ZyXEL Communications B-1000 74

ZyAIR Access Point Series User’s Guide

	Table 6-3 802.1x Authentication

LABEL	DESCRIPTION

Authentication	This field is activated only when you select Authentication Required in the Wireless
Databases	Port Control field.
	The authentication database contains wireless station login information. The local
	user database is the built-in database on the ZyAIR. The RADIUS is an external
	server. Use this drop-down list box to select which database the ZyAIR should use
	(first) to authenticate a wireless station.
	Before you specify the priority, make sure you have set up the corresponding
	database correctly first.
	Select Local User Database Only to have the ZyAIR just check the built-in user
	database on the ZyAIR for a wireless station's username and password.
	Select RADIUS Only to have the ZyAIR just check the user database on the
	specified RADIUS server for a wireless station's username and password.
	Select Local first, then RADIUS to have the ZyAIR first check the user database on
	the ZyAIR for a wireless station's username and password. If the user name is not
	found, the ZyAIR then checks the user database on the specified RADIUS server.
	Select RADIUS first, then Local to have the ZyAIR first check the user database on
	the specified RADIUS server for a wireless station's username and password. If the
	ZyAIR cannot reach the RADIUS server, the ZyAIR then checks the local user
	database on the ZyAIR. When the user name is not found or password does not
	match in the RADIUS server, the ZyAIR will not check the local user database and
	the authentication fails.

Dynamic WEP	This field is activated only when you select Authentication Required in the Wireless
Key Exchange	Port Control field. Also set the Authentication Databases field to RADIUS Only.
	Local user database may not be used.
	Select Disable to allow wireless stations to communicate with the access points
	without using dynamic WEP key exchange.
	Select 64-bit WEP or 128-bit WEP to enable data encryption.
	Up to 32 stations can access the ZyAIR when you configure dynamic WEP key
	exchange.

Apply	Click Apply to save your changes back to the ZyAIR.

Reset	Click Reset to begin configuring this screen afresh.

Once you enable user authentication, you need to specify an external RADIUS server or create local user accounts on the ZyAIR for authentication.

6-12	Wireless Security

Contents

User's Guide Copyright Federal Communications Commission (FCC) Interference Statement ZyXEL Limited Warranty Customer Support Table of Contents Page Chapter 10 Maintenance SMT CONFIGURATION Chapter 11 Introducing the SMT Chapter 15 VLAN Setup Chapter 16 SNMP Configuration Chapter 17 System Security Chapter 20 System Maintenance and Information APPENDICES A-1 Appendix B Brute-ForcePassword Guessing Protection Page List of Figures Page Page Page List of Tables Page Preface Control Panels Modem User Guide Feedback Part I: OVERVIEW Page 1.1Introducing the ZyAIR Access Point Series 1.2ZyAIR Features 10/100M Auto-negotiatingEthernet/Fast Ethernet Interface 10/100M Auto-crossoverEthernet/Fast Ethernet Interface Reset Button Brute-ForcePassword Guessing Protection ZyAIR LED Bridge/Repeater Power over Ethernet (PoE) Figure 1-1PoE Installation Example 802.11b Wireless LAN Standard Output Power Management Multiple ESS VLAN Limit the number of Client Connections SSL Passthrough Wireless LAN MAC Address Filtering IEEE 802.1x Network Security WDS Functionality Figure 1-2WDS Functionality Example SNMP 1.3Applications for the ZyAIR 1.3.1 Internet Access Application 1.3.2 Corporation Network Application Page 2.1Accessing the ZyAIR Web Configurator 2.2Resetting the ZyAIR 2.2.1 Method of Restoring Factory-Defaults 2.3Navigating the ZyAIR Web Configurator Page 3.1Wizard Setup Overview 3.1.1 Channel 3.1.2 ESS ID 3.1.3 WEP Encryption 3.2Wizard Setup: General Setup 3.3Wizard Setup: Wireless LAN Figure 3-2Wizard 2 : Wireless LAN Setup Table 3-2Wizard 2 : Wireless LAN Setup 3.4Wizard Setup: IP Address 3.4.1 IP Address Assignment 3.4.2 IP Address and Subnet Mask Figure 3-3Wizard 3 : IP Address Assignment Table 3-4Wizard 3 : IP Address Assignment You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again If you changed the ZyAIR's IP address, you must use the 3.5Basic Setup Complete Page Page Part II: SYSTEM, WIRELESS, VLAN AND IP Page 4.1System Overview 4.2Configuring General Setup 4.3Configuring Password 4.4Configuring Time Setting Figure 4-3Time Setting Table 4-3Time Setting Page Page 5.1Wireless LAN Overview 5.1.1 IBSS 5.1.2 BSS 5.1.3 ESS 5.2Wireless LAN Basics 5.2.1 RTS/CTS 5.2.2 Fragmentation Threshold 5.3Configuring Wireless Table 5-1Wireless If you are configuring the ZyAIR from a computer connected to the wireless LAN and you change the ZyAIR’s ESSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless 5.4Configuring Bridge Figure 5-8Bridge Loop: Bridge Connected to Wired LAN Bridge Figure 5-9Wireless : Bridge Table 5-2Wireless : Bridge 5.5Configuring Roaming 5.5.1 Requirements for Roaming Table 5-3Roaming All APs on the same subnet and the wireless stations must have the 6.1Wireless Security Overview 6.2WEP Overview 6.2.1 Data Encryption 6.2.2 Authentication 6.3Configuring WEP Encryption Table 6-1Wireless 6.4MAC Filter Figure 6-4MAC Address Filter Table 6-2MAC Address Filter 6.5802.1x Overview 6.6Introduction to RADIUS 6.6.1 EAP Authentication Overview 6.7Dynamic WEP Key Exchange 6.8Introduction to Local User Database 6.9Configuring Table 6-3802.1x Authentication If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has Page 6.10 Configuring Local User Database 6.11 Configuring RADIUS Table 6-5RADIUS Page 7.1Wireless LAN Infrastructures 7.1.1 Multiple ESS 7.1.2 Notes on Multiple-ESS 7.1.3 Multiple ESS Example 7.2VLAN 7.2.1 Management VLAN ID 7.2.2 Multi-ESSwith VLAN Example 7.3Configuring Multiple ESS Figure 7-3Wireless : Multiple ESS 7.3.1 Edit ESS Figure 7-4Wireless : Edit ESS Table 7-2Wireless : Edit ESS 7.3.2 MAC Filter Summary 7.4Configuring VLAN Figure 7-6VLAN Table 7-4VLAN Page 8.1Factory Ethernet Defaults 8.2TCP/IP Parameters 8.2.1 IP Address and Subnet Mask 8.2.2 WAN IP Address Assignment 8.3Configuring IP If you change the ZyAIR's IP address, you must use the Page Part III: LOGS 9.1Configuring View Log 9.2Configuring Log Settings Figure 9-2Log Settings Table 9-2Log Settings Page Page Part IV: MAINTENANCE Page 10.1 Maintenance Overview 10.2 System Status Screen 10.2.1 System Statistics 10.3 Wireless Screen 10.3.1 Association List 10.3.2 Channel Usage Figure 10-4Channel Usage (ZyAIR B-1000) Table 10-4Channel Usage (ZyAIR B-1000) Figure 10-5Channel Usage Table 10-5Channel Usage 10.4 F/W Upload Screen Table 10-6Firmware Upload Do not turn off the device while firmware upload is in progress Firmware Upload in Process Figure 10-7Firmware Upload In Process Figure 10-8Network Temporarily Disconnected 10.5 Configuration Screen 10.5.1 Backup Configuration 10.5.2 Restore Configuration Table 10-7Restore Configuration Do not turn off the device while configuration file upload is in progress Figure 10-12Configuration Upload Successful Figure 10-13Network Temporarily Disconnected 10.5.3 Back to Factory Defaults Figure 10-16Reset Warning Message Page Part V: SMT CONFIGURATION Page 11.1 Connect to your ZyAIR Using Telnet 11.2 Changing the System Password 11.3 ZyAIR SMT Menu Overview Example Figure 11-3ZyAIR B-3000SMT Menu Overview Example 11.4 Navigating the SMT Interface 11.4.1 System Management Terminal Interface Summary Page 12.1 General Setup 12.1.1 Procedure To Configure Menu Table 12-1Menu 1 General Setup 13.1 LAN Setup 13.2 TCP/IP Ethernet Setup 13.3 Wireless LAN Setup Figure 13-3Menu 3.5 Wireless LAN Setup Table 13-2Menu 3.5 Wireless LAN Setup Page 13.3.1 Configuring MAC Address Filter Figure 13-5Menu 3.5.1 WLAN MAC Address Filter Table 13-3Menu 3.5.1 WLAN MAC Address Filter 13.3.2 Configuring Roaming 13.3.3 Configuring Multiple ESS (for ZyAIR B-3000only) Figure 13-9Menu 3.5.3 Multiple ESS Configuration Table 13-5Menu 3.5.3 Multiple ESS Configuration Configuring an Extended Service Set ESS Menu 3.5.3.1 – ESS x Configuration Figure 13-10Menu 3.5.3.1 ESS x Configuration Table 13-6Menu 3.5.3.1 ESS x Configuration 13.3.4 Configuring Bridge Link (for ZyAIR B-3000only) Figure 13-12Menu 3.5.4 Bridge Link Configuration Table 13-7Menu 3.5.4 Bridge Link Configuration 14.1 Dial-inUser Setup Table 14-1Menu 14.1- Edit Dial-inUser 15.1 VLAN Setup Page 16.1 About SNMP 16.2 Supported MIBs 16.3 SNMP Configuration 16.4 SNMP Traps Table 16-2SNMP Traps Table 16-3Ports and Interface Types 17.1 System Security 17.1.1 System Password 17.1.2 Configuring External RADIUS Server Figure 17-3Menu 23.2 System Security : RADIUS Server Table 17-1Menu 23.2 System Security : RADIUS Server Menu23 – System Security Figure 17-4Menu 23 System Security Step 2. Enter 4 to display Menu 23.4 – System Security – IEEE802.1x Figure 17-5Menu 23.4 System Security : IEEE802.1x Table 17-2Menu 23.4 System Security : IEEE802.1x Page Page 18.1 System Status Figure 18-2Menu 24.1 System Maintenance : Status Table 18-1Menu 24.1 System Maintenance : Status 18.2 System Information 18.2.1 System Information 18.2.2 Console Port Speed 18.3 Log and Trace 18.3.1 Viewing Error Log 18.4 Diagnostic Figure 18-8Menu 24.4 System Maintenance : Diagnostic Diagnostic Table 18-3Menu 24.4 System Maintenance Menu : Diagnostic Page Page Page Page Page Page Page Page Page Page 20.1 Command Interpreter Mode 20.2 Time and Date Setting 20.2.1 Resetting the Time Page Part VI: APPENDICES Page Problems Starting Up the ZyAIR Problems with the Ethernet Interface Problems with the Password Problems with Telnet Problems with the WLAN Interface Page Appendix B Brute-ForcePassword Guessing Protection Chart B-1 Brute-ForcePassword Guessing Protection Commands Page Windows 95/98/Me Properties Page Windows 2000/NT/XP Page Page Page Macintosh OS 8/9 Page Macintosh OS Page Page Benefits of a Wireless LAN IEEE Ad-hocWireless LAN Configuration Infrastructure Wireless LAN Configuration Diagram D-2ESS Provides Campus-WideCoverage Page Security Flaws with IEEE Deployment Issues with IEEE Advantages of the IEEE Diagram E-1Sequences for EAP MD5–ChallengeAuthentication EAP-MD5 (Message-DigestAlgorithm 5) EAP-TLS(Transport Layer Security) EAP-TTLS(Tunneled Transport Layer Service) PEAP (Protected EAP) Comparison of EAP Authentication Types Appendix G Power over Ethernet Specifications Chart 1 Power over Ethernet Injector Specifications Chart G-2Power over Ethernet Injector RJ-45Port Pin Assignments PIN NO Page Antenna Characteristics Frequency Radiation Pattern Antenna Gain Types of Antennas For WLAN Connector Type PPPoE in Action Benefits of PPPoE Traditional Dial-upScenario How PPPoE Works ZyAIR as a PPPoE Client What is PPTP How can we transport PPP frames from a PC to a broadband modem over Ethernet PPTP and the ZyAIR PPTP Protocol Overview Control & PPP connections Call Connection PPP Data Connection Page IP Addressing IP Classes Subnet Masks Subnetting Example: Two Subnets Page Example: Four Subnets Example Eight Subnets Subnetting With Class A and Class B Networks Page Command Syntax Command Usage Page Introduction Display NetBIOS Filter Settings NetBIOS Filter Configuration Appendix N Log Descriptions Chart N-1System Error Logs Chart N-2System Maintenance Logs Chart N-3ICMP Notes Log Commands Log Command Example Page Page Appendix O Power Adaptor Specifications Page Appendix P Index