User Guide
Page 9
Contents Overview Contents Overview Introduction ...21 Introducing the NWA ...23 The Web Configurator ...37 Tutorial ...41 The Web Configurator ...81 Status Screens ...83 Management Mode ...87 AP Controller Mode ...93 System Screens ...109 Wireless Configuration ...119 SSID Screen ...145 Wireless Security Screen... ...155 RADIUS Screen ...169 Layer-2 Isolation Screen ...173 MAC Filter Screen ...179 IP Screen ...183 Rogue AP Detection ...187 Remote Management Screens 195 Internal RADIUS Server ...209 Certificates ...217 Log Screens ...235 VLAN ...245 Load Balancing ...265...
Contents Overview Contents Overview Introduction ...21 Introducing the NWA ...23 The Web Configurator ...37 Tutorial ...41 The Web Configurator ...81 Status Screens ...83 Management Mode ...87 AP Controller Mode ...93 System Screens ...109 Wireless Configuration ...119 SSID Screen ...145 Wireless Security Screen... ...155 RADIUS Screen ...169 Layer-2 Isolation Screen ...173 MAC Filter Screen ...179 IP Screen ...183 Rogue AP Detection ...187 Remote Management Screens 195 Internal RADIUS Server ...209 Certificates ...217 Log Screens ...235 VLAN ...245 Load Balancing ...265...
User Guide
Page 11
... 21 Chapter 1 Introducing the NWA ...23 1.1 Overview ...23 1.2 Applications for the NWA ...24 1.2.1 Access Point ...24 1.2.2 Bridge / Repeater ...25 1.2.2.1 Bridge / Repeater Mode Example 26 1.2.3 AP + Bridge ...28 1.2.4 MBSSID...NWA 32 1.5 Good Habits for Managing the NWA 32 1.6 Configuring Your NWA's Security Features 32 1.6.1 Control Access to Your Device 33 1.6.2 Wireless Security ...33 1.7 Hardware Connections ...34 1.7.1 Antennas ...34 1.8 LEDs ...34 Chapter 2 The Web Configurator ...37 2.1 Overview ...37 2.2 Accessing the Web Configurator 37 2.3 Resetting the NWA ...38 NWA-3500/NWA...
... 21 Chapter 1 Introducing the NWA ...23 1.1 Overview ...23 1.2 Applications for the NWA ...24 1.2.1 Access Point ...24 1.2.2 Bridge / Repeater ...25 1.2.2.1 Bridge / Repeater Mode Example 26 1.2.3 AP + Bridge ...28 1.2.4 MBSSID...NWA 32 1.5 Good Habits for Managing the NWA 32 1.6 Configuring Your NWA's Security Features 32 1.6.1 Control Access to Your Device 33 1.6.2 Wireless Security ...33 1.7 Hardware Connections ...34 1.7.1 Antennas ...34 1.8 LEDs ...34 Chapter 2 The Web Configurator ...37 2.1 Overview ...37 2.2 Accessing the Web Configurator 37 2.3 Resetting the NWA ...38 NWA-3500/NWA...
User Guide
Page 12
...53 3.3.3.3 Activate the Guest Profile 54 3.3.4 Testing the Wireless Networks 54 3.4 How to Set Up and Use Rogue AP Detection 55 3.4.1 Set Up and Save a Friendly AP list 57 3.4.2 Activate Periodic Rogue AP Detection 60 3.4.3 Set Up E-mail Logs ...61 3.4.4 Configure Your Other Access Points 62 3.4.5 Test the Setup ...... 69 3.5.6.2 Testing the Configuration 70 3.6 How to Configure Management Modes 71 3.6.1 Scenario ...71 3.6.2 Your Requirements ...72 3.6.3 Setup ...72 3.6.4 Configure Your NWA in Controller AP Mode 73 3.6.4.1 Secondary AP Controller 74 12 NWA-3500/NWA-3550 User's Guide
...53 3.3.3.3 Activate the Guest Profile 54 3.3.4 Testing the Wireless Networks 54 3.4 How to Set Up and Use Rogue AP Detection 55 3.4.1 Set Up and Save a Friendly AP list 57 3.4.2 Activate Periodic Rogue AP Detection 60 3.4.3 Set Up E-mail Logs ...61 3.4.4 Configure Your Other Access Points 62 3.4.5 Test the Setup ...... 69 3.5.6.2 Testing the Configuration 70 3.6 How to Configure Management Modes 71 3.6.1 Scenario ...71 3.6.2 Your Requirements ...72 3.6.3 Setup ...72 3.6.4 Configure Your NWA in Controller AP Mode 73 3.6.4.1 Secondary AP Controller 74 12 NWA-3500/NWA-3550 User's Guide
User Guide
Page 13
Table of Contents 3.6.4.2 Primary AP Controller 75 3.6.5 Setting Your NWA in Managed AP Mode 75 3.6.6 Configuring the Managed Access Points List 76 3.6.7 Checking your Settings and Testing the Configuration 79 Part II: The...94 6.2 Controller AP Navigation Menu 94 6.3 Controller AP Status Screen 95 6.4 AP Lists Screen ...97 6.4.1 The AP Lists Edit Screen 100 6.5 Configuration Screen ...101 6.6 Redundancy Screen ...102 6.7 The Profile Edit Screens ...102 6.7.1 The Radio Profile Screen 103 6.7.2 The Radio Profile Edit Screen 104 Chapter 7 System Screens ...109 NWA-3500/NWA-3550 User's ...
Table of Contents 3.6.4.2 Primary AP Controller 75 3.6.5 Setting Your NWA in Managed AP Mode 75 3.6.6 Configuring the Managed Access Points List 76 3.6.7 Checking your Settings and Testing the Configuration 79 Part II: The...94 6.2 Controller AP Navigation Menu 94 6.3 Controller AP Status Screen 95 6.4 AP Lists Screen ...97 6.4.1 The AP Lists Edit Screen 100 6.5 Configuration Screen ...101 6.6 Redundancy Screen ...102 6.7 The Profile Edit Screens ...102 6.7.1 The Radio Profile Screen 103 6.7.2 The Radio Profile Edit Screen 104 Chapter 7 System Screens ...109 NWA-3500/NWA-3550 User's ...
User Guide
Page 14
... Wireless Screen 119 8.2.1 What You Need To Know About the Wireless Screen 120 8.3 The Wireless Screen ...123 8.3.1 Access Point Mode 123 8.3.2 Bridge / Repeater Mode 126 8.3.3 AP + Bridge Mode ...131 8.3.4 MBSSID Mode ...136 8.4 Technical Reference ...139 8.4.1 Spanning Tree Protocol (STP 139 8.4.1.1 Rapid STP 139 8.4.1.2 STP Terminology 140 8.4.1.3 How STP Works 140 8.4.1.4 STP... SSID ...148 9.3 Technical Reference ...149 9.3.1 WMM QoS ...149 9.3.1.1 WMM QoS Priorities 150 9.3.2 ATC ...150 9.3.3 ATC+WMM ...151 9.3.3.1 ATC+WMM from LAN to WLAN 152 14 NWA-3500/NWA-3550 User's Guide
... Wireless Screen 119 8.2.1 What You Need To Know About the Wireless Screen 120 8.3 The Wireless Screen ...123 8.3.1 Access Point Mode 123 8.3.2 Bridge / Repeater Mode 126 8.3.3 AP + Bridge Mode ...131 8.3.4 MBSSID Mode ...136 8.4 Technical Reference ...139 8.4.1 Spanning Tree Protocol (STP 139 8.4.1.1 Rapid STP 139 8.4.1.2 STP Terminology 140 8.4.1.3 How STP Works 140 8.4.1.4 STP... SSID ...148 9.3 Technical Reference ...149 9.3.1 WMM QoS ...149 9.3.1.1 WMM QoS Priorities 150 9.3.2 ATC ...150 9.3.3 ATC+WMM ...151 9.3.3.1 ATC+WMM from LAN to WLAN 152 14 NWA-3500/NWA-3550 User's Guide
User Guide
Page 16
... ...187 15.1 Overview ...187 15.1.1 What You Can Do in the Rogue AP Screen 188 15.1.2 What You Need To Know About Rogue AP 188 15.2 Configuration Screen ...190 15.2.1 Friendly AP Screen 191 15.2.2 Rogue AP Screen 192 Chapter 16 Remote Management Screens 195 16.1 Overview ...195 16.1.1 What You Can Do in....1.1 What You Can Do in this Chapter 210 17.1.2 What You Need To Know 210 17.2 Internal RADIUS Server Setting Screen 210 17.3 The Trusted AP Screen 212 17.4 The Trusted Users Screen 213 17.5 Technical Reference ...214 16 NWA-3500/NWA-3550 User's Guide
... ...187 15.1 Overview ...187 15.1.1 What You Can Do in the Rogue AP Screen 188 15.1.2 What You Need To Know About Rogue AP 188 15.2 Configuration Screen ...190 15.2.1 Friendly AP Screen 191 15.2.2 Rogue AP Screen 192 Chapter 16 Remote Management Screens 195 16.1 Overview ...195 16.1.1 What You Can Do in....1.1 What You Can Do in this Chapter 210 17.1.2 What You Need To Know 210 17.2 Internal RADIUS Server Setting Screen 210 17.3 The Trusted AP Screen 212 17.4 The Trusted Users Screen 213 17.5 Technical Reference ...214 16 NWA-3500/NWA-3550 User's Guide
User Guide
Page 18
... 23.9 Restart Screen ...284 Part III: Troubleshooting and Specifications 287 Chapter 24 Troubleshooting...289 24.1 Overview ...289 24.2 Power, Hardware Connections, and LEDs 289 24.3 NWA Access and Login 290 24.4 AP Management Modes 292 24.5 Internet Access ...294 18 NWA-3500/NWA-3550 User's Guide
... 23.9 Restart Screen ...284 Part III: Troubleshooting and Specifications 287 Chapter 24 Troubleshooting...289 24.1 Overview ...289 24.2 Power, Hardware Connections, and LEDs 289 24.3 NWA Access and Login 290 24.4 AP Management Modes 292 24.5 Internet Access ...294 18 NWA-3500/NWA-3550 User's Guide
User Guide
Page 23
...providing easy network access to make hardware connections. The NWA controls network access with MAC address filtering, rogue AP detection, layer 2 isolation and an internal authentication server. It also provides a high level of the NWA. It also introduces the ways you to easily ... instructions on how to mobile users. Illustrations used throughout this book are based on the NWA-3500 (unless otherwise stated). The Web Configuration screens are based on the NWA-3500 (unless otherwise stated). 1.1 Overview This chapter introduces the main applications and features of network...
...providing easy network access to make hardware connections. The NWA controls network access with MAC address filtering, rogue AP detection, layer 2 isolation and an internal authentication server. It also provides a high level of the NWA. It also introduces the ways you to easily ... instructions on how to mobile users. Illustrations used throughout this book are based on the NWA-3500 (unless otherwise stated). The Web Configuration screens are based on the NWA-3500 (unless otherwise stated). 1.1 Overview This chapter introduces the main applications and features of network...
User Guide
Page 24
... A B BSS1 AP2 C BSS2 24 NWA-3500/NWA-3550 User's Guide Note: A different channel should be configured to use the following WLAN operating modes: • Access Point (AP) • Bridge / Repeater • AP + Bridge • MBSSID Applications for each WLAN interface to reduce the effects of radio interference. 1.2.1 Access Point The NWA is shown as follows. A typical...
... A B BSS1 AP2 C BSS2 24 NWA-3500/NWA-3550 User's Guide Note: A different channel should be configured to use the following WLAN operating modes: • Access Point (AP) • Bridge / Repeater • AP + Bridge • MBSSID Applications for each WLAN interface to reduce the effects of radio interference. 1.2.1 Access Point The NWA is shown as follows. A typical...
User Guide
Page 25
... 2 Bridge Application A B NWA-3500/NWA-3550 User's Guide 25 When WDS security is not encrypted. A NWA in repeater mode (C in bridge mode, you do not enable WDS security, traffic between APs is enabled, both APs must use the same preshared key. When the NWA is in Bridge / Repeater.... At the time of the security between APs (the Wireless Distribution System or WDS) is made. When the NWA is compatible with B) at the same time. Chapter 1 Introducing the NWA 1.2.2 Bridge / Repeater The NWA can communicate with other ZyXEL access points only. Refer to independent wired ...
... 2 Bridge Application A B NWA-3500/NWA-3550 User's Guide 25 When WDS security is not encrypted. A NWA in repeater mode (C in bridge mode, you do not enable WDS security, traffic between APs is enabled, both APs must use the same preshared key. When the NWA is in Bridge / Repeater.... At the time of the security between APs (the Wireless Distribution System or WDS) is made. When the NWA is compatible with B) at the same time. Chapter 1 Introducing the NWA 1.2.2 Bridge / Repeater The NWA can communicate with other ZyXEL access points only. Refer to independent wired ...
User Guide
Page 28
... WDS security, traffic between the wireless stations and the NWA. In Multiple BSS (MBSSID) mode, the NWA 28 NWA-3500/NWA-3550 User's Guide When WDS security is in bridge mode. In the figure below, A and B use the same pre-shared key. When the NWA is enabled, both AP and bridge connection at the same time. Unless...
... WDS security, traffic between the wireless stations and the NWA. In Multiple BSS (MBSSID) mode, the NWA 28 NWA-3500/NWA-3550 User's Guide When WDS security is in bridge mode. In the figure below, A and B use the same pre-shared key. When the NWA is enabled, both AP and bridge connection at the same time. Unless...
User Guide
Page 29
...following figure, VoIP_SSID users have priority. In this example, the guest user is the wireless network for guest users. Figure 8 Multiple BSSs NWA-3500/NWA-3550 User's Guide 29 You can configure up to sixteen SSID profiles, and have the correct security settings. As in your office where ... as a 'guest' wireless network for standard users, and Guest_SSID is forbidden access to the wired Land Area Network (LAN) behind the AP and can assign different wireless and security settings to and from certain BSSs. You also want to set varying access privileges, and prioritize network...
...following figure, VoIP_SSID users have priority. In this example, the guest user is the wireless network for guest users. Figure 8 Multiple BSSs NWA-3500/NWA-3550 User's Guide 29 You can configure up to sixteen SSID profiles, and have the correct security settings. As in your office where ... as a 'guest' wireless network for standard users, and Guest_SSID is forbidden access to the wired Land Area Network (LAN) behind the AP and can assign different wireless and security settings to and from certain BSSs. You also want to set varying access privileges, and prioritize network...
User Guide
Page 30
...; Guest_SSID. Chapter 1 Introducing the NWA 1.2.5 Pre-Configured SSID Profiles The NWA has two pre-configured SSID profiles. • VoIP_SSID. Figure 9 Dual WLAN Adaptors Example Z WLAN2 802.11a AP + Bridge Internet WLAN1 802.11b/g Access Point 30 NWA-3500/NWA-3550 User's Guide These fields are... all user-configurable. 1.2.6 Configuring Dual WLAN Adaptors The NWA is set to communicate with dual wireless adaptors. In the...
...; Guest_SSID. Chapter 1 Introducing the NWA 1.2.5 Pre-Configured SSID Profiles The NWA has two pre-configured SSID profiles. • VoIP_SSID. Figure 9 Dual WLAN Adaptors Example Z WLAN2 802.11a AP + Bridge Internet WLAN1 802.11b/g Access Point 30 NWA-3500/NWA-3550 User's Guide These fields are... all user-configurable. 1.2.6 Configuring Dual WLAN Adaptors The NWA is set to communicate with dual wireless adaptors. In the...
User Guide
Page 31
... to manage up to eight other access points. This is protected by Datagram Transport Layer Security (DTLS). The following ZyXEL AP models can be CAPWAP managed APs: • NWA-3160 • NWA-3163 • NWA-3500 • NWA-3550 • NWA-3166 The following figure illustrates a CAPWAP wireless network. The managed APs receive all their configuration information from the controller...
... to manage up to eight other access points. This is protected by Datagram Transport Layer Security (DTLS). The following ZyXEL AP models can be CAPWAP managed APs: • NWA-3160 • NWA-3163 • NWA-3500 • NWA-3550 • NWA-3166 The following figure illustrates a CAPWAP wireless network. The managed APs receive all their configuration information from the controller...
User Guide
Page 35
... functioning normally. See Section 8.3 on page 123 for how to or receiving data from its wireless stations. Either The NWA is in AP + Bridge or Bridge/ Repeater mode and has not established a Wireless Distribution System (WDS) connection. You can turn the ZyAIR LED off ... ZyAIR LED has been disabled. The wireless adaptor WLAN2 is receiving power and transmitting data to enable the ZyAIR LED. The NWA is active, and transmitting or receiving data. NWA-3500/NWA-3550 User's Guide 35 Chapter 1 Introducing the NWA The following table describes the behavior of the device LEDs.
... functioning normally. See Section 8.3 on page 123 for how to or receiving data from its wireless stations. Either The NWA is in AP + Bridge or Bridge/ Repeater mode and has not established a Wireless Distribution System (WDS) connection. You can turn the ZyAIR LED off ... ZyAIR LED has been disabled. The wireless adaptor WLAN2 is receiving power and transmitting data to enable the ZyAIR LED. The NWA is active, and transmitting or receiving data. NWA-3500/NWA-3550 User's Guide 35 Chapter 1 Introducing the NWA The following table describes the behavior of the device LEDs.
User Guide
Page 39
... left of the screen when you click Apply or OK to verify that the configuration has been updated. NWA-3500/NWA-3550 User's Guide 39 SERVER (Setting, Trusted AP, Trusted Users), CERTIFICATES (My Certificates, Trusted CAs), LOGS (View Log and Log Settings), VLAN (Wireless... from the Status screen. Chapter 2 The Web Configurator 2.4 Navigating the Web Configurator The following summarizes how to view information about your NWA or upgrade configuration and firmware files. Maintenance features include Association List, Channel Usage, F/W (Firmware) Upload, Configuration (Backup, Restore and...
... left of the screen when you click Apply or OK to verify that the configuration has been updated. NWA-3500/NWA-3550 User's Guide 39 SERVER (Setting, Trusted AP, Trusted Users), CERTIFICATES (My Certificates, Trusted CAs), LOGS (View Log and Log Settings), VLAN (Wireless... from the Status screen. Chapter 2 The Web Configurator 2.4 Navigating the Web Configurator The following summarizes how to view information about your NWA or upgrade configuration and firmware files. Maintenance features include Association List, Channel Usage, F/W (Firmware) Upload, Configuration (Backup, Restore and...
User Guide
Page 41
...want to use the NWA to communicate with other access points. The NWA is a repeater when it has no Ethernet connection and allows other APs to communicate with one another through the NWA. • Use AP + Bridge operating mode if you want to use the NWA as an access point...Use MBSSID (Multiple Basic Service Set Identifier) operating mode if you want to use the NWA as an access point (see above) while also communicating with other APs access your wired Ethernet network through the NWA. NWA-3500/NWA-3550 User's Guide 41 See Section 1.2.2 on page 28 for details. See Section ...
...want to use the NWA to communicate with other access points. The NWA is a repeater when it has no Ethernet connection and allows other APs to communicate with one another through the NWA. • Use AP + Bridge operating mode if you want to use the NWA as an access point...Use MBSSID (Multiple Basic Service Set Identifier) operating mode if you want to use the NWA as an access point (see above) while also communicating with other APs access your wired Ethernet network through the NWA. NWA-3500/NWA-3550 User's Guide 41 See Section 1.2.2 on page 28 for details. See Section ...
User Guide
Page 42
...you should take to configure the wireless settings according to set up your NWA's wireless network (see your Quick Start Guide for information on setting up your settings and test. 42 NWA-3500/NWA-3550 User's Guide MBSSID Mode. Configure WDS Security. Configure MAC Filter (... SERVER (optional). Use the Web Configurator to the operating mode you select. Select SSID Profile. SERVER (optional). AP + Bridge Mode. Check your NWA and accessing the Web Configurator). Configure SSID Profile. Configure Layer 2 Isolation (optional). Configure WDS Security. SERVER (optional).
...you should take to configure the wireless settings according to set up your NWA's wireless network (see your Quick Start Guide for information on setting up your settings and test. 42 NWA-3500/NWA-3550 User's Guide MBSSID Mode. Configure WDS Security. Configure MAC Filter (... SERVER (optional). Use the Web Configurator to the operating mode you select. Select SSID Profile. SERVER (optional). AP + Bridge Mode. Check your NWA and accessing the Web Configurator). Configure SSID Profile. Configure Layer 2 Isolation (optional). Configure WDS Security. SERVER (optional).
User Guide
Page 55
...that your company's data is not a sanctioned part of that network. The example also shows how to set the NWA to your wireless network through a rogue AP. You also know that is not accessible to an attacker gaining entry to send out e-mail alerts whenever it ...NWAs) and a variable number of the building. Your access points are no other static wireless networks in a network's coverage area that the coffee shop on the rogue AP function and security considerations. Your wireless network operates in your coverage area. You also have a network mail/file server, NWA-3500/NWA...
...that your company's data is not a sanctioned part of that network. The example also shows how to set the NWA to your wireless network through a rogue AP. You also know that is not accessible to an attacker gaining entry to send out e-mail alerts whenever it ...NWAs) and a variable number of the building. Your access points are no other static wireless networks in a network's coverage area that the coffee shop on the rogue AP function and security considerations. Your wireless network operates in your coverage area. You also have a network mail/file server, NWA-3500/NWA...
User Guide
Page 56
... more of your wireless network, and the dashed circle represents the extent of the mail server to configure the friendly AP list. This means that the two networks overlap. Table 3 Tutorial: Rogue AP Example Information DEVICE IP ADDRESS Access Point A 192.168.1.1 Access Point B 192.168.1.2 Access Point C 192.168.1.3 ... AA:00:AA:00:AA:00 A0:0A:A0:0A:A0:0A 0A:A0:0A:A0:0A:A0 N/A AF:AF:AF:FA:FA:FA 56 NWA-3500/NWA-3550 User's Guide Chapter 3 Tutorial marked E, and a computer, marked F, connected to use the information in the other wireless network. You need the IP addresses...
... more of your wireless network, and the dashed circle represents the extent of the mail server to configure the friendly AP list. This means that the two networks overlap. Table 3 Tutorial: Rogue AP Example Information DEVICE IP ADDRESS Access Point A 192.168.1.1 Access Point B 192.168.1.2 Access Point C 192.168.1.3 ... AA:00:AA:00:AA:00 A0:0A:A0:0A:A0:0A 0A:A0:0A:A0:0A:A0 N/A AF:AF:AF:FA:FA:FA 56 NWA-3500/NWA-3550 User's Guide Chapter 3 Tutorial marked E, and a computer, marked F, connected to use the information in the other wireless network. You need the IP addresses...