all | frequencies |
|
|
exhibits | applications |
---|---|---|---|---|---|
manuals |
app s | submitted / available | |||||||
---|---|---|---|---|---|---|---|---|
1 |
|
Users Manual 1 | Users Manual | 3.29 MiB | April 12 2003 | |||
1 |
|
Users Manual 2 | Users Manual | 2.35 MiB | April 12 2003 | |||
1 | Cover Letter(s) | April 12 2003 | ||||||
1 | Test Setup Photos | April 12 2003 | ||||||
1 | Cover Letter(s) | April 12 2003 | ||||||
1 | Cover Letter(s) | April 12 2003 | ||||||
1 | External Photos | April 12 2003 | ||||||
1 | Internal Photos | April 12 2003 | ||||||
1 | ID Label/Location Info | April 12 2003 | ||||||
1 | RF Exposure Info | April 12 2003 | ||||||
1 | Test Setup Photos | April 12 2003 | ||||||
1 | Test Report | April 12 2003 |
1 | Users Manual 1 | Users Manual | 3.29 MiB | April 12 2003 |
ZyAIR B-500 Wireless Access Point User's Guide Version 3.50 November 2003 ZyAIR B-500 Wireless Access Point Users Guide Copyright Copyright 2003 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice. Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners. ii Copyright ZyAIR B-500 Wireless Access Point Users Guide Federal Communications Commission
(FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
This device may not cause harmful interference. This device must accept any interference received, including interference that may cause undesired operations. This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
1. Reorient or relocate the receiving antenna. 2. 3. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. 4. Consult the dealer or an experienced radio/TV technician for help. Caution 1. To comply with FCC RF exposure compliance requirements, a separation distance of at least 20 cm Increase the separation between the equipment and the receiver. must be maintained between the antenna of this device and all persons. 2. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. Notice 1 Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. Certifications Refer to the product page at www.zyxel.com. FCC Statement iii ZyAIR B-500 Wireless Access Point Users Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions. Note Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser. To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country. Safety Warnings 1. To reduce the risk of fire, use only No. 26 AWG or larger telephone wire. 2. Do not use this product near water, for example, in a wet basement or near a swimming pool. 3. Avoid using this product during an electrical storm. There may be a remote risk of electric shock from lightening. iv ZyXEL Warranty ZyAIR B-500 Wireless Access Point Users Guide Customer Support Please have the following information ready when you contact customer support. Product model and serial number. Warranty Information. Date that you received your device. Brief description of the problem and the steps you took to solve it. METHOD LOCATION E-MAIL SUPPORT/SALES TELEPHONE/FAX WEB SITE/ FTP SITE REGULAR MAIL WORLDWIDE support@zyxel.com.tw
+886-3-578-3942 www.zyxel.com www.europe.zyxel.com ftp.zyxel.com NORTH AMERICA sales@zyxel.com.tw
+886-3-578-2439 ftp.europe.zyxel.com support@zyxel.com
+1-800-255-4101 www.us.zyxel.com sales@zyxel.com
+1-714-632-0858 ftp.us.zyxel.com SCANDINAVIA support@zyxel.dk
+45-3955-0700 www.zyxel.dk sales@zyxel.dk
+45-3955-0707 ftp.zyxel.dk GERMANY support@zyxel.de
+49-2405-6909-0 www.zyxel.de sales@zyxel.de
+49-2405-6909-99 ZyXEL Communications Corp., 6 Innovation Road II, Science-
Based Industrial Park, Hsinchu 300, Taiwan. ZyXEL Communications Inc., 1130 N. Miller St. Anaheim, CA 92806, U.S.A. ZyXEL Communications A/S, Columbusvej 5, 2860 Soeborg, Denmark. ZyXEL Deutschland GmbH. Adenauerstr. 20/A2 D-52146 Wuerselen, Germany Customer Support v ZyAIR B-500 Wireless Access Point Users Guide 1.3.1 1.3.2 Table of Contents Copyright.........................................................................................................................................................ii Federal Communications Commission (FCC) Interference Statement.....................................................iii ZyXEL Limited Warranty ............................................................................................................................ iv Customer Support........................................................................................................................................... v List of Figures ................................................................................................................................................. x List of Tables ................................................................................................................................................xiii Preface ........................................................................................................................................................... xv OVERVIEW.....................................................................................................................................................I Chapter 1 Getting to Know Your ZyAIR...................................................................................................1-1 1.1 Introducing the ZyAIR Wireless Access Point ..........................................................................1-1 ZyAIR Features..........................................................................................................................1-1 1.2 1.3 Applications for the ZyAIR .......................................................................................................1-4 Internet Access Application...............................................................................................1-4 Corporation Network Application......................................................................................1-4 Chapter 2 Introducing the Web Configurator ..........................................................................................2-1 2.1 Accessing the ZyAIR Web Configurator...................................................................................2-1 2.2 Resetting the ZyAIR ..................................................................................................................2-2 2.2.1 Method of Restoring Factory-Defaults ..............................................................................2-2 2.3 Navigating the ZyAIR Web Configurator..................................................................................2-3 Chapter 3 Wizard Setup..............................................................................................................................3-1 3.1 Wizard Setup Overview.............................................................................................................3-1 Channel ..............................................................................................................................3-1 3.1.1 3.1.2 ESS ID ...............................................................................................................................3-1 3.1.3 WEP Encryption ................................................................................................................3-1 3.2 Wizard Setup: General Setup.....................................................................................................3-2 3.3 Wizard Setup: Wireless LAN ....................................................................................................3-3 3.4 Wizard Setup: IP Address..........................................................................................................3-4 IP Address Assignment......................................................................................................3-5 IP Address and Subnet Mask .............................................................................................3-5 3.5 Basic Setup Complete................................................................................................................3-7 SYSTEM, WIRELESS AND IP.................................................................................................................... II Chapter 4 System Screens...........................................................................................................................4-1 4.1 System Overview.......................................................................................................................4-1 4.2 Configuring General Setup ........................................................................................................4-1 4.3 Configuring Password................................................................................................................4-2 4.4 Configuring Time Setting ..........................................................................................................4-3 Chapter 5 Wireless Configuration and Roaming......................................................................................5-1 5.1 Wireless LAN Overview............................................................................................................5-1 IBSS...................................................................................................................................5-1 3.4.1 3.4.2 5.1.1 vi Table of Contents ZyAIR B-500 Wireless Access Point Users Guide 6.6.1 5.4.1 6.2.1 6.2.2 5.1.2 5.1.3 5.2.1 5.2.2 BSS.....................................................................................................................................5-1 ESS.....................................................................................................................................5-2 5.2 Wireless LAN Basics .................................................................................................................5-3 RTS/CTS............................................................................................................................5-3 Fragmentation Threshold ...................................................................................................5-4 5.3 Configuring Wireless .................................................................................................................5-5 5.4 Configuring Roaming.................................................................................................................5-6 Requirements for Roaming ................................................................................................5-8 Chapter 6 Wireless Security........................................................................................................................6-1 6.1 Wireless Security Overview.......................................................................................................6-1 6.2 WEP Overview...........................................................................................................................6-1 Data Encryption .................................................................................................................6-1 Authentication....................................................................................................................6-2 6.3 Configuring WEP Encryption ....................................................................................................6-3 6.4 MAC Filter.................................................................................................................................6-4 6.5 802.1x Overview........................................................................................................................6-6 6.6 Introduction to RADIUS ............................................................................................................6-6 EAP Authentication Overview...........................................................................................6-7 6.7 Dynamic WEP Key Exchange ...................................................................................................6-8 Introduction to Local User Database..........................................................................................6-9 6.8 6.9 Configuring 802.1x ....................................................................................................................6-9 6.10 Configuring Local User Database ............................................................................................6-11 6.11 Configuring RADIUS ..............................................................................................................6-13 Chapter 7 IP Screen .....................................................................................................................................7-1 Factory Ethernet Defaults...........................................................................................................7-1 7.1 7.2 TCP/IP Parameters.....................................................................................................................7-1 IP Address and Subnet Mask..............................................................................................7-1 7.3 Configuring IP............................................................................................................................7-1 LOGS ............................................................................................................................................................ III Chapter 8 Logs Screens ...............................................................................................................................8-1 8.1 Configuring View Log ...............................................................................................................8-1 8.2 Configuring Log Settings...........................................................................................................8-2 MAINTENANCE......................................................................................................................................... IV Chapter 9 Maintenance ...............................................................................................................................9-1 9.1 Maintenance Overview ..............................................................................................................9-1 System Status Screen .................................................................................................................9-1 9.2 System Statistics.................................................................................................................9-2 9.3 Wireless Screen..........................................................................................................................9-3 Association List..................................................................................................................9-3 Channel Usage ...................................................................................................................9-4 F/W Upload Screen....................................................................................................................9-6 9.2.1 9.3.1 9.3.2 7.2.1 9.4 Table of Contents vii ZyAIR B-500 Wireless Access Point Users Guide 11.1.1 10.4.1 9.5.1 9.5.2 9.5.3 9.5 Configuration Screen .................................................................................................................9-8 Backup Configuration........................................................................................................9-8 Restore Configuration........................................................................................................9-9 Back to Factory Defaults..................................................................................................9-11 SMT CONFIGURATION ............................................................................................................................. V Chapter 10 Introducing the SMT.............................................................................................................10-1 10.1 Connect to your ZyAIR Using Telnet......................................................................................10-1 10.2 Changing the System Password ...............................................................................................10-1 10.3 ZyAIR SMT Menu Overview Example...................................................................................10-2 10.4 Navigating the SMT Interface..................................................................................................10-4 System Management Terminal Interface Summary.........................................................10-5 Chapter 11 General Setup......................................................................................................................... 11-1 11.1 General Setup...........................................................................................................................11-1 Procedure To Configure Menu 1......................................................................................11-1 Chapter 12 LAN Setup..............................................................................................................................12-1 12.1 LAN Setup ...............................................................................................................................12-1 12.2 TCP/IP Ethernet Setup.............................................................................................................12-1 12.3 Wireless LAN Setup ................................................................................................................12-2 12.3.1 Configuring MAC Address Filter ....................................................................................12-5 12.3.2 Configuring Roaming ......................................................................................................12-7 Chapter 13 Dial-in User Setup..................................................................................................................13-1 13.1 Dial-in User Setup ...................................................................................................................13-1 Chapter 14 SNMP Configuration.............................................................................................................14-1 14.1 About SNMP............................................................................................................................14-1 14.2 Supported MIBs.......................................................................................................................14-2 14.3 SNMP Configuration ...............................................................................................................14-2 14.4 SNMP Traps ............................................................................................................................14-3 Chapter 15 System Security......................................................................................................................15-1 15.1 System Security .......................................................................................................................15-1 System Password .............................................................................................................15-1 15.1.1 15.1.2 Configuring External RADIUS Server ............................................................................15-1 15.1.3 802.1x ..............................................................................................................................15-3 Chapter 16 System Information and Diagnosis.......................................................................................16-1 16.1 Overview..................................................................................................................................16-1 16.2 System Status...........................................................................................................................16-1 16.3 System Information..................................................................................................................16-3 16.3.1 System Information..........................................................................................................16-3 16.3.2 Console Port Speed..........................................................................................................16-4 16.4 Log and Trace ..........................................................................................................................16-5 16.4.1 Viewing Error Log...........................................................................................................16-5 16.5 Diagnostic ................................................................................................................................16-5 viii Table of Contents ZyAIR B-500 Wireless Access Point Users Guide Chapter 17 Firmware and Configuration File Maintenance..................................................................17-1 17.1 Filename Conventions..............................................................................................................17-1 17.2 Backup Configuration ..............................................................................................................17-2 17.2.1 Backup Configuration Using FTP....................................................................................17-2 17.2.2 Using the FTP command from the DOS Prompt..............................................................17-3 17.2.3 Backup Configuration Using TFTP .................................................................................17-4 17.2.4 Example: TFTP Command...............................................................................................17-4 17.3 Restore Configuration ..............................................................................................................17-5 17.4 Uploading Firmware and Configuration Files..........................................................................17-6 17.4.1 Firmware Upload .............................................................................................................17-7 17.4.2 Configuration File Upload ...............................................................................................17-7 17.4.3 Using the FTP command from the DOS Prompt Example...............................................17-8 17.4.4 TFTP File Upload ............................................................................................................17-9 17.4.5 Example: TFTP Command.............................................................................................17-10 Chapter 18 System Maintenance and Information .................................................................................18-1 18.1 Command Interpreter Mode.....................................................................................................18-1 18.2 Time and Date Setting..............................................................................................................18-2 18.2.1 Resetting the Time ...........................................................................................................18-3 APPENDICES.............................................................................................................................................. VI Appendix A Troubleshooting......................................................................................................................A-1 Problems Starting Up the ZyAIR .........................................................................................................A-1 Problems with the Ethernet Interface ...................................................................................................A-1 Problems with the Password.................................................................................................................A-2 Problems with Telnet ...........................................................................................................................A-2 Problems with the WLAN Interface.....................................................................................................A-3 Appendix B Brute-Force Password Guessing Protection ........................................................................B-1 Appendix C Setting up Your Computers IP Address..............................................................................C-1 Appendix D Wireless LAN and IEEE 802.11............................................................................................D-1 Appendix E Wireless LAN With IEEE 802.1x..........................................................................................E-1 Appendix F Types of EAP Authentication................................................................................................. F-1 Appendix G IP Subnetting......................................................................................................................... G-1 Appendix H Command Interpreter.......................................................................................................... H-1 Appendix I Log Descriptions.......................................................................................................................I-1 Appendix J Index .........................................................................................................................................J-1 Table of Contents ix ZyAIR B-500 Wireless Access Point Users Guide List of Figures Figure 1-1 Internet Access Application...........................................................................................................1-4 Figure 1-2 Corporation Network Application.................................................................................................1-5 Figure 2-1 Change Password Screen ..............................................................................................................2-1 Figure 2-2 Navigating the ZyAIR Web Configurator .....................................................................................2-3 Figure 3-1 Wizard 1 : General Setup ..............................................................................................................3-2 Figure 3-2 Wizard 2 : Wireless LAN Setup ....................................................................................................3-3 Figure 3-3 Wizard 3 : IP Address Assignment ................................................................................................3-6 Figure 4-1 System General Setup ...................................................................................................................4-1 Figure 4-2 Password .......................................................................................................................................4-3 Figure 4-3 Time Setting..................................................................................................................................4-4 Figure 5-1 IBSS (Ad-hoc) Wireless LAN.......................................................................................................5-1 Figure 5-2 Basic Service set ...........................................................................................................................5-2 Figure 5-3 Extended Service Set.....................................................................................................................5-3 Figure 5-4 RTS/CTS.......................................................................................................................................5-4 Figure 5-5 Wireless.........................................................................................................................................5-5 Figure 5-6 Roaming Example.........................................................................................................................5-7 Figure 5-7 Roaming........................................................................................................................................5-8 Figure 6-1 ZyAIR Wireless Security Levels...................................................................................................6-1 Figure 6-2 WEP Authentication Steps ............................................................................................................6-2 Figure 6-3 Wireless.........................................................................................................................................6-3 Figure 6-4 MAC Address Filter ......................................................................................................................6-5 Figure 6-5 EAP Authentication.......................................................................................................................6-8 Figure 6-6 802.1x Authentication ...................................................................................................................6-9 Figure 6-7 Local User Database ...................................................................................................................6-12 Figure 6-8 RADIUS......................................................................................................................................6-13 Figure 7-1 IP Setup.........................................................................................................................................7-2 Figure 8-1 View Log.......................................................................................................................................8-1 Figure 8-2 Log Settings ..................................................................................................................................8-3 Figure 9-1 System Status ................................................................................................................................9-1 Figure 9-2 System Status: Show Statistics......................................................................................................9-2 Figure 9-3 Association List.............................................................................................................................9-4 Figure 9-4 Channel Usage ..............................................................................................................................9-5 Figure 9-5 Firmware Upload ..........................................................................................................................9-6 Figure 9-6 Firmware Upload In Process.........................................................................................................9-7 Figure 9-7 Network Temporarily Disconnected..............................................................................................9-7 Figure 9-8 Firmware Upload Error.................................................................................................................9-8 Figure 9-9 Backup Configuration ...................................................................................................................9-9 Figure 9-10 Restore Configuration .................................................................................................................9-9 Figure 9-11 Configuration Upload Successful..............................................................................................9-10 x List of Figures ZyAIR B-500 Wireless Access Point Users Guide Figure 9-12 Network Temporarily Disconnected......................................................................................... 9-10 Figure 9-13 Configuration Upload Error ......................................................................................................9-11 Figure 9-14 Back to Factory Default............................................................................................................ 9-12 Figure 9-15 Reset Warning Message............................................................................................................ 9-12 Figure 10-1 Login Screen ............................................................................................................................ 10-1 Figure 10-2 Menu 23.1 System Security : Change Password ...................................................................... 10-2 Figure 10-3 ZyAIR B-500 SMT Menu Overview Example......................................................................... 10-3 Figure 10-4 ZyAIR B-500 SMT Main Menu............................................................................................... 10-5 Figure 11-1 Menu 1 General Setup ...............................................................................................................11-1 Figure 12-1 Menu 3 LAN Setup .................................................................................................................. 12-1 Figure 12-2 Menu 3.2 TCP/IP Setup............................................................................................................ 12-1 Figure 12-3 Menu 3.5 Wireless LAN Setup................................................................................................. 12-3 Figure 12-4 Menu 3.5 Wireless LAN Setup................................................................................................. 12-5 Figure 12-5 Menu 3.5.1 WLAN MAC Address Filter ................................................................................. 12-6 Figure 12-6 Menu 3.5 Wireless LAN Setup................................................................................................. 12-7 Figure 12-7 Menu 3.5.2 Roaming Configuration......................................................................................... 12-7 Figure 13-1 Menu 14- Dial-in User Setup ................................................................................................... 13-1 Figure 13-2 Menu 14.1- Edit Dial-in User................................................................................................... 13-1 Figure 14-1 SNMP Management Model...................................................................................................... 14-1 Figure 14-2 Menu 22 SNMP Configuration................................................................................................. 14-3 Figure 15-1 Menu 23 System Security......................................................................................................... 15-1 Figure 15-2 Menu 23 System Security......................................................................................................... 15-1 Figure 15-3 Menu 23.2 System Security : RADIUS Server ........................................................................ 15-2 Figure 15-4 Menu 23 System Security......................................................................................................... 15-3 Figure 15-5 Menu 23.4 System Security : IEEE802.1x ............................................................................... 15-4 Figure 16-1 Menu 24 System Maintenance ................................................................................................. 16-1 Figure 16-2 Menu 24.1 System Maintenance : Status.................................................................................. 16-2 Figure 16-3 Menu 24.2 System Information and Console Port Speed......................................................... 16-3 Figure 16-4 Menu 24.2.1 System Information : Information....................................................................... 16-3 Figure 16-5 Menu 24.2.2 System Maintenance : Change Console Port Speed............................................ 16-4 Figure 16-6 Menu 24.3 System Maintenance : Log and Trace .................................................................... 16-5 Figure 16-7 Sample Error and Information Messages ................................................................................. 16-5 Figure 16-8 Menu 24.4 System Maintenance : Diagnostic .......................................................................... 16-6 Figure 17-1 Menu 24.5 Backup Configuration ............................................................................................ 17-2 Figure 17-2 FTP Session Example............................................................................................................... 17-3 Figure 17-3 Menu 24.6 Restore Configuration ............................................................................................ 17-6 Figure 17-4 Menu 24.7 System Maintenance : Upload Firmware ............................................................... 17-6 Figure 17-5 Menu 24.7.1 System Maintenance : Upload System Firmware................................................ 17-7 Figure 17-6 Menu 24.7.2 System Maintenance : Upload System Configuration File.................................. 17-8 Figure 17-7 FTP Session Example............................................................................................................... 17-9 Figure 18-1 Menu 24 System Maintenance ................................................................................................. 18-1 List of Figures xi ZyAIR B-500 Wireless Access Point Users Guide Figure 18-2 Valid CI Commands ..................................................................................................................18-1 Figure 18-3 Menu 24.10 System Maintenance : Time and Date Setting ......................................................18-2 xii List of Figures ZyAIR B-500 Wireless Access Point Users Guide List of Tables Table 3-1 Wizard 1 : General Setup ............................................................................................................... 3-2 Table 3-2 Wizard 2 : Wireless LAN Setup..................................................................................................... 3-3 Table 3-3 Private IP Address Ranges ............................................................................................................. 3-5 Table 3-4 Wizard 3 : IP Address Assignment................................................................................................. 3-6 Table 4-1 System General Setup .................................................................................................................... 4-2 Table 4-2 Password ........................................................................................................................................ 4-3 Table 4-3 Time Setting................................................................................................................................... 4-4 Table 5-1 Wireless.......................................................................................................................................... 5-6 Table 5-2 Roaming......................................................................................................................................... 5-9 Table 6-1 Wireless.......................................................................................................................................... 6-4 Table 6-2 MAC Address Filter....................................................................................................................... 6-6 Table 6-3 802.1x Authentication .................................................................................................................. 6-10 Table 6-4 Local User Database .................................................................................................................... 6-13 Table 6-5 RADIUS....................................................................................................................................... 6-14 Table 7-1 IP Setup.......................................................................................................................................... 7-2 Table 8-1 View Log........................................................................................................................................ 8-2 Table 8-2 Log Settings ................................................................................................................................... 8-4 Table 9-1 System Status ................................................................................................................................. 9-1 Table 9-2 System Status: Show Statistics....................................................................................................... 9-2 Table 9-3 Association List.............................................................................................................................. 9-4 Table 9-4 Channel Usage ............................................................................................................................... 9-5 Table 9-5 Firmware Upload ........................................................................................................................... 9-7 Table 9-6 Restore Configuration.................................................................................................................. 9-10 Table 10-1 Main Menu Commands.............................................................................................................. 10-4 Table 10-2 Main Menu Summary ................................................................................................................ 10-5 Table 11-1 Menu 1 General Setup.................................................................................................................11-2 Table 12-1 Menu 3.2 TCP/IP Setup ............................................................................................................. 12-2 Table 12-2 Menu 3.5 Wireless LAN Setup .................................................................................................. 12-3 Table 12-3 Menu 3.5.1 WLAN MAC Address Filter................................................................................... 12-6 Table 12-4 Menu 3.5.2 Roaming Configuration .......................................................................................... 12-8 Table 13-1 Menu 14.1- Edit Dial-in User..................................................................................................... 13-2 Table 14-1 Menu 22 SNMP Configuration .................................................................................................. 14-3 Table 14-2 SNMP Traps............................................................................................................................... 14-4 Table 14-3 Ports and Interface Types ........................................................................................................... 14-4 Table 15-1 Menu 23.2 System Security : RADIUS Server.......................................................................... 15-2 Table 15-2 Menu 23.4 System Security : IEEE802.1x................................................................................. 15-4 Table 16-1 Menu 24.1 System Maintenance : Status ................................................................................... 16-2 Table 16-2 Menu 24.2.1 System Maintenance : Information....................................................................... 16-4 Table 16-3 Menu 24.4 System Maintenance Menu : Diagnostic ................................................................. 16-6 List of Tables xiii ZyAIR B-500 Wireless Access Point Users Guide Table 17-1 Filename Conventions ................................................................................................................17-2 Table 17-2 General Commands for Third Party FTP Clients........................................................................17-3 Table 17-3 General Commands for Third Party TFTP Clients .....................................................................17-5 Table 18-1 Menu 24.10 System Maintenance : Time and Date Setting........................................................18-3 xiv List of Tables ZyAIR B-500 Wireless Access Point Users Guide Congratulations on your purchase from the ZyAIR B-500 Wireless Access Point. An access point (AP) acts as a bridge between the wireless and wired networks, extending your existing wired network without any additional wiring. This Users Guide is designed to guide you through the configuration of your ZyAIR using the web configurator or the SMT. Preface Use the web configurator, System Management Terminal (SMT) or command interpreter interface to configure your ZyAIR. Not all features can be configured through all interfaces. The web configurator parts of this guide contain background information on features configurable by the web configurator and the SMT. The SMT parts of this guide contain background information solely on features not configurable by the web configurator. Dont forget to register your product online for free future product updates and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. Related Documentation
Supporting Disk Refer to the included CD for support documents.
Quick Installation Guide Our Quick Installation Guide is designed to help you get up and running right away. It contains information on the configuration of key features and hardware connections and installation.
ZyXEL Web Site The ZyXEL download library at www.zyxel.com contains additional support documentation. Please also refer to www.zyxel.com for an online glossary of networking terms. Syntax Conventions Enter means for you to type one or more characters (and press the carriage return). Select or Choose means for you to use one predefined choices. Enter, or carriage return, key; [ESC] means the escape key and [SPACE BAR] means the space bar.
[UP] and [DOWN] are the up and down arrow keys. Preface xv ZyAIR B-500 Wireless Access Point Users Guide Mouse action sequences are denoted using a comma. For example, click the Apple icon, Control Panels and then Modem means first click the Apple icon, then point your mouse pointer to Control Panels and then click Modem. For brevitys sake, we will use e.g., as a shorthand for for instance, and i.e., for that is or in other words throughout this manual. The ZyAIR B-500 Wireless Access Point may be referred to simply as the ZyAIR in the users guide. User Guide Feedback Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you. xvi Preface Overview PPaarrtt II::
OVERVIEW This part introduces the main features and applications of ZyAIR and shows how to access the web configurator and use the Wizard to setup the ZyAIR. I ZyAIR B-500 Wireless Access Point Users Guide Chapter 1 Getting to Know Your ZyAIR This chapter introduces the main features and applications of the ZyAIR. Introducing the ZyAIR Wireless Access Point 1.1 The ZyAIR extends the range of your existing wired network without any additional wiring efforts. The ZyAIR provides easy network access to mobile users. The ZyAIR offers highly secured wireless connectivity to your wired network with IEEE 802.1x, WEP data encryption and MAC address filtering. The ZyAIR is easy to install and configure. The embedded web-based configurator and SNMP network management enables remote configuration and management of your ZyAIR. 1.2 ZyAIR Features The following sections describe the features of the ZyAIR. 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface This auto-negotiating feature allows the ZyAIR to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network. 10/100M Auto-crossover Ethernet/Fast Ethernet Interface The LAN interface automatically adjusts to either a crossover or straight-through Ethernet cable. Reset Button The ZyAIR reset button is built into the top panel. Use this button to restore the factory default password to 1234; IP address to 192.168.1.2, subnet mask to 255.255.255.0. Brute-Force Password Guessing Protection The ZyAIR has a special protection mechanism to discourage brute-force password guessing attacks on the ZyAIR's management interfaces. You can specify a wait-time that must expire before entering a fourth password after three incorrect passwords have been entered. Please see the appendix for details about this feature. Getting to Know Your ZyAIR 1-1 ZyAIR B-500 Wireless Access Point Users Guide 802.11b Wireless LAN Standard ZyAIR products containing the letter B in the model name, such as ZyAIR B-1000, ZyAIR B-500, comply with the 802.11b wireless standard. The 802.11b data rate and corresponding modulation techniques are as follows. The modulation technique defines how bits are encoded onto radio waves. 802.11b Data Rate (Mbps) 1 2 5.5 / 11 Modulation DBPSK (Differential Binary Phase Shift Keyed) DQPSK (Differential Quadrature Phase Shift Keying) CCK (Complementary Code Keying) The ZyAIR may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs. Output Power Management Output Power Management is the ability to set the level of output power. There may be interference or difficulty with channel assignment when there is a high density of APs within a coverage area. In this case you can lower the output power of each access point, thus enabling you to place access points closer together. Limit the number of Client Connections You may set a maximum number of wireless stations that may connect to the ZyAIR. This may be necessary if for example, there is interference or difficulty with channel assignment due to a high density of APs within a coverage area. SSL Passthrough SSL (Secure Sockets Layer) uses a public key to encrypt data that's transmitted over an SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https instead of http. The ZyAIR allows SSL connections to take place through the ZyAIR. Wireless LAN MAC Address Filtering Your ZyAIR checks the MAC address of the wireless station against a list of allowed or denied MAC addresses. 1-2 Getting to Know Your ZyAIR ZyAIR B-500 Wireless Access Point Users Guide WEP Encryption WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network to help keep network communications private. IEEE 802.1x Network Security The ZyAIR supports the IEEE 802.1x standard to enhance user authentication. Use the built-in user profile database to authenticate up to 32 users using MD5 encryption. Use an EAP-compatible RADIUS (RFC2138, 2139 - Remote Authentication Dial In User Service) server to authenticate a limitless number of users using EAP (Extensible Authentication Protocol). EAP is an authentication protocol that supports multiple types of authentication. SNMP SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyAIR supports SNMP agent functionality, which allows a manger station to manage and monitor the ZyAIR through the network. The ZyAIR supports SNMP version one (SNMPv1) and version two c (SNMPv2c). Full Network Management The embedded web configurator is an all-platform web-based utility that allows you to easily access the ZyAIRs management settings. Most functions of the ZyAIR are also software configurable via the SMT
(System Management Terminal) interface. The SMT is a menu-driven interface that you can access from a terminal emulator over a telnet connection. Logging and Tracing Built-in message logging and packet tracing. Unix syslog facility support. Embedded FTP and TFTP Servers The ZyAIRs embedded FTP and TFTP servers enable fast firmware upgrades as well as configuration file backups and restoration. Wireless Association List With the wireless association list, you can see the list of the wireless stations that are currently using the ZyAIR to access your wired network. Wireless LAN Channel Usage The Wireless Channel Usage screen displays whether the radio channels are used by other wireless devices within the transmission range of the ZyAIR. This allows you to select the channel with minimum interference for your ZyAIR. Getting to Know Your ZyAIR 1-3 ZyAIR B-500 Wireless Access Point Users Guide 1.3 Applications for the ZyAIR Here are some application examples of what you can do with your ZyAIR. 1.3.1 Internet Access Application The ZyAIR is an ideal access solution for wireless Internet connection. A typical Internet access application for your ZyAIR is shown as follows. Figure 1-1 Internet Access Application 1.3.2 Corporation Network Application In situations where users are always on the move in the coverage area but still need access to corporate network access, the ZyAIR is an ideal solution for wireless stations to connect to the corporate network without expensive network cabling. The following figure depicts a typical application of the ZyAIR in an enterprise environment. The three computers with wireless adapters are allowed to access the network resource through the ZyAIR after account validation by the network authentication server. 1-4 Getting to Know Your ZyAIR ZyAIR B-500 Wireless Access Point Users Guide Figure 1-2 Corporation Network Application Getting to Know Your ZyAIR 1-5 ZyAIR B-500 Wireless Access Point Users Guide Chapter 2 Introducing the Web Configurator This chapter describes how to access the ZyAIR web configurator and provides an overview of its screens. The default IP address of the ZyAIR is 192.168.1.2. 2.1 Accessing the ZyAIR Web Configurator Step 1. Step 2. Step 3. Step 4. Step 5. Make sure your ZyAIR hardware is properly connected (refer to the Quick Installation Guide). Prepare your computer/computer network to connect to the ZyAIR (refer to the appendix). Launch your web browser. Type "192.168.1.2" (default) as the URL. Type "1234" (default) as the password and click Login. In some versions, the default password appears automatically - if this is the case, click Login. You should see a screen asking you to change your password (highly recommended) as shown next. Type a new password (and retype it to confirm) and click Apply or click Ignore to allow access without password change. Step 6. Figure 2-1 Change Password Screen Step 7. You should now see the SYSTEM screen. Introducing the Web Configurator 2-1 ZyAIR B-500 Wireless Access Point Users Guide The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyAIR if this happens to you. 2.2 Resetting the ZyAIR If you forget your password or cannot access the ZyAIR, you will need to reload the factory-default configuration file or use the RESET button on the top panel of the ZyAIR. Uploading this configuration file replaces the current configuration file with the factory-default configuration file. This means that you will lose all configurations that you had previously. The password will be reset to 1234, also. 2.2.1 Method of Restoring Factory-Defaults You can erase the current configuration and restore factory defaults in three ways:
1. Use the RESET button on the top panel of the ZyAIR to upload the default configuration file (hold this button in for about 10 seconds or until the Link LED turns red). Use this method for cases when the password or IP address of the ZyAIR is not known. 2. Use the web configurator to restore defaults (refer to the chapter on maintenance). 3. Transfer the configuration file to your ZyAIR using FTP. See later in the part on SMT configuration for more information. 2-2 Introducing the Web Configurator 2.3 Navigating the ZyAIR Web Configurator The following summarizes how to navigate the web configurator. ZyAIR B-500 Wireless Access Point Users Guide Follow the instructions below or click the icon (located in the top right corner of most screens) to view online help. The icon does not appear in the main screen. Click WIZARD SETUP for initial configuration including general setup, Wireless LAN setup and IP address assignment. Click the links under ADVANCED to configure advanced features such as SYSTEM (General Setup, Password), WIRELESS
(Wireless, MAC Filter, Roaming, 802.1x, Local User Database and RADIUS), IP and Logs (View reports and Log Settings). Click LOGOUT at any time to exit the web configurator. Click the links under MAINTENANCE to view information about your ZyAIR or upgrade configuration/firmware files. Maintenance includes SYSTEM STATUS
(Statistics), WIRELESS (Association List and Channel Usage), F/W (firmware) UPLOAD, CONFIGURATION (Backup, Restore and Default). Figure 2-2 Navigating the ZyAIR Web Configurator Introducing the Web Configurator 2-3 ZyAIR B-500 Wireless Access Point Users Guide Chapter 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. 3.1 Wizard Setup Overview The web configurators setup wizard helps you configure your ZyAIR for wireless stations to access your wired LAN. 3.1.1 Channel The range of radio frequencies used by IEEE 802.11b wireless devices is called a channel. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance. Adjacent channels partially overlap however. To avoid interference due to overlap, your AP should be on a channel at least five channels away from a channel that an adjacent AP is using. For example, if your region has 11 channels and an adjacent AP is using channel 1, then you need to select a channel between 6 or 11. The ZyAIRs Scan function is especially designed to automatically scan for a channel with the least interference. 3.1.2 ESS ID An Extended Service Set (ESS) is a group of access points connected to a wired LAN on the same subnet. An ESS ID uniquely identifies each set. All access points and their associated wireless stations in the same set must have the same ESSID. 3.1.3 WEP Encryption WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network. WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key for data encryption and decryption. Wizard Setup 3-1 ZyAIR B-500 Wireless Access Point Users Guide 3.2 Wizard Setup: General Setup General Setup contains administrative and system-related information. The following table describes the labels in this screen. Figure 3-1 Wizard 1 : General Setup LABEL System Name Table 3-1 Wizard 1 : General Setup DESCRIPTION It is recommended you type your computer's "Computer name".
In Windows 95/98 click Start, Settings, Control Panel, Network. Click the Identification tab, note the entry for the Computer Name field and enter it as the System Name.
In Windows 2000, click Start, Settings, Control Panel and then double-click System. Click the Network Identification tab and then the Properties button. Note the entry for the Computer name field and enter it as the System Name.
In Windows XP, click Start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the ZyAIR System Name. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted. 3-2 Wizard Setup ZyAIR B-500 Wireless Access Point Users Guide Table 3-1 Wizard 1 : General Setup LABEL DESCRIPTION Domain Name This is not a required field. Leave this field blank or enter the domain name here if you know it. Next Click Next to proceed to the next screen. 3.3 Wizard Setup: Wireless LAN Use the second wizard screen to set up the wireless LAN. Figure 3-2 Wizard 2 : Wireless LAN Setup The following table describes the labels in this screen. Table 3-2 Wizard 2 : Wireless LAN Setup DESCRIPTION LABEL Wireless LAN Setup Wizard Setup 3-3 ZyAIR B-500 Wireless Access Point Users Guide LABEL ESSID Choose Channel ID Scan WEP Encryption ASCII Hex Key 1 to Key 4 Next Back Table 3-2 Wizard 2 : Wireless LAN Setup DESCRIPTION Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you change this field on the ZyAIR, make sure all wireless stations use the same ESSID in order to access the network. To manually set the ZyAIR to use a channel, select a channel from the drop-down list box. Open the Channel Usage Table screen to make sure the channel is not already used by another AP or independent peer-to-peer wireless network. To have the ZyAIR automatically select a channel, click Scan instead. Click this button to have the ZyAIR automatically scan for and select a channel with the least interference. Select Disable allows all wireless computers to communicate with the access points without any data encryption. Select 64-bit WEP or 128-bit WEP to allow data encryption. Select this option in order to enter ASCII characters as the WEP keys. Select this option to enter hexadecimal characters as the WEP keys. The preceding 0x is entered automatically. The WEP keys are used to encrypt data. Both the ZyAIR and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F"). You must configure all four keys, but only one key can be activated at any one time. The default key is key 1. Click Next to continue. Click Back to return to the previous screen. 3.4 Wizard Setup: IP Address The third wizard screen allows you to configure IP address assignment. 3-4 Wizard Setup ZyAIR B-500 Wireless Access Point Users Guide 3.4.1 IP Address Assignment Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet, for instance, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks. Table 3-3 Private IP Address Ranges 10.0.0.0 172.16.0.0 192.168.0.0
10.255.255.255 172.31.255.255 192.168.255.255 You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses. Regardless of your particular situation, do not create an arbitrary IP address;
always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. 3.4.2 IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network. Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.2, for your ZyAIR, but make sure that no other device on your network is using that IP address. Wizard Setup 3-5 ZyAIR B-500 Wireless Access Point Users Guide The subnet mask specifies the network number portion of an IP address. Your ZyAIR will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the ZyAIR unless you are instructed to do otherwise. Figure 3-3 Wizard 3 : IP Address Assignment The following table describes the labels in this screen. LABEL IP Address Assignment Table 3-4 Wizard 3 : IP Address Assignment DESCRIPTION Get automatically Select this option if your ZyAIR is using a dynamically assigned IP address from a DHCP server each time. You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again. Use fixed IP address Select this option if your ZyAIR is using a static IP address. When you select this option, fill in the fields below. 3-6 Wizard Setup ZyAIR B-500 Wireless Access Point Users Guide Table 3-4 Wizard 3 : IP Address Assignment LABEL DESCRIPTION IP Address Enter the IP address of your ZyAIR in dotted decimal notation. If you change the ZyAIR's IP address, you must use the new IP address if you want to access the web configurator again. IP Subnet Mask Enter the subnet mask. Gateway IP Address Enter the IP address of a gateway. The gateway is an immediate neighbor of your ZyAIR that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your ZyAIR; over the WAN, the gateway must be the IP address of one of the remote node. Click Back to return to the previous screen. Click Finish to proceed to complete the Wizard setup. Back Finish 3.5 Basic Setup Complete When you click Finish in the Wizard 3 IP Address Assignment screen, a warning window display as shown. Click OK to close the window and log in to the web configurator again using the new IP address if you change the default IP address (192.168.1.2). You have successfully set up the ZyAIR. A screen displays prompting you to close the web browser. Click Yes. Otherwise, click No and the congratulations screen shows next. Wizard Setup 3-7 ZyAIR B-500 Wireless Access Point Users Guide Well done! You have successfully set up your ZyAIR to operate on your network and access the Internet. 3-8 Wizard Setup System, Wireless and IP Part II:
SYSTEM, WIRELESS AND IP This part covers the information and web configurator screens of System, Wireless and IP. II ZyAIR B-500 Wireless Access Point Users Guide Chapter 4 System Screens This chapter provides information on the System screens. 4.1 System Overview This section provides information on general system setup. 4.2 Configuring General Setup Click SYSTEM to open the General screen. Figure 4-1 System General Setup The following table describes the labels in this screen. System Screens 4-1 ZyAIR B-500 Wireless Access Point Users Guide LABEL System Name Domain Name Administrator Inactivity Timer Table 4-1 System General Setup DESCRIPTION Type a descriptive name to identify the ZyAIR in the Ethernet network. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted. This is not a required field. Leave this field blank or enter the domain name here if you know it. Type how many minutes a management session (either via the web configurator or SMT) can be left idle before the session times out. The default is 5 minutes. After it times out you have to log in with your password again. Very long idle timeouts may have security risks. A value of "0" means a management session never times out, no matter how long it has been left idle (not recommended). System DNS Servers First DNS Server Second DNS Server Third DNS Server Apply Reset Select From DHCP if your DHCP server dynamically assigns DNS server information
(and the ZyAIR's Ethernet IP address). The field to the right displays the (read-only) DNS server IP address that the DHCP assigns. Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply. If you set a second choice to User-Defined, and enter the same IP address, the second User-
Defined changes to None after you click Apply. Select None if you do not want to configure DNS servers. If you do not configure a DNS server, you must know the IP address of a machine in order to access it. The default setting is None. Click Apply to save your changes back to the ZyAIR. Click Reset to reload the previous configuration for this screen. 4.3 Configuring Password To change your ZyAIRs password (recommended), click SYSTEM and then the Password tab. The screen appears as shown. This screen allows you to change the ZyAIRs password. If you forget your password (or the ZyAIR IP address), you will need to reset the ZyAIR. See the section on resetting the ZyAIR for details. 4-2 System Screens ZyAIR B-500 Wireless Access Point Users Guide The following table describes the labels in this screen. Figure 4-2 Password LABEL Old Password New Password Retype to Confirm Apply Reset Table 4-2 Password DESCRIPTION Type in your existing system password (1234 is the default password). Type your new system password (up to 31 characters). Note that as you type a password, the screen displays an asterisk (*) for each character you type. Retype your new system password for confirmation. Click Apply to save your changes back to the ZyAIR. Click Reset to reload the previous configuration for this screen. Configuring Time Setting 4.4 To change your ZyAIRs time and date, click SYSTEM and then the Time Setting tab. The screen appears as shown. Use this screen to configure the ZyAIRs time based on your local time zone. System Screens 4-3 ZyAIR B-500 Wireless Access Point Users Guide The following table describes the labels in this screen. Figure 4-3 Time Setting LABEL Time Protocol Table 4-3 Time Setting DESCRIPTION Select the time service protocol that your time server sends when you turn on the ZyAIR. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works. The main difference between them is the format. Daytime (RFC 867) format is day/month/year/time zone of the server. Time (RFC 868) format displays a 4-byte integer giving the total number of seconds since 1970/1/1 at 0:0:0. The default, NTP (RFC 1305), is similar to Time (RFC 868). Select None to enter the time and date manually. 4-4 System Screens ZyAIR B-500 Wireless Access Point Users Guide LABEL Time Server Address Current Time
(hh:mm:ss) New Time
(hh:mm:ss) Current Date
(yyyy/mm/dd) New Date
(yyyy/mm/dd) Time Zone Daylight Savings Table 4-3 Time Setting DESCRIPTION Enter the IP address or the URL of your time server. Check with your ISP/network administrator if you are unsure of this information. This field displays the time of your ZyAIR. Each time you reload this page, the ZyAIR synchronizes the time with the time server. This field displays the last updated time from the time server. When you select None in the Time Protocol field, enter the new time in this field and then click Apply. This field displays the date of your ZyAIR. Each time you reload this page, the ZyAIR synchronizes the time with the time server. This field displays the last updated date from the time server. When you select None in the Time Protocol field, enter the new date in this field and then click Apply. Choose the time zone of your location. This will set the time difference between your time zone and Greenwich Mean Time (GMT). Select this option if you use daylight savings time. Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening. Start Date (mm-dd) Enter the month and day that your daylight-savings time starts on if you selected Daylight Savings. End Date (mm-dd) Enter the month and day that your daylight-savings time ends on if you selected Apply Reset Daylight Savings. Click Apply to save your changes back to the ZyAIR. Click Reset to reload the previous configuration for this screen. System Screens 4-5 ZyAIR B-500 Wireless Access Point Users Guide Chapter 5 Wireless Configuration and Roaming This chapter discusses how to configure Wireless and Roaming screens on the ZyAIR. 5.1 Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios. 5.1.1 IBSS An Independent Basic Service Set (IBSS), also called an Ad-hoc network, is the simplest WLAN configuration. An IBSS is defined as two or more computers with wireless adapters within range of each other that from an independent (wireless) network without the need of an access point (AP). Figure 5-1 IBSS (Ad-hoc) Wireless LAN 5.1.2 BSS A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP). Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS is enabled, wireless station A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless station A and B can still access the wired network but cannot communicate with each other. System Screens 5-1 ZyAIR B-500 Wireless Access Point Users Guide Figure 5-2 Basic Service set 5.1.3 ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate. 5-2 Wireless Configuration and Roaming ZyAIR B-500 Wireless Access Point Users Guide Figure 5-3 Extended Service Set 5.2 Wireless LAN Basics Refer also to the chapter on wizard setup for more background information on Wireless LAN features, such as channels. 5.2.1 RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot hear each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. System Screens 5-3 ZyAIR B-500 Wireless Access Point Users Guide Figure 5-4 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the biggest size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send) handshake is invoked. When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station that wants to transmit this frame must first send an RTS (Request To Send) message to the AP for permission to send it. The AP then responds with a CTS (Clear to Send) message to all other stations within its range to notify them to defer their transmission. It also reserves and confirms with the requesting station the time frame for the requested transmission. Stations can send frames smaller than the specified RTS/CTS directly to the AP without the RTS (Request To Send)/CTS (Clear to Send) handshake. You should only configure RTS/CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhead involved in the RTS (Request To Send)/CTS (Clear to Send) handshake. If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy. 5.2.2 Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the ZyAIR will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. 5-4 Wireless Configuration and Roaming ZyAIR B-500 Wireless Access Point Users Guide If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. 5.3 Configuring Wireless Click the WIRELESS link under ADVANCED to display the Wireless screen. The following table describes the general wireless LAN labels in this screen. Figure 5-5 Wireless System Screens 5-5 ZyAIR B-500 Wireless Access Point Users Guide LABEL ESSID Hide ESSID Choose Channel ID Table 5-1 Wireless DESCRIPTION
(Extended Service Set IDentity) The ESSID identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same ESSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you are configuring the ZyAIR from a computer connected to the wireless LAN and you change the ZyAIRs ESSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the ZyAIRs new settings. Select this check box to hide the ESSID in the outgoing beacon frame so a station cannot obtain the ESSID through passive scanning using a site survey tool. Set the operating frequency/channel depending on your particular region. To manually set the ZyAIR to use a channel, select a channel from the drop-down list box. Click WIRELESS under MAINTENANCE and then the Channel Usage tab to open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer-to-peer wireless network. To have the ZyAIR automatically select a channel, click Scan instead. Refer to the chapter on wizard setup for more information about channels. Scan Click this button to have the ZyAIR automatically scan for and select a channel with the least interference. Enter a value between 0 and 2432. The default is 2432. RTS/CTS Threshold Fragmentation Threshold Apply Reset Enter a value between 256 and 2432. The default is 2432. It is the maximum data fragment size that can be sent. Click Apply to save your changes back to the ZyAIR. Click Reset to begin configuring this screen afresh. See the chapter on wireless security for information on the other labels in this screen. 5.4 Configuring Roaming A wireless station is a device with an IEEE 802.11b compliant wireless adapters. An access point (AP) acts as a bridge between the wireless and wired networks. An AP creates its own wireless coverage area. A wireless station can associate with a particular access point only if it is within the access points coverage area. 5-6 Wireless Configuration and Roaming ZyAIR B-500 Wireless Access Point Users Guide In a network environment with multiple access points, wireless stations are able to switch from one access point to another as they move between the coverage areas. This is roaming. As the wireless station moves from place to place, it is responsible for choosing the most appropriate access point depending on the signal strength, network utilization or other factors. The roaming feature on the access points allows the access points to relay information about the wireless stations to each other. When a wireless station moves from a coverage area to another, it scans and uses the channel of a new access point, which then informs the access points on the LAN about the change. The new information is then propagated to the other access points on the LAN. An example is shown in Figure 5-6. With roaming, a wireless LAN mobile user enjoys a continuous connection to the wired network through an access point while moving around the wireless LAN. If the roaming feature is not enabled on the access points, information is not communicated between the access points when a wireless station moves between coverage areas. The wireless station may not be able to communicate with other wireless stations on the network and vice versa. Figure 5-6 Roaming Example The steps below describe the roaming process. Step 1. As wireless station Y moves from the coverage area of access point AP 1 to that of access point AP 2, it scans and uses the signal of access point AP 2. System Screens 5-7 ZyAIR B-500 Wireless Access Point Users Guide Step 2. Access point AP 2 acknowledges the presence of wireless station Y and relays this information to access point AP 1 through the wired LAN. Step 3. Access point AP 1 updates the new position of wireless station. Step 4. Wireless station Y sends a request to access point AP 2 for reauthentication. 5.4.1 Requirements for Roaming The following requirements must be met in order for wireless stations to roam between the coverage areas. 1. All the access points must be on the same subnet and configured with the same ESSID. 2. If IEEE 802.1x user authentication is enabled and to be done locally on the access point, the new access point must have the user profile for the wireless station. 3. The adjacent access points should use different radio channels when their coverage areas overlap. 4. All access points must use the same port number to relay roaming information. 5. The access points must be connected to the Ethernet and be able to get IP addresses from a DHCP server if using dynamic IP address assignment. To enable roaming on your ZyAIR, click the WIRELESS link under ADVANCED and then the Roaming tab. The screen appears as shown. Figure 5-7 Roaming The following table describes the labels in this screen. 5-8 Wireless Configuration and Roaming ZyAIR B-500 Wireless Access Point Users Guide LABEL Active Table 5-2 Roaming DESCRIPTION Select Yes from the drop-down list box to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet. All APs on the same subnet and the wireless stations must have the same ESSID to allow roaming. Port #
Apply Reset Enter the port number to communicate roaming information between access points. The port number must be the same on all access points. The default is 16290. Make sure this port is not used by other services. Click Apply to save your changes back to the ZyAIR. Click Reset to begin configuring this screen afresh. System Screens 5-9 ZyAIR B-500 Wireless Access Point Users Guide Chapter 6 Wireless Security This chapter describes how to use the MAC Filter, 802.1x, Local User Database and RADIUS to configure wireless security on your ZyAIR. 6.1 Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network. The figure below shows the possible wireless security levels on your ZyAIR. The highest security level relies on EAP (Extensible Authentication Protocol) for authentication and utilizes dynamic WEP key exchange. It requires interaction with a RADIUS (Remote Authentication Dial-In User Service) server either on the WAN or your LAN to provide authentication service for wireless stations. Figure 6-1 ZyAIR Wireless Security Levels If you do not enable any wireless security on your ZyAIR, your network is accessible to any wireless networking device that is within range. 6.2 WEP Overview WEP (Wired Equivalent Privacy) as specified in the IEEE 802.11 standard provides methods for both data encryption and wireless station authentication. 6.2.1 Data Encryption WEP provides a mechanism for encrypting data using encryption keys. Both the AP and the wireless stations must use the same WEP key to encrypt and decrypt data. Your ZyAIR allows you to configure up to four 64-
bit or 128-bit WEP keys, but only one key can be enabled at any one time. Wireless Security 6-1 ZyAIR B-500 Wireless Access Point Users Guide 6.2.2 Authentication Three different methods can be used to authenticate wireless stations to the network: Open System, Shared Key, and Auto. The following figure illustrates the steps involved. Figure 6-2 WEP Authentication Steps Open system authentication involves an unencrypted two-message procedure. A wireless station sends an open system authentication request to the AP, which will then automatically accept and connect the wireless station to the network. In effect, open system is not authentication at all as any station can gain access to the network. Shared key authentication involves a four-message procedure. A wireless station sends a shared key authentication request to the AP, which will then reply with a challenge text message. The wireless station must then use the APs default WEP key to encrypt the challenge text and return it to the AP, which attempts to decrypt the message using the APs default WEP key. If the decrypted message matches the challenge text, the wireless station is authenticated. 6-2 Wireless Security ZyAIR B-500 Wireless Access Point Users Guide When your ZyAIR's authentication method is set to open system, it will only accept open system authentication requests. The same is true for shared key authentication. However, when it is set to auto authentication, the ZyAIR will accept either type of authentication request and the ZyAIR will fall back to use open authentication if the shared key does not match. 6.3 Configuring WEP Encryption In order to configure and enable WEP encryption; click the WIRELESS link under ADVANCED to display the Wireless screen. Figure 6-3 Wireless Wireless Security 6-3 ZyAIR B-500 Wireless Access Point Users Guide The following table describes the wireless LAN security labels in this screen. LABEL WEP Encryption Authentication Method ASCII Hex Key 1 to Key 4 Enable Intra-
BSS Traffic Number of Wireless Stations Allowed Output Power Apply Reset Table 6-1 Wireless DESCRIPTION Select Disable to allow wireless stations to communicate with the access points without any data encryption. Select 64-bit WEP or 128-bit WEP to enable data encryption. Select Auto, Open System or Shared Key from the drop-down list box. This field is not available if WEP is not activated. If WEP encryption is activated, the default setting is Auto. Select this option to enter ASCII characters as the WEP keys. Select this option to enter hexadecimal characters as the WEP keys. The preceding 0x is entered automatically. The WEP keys are used to encrypt data. Both the ZyAIR and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters
("0-9", "A-F"). You must configure all four keys, but only one key can be activated at any one time. The default key is key 1. Intra-BSS traffic is traffic between wireless stations in the same BSS. Select this check box to enable Intra-BSS traffic. Use this field to set a maximum number of wireless stations that may connect to the ZyAIR Enter the number (from 1 to 32) of wireless stations allowed. Set the output power of the ZyAIR in this field. If there is a high density of APs within an area, decrease the output power of the ZyAIR to reduce interference with other APs. The options are 17dBm (50mW), 14dBm (25mW) or 11dBm (12.6mW). Click Apply to save your changes back to the ZyAIR. Click Reset to begin configuring this screen afresh. 6.4 MAC Filter The MAC filter screen allows you to configure the ZyAIR to give exclusive access to up to 32 devices
(Allow Association) or exclude up to 32 devices from accessing the ZyAIR (Deny Association). Every 6-4 Wireless Security ZyAIR B-500 Wireless Access Point Users Guide Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC address of the devices to configure this screen. To change your ZyAIRs MAC Filter settings, click the WIRELESS link under ADVANCED and then the MAC Filter tab. The screen appears as shown. Figure 6-4 MAC Address Filter Wireless Security 6-5 ZyAIR B-500 Wireless Access Point Users Guide The following table describes the labels in this screen. LABEL Table 6-2 MAC Address Filter DESCRIPTION Active Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table. Select Yes from the drop down list box to enable MAC address filtering. Select Deny Association to block access to the ZyAIR, MAC addresses not listed will be allowed to access the ZyAIR. Select Allow Association to permit access to the ZyAIR, MAC addresses not listed will be denied access to the ZyAIR. This is the index number of the MAC address. Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the wireless station that are allowed or denied access to the ZyAIR in these address fields. Click Apply to save your changes back to the ZyAIR. Click Reset to begin configuring this screen afresh. Set MAC Address Apply Reset 6.5 802.1x Overview The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management. Authentication can be done using the local user database internal to the ZyAIR (authenticate up to 32 users) or an external RADIUS server for an unlimited number of users. 6.6 RADIUS is based on a client-sever model that supports authentication and accounting, where access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks among others:
Introduction to RADIUS Authentication Determines the identity of the users. Accounting Keeps track of the clients network activity. RADIUS user is a simple package exchange in which your ZyAIR acts as a message relay between the wireless station and the network RADIUS server. 6-6 Wireless Security ZyAIR B-500 Wireless Access Point Users Guide Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication:
Access-Request Sent by an access point requesting authentication. Access-Reject Sent by a RADIUS server rejecting access. Access-Accept Sent by a RADIUS server allowing access. Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting:
Accounting-Request Sent by the access point requesting accounting. Accounting-Response Sent by the RADIUS server to indicate that it has started or stopped accounting. In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the wired network from unauthorized access. 6.6.1 EAP Authentication Overview EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, the access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server or the AP. The ZyAIR supports EAP-
TLS, EAP-TTLS and DEAP with RADIUS. Refer to the Types of EAP Authentication appendix for descriptions on the four common types. Your ZyAIR supports EAP-MD5 (Message-Digest Algorithm 5) with the local user database and RADIUS. The following figure shows an overview of authentication when you specify a RADIUS server on your access point. Wireless Security 6-7 ZyAIR B-500 Wireless Access Point Users Guide Figure 6-5 EAP Authentication The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix. The wireless station sends a start message to the ZyAIR. The ZyAIR sends a request identity message to the wireless station for identity information. The wireless station replies with identity information, including username and password. The RADIUS server checks the user information against its user profile database and determines whether or not to authenticate the wireless station. 6.7 Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default WEP encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled. To use Dynamic WEP, enable and configure the RADIUS server (see section 6.11) and enable Dynamic WEP Key Exchange in the 802.1x screen. Ensure that the wireless stations EAP type is configured to one of the following:
EAP-TLS EAP-TTLS PEAP EAP-MD5 cannot be used with Dynamic WEP Key Exchange. 6-8 Wireless Security ZyAIR B-500 Wireless Access Point Users Guide Introduction to Local User Database 6.8 By storing user profiles locally on the ZyAIR, your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way. 6.9 Configuring 802.1x To change your ZyAIRs authentication settings, click the WIRELESS link under ADVANCED and then the 802.1x tab. The screen appears as shown. Figure 6-6 802.1x Authentication The following table describes the labels in this screen. Wireless Security 6-9 ZyAIR B-500 Wireless Access Point Users Guide LABEL Wireless Port Control ReAuthentication Timer
(seconds) Table 6-3 802.1x Authentication DESCRIPTION To control wireless stations access to the wired network, select a control method from the drop-down list box. Choose from No Authentication Required, Authentication Required and No Access Allowed. No Authentication Required allows all wireless stations access to the wired network without entering usernames and passwords. This is the default setting. Authentication Required means that all wireless stations have to enter usernames and passwords before access to the wired network is allowed. No Access Allowed blocks all wireless stations access to the wired network. Specify how often wireless stations have to reenter usernames and passwords in order to stay connected. This field is activated only when you select Authentication Required in the Wireless Port Control field. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority. Idle Timeout
(seconds) The ZyAIR automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. This field is activated only when you select Authentication Required in the Wireless Port Control field. The default time interval is 3600 seconds (1 hour). 6-10 Wireless Security LABEL Authentication Databases Apply Reset ZyAIR B-500 Wireless Access Point Users Guide Table 6-3 802.1x Authentication DESCRIPTION This field is activated only when you select Authentication Required in the Wireless Port Control field. The authentication database contains wireless station login information. The local user database is the built-in database on the ZyAIR. The RADIUS is an external server. Use this drop-down list box to select which database the ZyAIR should use
(first) to authenticate a wireless station. Before you specify the priority, make sure you have set up the corresponding database correctly first. Select Local User Database Only to have the ZyAIR just check the built-in user database on the ZyAIR for a wireless station's username and password. Select RADIUS Only to have the ZyAIR just check the user database on the specified RADIUS server for a wireless station's username and password. Select Local first, then RADIUS to have the ZyAIR first check the user database on the ZyAIR for a wireless station's username and password. If the user name is not found, the ZyAIR then checks the user database on the specified RADIUS server. Select RADIUS first, then Local to have the ZyAIR first check the user database on the specified RADIUS server for a wireless station's username and password. If the ZyAIR cannot reach the RADIUS server, the ZyAIR then checks the local user database on the ZyAIR. When the user name is not found or password does not match in the RADIUS server, the ZyAIR will not check the local user database and the authentication fails. Click Apply to save your changes back to the ZyAIR. Click Reset to begin configuring this screen afresh. Once you enable user authentication, you need to specify an external RADIUS server or create local user accounts on the ZyAIR for authentication. 6.10 Configuring Local User Database To change your ZyAIRs local user database, click the WIRELESS link under ADVANCED and then the Local User Database tab. The screen appears as shown. Wireless Security 6-11 ZyAIR B-500 Wireless Access Point Users Guide Figure 6-7 Local User Database The following table describes the labels in this screen. 6-12 Wireless Security ZyAIR B-500 Wireless Access Point Users Guide LABEL Active User Name Password Apply Reset Table 6-4 Local User Database DESCRIPTION Select this check box to activate the user profile. Enter the username (up to 31 characters) for this user profile. Type a password (up to 31 characters) for this user profile. Note that as you type a password, the screen displays a (*) for each character you type. Click Apply to save your changes back to the ZyAIR. Click Reset to begin configuring this screen afresh. 6.11 Configuring RADIUS Configure the RADIUS screen if you want to authenticate wireless users using an external server. To set up your ZyAIRs RADIUS server settings, click the WIRELESS link under ADVANCED and then the RADIUS tab. The screen appears as shown. Figure 6-8 RADIUS Wireless Security 6-13 ZyAIR B-500 Wireless Access Point Users Guide The following table describes the labels in this screen. LABEL Authentication Server Table 6-5 RADIUS DESCRIPTION Active Select Yes from the drop-down list box to enable user authentication through an external authentication server. Select No to enable user authentication using the local user profile on the ZyAIR. Server IP Address Enter the IP address of the external authentication server in dotted decimal notation. Port Number Enter the port number of the external authentication server. The default port number is 1812. You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the ZyAIR. The key must be the same on the external authentication server and your ZyAIR. The key is not sent over the network. Accounting Server Active Select Yes from the drop down list box to enable user accounting through an external authentication server. Server IP Address Enter the IP address of the external accounting server in dotted decimal notation. Port Number Enter the port number of the external accounting server. The default port number is 1813. You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the ZyAIR. The key must be the same on the external authentication server and your ZyAIR. The key is not sent over the network. Click Apply to save your changes back to the ZyAIR. Click Reset to begin configuring this screen afresh. Apply Reset 6-14 Wireless Security ZyAIR B-500 Wireless Access Point Users Guide Chapter 7 IP Screen This chapter discusses how to configure IP on the ZyAIR 7.1 Factory Ethernet Defaults The Ethernet parameters of the ZyAIR are preset in the factory with the following values:
IP address of 192.168.1.2 Subnet mask of 255.255.255.0 (24 bits) These parameters should work for the majority of installations. 7.2 TCP/IP Parameters 7.2.1 IP Address and Subnet Mask Refer to the section on IP address and subnet mask in the Wizard Setup chapter for this information. 7.3 Configuring IP Click IP to display the screen shown next. IP 7-1 ZyAIR B-500 Wireless Access Point Users Guide The following table describes the labels in this screen. Figure 7-1 IP Setup LABEL IP Address Assignment Table 7-1 IP Setup DESCRIPTION Get automatically Select this option if your ZyAIR is using a dynamically assigned IP address from a DHCP server each time. You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again. Use fixed IP address Select this option if your ZyAIR is using a static IP address. When you select this option, fill in the fields below. 7-2 IP ZyAIR B-500 Wireless Access Point Users Guide LABEL Table 7-1 IP Setup DESCRIPTION IP Address Enter the IP address of your ZyAIR in dotted decimal notation. If you change the ZyAIR's IP address, you must use the new IP address if you want to access the web configurator again. IP Subnet Mask Enter the subnet mask. Gateway IP Address Enter the IP address of a gateway. The gateway is an immediate neighbor of your ZyAIR that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your ZyAIR; over the WAN, the gateway must be the IP address of one of the remote node. Click Apply to save your changes back to the ZyAIR. Click Reset to begin configuring this screen afresh. Apply Reset IP 7-3 Logs Part III:
LOGS This part provides information and configuration instructions for the logs. III ZyAIR B-500 Wireless Access Point Users Guide Chapter 8 Logs Screens This chapter contains information about configuring general log settings and viewing the ZyAIRs logs. Refer to the appendix for example log message explanations. 8.1 Configuring View Log The web configurator allows you to look at all of the ZyAIRs logs in one location. Click LOGS to open the View Log screen. Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen (see section 8.2). Options include logs about system maintenance, system errors and access control. You can view logs and alert messages in this page. Once the log entries are all used, the log will wrap around and the old logs will be deleted. Click a column heading to sort the entries. A triangle indicates the direction of the sort order. Figure 8-1 View Log Logs Screens 8-1 ZyAIR B-500 Wireless Access Point Users Guide The following table describes the labels in this screen. Table 8-1 View Log DESCRIPTION LABEL Display Select a log category from the drop down list box to display logs within the selected category. To view all logs, select All Logs. The number of categories shown in the drop down list box depends on the selection in the Log Settings page. This field displays the time the log was recorded. This field states the reason for the log. This field lists the source IP address of the incoming packet. This field lists the destination IP address of the incoming packet. This field displays additional information about the log entry. Time Message Source Destination Note Email Log Now Click Email Log Now to send the log screen to the e-mail address specified in the Log Refresh Clear Log Settings page. Click Refresh to renew the log screen. Click Clear Log to clear all the logs. 8.2 Configuring Log Settings To change your ZyAIRs log settings, click LOGS and then the Log Settings tab. The screen appears as shown. Use the Log Settings screen to configure to where the ZyAIR is to send the logs; the schedule for when the ZyAIR is to send the logs and which logs and/or immediate alerts the ZyAIR is to send. An alert is a type of log that warrants more serious attention. Some categories such as System Errors consist of both logs and alerts. You may differentiate them by their color in the View Log screen. Alerts are displayed in red and logs are displayed in black. 8-2 Logs Screens ZyAIR B-500 Wireless Access Point Users Guide The following table describes the labels in this screen. Figure 8-2 Log Settings Logs Screens 8-3 ZyAIR B-500 Wireless Access Point Users Guide LABEL Address Info Table 8-2 Log Settings DESCRIPTION Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail. Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the ZyAIR sends. Send Log to Logs are sent to the e-mail address specified in this field. If this field is left blank, logs will not be sent via e-mail. Send Alerts to Enter the e-mail address where the alert messages will be sent. If this field is left blank, alert messages will not be sent via e-mail. Syslog logging sends a log to an external syslog server used to store logs. Syslog Logging Active Click Active to enable syslog logging. Syslog Server IP Address Enter the server name or IP address of the syslog server that will log the selected categories of logs. Log Facility Select a location from the drop down list box. The log facility allows you to log the messages to different files in the syslog server. Refer to the documentation of your syslog program for more details. Send Log Log Schedule This drop-down menu is used to configure the frequency of log messages being sent as E-mail:
Daily Weekly Hourly When the Log is Full None. If the Weekly or the Daily option is selected, specify a time of day when the E-mail should be sent. If the Weekly option is selected, then also specify which day of the week the E-mail should be sent. If the When Log is Full option is selected, an alert is sent when the log fills up. If you select None, no log messages are sent. Day for Sending Log This field is only available when you select Weekly in the Log Schedule field. Use the drop down list box to select which day of the week to send the logs. Time for Sending Log Enter the time of the day in 24-hour format (for example 23:00 equals 11:00 pm) to send the logs. 8-4 Logs Screens LABEL Clear log after sanding mail ZyAIR B-500 Wireless Access Point Users Guide Table 8-2 Log Settings DESCRIPTION Select the check box to clear all logs after logs and alert messages are sent via e-
mail. Select the categories of logs that you want to record. Log Send Immediate Alert Select the categories of alerts for which you want the ZyAIR to immediately send e-mail alerts. Click Apply to save your customized settings and exit this screen. Click Reset to reconfigure all the fields in this screen. Apply Reset Logs Screens 8-5 Maintenance Part IV:
MAINTENANCE This part describes the Maintenance web configurator screens. IV ZyAIR B-500 Wireless Access Point Users Guide Chapter 9 Maintenance This chapter describes the Maintenance screens that display system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 9.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your ZyAIR. 9.2 System Status Screen Click System Status to display the screen, where you can use to monitor your ZyAIR. Note that these labels are READ-ONLY and are meant to be used for diagnostic purposes. The following table describes the labels in this screen. Figure 9-1 System Status LABEL System Name Maintenance Table 9-1 System Status DESCRIPTION This is the System Name you enter in the first Internet Access Wizard screen. It is for identification purposes 9-1 ZyAIR B-500 Wireless Access Point Users Guide LABEL Table 9-1 System Status DESCRIPTION ZyNOS Firmware Version This is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's proprietary Network Operating System design. IP Address This is the Ethernet port IP address. IP Subnet Mask This is the Ethernet port subnet mask. DHCP This is the Ethernet port DHCP role - Client or None. Show Statistics Click Show Statistics to see performance statistics such as number of packets sent and number of packets received for each port. 9.2.1 System Statistics Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval field is configurable. The following table describes the labels in this screen. Figure 9-2 System Status: Show Statistics Table 9-2 System Status: Show Statistics LABEL DESCRIPTION Port This is the Ethernet or wireless port. 9-2 Maintenance ZyAIR B-500 Wireless Access Point Users Guide Table 9-2 System Status: Show Statistics DESCRIPTION LABEL Status This shows the port speed and duplex setting if you are using Ethernet encapsulation for the Ethernet port. This shows the transmission speed only for wireless port. This is the number of transmitted packets on this port. This is the number of received packets on this port. This is the number of collisions on this port. This shows the transmission speed in bytes per second on this port. This shows the reception speed in bytes per second on this port. This is total amount of time the line has been up. TxPkts RxPkts Collisions Tx B/s Rx B/s Up Time System Up Time This is the total time the ZyAIR has been on. Enter the time interval for refreshing statistics. Poll Interval Set Interval Click this button to apply the new poll interval you entered above. Click this button to stop refreshing statistics. Stop 9.3 Wireless Screen 9.3.1 Association List View the wireless stations that are currently associated to the ZyAIR in the Association List screen. Click the WIRELESS link under MAINTENANCE to display the screen as shown next. Maintenance 9-3 ZyAIR B-500 Wireless Access Point Users Guide The following table describes the labels in this screen. Figure 9-3 Association List LABEL
MAC Address Association Time Refresh Table 9-3 Association List DESCRIPTION This is the index number of an associated wireless station. This field displays the MAC address of an associated wireless station. This field displays the time a wireless station first associated with the ZyAIR. Click Refresh to reload the screen. 9.3.2 Channel Usage The Channel Usage screen shows whether a channel is used by another wireless network or not. If a channel is being used, you should select a channel removed from it by five channels to completely avoid overlap. Click the WIRELESS link under MAINTENANCE and then the Channel Usage tab to display the screen as shown next. Wait a moment while the ZyAIR compiles the information. 9-4 Maintenance ZyAIR B-500 Wireless Access Point Users Guide The following table describes the labels in this screen. Figure 9-4 Channel Usage LABEL SSID MAC Address Channel Signal Maintenance Table 9-4 Channel Usage DESCRIPTION This is the Service Set IDentification name of the AP in an Infrastructure wireless network or wireless station in an Ad-Hoc wireless network. For our purposes, we define an Infrastructure network as a wireless network that uses an AP and an Ad-Hoc network
(also known as Independent Basic Service Set (IBSS)) as one that doesnt. See the Wireless Configuration and Roaming chapter for more information on basic service sets
(BSS) and extended service sets (ESS). This field displays the MAC address of the AP in an Infrastructure wireless network. It is randomly generated (so ignore it) in an Ad-Hoc wireless network. This is the index number of the channel currently used by the associated AP in an Infrastructure wireless network or wireless stations in an Ad-Hoc wireless network. This field displays the strength of the APs signal. If you must choose a channel thats currently in use, choose one with low signal strength for minimum interference. 9-5 ZyAIR B-500 Wireless Access Point Users Guide LABEL Network Mode Refresh Table 9-4 Channel Usage DESCRIPTION Network mode in this screen refers to your wireless LAN infrastructure (refer to the Wireless LAN chapter) and WEP setup. Network modes are: Infra (infrastructure), Infra, WEP (Infrastructure with WEP encryption is enabled), Ad-Hoc, or Ad-Hoc, WEP. Click Refresh to reload the screen. 9.4 F/W Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin"
extension, e.g., "zyair.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. See the Firmware and Configuration File Maintenance chapter for upgrading firmware using FTP/TFTP commands. Click F/W UPLOAD to display the screen as shown. Follow the instructions in this screen to upload firmware to your ZyAIR. The following table describes the labels in this screen. Figure 9-5 Firmware Upload 9-6 Maintenance ZyAIR B-500 Wireless Access Point Users Guide Table 9-5 Firmware Upload DESCRIPTION LABEL File Path Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress Type in the location of the file you want to upload in this field or click Browse ... to find it. compressed (.zip) files before you can upload them. Click Upload to begin the upload process. This process may take up to two minutes. Upload Do not turn off the device while firmware upload is in progress!
After you see the Firmware Upload in Process screen, wait two minutes before logging into the device again. Figure 9-6 Firmware Upload In Process The ZyAIR automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 9-7 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen. Maintenance 9-7 ZyAIR B-500 Wireless Access Point Users Guide If the upload was not successful, the following screen will appear. Click Return to go back to the F/W Upload screen. Figure 9-8 Firmware Upload Error 9.5 Configuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP/TFTP commands. Click CONFIGURATION. Information related to backup configuration, restoring configuration and factory defaults appears as shown next. 9.5.1 Backup Configuration Backup Configuration allows you to backup (save) the current system (ZyAIR) configuration to your computer. Backup is highly recommended once your ZyAIR is functioning properly. Click Backup to save your current ZyAIR configuration to your computer. 9-8 Maintenance ZyAIR B-500 Wireless Access Point Users Guide Figure 9-9 Backup Configuration 9.5.2 Restore Configuration Restore configuration replaces your ZyAIR's current configuration with a previously saved configuration. Restore files (usually) have a .ROM extension, e.g., "zyair.rom". The system reboots automatically after the file transfer is complete and uses the configured values in the file. Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE YOUR ZyAIR. When the Restore Configuration process is complete, the ZyAIR will WARNING!
automatically restart. Figure 9-10 Restore Configuration Maintenance 9-9 ZyAIR B-500 Wireless Access Point Users Guide The following table describes the labels in this screen. Table 9-6 Restore Configuration DESCRIPTION LABEL File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the file you want to upload. Remember that you must decompress Upload compressed (.ZIP) files before you can upload them. Click Upload to begin the upload process. Do not turn off the device while configuration file upload is in progress. After you see a configuration upload successful screen, you must then wait one minute before logging into the ZyAIR again. Figure 9-11 Configuration Upload Successful The ZyAIR automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 9-12 Network Temporarily Disconnected 9-10 Maintenance ZyAIR B-500 Wireless Access Point Users Guide If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default ZyAIR IP address (192.168.1.2). See the appendix for details on how to set up your computers IP address. If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. Figure 9-13 Configuration Upload Error 9.5.3 Back to Factory Defaults Clicking the Reset button in this section clears all user-entered configuration information and returns the ZyAIR to its factory defaults as shown on the screen. This will erase all configurations that you have applied. Maintenance 9-11 ZyAIR B-500 Wireless Access Point Users Guide The following warning screen will appear. Figure 9-14 Back to Factory Default Figure 9-15 Reset Warning Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyAIR. Refer to the Resetting the ZyAIR section for more information on the RESET button. 9-12 Maintenance
1 | Users Manual 2 | Users Manual | 2.35 MiB | April 12 2003 |
SMT Configuration Part V:
SMT CONFIGURATION This part contains SMT (System Management Terminal) configuration and background information for features only configurable by SMT. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT. V ZyAIR B-500 Wireless Access Point Users Guide Chapter 10 Introducing the SMT This chapter describes how to access the SMT and provides an overview of its menus. 10.1 Connect to your ZyAIR Using Telnet The following procedure details how to telnet into your ZyAIR. Step 1. In Windows, click Start (usually in the bottom left corner), Run and then type telnet 192.168.1.2 (the default IP address) and click OK. Step 2. For your first login, enter the default password 1234. As you type the password, the screen displays an asterisk * for each character you type. Password : ****
Figure 10-1 Login Screen Step 3. After entering the password you will see the main menu. Please note that if there is no activity for longer than five minutes (default timeout period) after you log in, your ZyAIR will automatically log you out. You will then have to telnet into the ZyAIR again. You can use the web configurator or the CI commands to change the inactivity time out period. 10.2 Changing the System Password Change the ZyAIR default password by following the steps shown next. Step 1. From the main menu, enter 23 to display Menu 23 System Security. Step 2. Enter 1 to display Menu 23.1 System Security Change Password as shown next. Step 3. Type your existing system password in the Old Password field, and press [ENTER]. Introducing the SMT 10-1 ZyAIR B-500 Wireless Access Point Users Guide Menu 23.1 System Security Change Password Old Password= ****
New Password= ?
Retype to confirm= ?
Enter here to CONFIRM or ESC to CANCEL:
Figure 10-2 Menu 23.1 System Security : Change Password Step 4. Type your new system password in the New Password field (up to 30 characters), and press
[ENTER]. Step 5. Re-type your new system password in the Retype to confirm field for confirmation and press
[ENTER]. Note that as you type a password, the screen displays an asterisk * for each character you type. 10.3 ZyAIR SMT Menu Overview Example The following figure gives you an example overview of the various SMT menu screens for your ZyAIR. 10-2 Introducing the SMT ZyAIR B-500 Wireless Access Point Users Guide ZyAIR B-500 Main Menu Menu 1 General Setup Menu 3 LAN Setup Menu 14 Dial-in User Setup Menu 22 SNMP Configuration Menu 23 System Security Menu 3.2 TCP/IP Setup Menu14.1 Edit Dial-in User Menu 3.5.1 WLAN MAC Address Filter Menu 3.5 Wireless LAN Setup Menu 3.5.2 Roaming Configuration Menu 23.1 System Security-
Change Password Menu 23.2 System Security-
RADIUS Server Menu 23.4 System Security-
IEEE802.1x Menu 24.4 System Maintenance
- Diagnostic Menu 24.3 System Maintenance
- Log and Trace Menu 24.2 System Information and Console Port Speed Menu 24 System Maintenance Menu 24.3.1 System Maintenance
- View Error Log Menu 24.1 System Maintenance
- Status Menu 24.2.1 System Maintenance
- Information Menu 24.2.2 System Maintenance
- Change Console Port Speed Menu 24.7 Upload Firmware Menu 24.7.1 Upload System Firmware Menu 24.7.2 Upload System Configuration File Menu 24.8 Command Interpreter Mode Menu 24.10 Time and Date Setting Figure 10-3 ZyAIR B-500 SMT Menu Overview Example Introducing the SMT 10-3 Menu 24.5 Backup Configuration Menu 24.6 Restore Configuration ZyAIR B-500 Wireless Access Point Users Guide 10.4 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your ZyAIR. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below. Table 10-1 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Move down to another menu Move up to a previous menu Move to a hidden menu Move the cursor Entering information Required fields
[ENTER]
[ESC]
To move forward to a submenu, type in the number of the desired submenu and press [ENTER]. Press [ESC] to move back to the previous menu. Fields beginning with Edit lead to hidden menus and have a default setting of No. Press [SPACE BAR] once to change No to Yes, then press [ENTER] to go to the hidden menu. Press [SPACE BAR] to change No to Yes then press
[ENTER].
[ENTER] or
[UP]/[DOWN] arrow keys. Type in or press
[SPACE BAR], then press [ENTER].
<?> or ChangeMe All fields with the symbol <?> must be filled in order to be able to Within a menu, press [ENTER] to move to the next field. You can also use the [UP]/[DOWN] arrow keys to move to the previous and the next field, respectively. You need to fill in two types of fields. The first requires you to type in the appropriate information. The second allows you to cycle through the available choices by pressing [SPACE BAR]. N/A fields
<N/A>
Save your configuration Exit the SMT
[ENTER]
Type 99, then press
[ENTER]. save the new configuration. All fields with ChangeMe must not be left blank in order to be able to save the new configuration. Some of the fields in the SMT will show a <N/A>. This symbol refers to an option that is Not Applicable. Save your configuration by pressing [ENTER] at the message Press ENTER to confirm or ESC to cancel. Saving the data on the screen will take you, in most cases to the previous menu. Type 99 at the main menu prompt and press [ENTER] to exit the SMT interface. After you enter the password, the SMT displays the main menu, as shown next. 10-4 Introducing the SMT ZyAIR B-500 Wireless Access Point Users Guide Copyright (c) 1994 - 2003 ZyXEL Communications Corp. ZyAIR B-500 Main Menu Getting Started Advanced Management 1. General Setup 22. SNMP Configuration 3. LAN Setup 23. System Security 24. System Maintenance Advanced Applications 14. Dial-in User Setup 99. Exit Enter Menu Selection Number:
Figure 10-4 ZyAIR B-500 SMT Main Menu 10.4.1 System Management Terminal Interface Summary Table 10-2 Main Menu Summary
MENU TITLE DESCRIPTION General Setup LAN Setup Dial-in User Setup SNMP Configuration System Security System Maintenance Exit Use this menu to set up your general information. Use this menu to set up your LAN and WLAN connection. Use this menu to set up local user profiles on the ZyAIR. Use this menu to set up SNMP related parameters. Use this menu to change your password and enable network user authentication. This menu provides system status, diagnostics, software upload, etc. Use this to exit from SMT and return to a blank screen. 1 3 14 22 23 24 99 Introducing the SMT 10-5 ZyAIR B-500 Wireless Access Point Users Guide Chapter 11 General Setup The chapter shows you the information on general setup. 11.1 General Setup Menu 1 General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. It is recommended you type your computer's "Computer name". The Domain Name entry is what is propagated to the DHCP clients on the LAN. This is not a required field. Leave this field blank or enter the domain name here if you know it. 11.1.1 Procedure To Configure Menu 1 Step 1. Enter 1 in the Main Menu to open Menu 1 General Setup as shown next. Menu 1 - General Setup System Name= B-500 Domain Name=
First System DNS Server= From DHCP IP Address= N/A Second System DNS Server= None IP Address= N/A Third System DNS Server= None IP Address= N/A Press ENTER to Confirm or ESC to Cancel:
Figure 11-1 Menu 1 General Setup Fill in the required fields. Refer to the following table for more information about these fields. Step 2. General Setup 11-1 ZyAIR B-500 Wireless Access Point Users Guide FIELD System Name Domain Name First/Second/Third System DNS Server IP Address Table 11-1 Menu 1 General Setup DESCRIPTION Choose a descriptive name for identification purposes. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes - and underscores "_" are accepted. This is not a required field. Leave this field blank or enter the domain name here if you know it. Press [SPACE BAR] to select From DHCP, User Defined or None and press [ENTER]. These fields are not available on all models. Enter the IP addresses of the DNS servers. This field is available when you select User-Defined in the field above. EXAMPLE B-500 From DHCP N/A When you have completed this menu, press [ENTER] at the prompt Press ENTER to Confirm to save your configuration, or press [ESC] at any time to cancel. 11-2 General Setup ZyAIR B-500 Wireless Access Point Users Guide Chapter 12 LAN Setup This chapter shows you how to configure the LAN on your ZyAIR.. 12.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 LAN Setup. From the main menu, enter 3 to display menu 3. Menu 3 - LAN Setup 2. TCP/IP Setup 5. Wireless LAN Setup Enter Menu Selection Number:
Figure 12-1 Menu 3 LAN Setup 12.2 TCP/IP Ethernet Setup Use menu 3.2 to configure your ZyAIR for TCP/IP. To edit menu 3.2, enter 3 from the main menu to display Menu 3-LAN Setup. When menu 3 appears, press 2 and press [ENTER] to display Menu 3.2-TCP/IP Setup, as shown next. Menu 3.2 - TCP/IP Setup IP Address Assignment= Static IP Address= 192.168.1.2 IP Subnet Mask= 255.255.255.0 Gateway IP Address= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel:
Figure 12-2 Menu 3.2 TCP/IP Setup Follow the instructions in the following table on how to configure the fields in this menu. LAN Setup 12-1 ZyAIR B-500 Wireless Access Point Users Guide FIELD IP Address Assignment Table 12-1 Menu 3.2 TCP/IP Setup DESCRIPTION Press [SPACE BAR] and then [ENTER] to select Dynamic to have the ZyAIR obtain an IP address from a DHCP server. You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again. Select Static to give the ZyAIR a fixed, unique IP address. Enter a subnet mask appropriate to your network and the gateway IP address if applicable. EXAMPLE IP Address Enter the (LAN) IP address of your ZyAIR in dotted decimal notation IP Subnet Mask Your ZyAIR will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the ZyAIR. Type the IP address of the gateway. The gateway is an immediate neighbor of your ZyAIR that will forward the packet to the destination. On the LAN, the gateway must be a router on the same network segment as your ZyAIR. Gateway IP Address 192.168.1.2 255.255.255.0 When you have completed this menu, press [ENTER] at the prompt Press ENTER to Confirm to save your configuration, or press [ESC] at any time to cancel. 12.3 Wireless LAN Setup Use menu 3.5 to set up your ZyAIR as the wireless access point. To edit menu 3.5, enter 3 from the main menu to display Menu 3 LAN Setup. When menu 3 appears, press 5 and then press [ENTER] to display Menu 3.5 Wireless LAN Setup as shown next. 12-2 LAN Setup ZyAIR B-500 Wireless Access Point Users Guide Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A Authen. Method= N/A Edit MAC Address Filter= No Edit Roaming Configuration= No Block Intra-BSS Traffic= No Number of Associated Stations= 32 Output Power= 17dBm Press ENTER to Confirm or ESC to Cancel:
Figure 12-3 Menu 3.5 Wireless LAN Setup The following table describes the fields in this menu. FIELD ESSID Hide ESSID Channel ID RTS Threshold Frag. Threshold WEP Encryption Table 12-2 Menu 3.5 Wireless LAN Setup DESCRIPTION The ESSID (Extended Service Set IDentity) identifies the AP the wireless station is to associate to. Wireless stations associating to the AP must have the same ESSID. Enter a descriptive name up to 32 printable 7-bit ASCII characters. Press [SPACE BAR] and select Yes to hide the ESSID in the outgoing data frame so an intruder cannot obtain the ESSID through passive scanning. Press [SPACE BAR] to select a channel. This allows you to set the operating frequency/channel depending on your particular region. Setting this attribute to zero turns on the RTS/CTS handshake. Enter a value between 0 and 2432. This is the maximum data fragment size that can be sent. Enter a value between 256 and 2432. Select Disable to allow wireless stations to communicate with the access points without any data encryption. Select 64-bit WEP or 128-bit WEP to enable data encryption. EXMAPLE Wireless No CH01 2412MHz 2432 2432 Disable LAN Setup 12-3 ZyAIR B-500 Wireless Access Point Users Guide FIELD Default Key Table 12-2 Menu 3.5 Wireless LAN Setup DESCRIPTION Enter the key number (1 to 4) in this field. Only one key can be enabled at any one time. This key must be the same on the ZyAIR and the wireless stations to communicate. Key 1 to Key 4 The WEP keys are used to encrypt data. Both the ZyAIR and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP in the WEP Encryption field, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). If you chose 128-bit WEP in the WEP Encryption field, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F"). Enter 0x before the key to denote a hexadecimal key. Dont enter 0x before the key to denote an ASCII key. EXMAPLE 1 0x12345ab cde Authen. Method Press [SPACE BAR] to select Auto, Open System Only or Shared Key Only and press [ENTER]. This field is N/A if WEP is not activated. If WEP encryption is activated, the default setting is Auto. Edit MAC Address Filter Press [SPACE BAR] to select Yes and press [ENTER] to display menu 3.5.1. See the section on MAC address filter for more information. Edit Roaming Configuration Press [SPACE BAR] to select Yes and press [ENTER] to display menu 3.5.2. See the section on roaming configuration for more information. Block Intra-
BSS Traffic Number of Association Stations Press [SPACE BAR] to select Yes or No and press [ENTER]. Enter the number of association stations. The number should be from 1 to 32. Output Power Press [SPACE BAR] to select 11dBm, 14dBm or 17dBm and press
[ENTER]. Auto No No No 32 17dBm When you have completed this menu, press [ENTER] at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press [ESC] to cancel and go back to the previous screen. 12-4 LAN Setup ZyAIR B-500 Wireless Access Point Users Guide 12.3.1 Configuring MAC Address Filter Your ZyAIR checks the MAC address of the wireless station device against a list of allowed or denied MAC addresses. However, intruders could fake allowed MAC addresses so MAC-based authentication is less secure than EAP authentication. Follow the steps below to create the MAC address table on your ZyAIR. Step 1. From the main menu, enter 3 to open Menu 3 LAN Setup. Step 2. Enter 5 to display Menu 3.5 Wireless LAN Setup. Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A Authen. Method= N/A Edit MAC Address Filter= Yes Edit Roaming Configuration= No Block Intra-BSS Traffic= No Number of Associated Stations= 32 Output Power= 17dBm Press ENTER to Confirm or ESC to Cancel:
Figure 12-4 Menu 3.5 Wireless LAN Setup Step 3. In the Edit MAC Address Filter field, press [SPACE BAR] to select Yes and press
[ENTER]. Menu 3.5.1 WLAN MAC Address Filter displays as shown next. LAN Setup 12-5 ZyAIR B-500 Wireless Access Point Users Guide Menu 3.5.1 - WLAN MAC Address Filter Active= No Filter Action= Allowed Association
1= 00:00:00:00:00:00 13= 00:00:00:00:00:00 25= 00:00:00:00:00:00 2= 00:00:00:00:00:00 14= 00:00:00:00:00:00 26= 00:00:00:00:00:00 3= 00:00:00:00:00:00 15= 00:00:00:00:00:00 27= 00:00:00:00:00:00 4= 00:00:00:00:00:00 16= 00:00:00:00:00:00 28= 00:00:00:00:00:00 5= 00:00:00:00:00:00 17= 00:00:00:00:00:00 29= 00:00:00:00:00:00 6= 00:00:00:00:00:00 18= 00:00:00:00:00:00 30= 00:00:00:00:00:00 7= 00:00:00:00:00:00 19= 00:00:00:00:00:00 31= 00:00:00:00:00:00 8= 00:00:00:00:00:00 20= 00:00:00:00:00:00 32= 00:00:00:00:00:00 9= 00:00:00:00:00:00 21= 00:00:00:00:00:00 10= 00:00:00:00:00:00 22= 00:00:00:00:00:00 11= 00:00:00:00:00:00 23= 00:00:00:00:00:00 12= 00:00:00:00:00:00 24= 00:00:00:00:00:00
Enter here to CONFIRM or ESC to CANCEL:
Figure 12-5 Menu 3.5.1 WLAN MAC Address Filter The following table describes the fields in this menu. Table 12-3 Menu 3.5.1 WLAN MAC Address Filter FIELD DESCRIPTION Active To enable MAC address filtering, press [SPACE BAR] to select Yes and press [ENTER]. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table. To deny access to the ZyAIR, press [SPACE BAR] to select Deny Association and press
[ENTER]. MAC addresses not listed will be allowed to access the ZyAIR. The default action, Allowed Association, permits association with the ZyAIR. MAC addresses not listed will be denied access to the ZyAIR. MAC Address Filter 1..32 Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the client computers that are allowed or denied access to the ZyAIR in these address fields. When you have completed this menu, press [ENTER] at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press [ESC] to cancel and go back to the previous screen. 12-6 LAN Setup ZyAIR B-500 Wireless Access Point Users Guide From the main menu, enter 3 to display Menu 3 LAN Setup. 12.3.2 Configuring Roaming Enable the roaming feature if you have two or more ZyAIRs on the same subnet. Follow the steps below to allow roaming on your ZyAIR. Step 1. Step 2. Enter 5 to display Menu 3.5 Wireless LAN Setup. Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A Authen. Method= N/A Edit MAC Address Filter= No Edit Roaming Configuration= Yes Block Intra-BSS Traffic= No Number of Associated Stations= 32 Output Power= 17dBm Press ENTER to Confirm or ESC to Cancel:
Figure 12-6 Menu 3.5 Wireless LAN Setup Step 3. Move the cursor to the Edit Roaming Configuration field. Press [SPACE BAR] to select Yes and then press [ENTER]. Menu 3.5.2 Roaming Configuration displays as shown next. Menu 3.5.2 - Roaming Configuration Active= Yes Port #= 16290 Press ENTER to Confirm or ESC to Cancel:
Figure 12-7 Menu 3.5.2 Roaming Configuration The following table describes the fields in this menu. LAN Setup 12-7 ZyAIR B-500 Wireless Access Point Users Guide FIELD Active Port #
Table 12-4 Menu 3.5.2 Roaming Configuration DESCRIPTION Press [SPACE BAR] and then [ENTER] to select Yes to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet. Type the port number to communicate roaming information between access points. The port number must be the same on all access points. The default is 16290. Make sure this port is not used by other services. When you have completed this menu, press [ENTER] at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press [ESC] to cancel and go back to the previous screen. 12-8 LAN Setup ZyAIR B-500 Wireless Access Point Users Guide Chapter 13 Dial-in User Setup This chapter shows you how to create user accounts on the ZyAIR. From the main menu, enter 14 to display Menu 14 - Dial-in User Setup. 13.1 Dial-in User Setup By storing user profiles locally, your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server. Follow the steps below to set up user profiles on your ZyAIR. Step 1. Menu 14 - Dial-in User Setup 1. ________ 9. ________ 17. ________ 25. ________ 2. ________ 10. ________ 18. ________ 26. ________ 3. ________ 11. ________ 19. ________ 27. ________ 4. ________ 12. ________ 20. ________ 28. ________ 5. ________ 13. ________ 21. ________ 29. ________ 6. ________ 14. ________ 22. ________ 30. ________ 7. ________ 15. ________ 23. ________ 31. ________ 8. ________ 16. ________ 24. ________ 32. ________ Enter Menu Selection Number:
Figure 13-1 Menu 14- Dial-in User Setup Step 2. Type a number and press [ENTER] to edit the user profile. User Name= test Active= Yes Password= ********
Press ENTER to Confirm or ESC to Cancel:
Menu 14.1 - Edit Dial-in User Figure 13-2 Menu 14.1- Edit Dial-in User The following table describes the fields in this screen. Dial-in User Setup 13-1 ZyAIR B-500 Wireless Access Point Users Guide Table 13-1 Menu 14.1- Edit Dial-in User DESCRIPTION FIELD User Name Enter a username up to 31 alphanumeric characters long for this user profile. This field is case sensitive. Press [SPACE BAR] to select Yes and press [ENTER] to enable the user profile. Enter a password up to 31 characters long for this user profile. Active Password When you have completed this menu, press [ENTER] at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press [ESC] to cancel and go back to the previous screen. 13-2 Dial-in User Setup ZyAIR B-500 Wireless Access Point Users Guide Chapter 14 SNMP Configuration This chapter explains SNMP Configuration menu 22. 14.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyAIR supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyAIR through the network. The ZyAIR supports SNMP version one (SNMPv1) and version two c (SNMPv2c). The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured. Figure 14-1 SNMP Management Model An SNMP managed network consists of two main components: agents and a manager. SNMP Configuration 14-1 ZyAIR B-500 Wireless Access Point Users Guide An agent is a management software module that resides in a managed device (the ZyAIR). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices. The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations:
Get - Allows the manager to retrieve an object variable from the agent. GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations. Set - Allows the manager to set values for object variables within an agent. Trap - Used by the agent to inform the manager of some events. 14.2 Supported MIBs The ZyAIR supports RFC-1215 and MIB II as defined in RFC-1213. The focus of the MIBs is to let administrators collect statistic data and monitor status and performance. 14.3 SNMP Configuration To configure SNMP, select option 22 from the main menu to open Menu 22 SNMP Configuration as shown next. The community for Get, Set and Trap fields is SNMP terminology for password. 14-2 SNMP Configuration ZyAIR B-500 Wireless Access Point Users Guide Menu 22 - SNMP Configuration SNMP:
Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap:
Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel:
Figure 14-2 Menu 22 SNMP Configuration The following table describes the SNMP configuration parameters. Table 14-1 Menu 22 SNMP Configuration DESCRIPTION EXAMPLE FIELD SNMP:
Get Community Set Community Trusted Host Trap:
Type the Get Community, which is the password for the incoming Get- and GetNext requests from the management station. Type the Set Community, which is the password for incoming Set requests from the management station. If you enter a trusted host, your ZyAIR will only respond to SNMP messages from this address. A blank (default) field means your ZyAIR will respond to all SNMP messages it receives, regardless of source. Community Type the trap community, which is the password sent with each trap to the SNMP manager. Destination Type the IP address of the station to send your SNMP traps to. 0.0.0.0 When you have completed this menu, press [ENTER] at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press [ESC] to cancel and go back to the previous screen. 14.4 SNMP Traps The ZyAIR will send traps to the SNMP manager when any one of the following events occurs:
SNMP Configuration 14-3 public public 0.0.0.0 public ZyAIR B-500 Wireless Access Point Users Guide Table 14-2 SNMP Traps TRAP #
1 2 3 4 TRAP NAME coldStart (defined in RFC-1215) warmStart (defined in RFC-1215) linkUp (defined in RFC-1215) authenticationFailure (defined in RFC-1215) DESCRIPTION A trap is sent after booting (power on). A trap is sent after booting (software reboot). A trap is sent when the port is up. A trap is sent to the manager when receiving any SNMP get or set requirements with wrong community
(password). A trap is sent when the port is down. linkDown (defined in RFC-1215) 6 The following table maps the physical port and encapsulation to the interface type. Table 14-3 Ports and Interface Types PHYSICAL PORT/ENCAP LAN port(s) Wireless port PPPoE encap 1483 encap Ethernet encap PPPoA INTERFACE TYPE enet0 enet1 pppoe mpoa enet-encap ppp 14-4 SNMP Configuration ZyAIR B-500 Wireless Access Point Users Guide Chapter 15 System Security This chapter describes how to configure the system security on the ZyAIR. 15.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu. 15.1.1 System Password Menu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1x Figure 15-1 Menu 23 System Security You should change the default password. If you forget your password you have to restore the default configuration file. Refer to the section on changing the system password in the Introducing the SMT chapter and the section on resetting the ZyAIR in the Introducing the Web Configurator chapter. 15.1.2 Configuring External RADIUS Server Enter 23 in the main menu to display Menu 23 System Security. 1. Change Password 2. RADIUS Server 4. IEEE802.1x Menu 23 - System Security Figure 15-2 Menu 23 System Security From Menu 23- System Security, enter 2 to display Menu 23.2 System Security RADIUS Server as shown next. System Security 15-1 ZyAIR B-500 Wireless Access Point Users Guide Menu 23.2 - System Security - RADIUS Server Authentication Server:
Active= No Server Address= 10.11.12.13 Port #= 1812 Shared Secret= ?
Accounting Server:
Active= No Server Address= 10.11.12.13 Port #= 1813 Shared Secret= ?
Press ENTER to Confirm or ESC to Cancel:
Figure 15-3 Menu 23.2 System Security : RADIUS Server The following table describes the fields in this menu. Table 15-1 Menu 23.2 System Security : RADIUS Server FIELD Authentication Server DESCRIPTION Active Press [SPACE BAR] to select Yes and press [ENTER] to enable user authentication through an external authentication server. Server Address Enter the IP address of the external authentication server in dotted decimal notation. EXAMPLE No 10.11.12.13 Port The default port of the RADIUS server for authentication is 1812. 1812 You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Specify a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the access points. The key is not sent over the network. This key must be the same on the external authentication server and ZyAIR. Active Press [SPACE BAR] to select Yes and press [ENTER] to enable user authentication through an external accounting server. Accounting Server No Server Address Enter the IP address of the external accounting server in dotted decimal notation. 10.11.12.13 15-2 System Security ZyAIR B-500 Wireless Access Point Users Guide Table 15-1 Menu 23.2 System Security : RADIUS Server FIELD DESCRIPTION EXAMPLE Port The default port of the RADIUS server for accounting is 1813. 1813 You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Specify a password (up to 31 alphanumeric characters) as the key to be shared between the external accounting server and the access points. The key is not sent over the network. This key must be the same on the external accounting server and ZyAIR. When you have completed this menu, press [ENTER] at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press [ESC] to cancel and go back to the previous screen. 15.1.3 802.1x The IEEE 802.1x standards outline enhanced security methods for both the authentication of wireless stations and encryption key management. Follow the steps below to enable EAP authentication on your ZyAIR. Step 1. From the main menu, enter 23 to display Menu23 System Security. Menu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1X Figure 15-4 Menu 23 System Security Step 2. Enter 4 to display Menu 23.4 System Security IEEE802.1x. System Security 15-3 ZyAIR B-500 Wireless Access Point Users Guide Menu 23.4 - System Security - IEEE802.1X Wireless Port Control= Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in second)= 3600 Authentication Databases= Local User Database Only Press ENTER to Confirm or ESC to Cancel:
Figure 15-5 Menu 23.4 System Security : IEEE802.1x The following table describes the fields in this menu. FIELD Wireless Port Control ReAuthentica-
tion Timer
(in seconds) Idle Timeout Table 15-2 Menu 23.4 System Security : IEEE802.1x DESCRIPTION Press [SPACE BAR] and select a security mode for the wireless LAN access. Select No Authentication Required to allow any wireless stations access to your wired network without entering usernames and passwords. This is the default setting. Selecting Authentication Required means wireless stations have to enter usernames and passwords before access to the wired network is allowed. Select No Access Allowed to block all wireless stations access to the wired network. Specify how often a wireless station has to re-enter username and password to stay connected to the wired network. This field is activated only when you select Authentication Required in the Wireless Port Control field. Enter a time interval between 10 and 9999 (in seconds). The default time interval is 1800 seconds (or 30 minutes). The ZyAIR automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. This field is activated only when you select Authentication Required in the Wireless Port Control field. The default time interval is 3600 seconds (or 1 hour). 15-4 System Security FIELD Authentication Databases ZyAIR B-500 Wireless Access Point Users Guide Table 15-2 Menu 23.4 System Security : IEEE802.1x DESCRIPTION This field is activated only when you select Authentication Required in the Wireless Port Control field. The authentication database contains wireless station login information. The local user database is the built-in database on the ZyAIR. The RADIUS is an external server. Use this field to decide which database the ZyAIR should use (first) to authenticate a wireless station. Before you specify the priority, make sure you have set up the corresponding database correctly first. Select Local User Database Only to have the ZyAIR just check the built-in user database on the ZyAIR for a wireless station's username and password. Select RADIUS Only to have the ZyAIR just check the user database on the specified RADIUS server for a wireless station's username and password. Select Local first, then RADIUS to have the ZyAIR first check the user database on the ZyAIR for a wireless station's username and password. If the user name is not found, the ZyAIR then checks the user database on the specified RADIUS server. Select RADIUS first, then Local to have the ZyAIR first check the user database on the specified RADIUS server for a wireless station's username and password. If the ZyAIR cannot reach the RADIUS server, the ZyAIR then checks the local user database on the ZyAIR. When the user name is not found or password does not match in the RADIUS server, the ZyAIR will not check the local user database and the authentication fails. When you have completed this menu, press [ENTER] at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press [ESC] to cancel and go back to the previous screen. Once you enable user authentication, you need to specify an external RADIUS server or create local user accounts on the ZyAIR for authentication. System Security 15-5 ZyAIR B-500 Wireless Access Point Users Guide Chapter 16 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. 16.1 Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu and press [ENTER] to open Menu 24 System Maintenance, as shown in the following figure. Menu 24 System Maintenance 1. System Status 2. System Information and Console Port Speed 3. Log and Trace 4. Diagnostic 5. Backup Configuration 6. Restore Configuration 7. Upload Firmware 8. Command Interpreter Mode 10. Time and Date Setting Enter Menu Selection Number:
Figure 16-1 Menu 24 System Maintenance 16.2 System Status The first selection, System Status gives you information on the status and statistics of the ports, as shown next. System Status is a tool that can be used to monitor your ZyAIR. Specifically, it gives you information on your Ethernet and Wireless LAN status, number of packets sent and received. To get to System Status, type 24 to go to Menu 24 System Maintenance. From this menu, type 1. System Status. There are two commands in Menu 24.1 System Maintenance Status. Entering 9 resets the counters; pressing [ESC] takes you back to the previous screen. System Information and Diagnosis 16-1 ZyAIR B-500 Wireless Access Point Users Guide The following table describes the fields present in Menu 24.1 System Maintenance Status which are read-only and meant for diagnostic purposes. Menu 24.1 - System Maintenance - Status 00:01:51 Sat. Jan. 01, 2000 Port Status TxPkts RxPkts Cols Tx B/s Rx B/s Up Time Ethernet 100M/Full 38 128 0 268 128 0:01:42 Wireless 16.5M 70 0 0 0 0 0:01:42 Port Ethernet Address IP Address IP Mask DHCP Ethernet 00:A0:C5:00:00:04 192.168.1.2 255.255.255.0 None Wireless 00:A0:C5:00:00:04 System up Time: 0:01:55 Press Command:
COMMANDS: 9-Reset Counters ESC-Exit Figure 16-2 Menu 24.1 System Maintenance : Status The following table describes the fields present in this menu. FIELD Port Status TxPkts RxPkts Cols Tx B/s Rx B/s Up Time Ethernet Address IP Address IP Mask DHCP Table 16-1 Menu 24.1 System Maintenance : Status DESCRIPTION This is the port type. Port types are: Ethernet and Wireless This shows the status of the remote node. This is the number of transmitted packets to this remote node. This is the number of received packets from this remote node. This is the number of collisions on this connection. This shows the transmission rate in bytes per second. This shows the receiving rate in bytes per second. This is the time this channel has been connected to the current remote node. This shows the MAC address of the port. This shows the IP address of the network device connected to the port. This shows the subnet mask of the network device connected to the port. This shows the DHCP setting (None or Client) for the port. 16-2 System Information and Diagnosis ZyAIR B-500 Wireless Access Point Users Guide Table 16-1 Menu 24.1 System Maintenance : Status FIELD DESCRIPTION System Up Time This is the time the ZyAIR is up and running from the last reboot. 16.3 System Information To get to the System Information:
Step 1. Enter 24 to display Menu 24 System Maintenance. Step 2. Enter 2 to display Menu 24.2 System Information and Console Port Speed. Step 3. From this menu you have two choices as shown in the next figure:
Menu 24.2 - System Information and Console Port Speed 1. System Information 2. Console Port Speed Please enter selection:
Figure 16-3 Menu 24.2 System Information and Console Port Speed The ZyAIR has an internal console port for support personnel only. Do not open the ZyAIR as it will void your warranty. 16.3.1 System Information Enter 1 in menu 24.2 to display the screen shown next. Menu 24.2.1 - System Maintenance - Information Name: B-500 Routing: BRIDGE ZyNOS F/W Version: V3.50(HL.0)b1 | 09/19/2003 Country Code: 255 LAN Ethernet Address: 00:A0:C5:00:00:04 IP Address: 192.168.1.2 IP Mask: 255.255.255.0 DHCP: None Press ESC or RETURN to Exit:
Figure 16-4 Menu 24.2.1 System Information : Information System Information and Diagnosis 16-3 ZyAIR B-500 Wireless Access Point Users Guide The following table describes the fields in this menu. Table 16-2 Menu 24.2.1 System Maintenance : Information DESCRIPTION FIELD Name Displays the system name of your ZyAIR. This information can be changed in Menu 1 General Setup. Refers to the routing protocol used. Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Refers to the country code of the firmware. Routing ZyNOS F/W Version Country Code LAN Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your ZyAIR. IP Address This is the IP address of the ZyAIR in dotted decimal notation. IP Mask This shows the subnet mask of the ZyAIR. DHCP This field shows the DHCP setting of the ZyAIR. When you have completed this menu, press [ENTER] at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press [ESC] to cancel and go back to the previous screen. 16.3.2 Console Port Speed You can set up different port speeds for the console port through Menu 24.2.2 System Maintenance Console Port Speed. Your ZyAIR supports 9600 (default), 19200, 38400, 57600 and 115200 bps console port speeds. Press [SPACE BAR] and then [ENTER] to select the desired speed in menu 24.2.2, as shown in the following figure. Menu 24.2.2 System Maintenance Change Console Port Speed Console Port Speed: 9600 Press ENTER to Confirm or ESC to Cancel:
Figure 16-5 Menu 24.2.2 System Maintenance : Change Console Port Speed After you changed the console port speed on your ZyAIR, you must also make the same change to the console port speed parameter of your communication software. 16-4 System Information and Diagnosis ZyAIR B-500 Wireless Access Point Users Guide 16.4 Log and Trace Your ZyAIR provides the error logs and trace records that are stored locally. 16.4.1 Viewing Error Log The first place you should look for clues when something goes wrong is the error log. Follow the procedures to view the local error/trace log:
Step 1. Type 24 in the main menu to display Menu 24 System Maintenance. Step 2. From menu 24, type 3 to display Menu 24.3 System Maintenance Log and Trace. Menu 24.3 - System Maintenance - Log and Trace 1. View Error Log Please enter selection:
Figure 16-6 Menu 24.3 System Maintenance : Log and Trace Step 3. Enter 1 from Menu 24.3 System Maintenance Log and Trace and press [ENTER] twice to display the error log in the system. After the ZyAIR finishes displaying the error log, you will have the option to clear it. Samples of typical error and information messages are presented in the next figure. 13 Sat Jan 1 00:00:00 2000 PP0d INFO LAN promiscuous mode <1>
14 Sat Jan 1 00:00:00 2000 PINI INFO Last errorlog repeat 1 Times 15 Sat Jan 1 00:00:00 2000 PINI INFO main: init completed 16 Sat Jan 1 00:00:02 2000 PP05 -WARN SNMP TRAP 3: link up 17 Sat Jan 1 00:00:02 2000 PP13 INFO sending request to NTP server(6) 20 Sat Jan 1 00:00:30 2000 PSSV -WARN SNMP TRAP 0: cold start Clear Error Log (y/n):
Figure 16-7 Sample Error and Information Messages 16.5 Diagnostic The diagnostic facility allows you to test the different aspects of your ZyAIR to determine if it is working properly. Menu 24.4 allows you to choose among various types of diagnostic tests to evaluate your system, as shown in the following figure. System Information and Diagnosis 16-5 ZyAIR B-500 Wireless Access Point Users Guide Menu 24.4 - System Maintenance Diagnostic 1. Ping Host TCP/IP 2. DHCP Release 3. DHCP Renewal System 11. Reboot System Enter Menu Selection Number:
Host IP Address= N/A Figure 16-8 Menu 24.4 System Maintenance : Diagnostic Follow the procedure next to get to display this menu:
Step 1. From the main menu, type 24 to open Menu 24 System Maintenance. Step 2. From this menu, type 4. Diagnostic to open Menu 24.4 System Maintenance Diagnostic. The following table describes the diagnostic tests available in menu 24.4 for your ZyAIR and the connections. Table 16-3 Menu 24.4 System Maintenance Menu : Diagnostic FIELD DESCRIPTION Ping the host to see if the links and TCP/IP protocol on both systems are working. Ping Host DHCP Release Release the IP address assigned by the DHCP server. DHCP Renewal Get a new IP address from the DHCP server. Reboot System Reboot the ZyAIR. Host IP Address If you typed 1 to Ping Host, now type the address of the computer you want to ping. 16-6 System Information and Diagnosis ZyAIR B-500 Wireless Access Point Users Guide Chapter 17 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files using the SMT screens. 17.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc. It arrives from ZyXEL with a rom filename extension. Once you have customized the ZyAIR's settings, they can be saved back to your computer under a filename of your choosing. ZyNOS (ZyXEL Network Operating System sometimes referred to as the ras file) is the system firmware and has a bin filename extension. With many FTP and TFTP clients, the filenames are similar to those seen next. ftp> put firmware.bin ras This is a sample FTP session showing the transfer of the computer file " firmware.bin" to the ZyAIR. ftp> get rom-0 config.cfg This is a sample FTP session saving the current configuration to the computer file config.cfg. If your [T]FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the ZyAIR only recognizes rom-0 and ras. Be sure you keep unaltered copies of both files for later use. The following table is a summary. Please note that the internal filename refers to the filename on the ZyAIR and the external filename refers to the filename not on the ZyAIR, that is, on your computer, local network or FTP site and so the name (but not the extension) will vary. After uploading new firmware see the ZyNOS F/W Version field in Menu 24.2.1 System Maintenance Information to confirm that you have uploaded the correct firmware version. Firmware and Configuraiton File Maintenance 17-1 ZyAIR B-500 Wireless Access Point Users Guide Table 17-1 Filename Conventions FILE TYPE INTERNAL NAME EXTERNAL NAME Configuration File Rom-0
*.rom Firmware Ras
*.bin DESCRIPTION This is the configuration filename on the ZyAIR. Uploading the rom-0 file replaces the entire ROM file system, including your ZyAIR configurations, system-related data (including the default password), the error log and the trace log. This is the generic name for the ZyNOS firmware on the ZyAIR. 17.2 Backup Configuration Option 5 from Menu 24 System Maintenance allows you to backup the current ZyAIR configuration to your computer. Backup is highly recommended once your ZyAIR is functioning properly. FTP is the preferred method, although TFTP can also be used. Please note that the terms download and upload are relative to the computer. Download means to transfer from the ZyAIR to the computer, while upload means from your computer to the ZyAIR. 17.2.1 Backup Configuration Using FTP Enter 5 in Menu 24 System Maintenance to get the following screen. Menu 24.5 Backup Configuration To transfer the configuration file to your workstation, follow the procedure below:
1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested. 3. Locate the rom-0 file. 4. Type get rom-0 to back up the current router configuration to your workstation. For details on FTP commands, please consult the documentation of your FTP client program. For details on backup using TFTP (note that you must remain in the menu to back up using TFTP), please see your router manual. Press ENTER to Exit:
Figure 17-1 Menu 24.5 Backup Configuration 17-2 Firmware and Configuraiton File Maintenance ZyAIR B-500 Wireless Access Point Users Guide 17.2.2 Using the FTP command from the DOS Prompt Step 1. Launch the FTP client on your computer. Step 2. Enter open and the IP address of your ZyAIR. Step 3. Press [ENTER] when prompted for a username. Step 4. Enter root and your SMT password as requested. The default is 1234. Step 5. Enter bin to set transfer mode to binary. Step 6. Use get to transfer files from the ZyAIR to the computer, for example, get rom-0 config.rom transfers the configuration file on the ZyAIR to your computer and renames it config.rom. See earlier in this chapter for more information on filename conventions. Step 7. Enter quit to exit the FTP prompt. 331 Enter PASS command Password:
230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit Figure 17-2 FTP Session Example The following table describes some of the commands that you may see in third party FTP clients. Table 17-2 General Commands for Third Party FTP Clients COMMAND Host Address Enter the address of the host server. Login Type DESCRIPTION Anonymous. This is when a user I.D. and password is automatically supplied to the server for anonymous access. Anonymous logins will work only if your ISP or service administrator has enabled this option. Normal. The server requires a unique User ID and Password to login. Transfer Type Transfer files in either ASCII (plain text format) or in binary mode. Firmware and Configuraiton File Maintenance 17-3 ZyAIR B-500 Wireless Access Point Users Guide Table 17-2 General Commands for Third Party FTP Clients COMMAND Initial Remote Directory Initial Local Directory DESCRIPTION Specify the default remote directory (path). Specify the default local directory (path). 17.2.3 Backup Configuration Using TFTP The ZyAIR supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next:
Step 1. Use telnet from your computer to connect to the ZyAIR and log in. Because TFTP does not have any security checks, the ZyAIR records the IP address of the telnet client and accepts TFTP requests only from this address. Put the SMT in command interpreter (CI) mode by entering 8 in Menu 24 System Maintenance. Step 2. Step 3. Enter command sys stdio 0 to disable the SMT timeout, so the TFTP transfer will not be interrupted. Enter command sys stdio 5 to restore the five-minute SMT timeout (default) when the file transfer is complete. Step 4. Launch the TFTP client on your computer and connect to the ZyAIR. Set the transfer mode to binary before starting data transfer. Step 5. Use the TFTP client (see the example below) to transfer files between the ZyAIR and the computer. The file name for the configuration file is rom-0 (rom-zero, not capital o). Note that the telnet connection must be active and the SMT in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program. For UNIX, use get to transfer from the ZyAIR to the computer and binary to set binary transfer mode. 17.2.4 Example: TFTP Command The following is an example TFTP command:
TFTP [-i] host get rom-0 config.rom 17-4 Firmware and Configuraiton File Maintenance ZyAIR B-500 Wireless Access Point Users Guide where i specifies binary image transfer mode (use this mode when transferring binary files), host is the ZyAIR IP address, get transfers the file source on the ZyAIR (rom-0 name of the configuration file on the ZyAIR) to the file destination on the computer and renames it config.rom. The following table describes some of the fields that you may see in third party TFTP clients. Table 17-3 General Commands for Third Party TFTP Clients COMMAND Host Send/Fetch Local File Remote File Binary Abort DESCRIPTION Enter the IP address of the ZyAIR. 192.168.1.2 is the ZyAIRs default IP address when shipped. Use Send to upload the file to the ZyAIR and Fetch to back up the file on your computer. Enter the path and name of the firmware file (*.bin extension) or configuration file (*.rom extension) on your computer. This is the filename on the ZyAIR. The filename for the firmware is ras and for the configuration file, is rom-0. Transfer the file in binary mode. Stop transfer of the file. 17.3 Restore Configuration Menu 24.6 - System Maintenance Restore Configuration allows you to restore the configuration via FTP or TFTP to your ZyAIR. The preferred method is FTP. Note that this function erases the current configuration before restoring the previous backup configuration; please do not attempt to restore unless you have a backup configuration stored on disk. To restore configuration using FTP or TFTP is the same as uploading the configuration file, please refer to the following sections on FTP and TFTP file transfer for more details. The ZyAIR restarts automatically after the file transfer is complete. Firmware and Configuraiton File Maintenance 17-5 ZyAIR B-500 Wireless Access Point Users Guide Menu 24.6 Restore Configuration To transfer the firmware and the configuration file, follow the procedure below:
1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested. 3. Type put backupfilename rom-0 where backupfilename is the name of your backup configuration file on your workstation and rom-spt is the Remote file name on the router. This restores the configuration to your router. 4. The system reboots automatically after a successful file transfer. For details on FTP commands, please consult the documentation of your FTP client program. For details on restoring using TFTP (note that you must remain in the menu to back up using TFTP), please see your router manual. Press ENTER to Exit:
Figure 17-3 Menu 24.6 Restore Configuration 17.4 Uploading Firmware and Configuration Files Menu 24.7 System Maintenance Upload Firmware allows you to upgrade the firmware and the configuration file. PLEASE WAIT A FEW MINUTES FOR THE ZYAIR TO RESTART AFTER FIRMWARE OR CONFIGURATION FILE UPLOAD. INTERRUPTING THE UPLOAD PROCESS MAY PERMANENTLY DAMAGE YOUR ZYAIR. WARNING!
Menu 24.7 - System Maintenance - Upload Firmware 1. Upload System Firmware 2. Upload System Configuration File Enter Menu Selection Number:
Figure 17-4 Menu 24.7 System Maintenance : Upload Firmware The configuration data, system-related data, the error log and the trace log are all stored in the configuration file. Please be aware that uploading the configuration file replaces everything contained within. 17-6 Firmware and Configuraiton File Maintenance ZyAIR B-500 Wireless Access Point Users Guide 17.4.1 Firmware Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyAIR, you will see the following screens for uploading firmware and the configuration file using FTP. Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below:
1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested. 3. Type "put firmwarefilename ras" where "firmwarefilename" is the name of your firmware upgrade file on your workstation and "ras" is the remote file name on the system. 4. The system reboots automatically after a successful firmware upload. For details on FTP commands, please consult the documentation of your FTP client program. For details on uploading system firmware using TFTP (note that you must remain on this menu to upload system firmware using TFTP), please see your manual. Press ENTER to Exit:
Figure 17-5 Menu 24.7.1 System Maintenance : Upload System Firmware 17.4.2 Configuration File Upload You see the following screen when you telnet into menu 24.7.2. Firmware and Configuraiton File Maintenance 17-7 ZyAIR B-500 Wireless Access Point Users Guide Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below:
1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested. 3. Type "put configurationfilename rom-0" where "configurationfilename"
is the name of your system configuration file on your workstation, which will be transferred to the "rom-0" file on the system. 4. The system reboots automatically after the upload system configuration file process is complete. For details on FTP commands, please consult the documentation of your FTP client program. For details on uploading system firmware using TFTP (note that you must remain on this menu to upload system firmware using TFTP), please see your manual. Press ENTER to Exit:
Figure 17-6 Menu 24.7.2 System Maintenance : Upload System Configuration File To transfer the firmware and the configuration file, follow these examples:
17.4.3 Using the FTP command from the DOS Prompt Example Step 1. Launch the FTP client on your computer. Step 2. Enter open and the IP address of your ZyAIR. Step 3. Press [ENTER] when prompted for a username. Step 4. Enter root and your SMT password as requested. The default is 1234. Step 5. Enter bin to set transfer mode to binary. Step 6. Use put to transfer files from the computer to the ZyAIR, e.g., put firmware.bin ras transfers the firmware on your computer (firmware.bin) to the ZyAIR and renames it ras. Similarly put config.rom rom-0 transfers the configuration file on your computer (config.rom) to the ZyAIR and renames it rom-0. Likewise get rom-0 config.rom transfers the configuration file on the ZyAIR to your computer and renames it config.rom. See earlier in this chapter for more information on filename conventions. Step 7. Enter quit to exit the FTP prompt. 17-8 Firmware and Configuraiton File Maintenance ZyAIR B-500 Wireless Access Point Users Guide 331 Enter PASS command Password:
230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit Figure 17-7 FTP Session Example More commands that you may find in third party FTP clients, are listed earlier in this chapter. 17.4.4 TFTP File Upload The ZyAIR also supports the up/downloading of the firmware and the configuration file using TFTP
(Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients. To transfer the firmware and the configuration file, follow the procedure shown next:
Step 1. Use telnet from your computer to connect to the ZyAIR and log in. Because TFTP does not have any security checks, the ZyAIR records the IP address of the telnet client and accepts TFTP requests only from this address. Step 2. Put the SMT in command interpreter (CI) mode by entering 8 in Menu 24 System Maintenance. Step 3. Enter the command sys stdio 0 to disable the SMT timeout, so the TFTP transfer will not be interrupted. Enter command sys stdio 5 to restore the five-minute SMT timeout (default) when the file transfer is complete. Step 4. Launch the TFTP client on your computer and connect to the ZyAIR. Set the transfer mode to binary before starting data transfer. Step 5. Use the TFTP client (see the example below) to transfer files between the ZyAIR and the computer. The file name for the firmware is ras and the configuration file is rom-0 (rom-
zero, not capital o). Note that the telnet connection must be active and the SMT in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program. For UNIX, use get to transfer from the ZyAIR to the computer, put the other way around, and binary to set binary transfer mode. Firmware and Configuraiton File Maintenance 17-9 ZyAIR B-500 Wireless Access Point Users Guide 17.4.5 Example: TFTP Command The following is an example TFTP command:
TFTP [-i] host put firmware.bin ras where i specifies binary image transfer mode (use this mode when transferring binary files), host is the ZyAIRs IP address, put transfers the file source on the computer (firmware.bin name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the ZyAIR). Commands that you may see in third party TFTP clients are listed earlier in this chapter. 17-10 Firmware and Configuraiton File Maintenance ZyAIR B-500 Wireless Access Point Users Guide Chapter 18 System Maintenance and Information This chapter leads you through SMT menus 24.8 and 24.10. 18.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions. Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands. Enter 8 from Menu 24 System Maintenance. A list of valid commands can be found by typing help or ? at the command prompt. Type exit to return to the SMT main menu when finished. Menu 24 System Maintenance 1. System Status 2. System Information and Console Port Speed 3. Log and Trace 4. Diagnostic 5. Backup Configuration 6. Restore Configuration 7. Upload Firmware 8. Command Interpreter Mode 10. Time and Date Setting Enter Menu Selection Number:
Figure 18-1 Menu 24 System Maintenance Copyright (c) 1994 - 2003 ZyXEL Communications Corp. B-500> ?
Valid commands are:
sys exit device ether config wlan ip ppp bridge hdap cnm radius 8021x B-500>
Figure 18-2 Valid CI Commands System Maintenance and Information 18-1 ZyAIR B-500 Wireless Access Point Users Guide 18.2 Time and Date Setting The ZyAIR keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyAIR. Menu 24.10 allows you to update the time and date settings of your ZyAIR. The real time is then displayed in the ZyAIR error logs and firewall logs. Step 1. Step 2. Then enter 10 to go to Menu 24.10 System Maintenance Time and Date Setting to update Select menu 24 in the main menu to open Menu 24 System Maintenance. the time and date settings of your ZyAIR as shown in the following screen. Menu 24.10 - System Maintenance - Time and Date Setting Use Time Server when Bootup= NTP (RFC-1305) Time Server Address= 128.105.39.21 Current Time: 05 : 47 : 19 New Time (hh:mm:ss): 05 : 47 : 17 Current Date: 2000 - 01 - 01 New Date (yyyy-mm-dd): 2000 - 01 - 01 Time Zone= GMT Daylight Saving= No Start Date (mm-dd): 01 - 01 End Date (mm-dd): 01 - 01 Press ENTER to Confirm or ESC to Cancel:
Figure 18-3 Menu 24.10 System Maintenance : Time and Date Setting The following table describes the fields in this menu. 18-2 System Maintenance and Information ZyAIR B-500 Wireless Access Point Users Guide Table 18-1 Menu 24.10 System Maintenance : Time and Date Setting FIELD Use Time Server when Bootup Time Server Address Current Time New Time Current Date New Date Time Zone DESCRIPTION Enter the time service protocol that your time server sends when you turn on the ZyAIR. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works. The main differences between them are the format. Daytime (RFC 867) format is day/month/year/time zone of the server. Time (RFC-868) format displays a 4-byte integer giving the total number of seconds since 1970/1/1 at 0:0:0. NTP (RFC-1305) is similar to Time (RFC-868). None. The default, enter the time manually. Enter the IP address or domain name of your time server. Check with your ISP/network administrator if you are unsure of this information. This field displays an updated time only when you reenter this menu. Enter the new time in hour, minute and second format. This field displays an updated date only when you re-enter this menu. Enter the new date in year, month and day format. Press [SPACE BAR] and then [ENTER] to set the time difference between your time zone and Greenwich Mean Time (GMT). If you use daylight savings time, then choose Yes. If using daylight savings time, enter the month and day that it starts on. If using daylight savings time, enter the month and day that it ends on Daylight Saving Start Date End Date Once you have filled in this menu, press [ENTER] at the message Press ENTER to Confirm or ESC to Cancel to save your configuration, or press [ESC] to cancel. 18.2.1 Resetting the Time The ZyAIR resets the time in three instances:
i. ii. iii. On leaving menu 24.10 after making changes. When the ZyAIR starts up, if there is a time server configured in menu 24.10. 24-hour intervals after starting. System Maintenance and Information 18-3 Appendices Part VI:
APPENDICES This part provides troubleshooting and background information about setting up your computers IP address, wireless LAN, 802.1x and IP subnetting. It also provides information on the command interpreter interface, NetBIOS commands and logs. VI ZyAIR B-500 Wireless Access Point Users Guide Appendix A Troubleshooting This appendix covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. Problems Starting Up the ZyAIR PROBLEM None of the LEDs turn on when I plug in the power adaptor. The ZyAIR reboots automatically sometimes. Chart A-1 Troubleshooting the Start-Up of Your ZyAIR CORRECTIVE ACTION Make sure you are using the supplied power adaptor and that it is plugged in to an appropriate power source. Check that the power source is turned on. If the problem persists, you may have a hardware problem. In this case, you should contact your local vendor. The supplied power to the ZyAIR is too low. Check that the ZyAIR is receiving enough power. Make sure the power source is working properly. Problems with the Ethernet Interface PROBLEM Cannot access the ZyAIR from the LAN. Chart A-2 Troubleshooting the Ethernet Interface CORRECTIVE ACTION If the ETHN LED on the front panel is off, check the Ethernet cable connection between your ZyAIR and the Ethernet device connected to the ETHERNET port. Check for faulty Ethernet cables. Make sure your computers Ethernet adapter is installed and working properly. Check the IP address of the Ethernet device. Verify that the IP address and the subnet mask of the ZyAIR, the Ethernet device and your computer are on the same subnet. Troubleshooting A-1 ZyAIR B-500 Wireless Access Point Users Guide PROBLEM I cannot ping any computer on the LAN. Chart A-2 Troubleshooting the Ethernet Interface CORRECTIVE ACTION If the ETHN LED on the front panel is off, check the Ethernet cable connections between your ZyAIR and the Ethernet device. Check the Ethernet cable connections between the Ethernet device and the LAN computers. Check for faulty Ethernet cables. Make sure the LAN computers Ethernet adapter is installed and working properly. Verify that the IP address and the subnet mask of the ZyAIR, the Ethernet device and the LAN computers are on the same subnet. Problems with the Password PROBLEM I cannot access the ZyAIR. Chart A-3 Troubleshooting the Password CORRECTIVE ACTION The Password and Username fields are case-sensitive. Make sure that you enter the correct password and username using the proper casing. Use the RESET button on the top panel of the ZyAIR to restore the factory default configuration file (hold this button in for about 10 seconds or until the link LED turns red). This will restore all of the factory defaults including the password. Problems with Telnet Chart A-4 Troubleshooting Telnet CORRECTIVE ACTION Refer to the Problems with the Ethernet Interface section for instructions on checking your Ethernet connection. PROBLEM I cannot access the ZyAIR through Telnet. A-2 Troubleshooting ZyAIR B-500 Wireless Access Point Users Guide Problems with the WLAN Interface PROBLEM Cannot access the ZyAIR from the WLAN. I cannot ping any computer on the WLAN. Chart A-5 Troubleshooting the WLAN Interface CORRECTIVE ACTION Make sure the wireless adapter on the wireless station is working properly. Check that both the ZyAIR and your wireless station are using the same ESSID, channel and WEP keys (if WEP encryption is activated). Make sure the wireless adapter on the wireless station(s) is working properly. Check that both the ZyAIR and wireless station(s) are using the same ESSID, channel and WEP keys (if WEP encryption is activated). Troubleshooting A-3 ZyAIR B-500 Wireless Access Point Users Guide Brute-Force Password Guessing Protection Appendix B The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See the Command Interpreter appendix for information on the command structure. Chart B-1 Brute-Force Password Guessing Protection Commands DESCRIPTION COMMAND sys pwderrtm This command displays the brute-force guessing password protection settings. sys pwderrtm 0 This command turns off the password's protection from brute-force guessing. sys pwderrtm N This command sets the password protection to block all access attempts for N (a number from 1 to 60) minutes after the third time an incorrect password is entered. This command sets the password protection to block all access attempts for five minutes after the third time an incorrect password is entered. Example sys pwderrtm 5 By default, the brute-force password guessing protection is turned ON with a 3-minute wait time. Brute-Force Password Guessing Protection B-1 ZyAIR B-500 Wireless Access Point Users Guide Appendix C Setting up Your Computers IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package. TCP/IP should already be installed on computers using Windows NT/2000/XP, Macintosh OS 7 and later operating systems. After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order to
"communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyAIR's LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. Setting Up Your Computers IP Address C-1 ZyAIR B-500 Wireless Access Point Users Guide If you need the adapter:
a. b. c. In the Network window, click Add. Select Adapter and then click Add. Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP:
a. b. c. d. In the Network window, click Add. Select Protocol and then click Add. Select Microsoft from the list of manufacturers. Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks:
a. b. c. d. e. Click Add. Select Client and then click Add. Select Microsoft from the list of manufacturers. Select Client for Microsoft Networks from the list of network clients and then click OK. Restart your computer so the changes you made take effect. In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties. C-2 Setting Up Your Computers IP Address ZyAIR B-500 Wireless Access Point Users Guide 1. Click the IP Address tab.
-If your IP address is dynamic, select Obtain an IP address automatically.
-If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. 2. Click the DNS Configuration tab.
-If you do not know your DNS information, select Disable DNS.
-If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). Setting Up Your Computers IP Address C-3 ZyAIR B-500 Wireless Access Point Users Guide 3. Click the Gateway tab.
-If you do not know your gateways IP address, remove previously installed gateways.
-If you have a gateway IP address, type it in the New gateway field and click Add. 4. 5. 6. 1. 2. 3. Click OK to save and close the TCP/IP Properties window. Click OK to close the Network window. Insert the Windows CD if prompted. Turn on your ZyAIR and restart your computer when prompted. Verifying Your Computers IP Address Click Start and then Run. In the Run window, type "winipcfg" and then click OK to open the IP Configuration window. Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP C-4 Setting Up Your Computers IP Address ZyAIR B-500 Wireless Access Point Users Guide 1. For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. 2. For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. 3. Right-click Local Area Connection and then click Properties. Setting Up Your Computers IP Address C-5 ZyAIR B-500 Wireless Access Point Users Guide 4. Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. 5. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
-If you have a dynamic IP address click Obtain an IP address automatically.
-If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. C-6 Setting Up Your Computers IP Address ZyAIR B-500 Wireless Access Point Users Guide 6.
-If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses:
-In the IP Settings tab, in IP addresses, click Add.
-In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add.
-Repeat the above two steps for each IP address you want to add.
-Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways.
-In TCP/IP Gateway Address, type the IP address of the default gateway in Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric.
-Click Add.
-Repeat the previous three steps for each default gateway you want to add.
-Click OK when finished. Setting Up Your Computers IP Address C-7 ZyAIR B-500 Wireless Access Point Users Guide 7. In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP):
-Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
-If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. 8. Click OK to close the Internet Protocol (TCP/IP) Properties window. 9. Click OK to close the Local Area Connection Properties window. 10. Turn on your ZyAIR and restart your computer (if prompted). Verifying Your Computers IP Address 1. Click Start, All Programs, Accessories and then Command Prompt. 2. In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. Macintosh OS 8/9 C-8 Setting Up Your Computers IP Address 1. Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. ZyAIR B-500 Wireless Access Point Users Guide 2. Select Ethernet built-in from the Connect via list. 3. For dynamically assigned settings, select Using DHCP Server from the Configure: list. Setting Up Your Computers IP Address C-9 ZyAIR B-500 Wireless Access Point Users Guide
-From the Configure box, select Manually.
-Type your IP address in the IP Address box.
-Type your subnet mask in the Subnet mask box.
-Type the IP address of your ZyAIR in the Router address box. 4. For statically assigned settings, do the following:
5. Close the TCP/IP Control Panel. 6. Click Save if prompted, to save changes to your configuration. 7. Turn on your ZyAIR and restart your computer (if prompted). Verifying Your Computers IP Address Check your TCP/IP properties in the TCP/IP Control Panel window. Macintosh OS X 1. Click the Apple menu, and click System Preferences to open the System Preferences window. C-10 Setting Up Your Computers IP Address ZyAIR B-500 Wireless Access Point Users Guide 2. Click Network in the icon bar.
- Select Automatic from the Location list.
- Select Built-in Ethernet from the Show list.
- Click the TCP/IP tab. For statically assigned settings, do the following:
-From the Configure box, select Manually.
-Type your IP address in the IP Address box.
-Type your subnet mask in the Subnet mask box.
-Type the IP address of your ZyAIR in the Router address box. 3. For dynamically assigned settings, select Using DHCP from the Configure list. 4. 5. Click Apply Now and close the window. 6. Turn on your ZyAIR and restart your computer (if prompted). Verifying Your Computers IP Address Check your TCP/IP properties in the Network window. Setting Up Your Computers IP Address C-11 ZyAIR B-500 Wireless Access Point Users Guide Appendix D Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, email, printer services, etc.) without the use of a cabled connection. In effect a wireless LAN environment provides you the freedom to stay connected to the network while roaming around in the coverage area. WLAN is not available on all models. Benefits of a Wireless LAN Wireless LAN offers the following benefits:
1. It provides you with access to network services in areas otherwise hard or expensive to wire, such as historical buildings, buildings with asbestos materials and classrooms. It provides healthcare workers like doctors and nurses access to a complete patients profile on a handheld or notebook computer upon entering a patients room. It allows flexible workgroups a lower total cost of ownership for workspaces that are frequently reconfigured. It allows conference room users access to the network as they move from meeting to meeting, getting up-to-date access to information and the ability to communicate decisions while on the go. It provides campus-wide networking mobility, allowing enterprises the roaming capability to set up easy-to-use wireless networks that cover the entire campus transparently. 2. 3. 4. 5. IEEE 802.11 The 1997 completion of the IEEE 802.11 standard for wireless LANs (WLANs) was a first important step in the evolutionary development of wireless networking technologies. The standard was developed to maximize interoperability between differing brands of wireless LANs as well as to introduce a variety of performance improvements and benefits. The IEEE 802.11 specifies three different transmission methods for the PHY, the layer responsible for transferring data between nodes. Two of the methods use spread spectrum RF signals, Direct Sequence Spread Spectrum (DSSS) and Frequency-Hopping Spread Spectrum (FHSS), in the 2.4 to 2.4825 GHz Wireless LAN and IEEE 802.11 D-1 ZyAIR B-500 Wireless Access Point Users Guide unlicensed ISM (Industrial, Scientific and Medical) band. The third method is infrared technology, using very high frequencies, just below visible light in the electromagnetic spectrum to carry data. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS). In the most basic form, a wireless LAN connects a set of computers with wireless adapters. Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS). See the following diagram of an example of an Ad-hoc wireless LAN. Diagram D-1 Peer-to-Peer Communication in an Ad-hoc Network Infrastructure Wireless LAN Configuration For infrastructure WLANs, multiple access points (APs) link the WLAN to the wired network and allow users to efficiently share network resources. The access points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. Multiple access points can provide wireless coverage for an entire building or campus. All communications between stations or between a station and a wired network client go through the access point. D-2 Wireless LAN and IEEE 802.11 ZyAIR B-500 Wireless Access Point Users Guide The Extended Service Set (ESS) shown in the next figure consists of a series of overlapping BSSs (each containing an Access Point) connected together by means of a Distribution System (DS). Although the DS could be any type of network, it is almost invariably an Ethernet LAN. Mobile nodes can roam between access points and seamless campus-wide coverage is possible. Diagram D-2 ESS Provides Campus-Wide Coverage Wireless LAN and IEEE 802.11 D-3 ZyAIR B-500 Wireless Access Point Users Guide Appendix E Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC address. As the MAC address is sent across the wireless link in clear text, it is easy to spoof and fake. Even the WEP (Wire Equivalent Privacy) data encryption is unreliable as it can be easily decrypted with current computer speed Deployment Issues with IEEE 802.11 User account management has become a network administrators nightmare in a corporate environment, as the IEEE 802.11b standard does not provide any central user account management. User access control is done through manual modification of the MAC address table on the access point. Although WEP data encryption offers a form of data security, you have to reset the WEP key on the clients each time you change your WEP key on the access point. IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Advantages of the IEEE 802.1x User based identification that allows for roaming. Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless stations. Wireless LAN with IEEE 802.1x E-1 ZyAIR B-500 Wireless Access Point Users Guide RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Client computer access authorized. Client computer access not authorized. Diagram E-1 Sequences for EAP MD5Challenge Authentication E-2 Wireless LAN with IEEE 802.1x ZyAIR B-500 Wireless Access Point Users Guide Appendix F Types of EAP Authentication This appendix discusses the four popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS and PEAP. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless station. The wireless station proves that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key. You must configure WEP encryption keys for data encryption. EAP-TLS (Transport Layer Security) With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the senders identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead. EAP-TTLS (Tunneled Transport Layer Service) EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus Types of EAP Authentication F-1 ZyAIR B-500 Wireless Access Point Users Guide hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5 and EAP-
MSCHAPv2, for client authentication. For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, simple user name and password pair is more practical. The following table is a comparison of the features of four authentication types. Comparison of EAP Authentication Types EAP-MD5 EAP-TLS EAP-TTLS Mutual Authentication Certificate Client Certificate Server Dynamic Key Exchange Credential Security Deployment Difficulty Wireless Security Client Identity Protection No No No No None Easy Poor No Yes Yes Yes Yes Strong Hard Best No Yes PEAP Yes Optional Optional Yes Yes Strong Moderate Good Yes Yes Yes Strong Moderate Good Yes F-2 Types of EAP Authentication ZyAIR B-500 Wireless Access Point Users Guide Appendix G IP Subnetting IP Addressing Routers route based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1. IP addresses are categorized into different classes. The class of an address depends on the value of its first octet.
Class A addresses have a 0 in the left most bit. In a class A address the first octet is the network number and the remaining three octets make up the host ID.
Class B addresses have a 1 in the left most bit and a 0 in the next left most bit. In a class B address the first two octets make up the network number and the two remaining octets make up the host ID.
Class C addresses begin (starting from the left) with 1 1 0. In a class C address the first three octets make up the network number and the last octet is the host ID.
Class D addresses begin with 1 1 1 0. Class D addresses are used for multicasting. (There is also a class E address. It is reserved for future use.) Chart G-1 Classes of IP Addresses IP ADDRESS:
OCTET 1 OCTET 2 OCTET 3 OCTET 4 0 10 110 Network number Network number Network number Host ID Network number Network number Host ID Host ID Network number Host ID Host ID Host ID Host IDs of all zeros or all ones are not allowed. Class A Class B Class C Therefore:
A class C network (8 host bits) can have 28 2 or 254 hosts.
A class B address (16 host bits) can have 216 2 or 65534 hosts. IP Subnetting G-1 ZyAIR B-500 Wireless Access Point Users Guide A class A address (24 host bits) can have 224 2 hosts (approximately 16 million hosts). Since the first octet of a class A IP address must contain a 0, the first octet of a class A address can have a value of 0 to 127. Similarly the first octet of a class B must begin with 10, therefore the first octet of a class B address has a valid range of 128 to 191. The first octet of a class C address begins with 110, and therefore has a range of 192 to 223. Chart G-2 Allowed IP Address Range By Class CLASS ALLOWED RANGE OF FIRST OCTET
(BINARY) ALLOWED RANGE OF FIRST OCTET
(DECIMAL) 0 to 127 128 to 191 192 to 223 224 to 239 00000000 to 01111111 10000000 to 10111111 11000000 to 11011111 11100000 to 11101111 Class A Class B Class C Class D Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). A subnet mask has 32 bits; each bit of the mask corresponds to a bit of the IP address. If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID. Subnet masks are expressed in dotted decimal notation just as IP addresses are. The natural masks for class A, B and C IP addresses are as follows. Chart G-3 Natural Masks CLASS A B C NATURAL MASK 255.0.0.0 255.255.0.0 255.255.255.0 Subnetting With subnetting, the class arrangement of an IP address is ignored. For example, a class C address no longer has to have 24 bits of network number and 8 bits of host ID. With subnetting, some of the host ID bits are converted into network number bits. By convention, subnet masks always consist of a continuous G-2 IP Subnetting ZyAIR B-500 Wireless Access Point Users Guide sequence of ones beginning from the left most bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a / followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with mask 255.255.255.128. The following table shows all possible subnet masks for a class C address using both notations. Chart G-4 Alternative Subnet Mask Notation SUBNET MASK IP ADDRESS 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 SUBNET MASK 1 BITS LAST OCTET BIT VALUE
/24
/25
/26
/27
/28
/29
/30 0000 0000 1000 0000 1100 0000 1110 0000 1111 0000 1111 1000 1111 1100 The first mask shown is the class C natural mask. Normally if no mask is specified it is understood that the natural mask is being used. Example: Two Subnets As an example, you have a class C address 192.168.1.0 with subnet mask of 255.255.255.0. NETWORK NUMBER HOST ID IP Address IP Address (Binary) Subnet Mask Subnet Mask (Binary) 192.168.1. 11000000.10101000.00000001. 255.255.255. 11111111.11111111.11111111. 0 00000000 0 00000000 The first three octets of the address make up the network number (class C). You want to have two separate networks. IP Subnetting G-3 ZyAIR B-500 Wireless Access Point Users Guide Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The borrowed host ID bit can be either 0 or 1 thus giving two subnets; 192.168.1.0 with mask 255.255.255.128 and 192.168.1.128 with mask 255.255.255.128. In the following charts, shaded/bolded last octet bit values indicate host ID bits borrowed to form network ID bits. The number of borrowed host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after borrowing) determines the number of hosts you can have on each subnet. Chart G-5 Subnet 1 IP Address IP Address (Binary) Subnet Mask Subnet Mask (Binary) Subnet Address: 192.168.1.0 Broadcast Address: 192.168.1.127 NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 255.255.255. 11111111.11111111.11111111. LAST OCTET BIT VALUE 0 00000000 128 10000000 Lowest Host ID: 192.168.1.1 Highest Host ID: 192.168.1.126 Chart G-6 Subnet 2 NETWORK NUMBER IP Address IP Address (Binary) Subnet Mask Subnet Mask (Binary) Subnet Address: 192.168.1.128 Broadcast Address: 192.168.1.255 192.168.1. 11000000.10101000.00000001. 255.255.255. 11111111.11111111.11111111. Lowest Host ID: 192.168.1.129 Highest Host ID: 192.168.1.254 LAST OCTET BIT VALUE 128 10000000 128 10000000 The remaining 7 bits determine the number of hosts each subnet can have. Host IDs of all zeros represent the subnet itself and host IDs of all ones are the broadcast address for that subnet, so the actual number of hosts available on each subnet in the example above is 27 2 or 126 hosts for each subnet. 192.168.1.0 with mask 255.255.255.128 is the subnet itself, and 192.168.1.127 with mask 255.255.255.128 is the directed broadcast address for the first subnet. Therefore, the lowest IP address that can be assigned G-4 IP Subnetting ZyAIR B-500 Wireless Access Point Users Guide to an actual host for the first subnet is 192.168.1.1 and the highest is 192.168.1.126. Similarly the host ID range for the second subnet is 192.168.1.129 to 192.168.1.254. Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class C address space into two subnets. Similarly to divide a class C address into four subnets, you need to borrow two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits
(11111111.11111111.11111111.11000000) or 255.255.255.192. Each subnet contains 6 host ID bits, giving 26-2 or 62 hosts for each subnet (all 0s is the subnet itself, all 1s is the broadcast address on the subnet). Chart G-7 Subnet 1 IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.0 Broadcast Address: 192.168.1.63 IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.64 Broadcast Address: 192.168.1.127 NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 11111111.11111111.11111111. LAST OCTET BIT VALUE 0 00000000 11000000 Lowest Host ID: 192.168.1.1 Highest Host ID: 192.168.1.62 Chart G-8 Subnet 2 NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 11111111.11111111.11111111. LAST OCTET BIT VALUE 64 01000000 11000000 Lowest Host ID: 192.168.1.65 Highest Host ID: 192.168.1.126 IP Address IP Address (Binary) Chart G-9 Subnet 3 NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. LAST OCTET BIT VALUE 128 10000000 IP Subnetting G-5 ZyAIR B-500 Wireless Access Point Users Guide Chart G-9 Subnet 3 NETWORK NUMBER Subnet Mask (Binary) Subnet Address: 192.168.1.128 Broadcast Address: 192.168.1.191 11111111.11111111.11111111. LAST OCTET BIT VALUE 11000000 Lowest Host ID: 192.168.1.129 Highest Host ID: 192.168.1.190 Chart G-10 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE 192 11000000 11000000 192.168.1. 11000000.10101000.00000001. 11111111.11111111.11111111. IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.192 Broadcast Address: 192.168.1.255 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110). The following table shows class C IP address last octet values for each subnet. Lowest Host ID: 192.168.1.193 Highest Host ID: 192.168.1.254 SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS Chart G-11 Eight Subnets 1 2 3 4 5 6 7 8 0 32 64 96 128 160 192 224 1 33 65 97 129 161 193 223 30 62 94 126 158 190 222 254 31 63 95 127 159 191 223 255 G-6 IP Subnetting ZyAIR B-500 Wireless Access Point Users Guide The following table is a summary for class C subnet planning. Chart G-12 Class C Subnet Planning NO. BORROWED HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 2 3 4 5 6 7 255.255.255.128 (/25) 255.255.255.192 (/26) 255.255.255.224 (/27) 255.255.255.240 (/28) 255.255.255.248 (/29) 255.255.255.252 (/30) 255.255.255.254 (/31) 2 4 8 16 32 64 128 126 62 30 14 6 2 1 Subnetting With Class A and Class B Networks. For class A and class B addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class B address has two host ID octets available for subnetting and a class A address has three host ID octets (see Chart J-1) available for subnetting. The following table is a summary for class B subnet planning. Chart G-13 Class B Subnet Planning NO. BORROWED HOST BITS 1 2 3 4 5 6 7 8 SUBNET MASK 255.255.128.0 (/17) 255.255.192.0 (/18) 255.255.224.0 (/19) 255.255.240.0 (/20) 255.255.248.0 (/21) 255.255.252.0 (/22) 255.255.254.0 (/23) 255.255.255.0 (/24) NO. SUBNETS NO. HOSTS PER SUBNET 2 4 8 16 32 64 128 256 32766 16382 8190 4094 2046 1022 510 254 IP Subnetting G-7 ZyAIR B-500 Wireless Access Point Users Guide Chart G-13 Class B Subnet Planning NO. BORROWED HOST BITS 9 10 11 12 13 14 15 SUBNET MASK 255.255.255.128
(/25) 255.255.255.192
(/26) 255.255.255.224
(/27) 255.255.255.240
(/28) 255.255.255.248
(/29) 255.255.255.252
(/30) 255.255.255.254
(/31) NO. SUBNETS NO. HOSTS PER SUBNET 512 1024 2048 4096 8192 16384 32768 126 62 30 14 6 2 1 G-8 IP Subnetting ZyAIR B-500 Wireless Access Point Users Guide Appendix H Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or www.zyxel.com for more detailed information on these commands. Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable. Command Syntax The command keywords are in courier new font. Enter the command keywords exactly as shown, do not abbreviate. The required fields in a command are enclosed in angle brackets <>. The optional fields in a command are enclosed in square brackets []. The |symbol means or. For example, sys filter netbios config <type> <on|off>
means that you must specify the type of netbios filter and whether to turn it on or off. Command Usage A list of valid commands can be found by typing help or ? at the command prompt. Always type the full command. Type exit to return to the SMT main menu when finished. Command Interpreter H-1 ZyAIR B-500 Wireless Access Point Users Guide Appendix I Log Descriptions Chart I-1 System Maintenance Logs DESCRIPTION The ZyAIR has adjusted its time based on information from the time server. The ZyAIR failed to get information from the time server. A DHCP client got a new IP address from the DHCP server. A DHCP client's IP address has expired. The DHCP server assigned an IP address to a client. Someone has logged on to the ZyAIR 's SMT interface. Someone has failed to log on to the ZyAIR s SMT interface. Someone has logged on to the ZyAIR 's web configurator interface. Someone has failed to log on to the ZyAIR 's web configurator interface. Someone has logged on to the ZyAIR via telnet. Someone has failed to log on to the ZyAIR via telnet. Someone has logged on to the ZyAIR via FTP. Someone has failed to log on to the ZyAIR via FTP. LOG MESSAGE Time calibration is successful Time calibration failed DHCP client gets %s DHCP client IP expired DHCP server assigns
%s SMT Login Successfully SMT Login Fail WEB Login Successfully WEB Login Fail TELNET Login Successfully TELNET Login Fail FTP Login Successfully FTP Login Fail Log Description I-1 ZyAIR B-500 Wireless Access Point Users Guide Chart I-2 ICMP Notes DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network. Redirect Redirect datagrams for the Network Redirect datagrams for the Host Redirect datagrams for the Type of Service and Network Redirect datagrams for the Type of Service and Host Echo Echo message Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error CODE 0 0 1 2 3 4 5 0 0 1 2 3 0 0 1 0 TYPE 0 3 4 5 8 11 12 I-2 Log Descriptions ZyAIR B-500 Wireless Access Point Users Guide Chart I-2 ICMP Notes DESCRIPTION Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request Information request message Information Reply Information reply message TYPE 13 14 15 16 CODE 0 0 0 0 LOG MESSAGE Mon dd hr:mm:ss hostname src="<srcIP:srcPort>"
dst="<dstIP:dstPort>"
msg="<msg>" note="<note>"
Chart I-3 Sys log DESCRIPTION This message is sent by the "RAS" when this syslog is generated. The messages and notes are defined in this appendixs other charts. Log Commands Go to the command interpreter interface (the Command Interpreter Appendix explains how to access and use the commands). Configuring What You Want the ZyAIR to Log Use the sys logs load command to load the log setting buffer that allows you to configure which logs the ZyAIR is to record. Use sys logs category followed by a log category and a parameter to decide what to record Log Description I-3 ZyAIR B-500 Wireless Access Point Users Guide Chart I-4 Log Categories and Available Settings LOG CATEGORIES AVAILABLE PARAMETERS 8021x access error icmp mten packetfilter remote tcpreset Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category. 0, 1 0, 1, 2, 3 0, 1, 2, 3 0, 1 0, 1 0, 1 0, 1 0, 1 Use the sys logs save command to store the settings in the ZyAIR (you must do this in order to record logs). Displaying Logs Use the sys logs display command to show all of the logs in the ZyAIRs log. Use the sys logs category display command to show the log settings for all of the log categories. Use the sys logs display [log category] command to show the logs in an individual ZyAIR log category. Use the sys logs clear command to erase all of the ZyAIRs logs. Log Command Example This example shows how to set the ZyAIR to record the error logs and alerts and then view the results. ras> sys logs load ras> sys logs category error 3 ras> sys logs save ras> sys logs display access I-4 Log Descriptions ZyAIR B-500 Wireless Access Point Users Guide
# .time source destination notes message 0|11/11/2002 15:10:12 |172.22.3.80:137 |172.22.255.255:137
|ACCESS BLOCK Log Description I-5 ZyAIR B-500 Wireless Access Point Users Guide Appendix J Index DS...........................................See Distribution System DSSS ............... See Direct Sequence Spread Spectrum E EAP ........................................................................ 1-3 EAP Authentication................................................ F-1 MD5 ................................................................... F-1 TLS..................................................................... F-1 TTLS .................................................................. F-1 Error Log .............................................................. 16-5 Error/Information Messages Sample.............................................................. 16-5 ESS .. See Extended Service Set. See Extended Service ESS ID.................................................................... 3-1 Extended Service Set ...................................... D-3, 5-2 Extended Service Set IDentification ....................... 5-6 Set F FCC .......................................................................... iii FHSS ......... See Frequency-Hopping Spread Spectrum Filename Conventions .......................................... 17-1 Firmware File Maintenance................................................ 9-6, 9-8 Fragment Threshold.............................................. 12-3 Fragmentation Threshold........................................ 5-4 Frequency-Hopping Spread Spectrum ....................D-2 FTP File Transfer.................................................. 17-7 G General Setup .........................................3-2, 4-1, 11-1 H Hidden Menus....................................................... 10-4 Host ........................................................................ 4-3 A Address Assignment.........................................3-5, 7-1 Ad-hoc Configuration.............................................D-2 Alternative Subnet Mask Notation .........................G-3 Applications ............................................................1-4 auto-negotiation.......................................................1-1 B backup ...................................................................17-2 Backup.....................................................................9-8 Basic Service Set....................................................D-2 BSS.............................................See Basic Service Set C CA ...........................................................................F-1 Certificate Authority......................................... See CA Channel ID .....................................................5-6, 12-3 Classes of IP Addresses..........................................G-1 Collision ................................................................16-2 Command Interpreter ............................................18-1 Community............................................................14-2 Computers IP Address .......................................... C-1 Copyright....................................................................ii CPU Load..............................................................16-3 Customer Support....................................................... v D Data encryption .......................................................3-1 Default...................................................................9-11 DHCP ....................................................................16-4 Diagnostic .............................................................16-6 Diagnostic Tools ...................................................16-1 Direct Sequence Spread Spectrum..........................D-2 Distribution System................................................D-3 Index J-1 ZyAIR B-500 Wireless Access Point Users Guide Host IDs..................................................................G-1 Private IP Address............................................3-5, 7-1 I Q IBSS....................... See Independent Basic Service Set IEEE 802.11 ...........................................................D-1 Deployment Issues ............................................. E-1 Security Flaws.................................................... E-1 IEEE 802.1x ....................................................E-1, 1-3 Advantages......................................................... E-1 Independent Basic Service Set................. D-2, 5-1, 9-5 Infrastructure Configuration ...................................D-2 Internet access........................................................12-1 Internet Access ................................................ 1-4, 1-5 Internet Security Gateway .......................................1-1 IP Address .................... 3-5, 7-1, 7-2, 12-2, 16-4, 16-6 IP Addressing .........................................................G-1 IP Classes................................................................G-1 L Link type................................................................16-2 Log and Trace........................................................16-5 Log Descriptions......................................................J-1 Logs.........................................................................8-1 Quick Installation Guide .......................................... xv R RADIUS.................................................................. 1-3 RAS....................................................................... 16-4 Rate Receiving.......................................................... 16-2 Transmission..................................................... 16-2 Related Documentation............................................ xv Remote Authentication Dial In User Service ..........See RADIUS Remote Node ........................................................ 16-2 Required fields...................................................... 10-4 Restore .................................................................... 9-9 Restore Configuration ........................................... 17-5 RF signals .............................................................. D-1 Roaming Example.............................................................. 5-7 Requirements...................................................... 5-8 RTS Threshold...............................................5-3, 12-3 M S MAC Address Filter Action........................... 6-6, 12-6 MAC Address Filtering .........................................12-5 Main Menu ............................................................10-4 Management Information Base (MIB)...................14-2 MD5........................................................................ F-1 Message Digest Algorithm 5 .........................See MD5 N Network Management .............................................1-3 Network Topology With RADIUS Server ExampleE-2 P Packets...................................................................16-2 Password............................................... 4-2, 10-1, 14-2 Ping........................................................................16-6 Server...................................................................... 4-5 Service ...................................................................... iv Service Set .............................................................. 5-6 SMT Menu Overview ........................................... 10-2 SNMP Community....................................................... 14-3 Configuration.................................................... 14-2 Get .................................................................... 14-2 GetNext ............................................................ 14-2 Manager............................................................ 14-2 MIBs................................................................. 14-2 Set..................................................................... 14-2 Trap .................................................................. 14-2 Traps........................................................14-3, 14-4 Trusted Host ..................................................... 14-3 Subnet Mask.................................. 3-5, 7-1, 12-2, 16-4 Subnet Masks......................................................... G-2 Subnetting .............................................................. G-3 J-2 Index Supporting Disk........................................................ xv System Console Port Speed.......................................16-4 Diagnostic ......................................................16-5 Log and Trace................................................16-5 System Information...........................................16-3 System Status....................................................16-1 Time and Date...................................................18-2 System Information ...............................................16-3 System Information & Diagnosis ..........................16-1 System Maintenance..16-1, 16-3, 17-2, 17-4, 17-5, 17-
6, 17-9, 18-1, 18-2, 18-3 System Management Terminal..............................10-4 System Name...........................................................4-2 T TCP/IP...................................................................16-6 TFTP File Transfer................................................17-9 Time and Date Setting...........................................18-2 Time Server...........................................................18-3 Time Zone .............................................................18-3 TLS..........................................................................F-1 Trace Records........................................................16-5 Transport Layer Security................................ See TLS Troubleshooting Accessing ZyAIR.......................................A-2, A-3 Ethernet Port ......................................................A-1 Password ............................................................A-2 Start-Up..............................................................A-1 ZyAIR B-500 Wireless Access Point Users Guide TTLS....................................................................... F-1 Tunneled Transport Layer Service................See TTLS U Upload Firmware.................................................. 17-6 User Profiles .................................................. 6-9, 13-1 V Valid CI Commands ............................................. 18-1 W Web Configurator ............................................ 2-1, 2-3 WEP........................................................................ 3-1 WEP Encryption ............................................ 6-4, 12-3 Wireless LAN............................................... D-1, 12-2 Benefits ..............................................................D-1 Wireless LAN Setup ............................................. 12-2 Wizard Setup .....................................3-1, 3-2, 3-3, 3-4 WLAN ............................................ See Wireless LAN Z ZyNOS......................................................... 17-1, 17-2 ZyNOS F/W Version ............................................ 17-1 ZyXEL Limited Warranty Note.......................................................................iv Index J-3
frequency | equipment class | purpose | ||
---|---|---|---|---|
1 | 2003-12-04 | 2412 ~ 2462 | DTS - Digital Transmission System | Original Equipment |
app s | Applicant Information | |||||
---|---|---|---|---|---|---|
1 | Effective |
2003-12-04
|
||||
1 | Applicant's complete, legal business name |
ZyXEL Communications Corporation
|
||||
1 | FCC Registration Number (FRN) |
0021059092
|
||||
1 | Physical Address |
No.2, Industry East Road IX, Science Park
|
||||
1 |
Hsinchu, N/A
|
|||||
1 |
Taiwan
|
|||||
app s | TCB Information | |||||
1 | TCB Application Email Address |
h******@americanTCB.com
|
||||
1 | TCB Scope |
A4: UNII devices & low power transmitters using spread spectrum techniques
|
||||
app s | FCC ID | |||||
1 | Grantee Code |
I88
|
||||
1 | Equipment Product Code |
B500
|
||||
app s | Person at the applicant's address to receive grant or for contact | |||||
1 | Name |
E******** B********
|
||||
1 | Title |
Section Manager
|
||||
1 | Telephone Number |
886 3******** Extension:
|
||||
1 | Fax Number |
886 3********
|
||||
1 |
E******@zyxel.com.tw
|
|||||
app s | Technical Contact | |||||
1 | Firm Name |
Intertek Testing Services Taiwan Ltd.
|
||||
1 | Name |
E**** C********
|
||||
1 | Physical Address |
No. 11 Ko-Tze-Nan Chia-Tung Li
|
||||
1 |
Hsinchu, 300
|
|||||
1 |
Taiwan
|
|||||
1 | Telephone Number |
+886-******** Extension:
|
||||
1 | Fax Number |
+866-********
|
||||
1 |
e******@intertek.com
|
|||||
app s | Non Technical Contact | |||||
n/a | ||||||
app s | Confidentiality (long or short term) | |||||
1 | Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | Yes | ||||
1 | Long-Term Confidentiality Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | No | ||||
if no date is supplied, the release date will be set to 45 calendar days past the date of grant. | ||||||
app s | Cognitive Radio & Software Defined Radio, Class, etc | |||||
1 | Is this application for software defined/cognitive radio authorization? | No | ||||
1 | Equipment Class | DTS - Digital Transmission System | ||||
1 | Description of product as it is marketed: (NOTE: This text will appear below the equipment class on the grant) | Wireless LAN Access Point | ||||
1 | Related OET KnowledgeDataBase Inquiry: Is there a KDB inquiry associated with this application? | No | ||||
1 | Modular Equipment Type | Does not apply | ||||
1 | Purpose / Application is for | Original Equipment | ||||
1 | Composite Equipment: Is the equipment in this application a composite device subject to an additional equipment authorization? | No | ||||
1 | Related Equipment: Is the equipment in this application part of a system that operates with, or is marketed with, another device that requires an equipment authorization? | No | ||||
1 | Grant Comments | Power Output listed is Conducted. The antennas used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter. End-users and installers must be provided with antenna installation instructions and transmitter operating conditions for satisfying RF exposure compliance. | ||||
1 | Is there an equipment authorization waiver associated with this application? | No | ||||
1 | If there is an equipment authorization waiver associated with this application, has the associated waiver been approved and all information uploaded? | No | ||||
app s | Test Firm Name and Contact Information | |||||
1 | Firm Name |
Intertek Testing Services Taiwan Ltd.
|
||||
1 | Name |
A****** L******
|
||||
1 | Telephone Number |
886-3******** Extension:
|
||||
1 | Fax Number |
886-3********
|
||||
1 |
a******@intertek.com
|
|||||
Equipment Specifications | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Line | Rule Parts | Grant Notes | Lower Frequency | Upper Frequency | Power Output | Tolerance | Emission Designator | Microprocessor Number | |||||||||||||||||||||||||||||||||
1 | 1 | 15C | CE | 2412.00000000 | 2462.00000000 | 0.1010000 |
some individual PII (Personally Identifiable Information) available on the public forms may be redacted, original source may include additional details
This product uses the FCC Data API but is not endorsed or certified by the FCC