User Guide
Page 17
... NWA3000-N series AP controls network access with Media Access Control (MAC) address filtering, rogue Access Point (AP) detection and containment, and an internal authentication server. NWA3000-N Series User's Guide 17 It uses Multiple BSSID and VLAN to provide up to eight simultaneous independent virtual APs. A NWA3000-N series AP can serve as an AP, Bridge, Repeater or even as an RF monitor to search for advanced service delivery in roaming technology and QoS features...
... NWA3000-N series AP controls network access with Media Access Control (MAC) address filtering, rogue Access Point (AP) detection and containment, and an internal authentication server. NWA3000-N Series User's Guide 17 It uses Multiple BSSID and VLAN to provide up to eight simultaneous independent virtual APs. A NWA3000-N series AP can serve as an AP, Bridge, Repeater or even as an RF monitor to search for advanced service delivery in roaming technology and QoS features...
User Guide
Page 22
...-N series AP. In Multiple BSS (MBSSID) mode, the 22 NWA3000-N Series User's Guide If you do not enable WDS security, traffic between APs is the set of a BSS. The Service Set IDentifier (SSID) is enabled, both AP and bridge connection at the same time. In the figure below, A and B use the same pre-shared key. When WDS security is the name of devices forming a single wireless network (usually an access point and one or more wireless clients).
...-N series AP. In Multiple BSS (MBSSID) mode, the 22 NWA3000-N Series User's Guide If you do not enable WDS security, traffic between APs is the set of a BSS. The Service Set IDentifier (SSID) is enabled, both AP and bridge connection at the same time. In the figure below, A and B use the same pre-shared key. When WDS security is the name of devices forming a single wireless network (usually an access point and one or more wireless clients).
User Guide
Page 36
... users. Date/Time Configure the current date, time, and time zone in controller mode. Load Balancing Configure load balancing for rogue APs. Device HA General Configure device HA global settings, and see the status of each interface monitored by device HA. Active-Passive Mode Configure active-passive mode device HA. AP Management Edit wireless AP information, remove APs, and reboot them. SSID Create and manage wireless SSID, security, and MAC filtering settings files that can be associated with different APs. SSH Configure SSH server and SSH service settings...
... users. Date/Time Configure the current date, time, and time zone in controller mode. Load Balancing Configure load balancing for rogue APs. Device HA General Configure device HA global settings, and see the status of each interface monitored by device HA. Active-Passive Mode Configure active-passive mode device HA. AP Management Edit wireless AP information, remove APs, and reboot them. SSID Create and manage wireless SSID, security, and MAC filtering settings files that can be associated with different APs. SSH Configure SSH server and SSH service settings...
User Guide
Page 79
Inactive - The Ethernet interface is enabled and connected. This displays when the NWA3000-N series AP is a backup interface in controller mode. This interface is in the virtual router. Fault - For example, this displays Status Summary status information for the interface. This is either the static IP address of interface it is down. Max. WLAN Interface When the NWA3000-N series AP is in standalone mode this might happen if the interface is . The Ethernet interface is disabled. This field...
Inactive - The Ethernet interface is enabled and connected. This displays when the NWA3000-N series AP is a backup interface in controller mode. This interface is in the virtual router. Fault - For example, this displays Status Summary status information for the interface. This is either the static IP address of interface it is down. Max. WLAN Interface When the NWA3000-N series AP is in standalone mode this might happen if the interface is . The Ethernet interface is disabled. This field...
User Guide
Page 85
... the virtual router. This field displays the VLAN ID to connect the interface. IP Assignment If this field displays n/a. This is a backup). Static - Click Connect to try to which the interface belongs. TxPkts RxPkts Speed / Duplex - This is available when the NWA3000-N series AP is a backup interface in controller mode. This interface is not active on the physical port since it was last connected. Action Port Statistics Table Switch to update the IP address...
... the virtual router. This field displays the VLAN ID to connect the interface. IP Assignment If this field displays n/a. This is a backup). Static - Click Connect to try to which the interface belongs. TxPkts RxPkts Speed / Duplex - This is available when the NWA3000-N series AP is a backup interface in controller mode. This interface is not active on the physical port since it was last connected. Action Port Statistics Table Switch to update the IP address...
User Guide
Page 133
... no IP settings. Activate To turn off an entry, select it uses this field displays the NWA3000-N series AP's Secure FTP port number. The member interfaces of a virtual router on an entry, select it . Inactivate To turn on a secure network. Chapter 10 Device HA Table 45 Configuration > Device HA > Active-Passive Mode (continued) LABEL DESCRIPTION Monitored Interface Summary This table shows the status of the device HA settings and status of writing, Ethernet and bridge interfaces can...
... no IP settings. Activate To turn off an entry, select it uses this field displays the NWA3000-N series AP's Secure FTP port number. The member interfaces of a virtual router on an entry, select it . Inactivate To turn on a secure network. Chapter 10 Device HA Table 45 Configuration > Device HA > Active-Passive Mode (continued) LABEL DESCRIPTION Monitored Interface Summary This table shows the status of the device HA settings and status of writing, Ethernet and bridge interfaces can...
User Guide
Page 143
... example, wrong password) before having to change the configuration of simultaneous logins by admin users. NWA3000-N Series User's Guide 143 User Lockout Settings Enable logon retry limit Select this user can login unsuccessfully (for each user can look at and change it • user - Lockout period This field is effective when Enable logon retry limit is checked. this check box to set a limit on the number of times each user can look at the configuration of time. Admin users...
... example, wrong password) before having to change the configuration of simultaneous logins by admin users. NWA3000-N Series User's Guide 143 User Lockout Settings Enable logon retry limit Select this user can login unsuccessfully (for each user can look at and change it • user - Lockout period This field is effective when Enable logon retry limit is checked. this check box to set a limit on the number of times each user can look at the configuration of time. Admin users...
User Guide
Page 153
... section controls the data rates permitted for the NWA3000-N series AP's Wireless Distribution System (WDS), the wireless connection between two or more APs. Set the MCS rate configuration. Select TKIP (ZyAIR Series Compatible) to enable WDS security. Note: At the time of writing, this if the other ZyXEL access points that support WDS security. Configure WDS security and the relevant PSK in your network support it and click Activate. NWA3000-N Series User's Guide 153 Use...
... section controls the data rates permitted for the NWA3000-N series AP's Wireless Distribution System (WDS), the wireless connection between two or more APs. Set the MCS rate configuration. Select TKIP (ZyAIR Series Compatible) to enable WDS security. Note: At the time of writing, this if the other ZyXEL access points that support WDS security. Configure WDS security and the relevant PSK in your network support it and click Activate. NWA3000-N Series User's Guide 153 Use...
User Guide
Page 199
... emulation software and NOT the Console in this screen. Table 72 Configuration > System > Console Speed LABEL DESCRIPTION Console Port Speed Use the drop-down list box to open this screen. Your NWA3000-N series AP supports 9600, 19200, 38400, 57600, and 115200 bps (default) for default console port settings. Click Apply to save your changes back to its last-saved settings. Click Reset to return the screen to the NWA3000-N series AP. NWA3000-N Series User's Guide...
... emulation software and NOT the Console in this screen. Table 72 Configuration > System > Console Speed LABEL DESCRIPTION Console Port Speed Use the drop-down list box to open this screen. Your NWA3000-N series AP supports 9600, 19200, 38400, 57600, and 115200 bps (default) for default console port settings. Click Apply to save your changes back to its last-saved settings. Click Reset to return the screen to the NWA3000-N series AP. NWA3000-N Series User's Guide...
User Guide
Page 201
...-N series AP blocks all HTTP connection attempts. 15.5.4 Configuring WWW Service Control Click Configuration > System > WWW to open the WWW screen. Authenticate Client Certificates is used so that you can identify the other party) and data integrity (you disable HTTP in the WWW screen). Chapter 15 System authentication (one party can securely access the NWA3000-N series AP using the Web Configurator. It relies upon certificates, public keys, and private keys (see...
...-N series AP blocks all HTTP connection attempts. 15.5.4 Configuring WWW Service Control Click Configuration > System > WWW to open the WWW screen. Authenticate Client Certificates is used so that you can identify the other party) and data integrity (you disable HTTP in the WWW screen). Chapter 15 System authentication (one party can securely access the NWA3000-N series AP using the Web Configurator. It relies upon certificates, public keys, and private keys (see...
User Guide
Page 213
... Example 2: Linux This section describes how to access the NWA3000-N series AP using the OpenSSH client program that comes with most SSH client programs. Refer to your SSH client program user's guide. 15.6.5.1 Example 1: Microsoft Windows This section describes how to access the NWA3000-N series AP using the Secure Shell Client program. 1 Launch the SSH client and specify the connection information (IP address, port number) for the NWA3000-N series AP. 2 Configure the SSH client to accept connection using a command interface and a graphical interface SSH client program to remotely access...
... Example 2: Linux This section describes how to access the NWA3000-N series AP using the OpenSSH client program that comes with most SSH client programs. Refer to your SSH client program user's guide. 15.6.5.1 Example 1: Microsoft Windows This section describes how to access the NWA3000-N series AP using the Secure Shell Client program. 1 Launch the SSH client and specify the connection information (IP address, port number) for the NWA3000-N series AP. 2 Configure the SSH client to accept connection using a command interface and a graphical interface SSH client program to remotely access...
User Guide
Page 219
... use that define allowed SNMPv3 access. NWA3000-N Series User's Guide 219 Destination Type the IP address of the station to send your SNMP traps to access the NWA3000N series AP using SNMPv2c to configure your NWA3000-N series AP's SNMP settings, click Configuration > System > SNMP tab. The default is public and allows all requests. You can also configure profiles that service for remote management. Chapter 15 System 15.9.3 Configuring SNMP To change the server port number for a service if needed...
... use that define allowed SNMPv3 access. NWA3000-N Series User's Guide 219 Destination Type the IP address of the station to send your SNMP traps to access the NWA3000N series AP using SNMPv2c to configure your NWA3000-N series AP's SNMP settings, click Configuration > System > SNMP tab. The default is public and allows all requests. You can also configure profiles that service for remote management. Chapter 15 System 15.9.3 Configuring SNMP To change the server port number for a service if needed...
User Guide
Page 243
... download configuration files from the NWA3000-N series AP to your computer and upload configuration files from Joe # on ), the NWA3000-N series AP uses the systemdefault.conf configuration file with the next line. Use the Configuration File screen to your computer to open this is applied. this screen. Once your configuration file before making further configuration changes. NWA3000-N Series User's Guide 243 Line 5 exits sub command mode. ! The NWA3000-N series AP checks the first line and applies the line if no errors...
... download configuration files from the NWA3000-N series AP to your computer and upload configuration files from Joe # on ), the NWA3000-N series AP uses the systemdefault.conf configuration file with the next line. Use the Configuration File screen to your computer to open this is applied. this screen. Once your configuration file before making further configuration changes. NWA3000-N Series User's Guide 243 Line 5 exits sub command mode. ! The NWA3000-N series AP checks the first line and applies the line if no errors...
User Guide
Page 273
... disable the bridge interfaces, connect the bridge interfaces, activate device HA, and finally reactivate the bridge interfaces. NWA3000-N Series User's Guide 273 Chapter 21 Troubleshooting If a RADIUS server authenticates wireless stations, the re-authentication timer on both. Only NWA3000-N series APs of the same model and firmware version can only be connected to access the NWA3000-N series AP for the same interfaces on the master and backup NWA3000N series APs. • Each monitored interface must have multiple NWA3000-N series AP virtual routers...
... disable the bridge interfaces, connect the bridge interfaces, activate device HA, and finally reactivate the bridge interfaces. NWA3000-N Series User's Guide 273 Chapter 21 Troubleshooting If a RADIUS server authenticates wireless stations, the re-authentication timer on both. Only NWA3000-N series APs of the same model and firmware version can only be connected to access the NWA3000-N series AP for the same interfaces on the master and backup NWA3000N series APs. • Each monitored interface must have multiple NWA3000-N series AP virtual routers...
User Guide
Page 276
... AP may be a configuration mismatch between the NWA3000-N series AP and the AP to capture data that the server settings for analysis. 276 NWA3000-N Series User's Guide If the NWA3000-N series AP or a connected Internet access device are managing the network with the authentication server may have failed. To use the built-in wireless frame capture tool, first set up to receive its IP address automatically. Chapter 21 Troubleshooting Wireless clients cannot connect to an AP...
... AP may be a configuration mismatch between the NWA3000-N series AP and the AP to capture data that the server settings for analysis. 276 NWA3000-N Series User's Guide If the NWA3000-N series AP or a connected Internet access device are managing the network with the authentication server may have failed. To use the built-in wireless frame capture tool, first set up to receive its IP address automatically. Chapter 21 Troubleshooting Wireless clients cannot connect to an AP...
User Guide
Page 280
...; Blocking Intra-BSS Traffic • Support Primary and Backup RADIUS server • SSH • HTTPS 280 NWA3000-N Series User's Guide Chapter 22 Product Specifications Table 96 Hardware Specifications Operating Humidity 10 ~ 90 % (non-condensing) Storage Humidity 10 ~ 90 % (non-condensing) Dimensions 198.5 mm (L) x 138.5mm (W) x 47.5mm (H) Weight 450 g Distance between the centers of toxic or asphyxiating material produced. Table 97 Firmware Specifications Default IP Address 192.168.1.2 Default...
...; Blocking Intra-BSS Traffic • Support Primary and Backup RADIUS server • SSH • HTTPS 280 NWA3000-N Series User's Guide Chapter 22 Product Specifications Table 96 Hardware Specifications Operating Humidity 10 ~ 90 % (non-condensing) Storage Humidity 10 ~ 90 % (non-condensing) Dimensions 198.5 mm (L) x 138.5mm (W) x 47.5mm (H) Weight 450 g Distance between the centers of toxic or asphyxiating material produced. Table 97 Firmware Specifications Default IP Address 192.168.1.2 Default...
User Guide
Page 299
...: Managed AP MAC Address. 7th %s: Managed AP Model Name. The address configured for authenticating authentication failed. with the e-mail server is inconsistent with the NWA3000-N series AP's or the server's network connection. The NWA3000-N series AP could not connect to send report. Managed AP Connect. MACAddr:%02x%02x%02x%0 2x%02x%02x, Model:%s, Name:%s The specified Managed AP connected to mail server %s. Table 108 CAPWAP Server Logs LOG MESSAGE DESCRIPTION WLAN Controller Start. The AP management service has reset. Failed to connect...
...: Managed AP MAC Address. 7th %s: Managed AP Model Name. The address configured for authenticating authentication failed. with the e-mail server is inconsistent with the NWA3000-N series AP's or the server's network connection. The NWA3000-N series AP could not connect to send report. Managed AP Connect. MACAddr:%02x%02x%02x%0 2x%02x%02x, Model:%s, Name:%s The specified Managed AP connected to mail server %s. Table 108 CAPWAP Server Logs LOG MESSAGE DESCRIPTION WLAN Controller Start. The AP management service has reset. Failed to connect...
User Guide
Page 302
...Switch Managed AP to the WLAN Controller. 1st %s: WLAN Controller IP Address." Connect to WLAN Controller. Updated configuration by the WLAN Controller. 1st %s: Partial Updating." Appendix A Log Descriptions Table 109 CAPWAP Client Logs LOG MESSAGE DESCRIPTION Managed AP Start. Discovery Type:%s The CAPWAP Client service started. 1st %s: Discovery type {By DHCP | Broadcast} Managed AP Reset. Discovery Type:%s Reset the CAPWAP Client service. 1st %s: Discovery type {By DHCP | Broadcast} Managed AP End The CAPWAP Client service was ended. Firmware upgraded by The WLAN controller...
...Switch Managed AP to the WLAN Controller. 1st %s: WLAN Controller IP Address." Connect to WLAN Controller. Updated configuration by the WLAN Controller. 1st %s: Partial Updating." Appendix A Log Descriptions Table 109 CAPWAP Client Logs LOG MESSAGE DESCRIPTION Managed AP Start. Discovery Type:%s The CAPWAP Client service started. 1st %s: Discovery type {By DHCP | Broadcast} Managed AP Reset. Discovery Type:%s Reset the CAPWAP Client service. 1st %s: Discovery type {By DHCP | Broadcast} Managed AP End The CAPWAP Client service was ended. Firmware upgraded by The WLAN controller...
User Guide
Page 330
... denies network access accordingly. 3 A 256-bit Pairwise Master Key (PMK) is a free download that are optional and may not be supported in "Zero Configuration" wireless client. Appendix C Wireless LANs keys. Pre-authentication enables fast roaming by the RADIUS server and the client. 330 NWA3000-N Series User's Guide "DS" is the distribution system. 1 The AP passes the wireless client's authentication request to the RADIUS server. 2 The RADIUS server then checks the user's identification against its port number (default is the software...
... denies network access accordingly. 3 A 256-bit Pairwise Master Key (PMK) is a free download that are optional and may not be supported in "Zero Configuration" wireless client. Appendix C Wireless LANs keys. Pre-authentication enables fast roaming by the RADIUS server and the client. 330 NWA3000-N Series User's Guide "DS" is the distribution system. 1 The AP passes the wireless client's authentication request to the RADIUS server. 2 The RADIUS server then checks the user's identification against its port number (default is the software...
User Guide
Page 384
... user objects 137 users 137 access, see also access users admin (type) 137 admin, see also admin users and service control 200 configuration overview 51 currently logged in 78 default lease time 143, 144 default reauthentication time 143, 145 lease time 141 limited-admin (type) 51, 138 lockout 143 reauthentication time 141 types of 137 user (type) 51, 138 user names 139 V Vantage Report (VRPT) 231, 237 virtual router 135 VRPT (Vantage Report) 231, 237 U upgrading firmware 248 uploading configuration files 247 firmware...
... user objects 137 users 137 access, see also access users admin (type) 137 admin, see also admin users and service control 200 configuration overview 51 currently logged in 78 default lease time 143, 144 default reauthentication time 143, 145 lease time 141 limited-admin (type) 51, 138 lockout 143 reauthentication time 141 types of 137 user (type) 51, 138 user names 139 V Vantage Report (VRPT) 231, 237 virtual router 135 VRPT (Vantage Report) 231, 237 U upgrading firmware 248 uploading configuration files 247 firmware...