ZyXEL Communications ZyAIR B-500 141

		ZyAIR B-500 Wireless Access Point User’s Guide
		Table 15-2 Menu 23.4 System Security : IEEE802.1x

	FIELD	DESCRIPTION

	Idle Timeout	The ZyAIR automatically disconnects a wireless station from the wired network after
		a period of inactivity. The wireless station needs to enter the username and
		password again before access to the wired network is allowed.
		This field is activated only when you select Authentication Required in the
		Wireless Port Control field. The default time interval is 3600 seconds (or 1 hour).
	Key Management	Press [SPACE BAR] to select 802.1x, WPA or WPA-PSKand press [ENTER].
	Protocol

	Dynamic WEP Key	This field is activated only when you select Authentication Required in the
	Exchange	Wireless Port Control field and set the Key Management Protocol to 802.1x.
		Also set the Authentication Databases field to RADIUS Only. Local user database
		may not be used.
		Select Disable to allow wireless stations to communicate with the access points
		without using Dynamic WEP Key Exchange.
		Select 64-bit WEP or 128-bit WEP to enable data encryption.
		Up to 32 stations can access the ZyAIR when you configure Dynamic WEP Key
		Exchange.
	PSK	Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including
		spaces and symbols) when you select WPA-PSKin the Key Management
		Protocol field.
	Data Privacy for	This field allows you to choose TKIP (recommended) or WEP for broadcast and
	Broadcast/Multicast	multicast (“group”) traffic if the Key Management Protocol is WPA or WPA-PSK.
	packets	All unicast traffic is automatically encrypted by TKIP when WPA or WPA-PSK Key

		Management Protocol is selected.

	WPA	The WPA Broadcast/Multicast Key Update Timer is the rate at which the AP (if
	Broadcast/Multicast	using WPA-PSKkey management) or RADIUS server (if using WPA key
	Key Update Timer	management) sends a new group key out to all clients. The re-keying process is the
		WPA equivalent of automatically changing the WEP key for an AP and all stations in
		a WLAN on a periodic basis. Setting of the WPA Broadcast/Multicast Key Update
		Timer is also supported in WPA-PSK mode. The ZyAIR default is 1800 seconds (30
		minutes).

System Security

15-5

Contents

User's Guide Copyright Federal Communications Commission (FCC) Interference Statement ZyXEL Limited Warranty Customer Support Page Table of Contents LOGS Chapter 9 Maintenance Chapter 10 Introducing the SMT Chapter 11 General Setup Chapter 12 LAN Setup Chapter 13 Dial-inUser Setup Chapter 14 SNMP Configuration Chapter 17 Firmware and Configuration File Maintenance A-1 B-1 C-1 Appendix D Wireless LAN and IEEE 802.11 List of Figures Page Page Page List of Tables Page Preface Control Panels Modem User Guide Feedback Part I: OVERVIEW Page Getting to Know Your ZyAIR 1.1Introducing the ZyAIR Wireless Access Point 1.2ZyAIR Features 10/100M Auto-negotiatingEthernet/Fast Ethernet Interface 10/100M Auto-crossoverEthernet/Fast Ethernet Interface 802.11b Wireless LAN Standard Output Power Management Limit the number of Client Connections SSL Passthrough Wireless LAN MAC Address Filtering WEP Encryption Wi-FiProtected Access IEEE 802.1x Network Security SNMP Full Network Management 1.3Applications for the ZyAIR 1.3.1 Internet Access Application 1.3.2 Corporation Network Application Figure 1-2Corporation Network Application Page Introducing the Web Configurator 2.1Accessing the ZyAIR Web Configurator 2.2Resetting the ZyAIR 2.2.1 Method of Restoring Factory-Defaults 2.3Navigating the ZyAIR Web Configurator Page Wizard Setup 3.1Wizard Setup Overview 3.1.1 Channel 3.1.2 ESS ID 3.1.3 WEP Encryption 3.2Wizard Setup: General Setup 3.3Wizard Setup: Wireless LAN 3.4Wizard Setup: Screen Basic Security Table 3-3Wizard 2 : Wireless LAN Setup Extend Security 3.5Wizard Setup: IP Address 3.5.1 IP Address Assignment 3.5.2 IP Address and Subnet Mask Figure 3-3Wizard 3 : IP Address Assignment Table 3-6Wizard 3 : IP Address Assignment You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again If you change the ZyAIR's IP address, you must use the 3.6Basic Setup Complete Page Part II: SYSTEM, WIRELESS AND IP Page System Screens 4.1System Overview 4.2Configuring General Setup 4.3Configuring Password 4.4Configuring Time Setting Figure 4-3Time Setting Table 4-3Time Setting Page Page Wireless Configuration and Roaming 5.1Wireless LAN Overview 5.1.1 IBSS 5.1.2 BSS 5.1.3 ESS 5.2Wireless LAN Basics 5.2.1 RTS/CTS 5.2.2 Fragmentation Threshold 5.3Preamble Type 5.4Configuring Wireless Figure 5-5Wireless Table 5-1Wireless If you are configuring the ZyAIR from a computer connected to the wireless LAN and you change the ZyAIR’s ESSID or WEP settings, you will lose your wireless connection when you Page 5.5Configuring Roaming 5.5.1 Requirements for Roaming Roaming Figure 5-7Roaming Table 5-2Roaming All APs on the same subnet and the wireless stations must have the Wireless Security 6.1Wireless Security Overview Figure 6-2Wireless Table 6-1Wireless 6.2Security Parameters Summary 6.3WEP Overview 6.3.1 Data Encryption 6.3.2 Authentication 6.4Configuring WEP Encryption Figure 6-4Wireless: Static WEP 6.5Introduction to WPA 6.5.1 User Authentication 6.5.2 Encryption 6.6WPA-PSKApplication Example 6.7Configuring WPA-PSKAuthentication Figure 6-6Wireless: WPA-PSK Table 6-4Wireless: WPA-PSK 6.8Wireless Client WPA Supplicants 6.9WPA with RADIUS Application Example 6.10 Configuring WPA Authentication Figure 6-8Wireless: WPA Table 6-5Wireless: WPA 6.11 802.1x Overview 6.12 Dynamic WEP Key Exchange 6.13 Configuring 802.1x and Dynamic WEP Key Exchange 6.14 Configuring 802.1x and Static WEP Key Exchange Figure 6-10Wireless: 802.1x + Static WEP Table 6-7Wireless: 802.1x + Static WEP 6.15 Configuring Figure 6-11Wireless: 802.1x + No WEP Table 6-8Wireless: 802.1x + No WEP Page 6.16 MAC Filter Figure 6-12MAC Address Filter 6.17 Introduction to RADIUS •Authentication •Accounting Types of RADIUS Messages •Access-Request 6.17.1 EAP Authentication Overview 6.18 Introduction to Local User Database 6.19 Configuring Local User Database Figure 6-14Local User Database 6.20 Configuring RADIUS Figure 6-15RADIUS Table 6-11RADIUS Page IP Screen 7.1Factory Ethernet Defaults 7.2TCP/IP Parameters 7.2.1 IP Address and Subnet Mask 7.3Configuring IP Table 7-1IP Setup Part III: LOGS Page Logs Screens 8.1Configuring View Log 8.2Configuring Log Settings Figure 8-2Log Settings Table 8-2Log Settings Page Page Part IV: MAINTENANCE Page Maintenance 9.1Maintenance Overview 9.2System Status Screen 9.2.1 System Statistics 9.3Association List 9.4Channel Usage Figure 9-4Channel Usage Table 9-4Channel Usage 9.5F/W Upload Screen Table 9-5Firmware Upload Do not turn off the ZyAIR while firmware upload is in progress Firmware Upload in Process Figure 9-6Firmware Upload In Process Figure 9-7Network Temporarily Disconnected 9.6Configuration Screen 9.6.1 Backup Configuration 9.6.2 Restore Configuration 9.6.3 Back to Factory Defaults 9.7Restart Screen Part V: SMT CONFIGURATION Page Introducing the SMT 10.1 Connect to your ZyAIR Using Telnet 10.2 Changing the System Password 10.3 ZyAIR SMT Menu Overview Example Figure 10-3ZyAIR B-500SMT Menu Overview Example 10.4 Navigating the SMT Interface 10.4.1 System Management Terminal Interface Summary Page General Setup 11.1 General Setup 11.1.1 Procedure To Configure Menu Table 11-1Menu 1 General Setup LAN Setup 12.1 LAN Setup 12.2 TCP/IP Ethernet Setup 12.3 Wireless LAN Setup Figure 12-3Menu 3.5 Wireless LAN Setup Table 12-2Menu 3.5 Wireless LAN Setup Page 12.3.1 Configuring MAC Address Filter Figure 12-5Menu 3.5.1 WLAN MAC Address Filter Table 12-3Menu 3.5.1 WLAN MAC Address Filter 12.3.2 Configuring Roaming Table 12-4Menu 3.5.2 Roaming Configuration Dial-inUser Setup 13.1 Dial-inUser Setup Table 13-1Menu 14.1- Edit Dial-inUser SNMP Configuration 14.1 About SNMP 14.2 Supported MIBs 14.3 SNMP Configuration 14.4 SNMP Traps Table 14-2SNMP Traps System Security 15.1 System Security 15.1.1 System Password 15.1.2 Configuring External RADIUS Server Figure 15-3Menu 23.2 System Security : RADIUS Server Table 15-1Menu 23.2 System Security : RADIUS Server 15.1.3 IEEE Figure 15-5Menu 23.4 System Security : IEEE802.1x Table 15-2Menu 23.4 System Security : IEEE802.1x Page Page System Information and Diagnosis 16.1 Overview 16.2 System Status Figure 16-2Menu 24.1 System Maintenance : Status Table 16-1Menu 24.1 System Maintenance : Status 16.3 System Information 16.3.1 System Information 16.3.2 Console Port Speed 16.4 Log and Trace 16.4.1 Viewing Error Log 16.5 Diagnostic Figure 16-8Menu 24.4 System Maintenance : Diagnostic Diagnostic Table 16-3Menu 24.4 System Maintenance Menu : Diagnostic Firmware and Configuration File Maintenance 17.1 Filename Conventions 17.2 Backup Configuration 17.2.1 Backup Configuration Using FTP 17.2.2 Using the FTP command from the DOS Prompt 17.2.3 Backup Configuration Using TFTP 17.2.4 Example: TFTP Command 17.3 Restore Configuration 17.4 Uploading Firmware and Configuration Files 17.4.1 Firmware Upload 17.4.2 Configuration File Upload 17.4.3 Using the FTP command from the DOS Prompt Example 17.4.4 TFTP File Upload 17.4.5 Example: TFTP Command System Maintenance and Information 18.1 Command Interpreter Mode 18.2 Time and Date Setting 18.2.1 Resetting the Time Page Part VI: APPENDICES Page Troubleshooting Problems Starting Up the ZyAIR Problems with the Ethernet Interface Problems with the Password Problems with Telnet Problems with the WLAN Interface Page Brute-ForcePassword Guessing Protection Page Setting up Your Computer’s IP Address Windows 95/98/Me Properties Page Windows 2000/NT/XP Page Page Page Macintosh OS 8/9 Page Macintosh OS Page Page Wireless LAN and IEEE Benefits of a Wireless LAN IEEE Ad-hocWireless LAN Configuration Infrastructure Wireless LAN Configuration Diagram D-2ESS Provides Campus-WideCoverage Page Wireless LAN With IEEE Security Flaws with IEEE Deployment Issues with IEEE Advantages of the IEEE Diagram E-1Sequences for EAP MD5–ChallengeAuthentication Types of EAP Authentication EAP-MD5 (Message-DigestAlgorithm 5) EAP-TLS(Transport Layer Security) EAP-TTLS(Tunneled Transport Layer Service) PEAP (Protected EAP) LEAP IP Subnetting IP Addressing IP Classes Subnet Masks Subnetting Example: Two Subnets Page Example: Four Subnets Example Eight Subnets Subnetting With Class A and Class B Networks Page Command Interpreter Command Syntax Command Usage Page Log Descriptions Chart I-2ICMP Notes Log Commands Log Command Example Page Page Index Page Console Port Speed Log and Trace