this Chapter •U s e t h e Setting screen (see Section 17.2 on page 214 ) to turn the NWA’s internal RADIUS server of f or on an d to view informa tion about the NW A’s certificates.
Chapter 17 Internal RADIUS Server NWA-3160 Series User’s Guide 215 The following table describes t h e labels in this screen. Table 62 Internal RADIUS Server Setting LABEL DESCRIPTION Active Select this to have the NWA use its internal RADIUS server to authenticate wireless clients or other APs.
Chapter 17 Internal RADIUS Server NWA-3160 Series User’s Guide 216 17.3 The Trusted AP Screen Use this screen to specif y APs as trusted. Click AUTH. SERVER > Trusted AP. The following screen displays. Figure 122 Trusted AP Screen The following table describes t h e labels in this screen.
Chapter 17 Internal RADIUS Server NWA-3160 Series User’s Guide 217 17.4 The Trusted Users Screen Use this screen to conf igure trusted user entries. Clic k AUTH. SERVER > Trusted Users . The following screen displays. Figure 123 Trusted Users The following table describes t h e labels in this screen.
Chapter 17 Internal RADIUS Server NWA-3160 Series User’s Guide 218 17.5 Technical Reference This section provides some technical ba ckground information about the topic s covered in this chapter. A trusted AP is an AP that uses the NWA’ s internal RADIUS server to authenti cate its wireless client s.
Chapter 17 Internal RADIUS Server NWA-3160 Series User’s Guide 219 PEAP (Protected EAP) and MD5 authentica ti on is implemented on the internal RADIUS server using simple us ername and password methods over a secure TLS connection.
Chapter 17 Internal RADIUS Server NWA-3160 Series User’s Guide 220.
NWA-3160 Series User’s Guide 221 C HAPTER 18 Certificates 18.1 Overview This chapter describes how your NWA can use certificates as a means of authenticating wireless cl ients. It gi ve s background information about p ublic-key certificates and explains how to use them.
Chapter 18 Certificates NWA-3160 Series User’s Guide 222 18.1.2 What You Need To Know About Certificates The following terms and conc epts may help as you read through this chapter. The NWA also trusts any valid certifi cate si gned by any of the imported trusted CA certificates .
Chapter 18 Certificates NWA-3160 Series User’s Guide 223 The following table describes t h e labels in this screen. Table 65 Certificates > My Certificates LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the NWA’s PKI storage space that is currently in use.
Chapter 18 Certificates NWA-3160 Series User’s Guide 224 18.2.1 My Certificates Import Screen Use this screen to import a certificate from your loc al computer to the NWA. Note: You can import only a certificate that matches a corresponding certification request that was generated by the NWA.
Chapter 18 Certificates NWA-3160 Series User’s Guide 225 Note: You must remove any spaces from the certificate ’s filename before you can import it. Figure 127 Certificates > My Certif icates Import The following table describes t h e labels in this screen.
Chapter 18 Certificates NWA-3160 Series User’s Guide 226 18.2.2 My Certificates Create Screen Use this screen to have the NWA create a self-signed certificate, enroll a certificate with a certification authorit y or generate a certification request.
Chapter 18 Certificates NWA-3160 Series User’s Guide 227 Common Name Select a radio button to id entify the certificate’s owner by IP address, domain name or e-mail address. Type the IP address (in dotted decimal notation), domain name or e-mail address in the field provided.
Chapter 18 Certificates NWA-3160 Series User’s Guide 228 After you click Apply in the My Certificate Create screen, you see a screen that tells you the NWA is generating the self-sig ned certific ate or certification request.
Chapter 18 Certificates NWA-3160 Series User’s Guide 229 18.2.3 My Certificates Details Screen Use this screen to view in-depth ce rtificate information and change the certificate’s name.
Chapter 18 Certificates NWA-3160 Series User’s Guide 230 The following table describes t h e labels in this screen. Table 68 Certificates > My Certificate Details LABEL DESCRIPTION Name This field displays the identifying na me of this certificate .
Chapter 18 Certificates NWA-3160 Series User’s Guide 231 Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable.
Chapter 18 Certificates NWA-3160 Series User’s Guide 232 18.3 Trusted CAs Screen Use this screen to view the list of trus t ed certificates. The NWA accepts any valid certificate signed by a certif ication aut hority on this list as being trustworthy.
Chapter 18 Certificates NWA-3160 Series User’s Guide 233 18.3.1 Trusted CAs Import Screen Use this screen to save a t rusted certification authorit y’s certificate to the NWA. Click Certificates > Trusted CAs to op en the Trusted CAs screen and then click Import to open the Trusted CAs Import screen.
Chapter 18 Certificates NWA-3160 Series User’s Guide 234 The following table describes t h e labels in this screen. 18.3.2 Trusted CAs Details Screen Use this screen to view in-depth inform ation ab.
Chapter 18 Certificates NWA-3160 Series User’s Guide 235 The following table describes t h e labels in this screen. Table 71 Certificates > Trusted CAs Details LABEL DESCRIPTION Name This field displays the identifying na me of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate.
Chapter 18 Certificates NWA-3160 Series User’s Guide 236 Valid To This field displays the date that the certificate expires. The text displays in red and includes an Expiring! or Expired! message if the certificate is about to expire or has already expired.
Chapter 18 Certificates NWA-3160 Series User’s Guide 237 18.4 Technical Reference This section provides technical backg round information about the topics covered in this chapter. 18.4.1 Private-Public Certificates When using public-key cryptology for auth enticat ion, each host has two keys.
Chapter 18 Certificates NWA-3160 Series User’s Guide 238 18.4.3 Checking the Finger print of a Certificate A certificate’s fingerprints are message di gests calculated using the MD5 or SHA1 algorithms. The following procedure describes how to check a certificate’s fingerprint to verify that you have the actual certifi cate.
NWA-3160 Series User’s Guide 239 C HAPTER 19 Log Screens 19.1 Overview This chapter provides information on vi ewing and ge nerating logs on your NWA. Logs are files that contain recorded netw ork activity over a set period. They are used by administrators to monitor t he he alth of the computer system(s) they are managing.
Chapter 19 Log Scre ens NWA-3160 Series User’s Guide 240 •U s e t h e Log Settings screen ( Section 19.3 on page 242 ) to configure where and when the NWA will send the logs, and which logs and/ or immediate alerts it will send. 19.1.2 What You Need To Know About Logs The following terms and conc epts may help as you read through this chapter.
Chapter 19 Log Screens NWA-3160 Series User’s Guide 241 Click Logs > V iew Log . The following screen displays. Figure 136 Logs > View Log The following table describes t h e labels in this screen.
Chapter 19 Log Scre ens NWA-3160 Series User’s Guide 242 19.3 The Log Settings Screen Use this screen to configure w here an d when the NWA will send the logs, and which logs and/or immediat e alerts to send. Click Logs > Log Settings . The following screen di splays.
Chapter 19 Log Screens NWA-3160 Series User’s Guide 243 The following table describes t h e labels in this screen. Table 73 Logs > Log Setting s LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e- mail addresses specified below.
Chapter 19 Log Scre ens NWA-3160 Series User’s Guide 244 19.4 Technical Reference This section provides some technical ba ckground information about the topic s covered in this chapter. 19.4.1 Example Log Messages This section provides description s of some example log messag es.
Chapter 19 Log Screens NWA-3160 Series User’s Guide 245 Table 75 ICMP Notes TYPE CODE DESCRIPTION 0 Echo Reply 0 Echo reply message 3 Destination Unreachable 0 Net unreachable 1 Host un reac hable 2.
Chapter 19 Log Scre ens NWA-3160 Series User’s Guide 246 19.4.2 Log Commands Go to the command interpre ter interface (ref er to Appendix E on page 357 for a discussion on how to access and use the command s).
Chapter 19 Log Screens NWA-3160 Series User’s Guide 247 19.4.5 Log Command Example This example shows how to set the NWA to record the error logs and alerts and then view the results. ras> sys logs load ras> sys logs category error 3 ras> sys logs save ras> sys logs display access #.
Chapter 19 Log Scre ens NWA-3160 Series User’s Guide 248.
NWA-3160 Series User’s Guide 249 C HAPTER 20 VLAN 20.1 Overview This chapter discusses how to conf igure VLAN on the NWA. A VLAN (Virtual Local Area Network) allo ws a physical network to be partitioned into multiple logi cal networks. Stations on a logical network can belong to one or more groups.
Chapter 20 VLAN NWA-3160 Series User’s Guide 250 20.1.2 What You Need To Know About VLAN The following terms and conc epts may help as you read through this chapter. When you use wirel ess VLAN and RADIUS VLAN together, the NWA first tries to assign VLAN IDs based on RADIUS VLAN co nfiguration.
Chapter 20 VLAN NWA-3160 Series User’s Guide 251 20.2 Wireless VLAN Screen Use this screen to enable and c onfigure your Wireless Virtual LAN setup. Click VLAN > Wireless VLAN .
Chapter 20 VLAN NWA-3160 Series User’s Guide 252 20.2.1 RADIUS VLAN Screen Use this screen to configure your RADIUS Virtual LAN setup. Your RADIUS server assigns VLAN IDs to a user or user group’ s traffic based on what you set in this screen. Native VLAN Check this to assign the Management VLAN ID as a Native VLAN.
Chapter 20 VLAN NWA-3160 Series User’s Guide 253 Click VLAN > RADIUS VLAN . The following screen appears. Figure 140 VLAN > RADIUS VLAN The following table describes t h e labels in this screen.
Chapter 20 VLAN NWA-3160 Series User’s Guide 254 20.3 Technical Reference This section provides some technical ba ckground information and configuration examples abou t the topic s covered in th is chapte r. 20.3.1 VLAN Tagging The NWA supports IEEE 802.
Chapter 20 VLAN NWA-3160 Series User’s Guide 255 On an Ethernet switch, create a VLAN th at has the same management VLAN ID as the NWA. The followi ng figure has the NWA connected to port 2 and your computer connected to port 1. The management VLAN ID i s 10.
Chapter 20 VLAN NWA-3160 Series User’s Guide 256 8 Click Apply . The foll owing screen displays. Figure 143 VLAN-A ware Switch 9 Click VLAN S tatus to display the following screen. Figure 144 VLAN-Aware Switch - VLAN Status Follow the instructions in the Quick Start Guide to set up your NWA for configura tion.
Chapter 20 VLAN NWA-3160 Series User’s Guide 257 3 Click Apply . Figure 145 VLAN Setup 4 The NWA attempts to connect with a VL AN-aware device. You can now access and mange the NWA though the Ethernet switch. Note: If you do not connect the NWA to a correctly configured VLAN-aware device, you will lock yourself out of the NWA.
Chapter 20 VLAN NWA-3160 Series User’s Guide 258 ZyXEL uses the following standard RADIUS attributes returned from Microso ft’s IAS RADIUS service to place the wire less station into the correct V.
Chapter 20 VLAN NWA-3160 Series User’s Guide 259 1c Select the Security Group type parameter check box. 1d Click OK . Figure 146 New Global Security Group 2 In VLAN Group ID Properties , click th e Members tab. Note: The IAS uses group memberships to dete rmine which user accounts belong to which VLAN groups.
Chapter 20 VLAN NWA-3160 Series User’s Guide 260 1 Using the Remote Access Policy option on the Internet Authentication Service management interface, create a new VLAN Policy for each VLAN Group defined in the previous section. The or der of the remote access policies is important.
Chapter 20 VLAN NWA-3160 Series User’s Guide 261 3 In the Select Attribute screen, click Wind ows-Groups and the Add button. Figure 149 Specifyin g Windows-Group Condition 4 The Select Groups window displ ays. Sele ct a remote ac cess poli cy and click the Add button.
Chapter 20 VLAN NWA-3160 Series User’s Guide 262 6b Click the Edit Profile button. Figure 151 Granting Permissions a nd User Profile Screen s 7 The Edit Dial-in Profile screen displays. Click the Authentication tab and select the Extensible Authentication Protocol check box.
Chapter 20 VLAN NWA-3160 Series User’s Guide 263 8 Click the Encryption tab. Select the Strongest encryption option. This step is not required for EAP-MD5, but is performed as a safeguard. Figure 153 Encryp tion Tab Settings 9 Click the IP tab and select the Client may request an IP address check box for DHCP support.
Chapter 20 VLAN NWA-3160 Series User’s Guide 264 11 The RADIUS Attribute screen di splays. From the list, three RADIUS attributes will be added: • Tunnel-Medium-T ype • Tunnel-Pvt-Group-ID • Tunnel-Type 11a Click the Add button 11b Select Tunnel-Medium-Type 11c Click the Add button.
Chapter 20 VLAN NWA-3160 Series User’s Guide 265 13 Return to the RADIUS Attribute Screen shown as Figure 155 on page 264 . 13a Select Tunnel-Pvt-Group-ID. 13b Click Add . 14 The Attribute Information scre en displays. 14a In the Enter the attribute value in: field select String and type a number in the range 1 to 4094 or a Name for this policy.
Chapter 20 VLAN NWA-3160 Series User’s Guide 266 16b Click OK . Figure 158 VLAN Attribute Setting for Tunnel-Type 17 Return to the RADIUS Attribute Screen shown as Figure 155 on page 264 . 17a Click the Close button. 17b The completed Advanced tab config uration should re semble the fol lowing screen.
Chapter 20 VLAN NWA-3160 Series User’s Guide 267 20.3.4 Second Rx VLAN ID Example In this example, the NWA is configured to tag packets from SSID01 with VLAN ID 1 and tag packets from SSID02 with VLAN ID 2. VLA N 1 and VLAN 2 ha ve access to a server, S , and the Internet, as show n in the follo wing fi gure.
Chapter 20 VLAN NWA-3160 Series User’s Guide 268 2 Click VLAN > Wireless VLAN . 3 If VLAN is not already enabled, click Ena ble Virtual LAN and set up the Management VLAN ID (see Section 20.
NWA-3160 Series User’s Guide 269 C HAPTER 21 Load Balancing 21.1 Overview Wireless load balancing is the process whereby you limit the number of connections allowed on an wireless access point (AP) or you limit the amount of wireless traffic transmitted and received on it .
Chapter 21 Load Balancing NWA-3160 Series User’s Guide 270 Imagine a coffee shop in a crowded business distri ct that offers free wireless connectivity to its customers. The c off ee shop owner can’t possibly know how many connections his NWA w ill have at an y given moment.
Chapter 21 L oad Balancing NWA-3160 Series User’s Guide 271 The requirements for load balanc ing are fair ly straight forward an d should be met in order for a gr oup of similar NWAs to t ake advantage of the feature: • They should all be within t he same subnet.
Chapter 21 Load Balancing NWA-3160 Series User’s Guide 272 21.2.1 Disassociating and Delaying Connections When your AP becomes overloaded, there are two basic responses it c an take.
Chapter 21 L oad Balancing NWA-3160 Series User’s Guide 273 can afford the bandwidth for it or the red la ptop is p i cked up by a different AP that has bandwidth to spare. Figure 164 Delaying a Co nnection The second response your AP can take is to kick the connecti ons that are pushing it over its balanced bandwidth allotment.
Chapter 21 Load Balancing NWA-3160 Series User’s Guide 274.
NWA-3160 Series User’s Guide 275 C HAPTER 22 Dynamic Channel Selection 22.1 Overview This chapter discusses how to configure dynamic channel selection on the NWA.
Chapter 22 Dynamic Channel Selection NWA-3160 Series User’s Guide 276 In this example, if the NWA attempts to broadcast on channels 1, 6, or 11 it is met with cross-channel interf erence from the other AP that shares the channel.
Chapter 22 Dynamic Channel Selection NWA-3160 Series User’s Guide 277 DCS Sensitivity Level Selec t the NWA’s sensitivity level toward other channels. Options are High , Medium , and Low . Generally, as long as the area in which your NWA is located has minimal interference from other devices you can set the DCS Sensitivity Level to Low .
Chapter 22 Dynamic Channel Selection NWA-3160 Series User’s Guide 278.
NWA-3160 Series User’s Guide 279 C HAPTER 23 Maintenance 23.1 Overview This chapter describes the maintenance screens. It discusses how you can view the association list and channel us age, upload new firmware, manage configuration and rest art your NW A without turning it of f and on.
Chapter 23 Maintenance NWA-3160 Series User’s Guide 280 23.2 Association List Screen Use this screen to know which wireless clie nts are associated with the NWA. Click Maintenance > Association List . The following screen displays. Figure 168 Association L ist The following table describes t h e labels in this screen.
Chapter 23 Maintenance NWA-3160 Series User’s Guide 281 23.3 Channel Usage Screen Use this screen to see what channel the wireless clients are using to associate with the NWA, as well as the signal strength and network mode. Click Maintenance > Channel Usage .
Chapter 23 Maintenance NWA-3160 Series User’s Guide 282 23.4 F/W Upload Screen Use this screen to upload firmware to your NWA. Click MAINTENANCE > F/W Up load . The following screen displa ys. Figure 170 F/W Upload The following table describes t h e labels in this screen.
Chapter 23 Maintenance NWA-3160 Series User’s Guide 283 The NWA automatically restarts in th is time causing a temporary network disconnect. In some operating systems , you may see the following icon on your desktop.
Chapter 23 Maintenance NWA-3160 Series User’s Guide 284 23.5 Configuration Screen Use this screen backup or upload your NWA’s configuration file. You can also reset the configu ration o f your device in this scre en. Click Maintenance > Configuration .
Chapter 23 Maintenance NWA-3160 Series User’s Guide 285 23.5.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your NWA. Do not turn off the NWA while co nfiguration file upload is in progress.
Chapter 23 Maintenance NWA-3160 Series User’s Guide 286 If the upload was not successful , the following screen will appear. Click Return to go back to the Configuration screen.
287 P ART III Appendices and Index Troubleshooting (289) Product Specifications (297) Power Adaptor Specifications (247) Setting up Your Computer’s IP Addres s (249) Wireless LANs (303) Pop-up Windo.
288.
NWA-3160 Series User’s Guide 289 C HAPTER 24 Troubleshooting 24.1 Overview This chapter offers some suggestions t o solve problems you might encounter.
Chapter 24 Trou bleshooting NWA-3160 Series User’s Guide 290 • Inspect your cables for damage. Contact the vendor to replace any damaged cables. • Disconnect and re-connect th e power adaptor to the NWA. • If the proble m continue s, contact the vendor.
Chapter 24 Trou bleshooting NWA-3160 Series User’s Guide 291 • The default password is 1234 . • If this does not work, you have to rese t the device to its factory defaults. See Section 2.3 on page 36 . I cannot see or access the Login screen in the w eb configurator.
Chapter 24 Trou bleshooting NWA-3160 Series User’s Guide 292 • Disconnect and re-connect the po wer adaptor or cord to the NWA. • If this does not work, you have to rese t the device to its factory defaults. See Section 2.3.1 on page 36 . I cannot access the NWA via the console port.
Chapter 24 Trou bleshooting NWA-3160 Series User’s Guide 293 The secondary controller AP’s wireless profiles do not appear in my wireless network. In case you have both primary and seco ndary controller APs in the network, the secondary controller AP’s WLAN radio is turned off as long as the primary controller AP is turned on.
Chapter 24 Trou bleshooting NWA-3160 Series User’s Guide 294 24.5 Internet Access I cannot access the Internet. • Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 24.2 on page 289 .
Chapter 24 Trou bleshooting NWA-3160 Series User’s Guide 295 Check the settings for QoS. If it is disabled, you might consider activating it. If it is enabled, you might consider rais ing or lowering the priority for some applications. 24.6 Wireless Router/AP Troubleshooting I cannot access the NWA or ping any computer fr om the WLAN.
Chapter 24 Trou bleshooting NWA-3160 Series User’s Guide 296.
NWA-3160 Series User’s Guide 297 C HAPTER 25 Product Specifications The following tables summarize the NW A’s hardware and firmware features. Table 87 Hardware Specifications Power Specification 12 V DC, 1. 5 A Reset button Returns all settings to their factory defaults.
Chapter 25 Product Specifications NWA-3160 Series User’s Guide 298 Output Power IEEE 802.11a: 5150-5250 Using single antenna: 12dBm IEEE 802.11a: 5250 - 5850 Using single antenna:18dbm IEEE 802.11b Using single antenna: 17dBm IEEE 802.11g Using single antenna: 14dBm IEEE 802.
Chapter 25 Product Specifications NWA-3160 Series User’s Guide 299 Table 88 Firmware Specifications Default IP Address 192.168.1.2 Default Subnet Mask 255.255.255.0 (2 4 bits) Default Password 1234 Wireless LAN Standards (NWA-3160, NWA-3163) IEEE 802.
Chapter 25 Product Specifications NWA-3160 Series User’s Guide 300 25.1 Wall-Mounting Instructions Complete the following steps to hang your NWA on a wall. Note: See Table 25 on page 297 for the size of screws to use an d how far apart to place them.
Chapter 25 Product Specifications NWA-3160 Series User’s Guide 301 5 Align the holes on the back of the NWA with the screws on the wall. Hang the NWA on the screws. Figure 180 Wall-mounting Examp le The following are dimensions of an M4 tap screw and masonry plug used for wall mounting.
Chapter 25 Product Specifications NWA-3160 Series User’s Guide 302.
NWA-3160 Series User’s Guide 303 A PPENDIX A Wireless LANs Wireless LAN Topologies This section discuss es ad-hoc and infr astructure wi reless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configurat ion is an in dependent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C).
Appendix A Wireless LANs NWA-3160 Series User’s Guide 304 with each other. When Int ra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with eac h other.
Appendix A Wir eless LANs NWA-3160 Series User’s Guide 305 An ESSID (ESS IDentification ) uniquely identifies each ESS. All ac cess points and their associated wirel ess clients withi n the same ESS mus t have the same ESSID in order to comm unicate.
Appendix A Wireless LANs NWA-3160 Series User’s Guide 306 RTS/CTS A hidden node occurs when two stations are within range of t he same access point, but are not within ra nge of each other.
Appendix A Wir eless LANs NWA-3160 Series User’s Guide 307 network overhead involved in the RTS (R equest To Send)/CTS (Clear to Send) handshake. If the RTS/CTS value is greater than the Fr agmentat.
Appendix A Wireless LANs NWA-3160 Series User’s Guide 308 Note: The AP and the wireless adapters MUST use the same preamble mode in order to communicate. IEEE 802.11g Wireless LAN IEEE 802.11g is fully compatible with th e IEEE 802.11b standard. This means an IEEE 802.
Appendix A Wir eless LANs NWA-3160 Series User’s Guide 309 The following figure shows the relative ef fectiveness of these wireless security methods available on your NWA. Note: You must enable the same wireless security settings on the NWA and o n all wireless clients that you want to associa te with it.
Appendix A Wireless LANs NWA-3160 Series User’s Guide 310 • Authorization Determines the network services availa bl e to authenticated users once they are connected to the network. •A c c o u n t i n g Keeps track of the client’s network activity.
Appendix A Wir eless LANs NWA-3160 Series User’s Guide 311 EAP (Extens ible Authen tication P rotocol) is an authentica tion proto col that run s on top of the IEEE 802.1x trans port mechanism in order to support multiple types of user authentic ation.
Appendix A Wireless LANs NWA-3160 Series User’s Guide 312 TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.
Appendix A Wir eless LANs NWA-3160 Series User’s Guide 313 WPA and WPA2 Wi-Fi Protected Ac cess (WPA) is a subset of the IEEE 802.11i s tandard. WPA2 (IEEE 802.11i) is a wireless se curity standard that defi nes str onger encryption, authentication and key management than WPA.
Appendix A Wireless LANs NWA-3160 Series User’s Guide 314 The Message Integrity Check (MIC) is de signed to prev ent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC.
Appendix A Wir eless LANs NWA-3160 Series User’s Guide 315 The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wirele ss client.
Appendix A Wireless LANs NWA-3160 Series User’s Guide 316 1 First enter identical p a sswords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 an d 63 ASCII characters or 64 hexadeci mal characters (including spaces and symbols).
Appendix A Wir eless LANs NWA-3160 Series User’s Guide 317 Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, whic h propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air.
Appendix A Wireless LANs NWA-3160 Series User’s Guide 318 antenna is a theoretical perfect antenna that sends out radio signal s equally well in all directions. dBi represents the t r ue gain that the antenna provi des. Types of Antennas for WLAN There are two types of antennas us ed for wireless LAN applications.
NWA-3160 Series User’s Guide 319 A PPENDIX B Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your devi ce. • JavaScripts (enabled by default). • Java permissions (enabled by default).
Appendix B Po p-up Wind ows, JavaS cripts and Ja va Permission s NWA-3160 Series User’s Guide 320 1 In Internet Explorer, select Tools , Internet Options , Privacy . 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled.
Appendix B Pop-u p Windows, JavaScri pts and Java Permissions NWA-3160 Series User’s Guide 321 2 Select Settings… to open the Pop-up Blocker Settings screen. Figure 190 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http ://”.
Appendix B Po p-up Wind ows, JavaS cripts and Ja va Permission s NWA-3160 Series User’s Guide 322 4 Click Add to move the IP address to the list of Allowed si tes . Figure 191 Pop-up Blo cker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setti ng.
Appendix B Pop-u p Windows, JavaScri pts and Java Permissions NWA-3160 Series User’s Guide 323 1 In Internet Explorer, click Tools , Internet Options and then the Security tab. Figure 192 Internet Options: Secu rity 2 Click the Custom Level... button .
Appendix B Po p-up Wind ows, JavaS cripts and Ja va Permission s NWA-3160 Series User’s Guide 324 6 Click OK to close the window. Figure 193 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools , Internet Options and then the Security tab.
Appendix B Pop-u p Windows, JavaScri pts and Java Permissions NWA-3160 Series User’s Guide 325 5 Click OK to close the window. Figure 194 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools , Internet Options and then the Advanced tab.
Appendix B Po p-up Wind ows, JavaS cripts and Ja va Permission s NWA-3160 Series User’s Guide 326 3 Click OK to close the window. Figure 195 Java (Sun).
NWA-3160 Series User’s Guide 327 A PPENDIX C IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individ u al devices on a network. Every networking device (including computers, servers, routers, printers, etc.
Appendix C IP Addresses a nd Subnetti ng NWA-3160 Series User’s Guide 328 The following figure shows an example IP address in which the first three octets (192.
Appendix C IP Addresses and Subnetting NWA-3160 Series User’s Guide 329 By convention, subnet masks always cons ist of a continuous sequence of ones beginning from the leftmost bit of the mask , followed by a continuou s sequence of zeros, for a total number of 32 bits.
Appendix C IP Addresses a nd Subnetti ng NWA-3160 Series User’s Guide 330 As these two IP addresses cannot be us ed for individual hosts, calculat e the maximum number of possible host s in a networ.
Appendix C IP Addresses and Subnetting NWA-3160 Series User’s Guide 331 Subnetting You can use subnetting to divide one netw ork into multiple sub -networks . In the following example a network administrator creates two sub-networks to isol ate a group of servers from the rest of th e company network for security reasons.
Appendix C IP Addresses a nd Subnetti ng NWA-3160 Series User’s Guide 332 The following figure shows the company network afte r subnetting. Th ere are now two sub-n etworks, A and B .
Appendix C IP Addresses and Subnetting NWA-3160 Series User’s Guide 333 Each subnet contains 6 host ID bit s, giving 2 6 - 2 or 62 hosts for each subnet (a host ID of all zeroes is t he subnet it self , all ones is the subnet’s broadcast address).
Appendix C IP Addresses a nd Subnetti ng NWA-3160 Series User’s Guide 334 Example: Eight Subnets Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet.
Appendix C IP Addresses and Subnetting NWA-3160 Series User’s Guide 335 The following table is a summary for subnet planning on a network with a 16-bit network number. Configuring IP Addresses Where you obtain your networ k number depends on your partic ular situation.
Appendix C IP Addresses a nd Subnetti ng NWA-3160 Series User’s Guide 336 you entered. You don't need to c hange the subnet mask co mput ed by the NWA unless you are instru cted to do otherwise. Private IP Addresses Every machine on the Internet must have a unique address.
Appendix C IP Addresses and Subnetting NWA-3160 Series User’s Guide 337 Windows 95/98/Me Click Start , Settings , Control Panel and double-click the Network icon to open the Network window Figure 199 WIndows 95/98/Me: Netwo rk: Configuration Installing Components The Network window Configuration tab displays a list of ins talled components.
Appendix C IP Addresses a nd Subnetti ng NWA-3160 Series User’s Guide 338 3 Select Microsoft from the list of manufacturers . 4 Select TCP/IP from the list of network protocols and then click OK . If you need Client for Mic r osoft Networks: 1 Click Add .
Appendix C IP Addresses and Subnetting NWA-3160 Series User’s Guide 339 3 Click the DNS Configuration tab. • If you do not know your DNS information, select Disabl e DNS . • If you know your DNS inf ormation, select Ena ble DNS and type the information in the fields below (you may not need to fill them all in).
Appendix C IP Addresses a nd Subnetti ng NWA-3160 Series User’s Guide 340 3 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP 1 For Windows XP, click start , Control Panel .
Appendix C IP Addresses and Subnetting NWA-3160 Series User’s Guide 341 3 Right-click Local Area Connection and then click Propertie s . Figure 204 Windows XP: Control Panel: Ne twork Connections: Properties 4 Select Internet Protocol (TCP/IP ) (under the General tab in Win XP) and click Properties .
Appendix C IP Addresses a nd Subnetti ng NWA-3160 Series User’s Guide 342 • If you have a static IP address click Use the following IP Address and fill in the IP address , Subnet mask , and Default gateway fields.
Appendix C IP Addresses and Subnetting NWA-3160 Series User’s Guide 343 7 In the Internet Protocol TCP/IP Properties windo w (the General tab in Windows XP): •C l i c k Obtain DNS server address automatically if you do not know your DNS server IP addres s(es).
Appendix C IP Addresses a nd Subnetti ng NWA-3160 Series User’s Guide 344 Macintosh OS 8/9 1 Click the Apple menu, Control Panel and do uble-c lick TCP/IP to open the TCP/ IP Control Panel .
Appendix C IP Addresses and Subnetting NWA-3160 Series User’s Guide 345 2 Select Ethernet built-in from the Connect via list. Figure 209 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Serv er from the Configure: list.
Appendix C IP Addresses a nd Subnetti ng NWA-3160 Series User’s Guide 346 Macintosh OS X 1 Click the Apple menu, and click System Preferences to open the System Preferences window. Figure 210 Macintosh OS X: Apple Menu 2 Click Netw ork in the icon bar.
Appendix C IP Addresses and Subnetting NWA-3160 Series User’s Guide 347 •F r o m t h e Configure box, select Manually . • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your NWA in the Ro uter address box.
Appendix C IP Addresses a nd Subnetti ng NWA-3160 Series User’s Guide 348.
NWA-3160 Series User’s Guide 349 A PPENDIX D Text File Based Auto Configuration This chapter describes how administ rators can use text configurati on files to configure the wireless LAN setti ngs for multiple APs.
Appendix D Text File Ba sed Auto Configuration NWA-3160 Series User’s Guide 350 You can have a different configuration file for each AP. You can also have multiple APs use the same configuration file.
Appendix D Text File Based Auto Configuration NWA-3160 Series User’s Guide 351 Verifying Your Configurat ion File Upload Via SNMP You can use SNMP management software to d isplay the configuration file versi on currently on the device by using the following MIB.
Appendix D Text File Ba sed Auto Configuration NWA-3160 Series User’s Guide 352 The AP ignores any improperly formatte d commands and cont inues to check the next line.
Appendix D Text File Based Auto Configuration NWA-3160 Series User’s Guide 353 Figure 215 802.1X Configura tion File Example Figure 216 WPA-PSK Configuration File Example !#ZYXEL PROWLAN !#VERSION 1.
Appendix D Text File Ba sed Auto Configuration NWA-3160 Series User’s Guide 354 Figure 217 WPA Configura tion File Example Wlan Command Configuration File Example This example configuration file use.
Appendix D Text File Based Auto Configuration NWA-3160 Series User’s Guide 355 commands that create security and SSID pr ofiles before the commands that tell the AP to use thos e profiles.
Appendix D Text File Ba sed Auto Configuration NWA-3160 Series User’s Guide 356.
NWA-3160 Series User’s Guide 357 A PPENDIX E How to Access and Use the CLI This chapter introduces the command line interface ( CLI). Accessing the CLI Use any of the following methods to acc e ss the CLI. Console Port You can use thi s method if your NWA h as a console port.
Appendix E Ho w to Access a nd Use the C LI NWA-3160 Series User’s Guide 358 2 Open a Telnet session to the NWA’ s IP addre ss. If this is your first login, use the default values. Make sure your computer IP address is in the same subnet, unless you are accessing the NWA through on e or more routers.
Appendix E How to Access and Use the CLI NWA-3160 Series User’s Guide 359 • Commands are in courier new font . • Required input values are in an gle brackets <>; for example, ping < ip- address > means that you must specif y an IP address for t his command.
Appendix E Ho w to Access a nd Use the C LI NWA-3160 Series User’s Guide 360 Copy and Paste Commands You can copy and paste commands directly fr om this document into your terminal emulation console window (such as HyperT erminal). Use right- click (not [CTRL]- [V]) to paste your command into th e console window as shown next.
Appendix E How to Access and Use the CLI NWA-3160 Series User’s Guide 361 Saving Your Configuration In the NWA some commands are saved as yo u run them and others require you to run a save command. See the relat ed sect ion of this guide to see if a save command is required.
Appendix E Ho w to Access a nd Use the C LI NWA-3160 Series User’s Guide 362.
NWA-3160 Series User’s Guide 363 A PPENDIX F Legal Information Copyright Copyright © 2008 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or .
Appendix F L egal Informa tion NWA-3160 Series User’s Guide 364 • This device mus t accept any int erference recei ved, including interference that may cause undesired operations. This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules.
Appendix F Legal Information NWA-3160 Series User’s Guide 365 前項合法通信,指依電信規定作 業之無線電信。低功率射頻電機須忍 受合法通信或工業、科學及醫療 .
Appendix F L egal Informa tion NWA-3160 Series User’s Guide 366 Note Repair or replacement, as provided unde r this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warrantie s, express or implied, including any implied warrant y of merchantability or fitness for a particular use or purpose.
Index NWA-3160 Series User’s Guide 367 Index A access 24 access point 24 access privileges 29 accessing the CLI 357 address 110 address assignment 110 , 189 address filtering 23 administrator authentication on RADIUS 117 Advanced Encryption Standard See AES.
Index NWA-3160 Series User’s Guide 368 D default 286 DFS 145 Differentiated Services 157 DiffServ 156 DiffServ Code Point (DSC P) 157 DiffServ Code Points 157 DiffServ marking rule 157 dimensions 29.
Index NWA-3160 Series User’s Guide 369 log descriptions 244 login 358 logs 239 M MAC address 23 , 178 , 183 MAC address filter action 186 MAC filter 30 MAC filtering 299 maintenance 23 management 23.
Index NWA-3160 Series User’s Guide 370 reset button 297 restore 285 roaming 146 requirements 147 rogue AP 23 , 193 , 194 , 195 root bridge 144 RTS (Request To Send) 306 threshold 306 , 307 S safety .
Index NWA-3160 Series User’s Guide 371 wireless client WPA supplicants 314 Wireless Distribution System (WDS) 28 wireless Internet connection 24 wireless LAN 295 wireless security 29 , 159 , 295 , 3.
Index NWA-3160 Series User’s Guide 372.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté ZyXEL Communications NWA-3163 & NWA-3166 c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du ZyXEL Communications NWA-3163 & NWA-3166 - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation ZyXEL Communications NWA-3163 & NWA-3166, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le ZyXEL Communications NWA-3163 & NWA-3166 va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le ZyXEL Communications NWA-3163 & NWA-3166, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du ZyXEL Communications NWA-3163 & NWA-3166.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le ZyXEL Communications NWA-3163 & NWA-3166. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei ZyXEL Communications NWA-3163 & NWA-3166 ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.