User Guide
Page 17
... spectrums and the IEEE 802.11n standard's high bandwidth to support high-performance applications. The NWA3000-N series AP controls network access with Media Access Control (MAC) address filtering, rogue Access Point (AP) detection and containment, and an internal authentication server. A NWA3000-N series AP can serve as an AP, Bridge...QoS features eliminate voice call disruptions. CHAPTER 1 Introduction 1.1 Overview Your NWA3000-N series AP's business-class reliability, SMB features, and centralized wireless management make it ideally suited for how to make hardware connections.
... spectrums and the IEEE 802.11n standard's high bandwidth to support high-performance applications. The NWA3000-N series AP controls network access with Media Access Control (MAC) address filtering, rogue Access Point (AP) detection and containment, and an internal authentication server. A NWA3000-N series AP can serve as an AP, Bridge...QoS features eliminate voice call disruptions. CHAPTER 1 Introduction 1.1 Overview Your NWA3000-N series AP's business-class reliability, SMB features, and centralized wireless management make it ideally suited for how to make hardware connections.
User Guide
Page 22
... not encrypted. Unless specified, the term "security settings" refers to access the wired network, while X and Y communicate in AP + Bridge mode, security between APs (WDS) is independent of the security between the wireless stations and the AP. Chapter 1 Introduction 1.2.2 AP + Bridge In...AP + Bridge Application Y X A B 1.2.3 MBSSID A Basic Service Set (BSS) is the name of devices forming a single wireless network (usually an access point and one or more wireless clients). When the NWA3000-N series AP is in bridge mode. In Multiple BSS (MBSSID) mode, the 22 NWA3000-N Series User's...
... not encrypted. Unless specified, the term "security settings" refers to access the wired network, while X and Y communicate in AP + Bridge mode, security between APs (WDS) is independent of the security between the wireless stations and the AP. Chapter 1 Introduction 1.2.2 AP + Bridge In...AP + Bridge Application Y X A B 1.2.3 MBSSID A Basic Service Set (BSS) is the name of devices forming a single wireless network (usually an access point and one or more wireless clients). When the NWA3000-N series AP is in bridge mode. In Multiple BSS (MBSSID) mode, the 22 NWA3000-N Series User's...
User Guide
Page 23
...for an example of using its own BSS and using MBSS. 1.3 Management Mode One NWA3000-N series AP uses Control And Provisioning of Wireless Access Points (CAPWAP, see RFC 5415) to allow one AP to configure and manage up and maintaining multiple devices. See Section 4.1 on page... use legacy device information hyper-links to connect to the Web Configurators of the following ZyNOS-based NWA-3000 series APs: • NWA-3160 • NWA-3163 • NWA-3500 • NWA-3550 • NWA-3166 1. Chapter 1 Introduction NWA3000-N series AP provides multiple virtual APs, each forming its own ...
...for an example of using its own BSS and using MBSS. 1.3 Management Mode One NWA3000-N series AP uses Control And Provisioning of Wireless Access Points (CAPWAP, see RFC 5415) to allow one AP to configure and manage up and maintaining multiple devices. See Section 4.1 on page... use legacy device information hyper-links to connect to the Web Configurators of the following ZyNOS-based NWA-3000 series APs: • NWA-3160 • NWA-3163 • NWA-3500 • NWA-3550 • NWA-3166 1. Chapter 1 Introduction NWA3000-N series AP provides multiple virtual APs, each forming its own ...
User Guide
Page 50
...often select an option to configure the LAN Ethernet interface including VLAN settings. MENU ITEM(S) Configuration > LAN Setting. 3.3.4 Wireless Use these screens to finish configuring the feature. WHERE USED These are other NWA3000-N series APs, work as a ... one . There are no other features to this screen to create a new object. MENU ITEM(S) Configuration > Wireless. 50 NWA3000-N Series User's Guide See the web help or the related User's Guide chapter for this feature ... and tabs you return to the main screen to manage your wireless Access Points.
...often select an option to configure the LAN Ethernet interface including VLAN settings. MENU ITEM(S) Configuration > LAN Setting. 3.3.4 Wireless Use these screens to finish configuring the feature. WHERE USED These are other NWA3000-N series APs, work as a ... one . There are no other features to this screen to create a new object. MENU ITEM(S) Configuration > Wireless. 50 NWA3000-N Series User's Guide See the web help or the related User's Guide chapter for this feature ... and tabs you return to the main screen to manage your wireless Access Points.
User Guide
Page 52
.... 3.5 System This section introduces some of channels for other wireless devices in the vicinity. Server Use these screens to scan for other wireless devices broadcasting on your NWA3000-N series AP's wireless network. Use Date/Time to your network. Use Console Speed...periodically listen to access the NWA3000-N series AP. Table 15 MON Profile Types TYPE ABILITIES Monitor Create monitor mode configurations that allow your network. Chapter 3 Configuration Basics 3.4.2 AP Profile Use these screens to configure preset profiles for the Access Points (APs) connected ...
.... 3.5 System This section introduces some of channels for other wireless devices in the vicinity. Server Use these screens to scan for other wireless devices broadcasting on your NWA3000-N series AP's wireless network. Use Date/Time to your network. Use Console Speed...periodically listen to access the NWA3000-N series AP. Table 15 MON Profile Types TYPE ABILITIES Monitor Create monitor mode configurations that allow your network. Chapter 3 Configuration Basics 3.4.2 AP Profile Use these screens to configure preset profiles for the Access Points (APs) connected ...
User Guide
Page 63
... to make the radio profile active. 7b MBSSID Settings: Select an entry to change it to save these settings. 4.2 Rogue AP Detection Rogue APs are wireless access points interacting with the network managed by the NWA3000-N series AP but which are not under the control of visitor traffic, it might be useful to... security policy. 7 The Edit Radio Profile window opens. AP detection only works when at least 1 AP is setting up an unauthorized AP that both support wireless network. If a reception area has a high volume of the network administrator. If you see if anyone sets up their...
... to make the radio profile active. 7b MBSSID Settings: Select an entry to change it to save these settings. 4.2 Rogue AP Detection Rogue APs are wireless access points interacting with the network managed by the NWA3000-N series AP but which are not under the control of visitor traffic, it might be useful to... security policy. 7 The Edit Radio Profile window opens. AP detection only works when at least 1 AP is setting up an unauthorized AP that both support wireless network. If a reception area has a high volume of the network administrator. If you see if anyone sets up their...
User Guide
Page 77
... summary of detected rogue APs. All AP This section displays a summary for all wireless devices detected by the NWA3000-N series AP. AP Rogue AP This displays the number of connected wireless Access Points (APs). The first MAC address is assigned to the Ethernet LAN port, the second...Device This sections displays a summary of this NWA3000-N series AP. Model Name This field displays the model name of all connected wireless APs when the NWA3000-N series AP is in controller mode. Serial Number This field displays the serial number of currently connected managed...
... summary of detected rogue APs. All AP This section displays a summary for all wireless devices detected by the NWA3000-N series AP. AP Rogue AP This displays the number of connected wireless Access Points (APs). The first MAC address is assigned to the Ethernet LAN port, the second...Device This sections displays a summary of this NWA3000-N series AP. Model Name This field displays the model name of all connected wireless APs when the NWA3000-N series AP is in controller mode. Serial Number This field displays the serial number of currently connected managed...
User Guide
Page 79
.... This field displays the port speed and duplex setting (Full or Half). For example, this displays the top 5 Access Points (AP) with the highest number of station (aka wireless client) connections during the past 24 hours. # This field displays the rank of the station. If the IP address...The possible values depend on the interface. This interface is . Action DHCP Client - Station Count This field displays the maximum number of wireless clients that have connected to which the interface belongs. This displays when the NWA3000-N series AP is not active on what type of...
.... This field displays the port speed and duplex setting (Full or Half). For example, this displays the top 5 Access Points (AP) with the highest number of station (aka wireless client) connections during the past 24 hours. # This field displays the rank of the station. If the IP address...The possible values depend on the interface. This interface is . Action DHCP Client - Station Count This field displays the maximum number of wireless clients that have connected to which the interface belongs. This displays when the NWA3000-N series AP is not active on what type of...
User Guide
Page 80
... of CPU usage. Refresh Now Click this screen to be automatically updated. Band This indicates the wireless frequency band currently being used by the radio. Operating modes are AP (access point) or MON (monitor). Table 18 Dashboard > CPU Usage LABEL DESCRIPTION % The y-axis represents ...the percentage of wireless clients connected to the NWA3000-N series AP. 5.2.1 CPU Usage Use this to update the ...
... of CPU usage. Refresh Now Click this screen to be automatically updated. Band This indicates the wireless frequency band currently being used by the radio. Operating modes are AP (access point) or MON (monitor). Table 18 Dashboard > CPU Usage LABEL DESCRIPTION % The y-axis represents ...the percentage of wireless clients connected to the NWA3000-N series AP. 5.2.1 CPU Usage Use this to update the ...
User Guide
Page 84
Friendly AP Friendly APs are other wireless access points that are detected in your network, as well as any others that are not under the control of the network's administrators, and can start it ... screen to look at general LAN interface information and packet statistics. Interface Summary 84 NWA3000-N Series User's Guide Chapter 6 Monitor Rogue AP Rogue APs are wireless access points operating in a network's coverage area that you want this screen. Figure 26 Monitor > LAN Status The following table describes the labels in a network's security. Table...
Friendly AP Friendly APs are other wireless access points that are detected in your network, as well as any others that are not under the control of the network's administrators, and can start it ... screen to look at general LAN interface information and packet statistics. Interface Summary 84 NWA3000-N Series User's Guide Chapter 6 Monitor Rogue AP Rogue APs are wireless access points operating in a network's coverage area that you want this screen. Figure 26 Monitor > LAN Status The following table describes the labels in a network's security. Table...
User Guide
Page 90
Operating modes are AP (access point) or MON (monitor). AP Description This displays the... total number of the AP to which it is in standalone mode, this list. Table 25 Monitor > Wireless > AP Information > Radio List LABEL DESCRIPTION More Information Click this displays the number of packets transmitted by...series AP is activated. Tx PKT This displays the total number of wireless clients connected to the NWA3000-N series AP. To access this screen. Figure 30 Monitor > Wireless > AP Information > Radio List (Controller Mode) The following table ...
Operating modes are AP (access point) or MON (monitor). AP Description This displays the... total number of the AP to which it is in standalone mode, this list. Table 25 Monitor > Wireless > AP Information > Radio List LABEL DESCRIPTION More Information Click this displays the number of packets transmitted by...series AP is activated. Tx PKT This displays the total number of wireless clients connected to the NWA3000-N series AP. To access this screen. Figure 30 Monitor > Wireless > AP Information > Radio List (Controller Mode) The following table ...
User Guide
Page 103
The following figure illustrates a CAPWAP wireless network. Figure 38 CAPWAP Network Example U DHCP SERVER C M1 M2 M3 M4 NWA3000-N Series User's Guide 103 The CAPWAP dataflow is ZyXEL's implementation of the CAPWAP protocol (RFC 5415). You (U) configure the AP controller (C), which determines whether the ... using the NWA3000-N series AP in its default standalone mode, or as part of a Control And Provisioning of Wireless Access Points (CAPWAP) network. 7.2 About CAPWAP The NWA3000-N series AP supports CAPWAP. This is protected by Datagram Transport Layer Security (DTLS).
The following figure illustrates a CAPWAP wireless network. Figure 38 CAPWAP Network Example U DHCP SERVER C M1 M2 M3 M4 NWA3000-N Series User's Guide 103 The CAPWAP dataflow is ZyXEL's implementation of the CAPWAP protocol (RFC 5415). You (U) configure the AP controller (C), which determines whether the ... using the NWA3000-N series AP in its default standalone mode, or as part of a Control And Provisioning of Wireless Access Points (CAPWAP) network. 7.2 About CAPWAP The NWA3000-N series AP supports CAPWAP. This is protected by Datagram Transport Layer Security (DTLS).
User Guide
Page 104
...it cannot be a standalone AP (default), a CAPWAP managed AP, or a CAPWAP AP controller. 7.2.1 CAPWAP Discovery and Management The link between CAPWAP-enabled access points proceeds as follows: 1 An AP in managed AP mode joins a wired network (receives a dynamic IP address). 2 The AP sends out a discovery ...Mode Note: The NWA3000-N series AP can be a DHCP client. 7.2.3 CAPWAP and IP Subnets By default, CAPWAP works only between devices with wireless clients. 7.2.2 Managed AP Finds the Controller A managed NWA3000-N series AP can find the controller in the same subnet (see the appendices for...
...it cannot be a standalone AP (default), a CAPWAP managed AP, or a CAPWAP AP controller. 7.2.1 CAPWAP Discovery and Management The link between CAPWAP-enabled access points proceeds as follows: 1 An AP in managed AP mode joins a wired network (receives a dynamic IP address). 2 The AP sends out a discovery ...Mode Note: The NWA3000-N series AP can be a DHCP client. 7.2.3 CAPWAP and IP Subnets By default, CAPWAP works only between devices with wireless clients. 7.2.2 Managed AP Finds the Controller A managed NWA3000-N series AP can find the controller in the same subnet (see the appendices for...
User Guide
Page 111
... to configure how the NWA3000-N series AP manages the Access Point that are currently being used by scanning the area around it is in standalone mode or the general wireless settings of all of the NWA3000-N series AP's managed APs if the NWA3000-N series AP is in this chapter. NWA3000-N...the NWA3000-N series AP is in controller mode. • The AP Management screen (Section 9.3 on page 113) manages the NWA3000-N series AP's general wireless settings if it and determining what channels are connected to it. 9.1.1 What You Can Do in controller mode. • The MON Mode screen (Section ...
... to configure how the NWA3000-N series AP manages the Access Point that are currently being used by scanning the area around it is in standalone mode or the general wireless settings of all of the NWA3000-N series AP's managed APs if the NWA3000-N series AP is in this chapter. NWA3000-N...the NWA3000-N series AP is in controller mode. • The AP Management screen (Section 9.3 on page 113) manages the NWA3000-N series AP's general wireless settings if it and determining what channels are connected to it. 9.1.1 What You Can Do in controller mode. • The MON Mode screen (Section ...
User Guide
Page 112
... mode. Click Reset to return the screen to the NWA3000-N series AP. Chapter 9 Wireless Load Balancing (Wireless) Wireless load balancing is the process where you limit the number of connections allowed on an wireless access point (AP) or you limit the amount of APs. Click Apply to save your changes... back to its last-saved settings. 112 NWA3000-N Series User's Guide Apply Reset APs must be connected to access this screen to set of wireless traffic transmitted and ...
... mode. Click Reset to return the screen to the NWA3000-N series AP. Chapter 9 Wireless Load Balancing (Wireless) Wireless load balancing is the process where you limit the number of connections allowed on an wireless access point (AP) or you limit the amount of APs. Click Apply to save your changes... back to its last-saved settings. 112 NWA3000-N Series User's Guide Apply Reset APs must be connected to access this screen to set of wireless traffic transmitted and ...
User Guide
Page 116
...the friendly AP list. Click OK to save your changes back to access this mode it cannot receive connections from wireless clients and pass their data traffic through the Create new Object menu. A rogue AP is a wireless access point operating in a network's coverage area that is set to an ...upstream gateway for radio 1. Click Configuration > Wireless > MON Mode to the NWA3000-N series AP. If an AP is not under the control...
...the friendly AP list. Click OK to save your changes back to access this mode it cannot receive connections from wireless clients and pass their data traffic through the Create new Object menu. A rogue AP is a wireless access point operating in a network's coverage area that is set to an ...upstream gateway for radio 1. Click Configuration > Wireless > MON Mode to the NWA3000-N series AP. If an AP is not under the control...
User Guide
Page 168
... is set to the 5 GHz range (802.11 a/n). Set Scan Channel List (5 G) These channels are limited to manual. Rogue APs Rogue APs are wireless access points operating in a network's coverage area that are limited to manual. OK Cancel These channels are not under the control of a rogue AP's weaker (or ...non-existent) security to gain access to the network, or set up holes in this chapter. Chapter 13 MON Profile Table 61 Configuration > Object > MON Profile > Add/Edit MON ...
... is set to the 5 GHz range (802.11 a/n). Set Scan Channel List (5 G) These channels are limited to manual. Rogue APs Rogue APs are wireless access points operating in a network's coverage area that are limited to manual. OK Cancel These channels are not under the control of a rogue AP's weaker (or ...non-existent) security to gain access to the network, or set up holes in this chapter. Chapter 13 MON Profile Table 61 Configuration > Object > MON Profile > Add/Edit MON ...
User Guide
Page 169
...have a network with a large number of "friendly" APs. Friendly APs are other wireless access points that are not a threat (those from recognized networks, for example). In this example, the attacker now has access to connect his workstation in your network, as well as any others that is easily ... B) is well-secured, but the rogue AP uses inferior security that you should also configure a list of access points. It is recommended that you export (save) your wireless network, you know are detected in order to allow him to the company network, including sensitive data stored on...
...have a network with a large number of "friendly" APs. Friendly APs are other wireless access points that are not a threat (those from recognized networks, for example). In this example, the attacker now has access to connect his workstation in your network, as well as any others that is easily ... B) is well-secured, but the rogue AP uses inferior security that you should also configure a list of access points. It is recommended that you export (save) your wireless network, you know are detected in order to allow him to the company network, including sensitive data stored on...
User Guide
Page 281
...(Control And Provisioning of Wireless Access Points), which allows a manger ...the wireless station against a list of Service • WMM certified (prioritizes wireless traffic...series AP allows SSL connections to access your network to authenticate users. ... "https" instead of the wireless stations that 's transmitted over an...switches, bridges or routers. Wireless Intrusion Prevention Rogue AP detection,... series AP can balance wireless network traffic between any two...packet tracing. Wireless Association List With the wireless association list,...802.11a wireless channels. Certificates...
...(Control And Provisioning of Wireless Access Points), which allows a manger ...the wireless station against a list of Service • WMM certified (prioritizes wireless traffic...series AP allows SSL connections to access your network to authenticate users. ... "https" instead of the wireless stations that 's transmitted over an...switches, bridges or routers. Wireless Intrusion Prevention Rogue AP detection,... series AP can balance wireless network traffic between any two...packet tracing. Wireless Association List With the wireless association list,...802.11a wireless channels. Certificates...
User Guide
Page 380
...242 system-default.conf 247 uploading 247 uploading with FTP 215 use without restart 241 console port 25 speed 199 Control and Provisioning of Wireless Access Points See CAPWAP cookies 31 copyright 373 CPU usage 77, 80 CTS (Clear to Send) 322 current date/time 78, 194 daylight ...HA 127 active-passive mode 131 cluster ID 136, 273 configuration overview 51 copying configuration 128 device role 132 HA status 130 management access 128 management IP address 128 monitored interfaces 134, 136 password 134 prerequisites 51 synchronization 128 synchronization password 134 synchronization port number 133 ...
...242 system-default.conf 247 uploading 247 uploading with FTP 215 use without restart 241 console port 25 speed 199 Control and Provisioning of Wireless Access Points See CAPWAP cookies 31 copyright 373 CPU usage 77, 80 CTS (Clear to Send) 322 current date/time 78, 194 daylight ...HA 127 active-passive mode 131 cluster ID 136, 273 configuration overview 51 copying configuration 128 device role 132 HA status 130 management access 128 management IP address 128 monitored interfaces 134, 136 password 134 prerequisites 51 synchronization 128 synchronization password 134 synchronization port number 133 ...