User Guide
Page 9
... Panel LEDs ...31 1.4 Management Overview ...31 1.5 Starting and Stopping the NXC 32 Chapter 2 Features and Applications ...35 2.1 Features ...35 2.2 Applications ...37 2.2.1 AP Management ...37 2.2.2 Wireless Security ...37 2.2.3 Captive Portal ...38 2.2.4 Load Balancing ...38 2.2.5 Dynamic Channel Selection 38 2.2.6 User-Aware Access Control 39 2.2.7 Device HA ...39 Chapter 3 The Web Configurator ...41 3.1 Overview ...41...
... Panel LEDs ...31 1.4 Management Overview ...31 1.5 Starting and Stopping the NXC 32 Chapter 2 Features and Applications ...35 2.1 Features ...35 2.2 Applications ...37 2.2.1 AP Management ...37 2.2.2 Wireless Security ...37 2.2.3 Captive Portal ...38 2.2.4 Load Balancing ...38 2.2.5 Dynamic Channel Selection 38 2.2.6 User-Aware Access Control 39 2.2.7 Device HA ...39 Chapter 3 The Web Configurator ...41 3.1 Overview ...41...
User Guide
Page 25
... Prevention (IDP), Anomaly Detection and Protection (ADP), and certificates. Take all the equipment it an ideal solution for details. NXC5200 User's Guide 25 Please contact your device. Follow the steps below to anchor the rack securely before installing the unit. The... "admin" and "1234" respectively. 1.2 Rack-mounted Installation Note: ZyXEL provides a sliding rail accessory for your use with other powerful features. By default P1 is mapped to ge1, P2 is a comprehensive wireless LAN controller. In addition, the NXC provides excellent throughput, making it contains and...
... Prevention (IDP), Anomaly Detection and Protection (ADP), and certificates. Take all the equipment it an ideal solution for details. NXC5200 User's Guide 25 Please contact your device. Follow the steps below to anchor the rack securely before installing the unit. The... "admin" and "1234" respectively. 1.2 Rack-mounted Installation Note: ZyXEL provides a sliding rail accessory for your use with other powerful features. By default P1 is mapped to ge1, P2 is a comprehensive wireless LAN controller. In addition, the NXC provides excellent throughput, making it contains and...
User Guide
Page 35
... each license upgrade allows an additional 48 managed APs while the maximum number of the NXC. 2.1 Features The NXC is a wireless LAN controller. You can detect rogue APs and help you a security advantage when setting up to seamlessly manage the Access Points (APs) on SSID... settings. NXC5200 User's Guide 35 It has security features that include firewall, anti-virus, Intrusion Detection and Prevention (IDP), Anomaly Detection ...
... each license upgrade allows an additional 48 managed APs while the maximum number of the NXC. 2.1 Features The NXC is a wireless LAN controller. You can detect rogue APs and help you a security advantage when setting up to seamlessly manage the Access Points (APs) on SSID... settings. NXC5200 User's Guide 35 It has security features that include firewall, anti-virus, Intrusion Detection and Prevention (IDP), Anomaly Detection ...
User Guide
Page 38
Chapter 2 Features and Applications under the control of the network's administrators, and can potentially open up critical holes in a network's security policy. 2.2.3 Captive Portal The NXC can be configured with a captive portal, ... those clients with another network, or it again during the same session. 2.2.4 Load Balancing With load balancing you can easily distribute wireless traffic across multiple APs to the network. 38 NXC5200 User's Guide Unless a user idles out or closes the connection, he or she generally will not see it can automatically delay...
Chapter 2 Features and Applications under the control of the network's administrators, and can potentially open up critical holes in a network's security policy. 2.2.3 Captive Portal The NXC can be configured with a captive portal, ... those clients with another network, or it again during the same session. 2.2.4 Load Balancing With load balancing you can easily distribute wireless traffic across multiple APs to the network. 38 NXC5200 User's Guide Unless a user idles out or closes the connection, he or she generally will not see it can automatically delay...
User Guide
Page 46
...DCS Configure dynamic wireless channel selection. Exempt List Configure ranges of IP addresses to various network services. NAT Set up and manage port forwarding rules. Login Page Assign and customize the login page user's see when they hit the captive portal. 46 NXC5200 User's Guide ...Captive Portal Captive Portal Assign the captive portal web page to which the NXC does not apply IP/MAC binding. Wireless Controller Configure how the NXC handles APs that newly connect to configure ...
...DCS Configure dynamic wireless channel selection. Exempt List Configure ranges of IP addresses to various network services. NAT Set up and manage port forwarding rules. Login Page Assign and customize the login page user's see when they hit the captive portal. 46 NXC5200 User's Guide ...Captive Portal Captive Portal Assign the captive portal web page to which the NXC does not apply IP/MAC binding. Wireless Controller Configure how the NXC handles APs that newly connect to configure ...
User Guide
Page 67
...TYPE ABILITIES Radio Create radio profiles for the APs on your NXC's wireless network. Table 15 User Types TYPE ABILITIES admin Change NXC configuration (... for downstream network clients 4.5.2 AP Profile Use these screens to your network. NXC5200 User's Guide 67 Chapter 4 Configuration Basics Table 14 Objects Overview OBJECT WHERE USED...Authentication methods authentication methods WWW (client authentication), captive portal certificates WWW, SSH, FTP, controller SSID profile captive portal 4.5.1 User/Group Use these screens to configure preset profiles for...
...TYPE ABILITIES Radio Create radio profiles for the APs on your NXC's wireless network. Table 15 User Types TYPE ABILITIES admin Change NXC configuration (... for downstream network clients 4.5.2 AP Profile Use these screens to your network. NXC5200 User's Guide 67 Chapter 4 Configuration Basics Table 14 Objects Overview OBJECT WHERE USED...Authentication methods authentication methods WWW (client authentication), captive portal certificates WWW, SSH, FTP, controller SSID profile captive portal 4.5.1 User/Group Use these screens to configure preset profiles for...
User Guide
Page 87
... rule settings. If the NXC is necessary for implementing the firewall rules and Application Patrol rules. 1 Open the Configuration > Network > Zone screen. 2 Select WLAN from wireless clients is not filtered until you configure its own firewall first. 5.3.1 Configuring the WLAN Zone This section shows you to an upstream Internet access device.... See Also: Chapter 18 on page 249. 5.3 Blocking Network Protocols The NXC's firewall allows you how to configure the WLAN zone, which is connected to control which protocols are allowed on your wireless network. NXC5200 User's Guide 87
... rule settings. If the NXC is necessary for implementing the firewall rules and Application Patrol rules. 1 Open the Configuration > Network > Zone screen. 2 Select WLAN from wireless clients is not filtered until you configure its own firewall first. 5.3.1 Configuring the WLAN Zone This section shows you to an upstream Internet access device.... See Also: Chapter 18 on page 249. 5.3 Blocking Network Protocols The NXC's firewall allows you how to configure the WLAN zone, which is connected to control which protocols are allowed on your wireless network. NXC5200 User's Guide 87
User Guide
Page 92
...own AP (RG) to see if anyone is configured for Monitor mode. Figure 22 Rogue AP Example A 92 NXC5200 User's Guide The following are 'friendly', you see if anyone sets up their wireless device as an AP. • High security areas. If a reception area has a high volume of the ...network administrator. In short, they are not under the control of visitor traffic, it can add them to Monitor mode will ...
...own AP (RG) to see if anyone is configured for Monitor mode. Figure 22 Rogue AP Example A 92 NXC5200 User's Guide The following are 'friendly', you see if anyone sets up their wireless device as an AP. • High security areas. If a reception area has a high volume of the ...network administrator. In short, they are not under the control of visitor traffic, it can add them to Monitor mode will ...
User Guide
Page 93
NXC5200 User's Guide 93 Figure 23 Rogue AP Example B This tutorial shows you how to it. Chapter 5 Tutorials Here, an attacker sets up a rogue AP (RG) outside the network, which he uses in an attempt to mimic an NXC-controlled SSID in order to capture passwords and other information when authorized wireless clients mistakenly connect to detect rogue APs on your network: 1 Click Configuration > Object > MON Profile.
NXC5200 User's Guide 93 Figure 23 Rogue AP Example B This tutorial shows you how to it. Chapter 5 Tutorials Here, an attacker sets up a rogue AP (RG) outside the network, which he uses in an attempt to mimic an NXC-controlled SSID in order to capture passwords and other information when authorized wireless clients mistakenly connect to detect rogue APs on your network: 1 Click Configuration > Object > MON Profile.
User Guide
Page 116
... network's coverage area that you know are not a threat (those from neighboring networks, for example). Friendly AP Friendly APs are other wireless access points that are not under the control of the network's administrators, and can also clear the log in a network's security. You can change the way the log is...wireless AP log messages. 7.2 What You Need to Know The following terms and concepts may help as any others that are detected in your network, as well as you can open up holes in this screen. • The View AP Log screen (Section 7.17 on page 401 for details. 116 NXC5200...
... network's coverage area that you know are not a threat (those from neighboring networks, for example). Friendly AP Friendly APs are other wireless access points that are not under the control of the network's administrators, and can also clear the log in a network's security. You can change the way the log is...wireless AP log messages. 7.2 What You Need to Know The following terms and concepts may help as any others that are detected in your network, as well as you can open up holes in this screen. • The View AP Log screen (Section 7.17 on page 401 for details. 116 NXC5200...
User Guide
Page 163
... Selection (DCS) Dynamic Channel Selection (DCS) is any wireless-capable device that can connect to an AP using a wireless signal. NXC5200 User's Guide 163 CHAPTER 10 Wireless 10.1 Overview Use the Wireless screens to configure how the NXC manages the Access Point that... are connected to it and determining what channels are currently being used by scanning the area around it . 10.1.1 What You Can Do in this Chapter • The Controller...
... Selection (DCS) Dynamic Channel Selection (DCS) is any wireless-capable device that can connect to an AP using a wireless signal. NXC5200 User's Guide 163 CHAPTER 10 Wireless 10.1 Overview Use the Wireless screens to configure how the NXC manages the Access Point that... are connected to it and determining what channels are currently being used by scanning the area around it . 10.1.1 What You Can Do in this Chapter • The Controller...
User Guide
Page 164
... cannot automatically differentiate between friendly and rogue APs. Apply Click Apply to save your changes back to its last-saved settings. 164 NXC5200 User's Guide Table 55 Configuration > Wireless > Controller LABEL DESCRIPTION Registration Type Select Manual to add each AP to the NXC for management, or Always Accept to automatically add APs to...
... cannot automatically differentiate between friendly and rogue APs. Apply Click Apply to save your changes back to its last-saved settings. 164 NXC5200 User's Guide Table 55 Configuration > Wireless > Controller LABEL DESCRIPTION Registration Type Select Manual to add each AP to the NXC for management, or Always Accept to automatically add APs to...
User Guide
Page 165
...AP. This field displays the AP's description, which you remove an AP from this button to force it is described in the Configuration > Wireless > Controller screen you set the Registration Type to Always Accept, then as soon as a result. Reboot # IP MAC Address Model R1 Mode / ... can configure by selecting the AP and clicking the Edit button. Click Configuration > Wireless > AP Management to access this button to remove it reconnects. Remove Select an AP and click this screen. NXC5200 User's Guide 165 It displays "N/A" (not applicable) only when the AP disconnects from...
...AP. This field displays the AP's description, which you remove an AP from this button to force it is described in the Configuration > Wireless > Controller screen you set the Registration Type to Always Accept, then as soon as a result. Reboot # IP MAC Address Model R1 Mode / ... can configure by selecting the AP and clicking the Edit button. Click Configuration > Wireless > AP Management to access this button to remove it reconnects. Remove Select an AP and click this screen. NXC5200 User's Guide 165 It displays "N/A" (not applicable) only when the AP disconnects from...
User Guide
Page 167
OK Click OK to save your changes back to it from the list. Figure 65 Configuration > Wireless > MON Mode NXC5200 User's Guide 167 Click Configuration > Wireless > MON Mode to access this screen to assign APs either to the rogue AP list or the friendly AP list. As ... from outside the network. A rogue AP is a wireless access point operating in a network's security. Cancel Click Cancel to treat this AP. If no profile exists, you can potentially open up holes in a network's coverage area that is not under the control of the network administrator, and which can create a...
OK Click OK to save your changes back to it from the list. Figure 65 Configuration > Wireless > MON Mode NXC5200 User's Guide 167 Click Configuration > Wireless > MON Mode to access this screen to assign APs either to the rogue AP list or the friendly AP list. As ... from outside the network. A rogue AP is a wireless access point operating in a network's security. Cancel Click Cancel to treat this AP. If no profile exists, you can potentially open up holes in a network's coverage area that is not under the control of the network administrator, and which can create a...
User Guide
Page 168
...click the Edit button. Description This field displays the AP's description. Importing/Exporting These controls allow you to export the current list of the list you want to import or...You can modify this button to edit and reassign its last-saved settings. 168 NXC5200 User's Guide Exporting Click this button to its status. Click this button to ... Dis-Containment A quarantined AP cannot grant access to locate it. Table 58 Configuration > Wireless > MON Mode LABEL DESCRIPTION General Settings Enable Rogue AP Containment Select this button to add...
...click the Edit button. Description This field displays the AP's description. Importing/Exporting These controls allow you to export the current list of the list you want to import or...You can modify this button to edit and reassign its last-saved settings. 168 NXC5200 User's Guide Exporting Click this button to its status. Click this button to ... Dis-Containment A quarantined AP cannot grant access to locate it. Table 58 Configuration > Wireless > MON Mode LABEL DESCRIPTION General Settings Enable Rogue AP Containment Select this button to add...
User Guide
Page 387
.... This profile provides an additional layer of 64 SSID profiles on page 392) configures three different types of profiles for your NXC's wireless network. 25.1.1 What You Can Do in this chapter. You can have a maximum of connected APs. Each radio on a single.... • Security - It controls the encryption method required for a wireless client to 8 SSIDs. This profile type defines the properties of 64 radio profiles on the NXC. NXC5200 User's Guide 387 This profile type defines the properties of all wireless AP configurations on wireless client MAC addresses. You can have...
.... This profile provides an additional layer of 64 SSID profiles on page 392) configures three different types of profiles for your NXC's wireless network. 25.1.1 What You Can Do in this chapter. You can have a maximum of connected APs. Each radio on a single.... • Security - It controls the encryption method required for a wireless client to 8 SSIDs. This profile type defines the properties of 64 radio profiles on the NXC. NXC5200 User's Guide 387 This profile type defines the properties of all wireless AP configurations on wireless client MAC addresses. You can have...
User Guide
Page 391
...configuration. This section allows you have wireless clients that are associated with the...Interval DTIM Output Power A wireless client sends an RTS for ...interval tells receiving devices on the wireless network if you to reduce interference... A-MSDU aggregation. When enabled, a wireless client sends an RTS (Request To ... Rate Configuration This section controls the data rates permitted ...Aggregation Select this field. This stops wireless clients from its list. This specifies ...8226; Support Rate (Mbps) - When a wirelessly networked device sends a beacon, it transmits. Set...
...configuration. This section allows you have wireless clients that are associated with the...Interval DTIM Output Power A wireless client sends an RTS for ...interval tells receiving devices on the wireless network if you to reduce interference... A-MSDU aggregation. When enabled, a wireless client sends an RTS (Request To ... Rate Configuration This section controls the data rates permitted ...Aggregation Select this field. This stops wireless clients from its list. This specifies ...8226; Support Rate (Mbps) - When a wirelessly networked device sends a beacon, it transmits. Set...
User Guide
Page 404
...GHz range (802.11 b/g/n). Figure 182 Rogue AP Example X A RG C B 404 NXC5200 User's Guide Set Scan Channel List (5 G) These channels are limited to physically locate it. OK Cancel These channels are not under the control of the network's administrators, and can take advantage of a rogue AP's weaker (or ... APs in a network's security. Click Cancel to exit this screen without saving your changes back to manual. Rogue APs Rogue APs are wireless access points operating in a network's coverage area that channel when Scan Channel Mode is set up holes in order to the 5 GHz range...
...GHz range (802.11 b/g/n). Figure 182 Rogue AP Example X A RG C B 404 NXC5200 User's Guide Set Scan Channel List (5 G) These channels are limited to physically locate it. OK Cancel These channels are not under the control of the network's administrators, and can take advantage of a rogue AP's weaker (or ... APs in a network's security. Click Cancel to exit this screen without saving your changes back to manual. Rogue APs Rogue APs are wireless access points operating in a network's coverage area that channel when Scan Channel Mode is set up holes in order to the 5 GHz range...
User Guide
Page 560
... AP load balacing based on both users & bandwidth 802.11h support for radar detection & prevention Wireless Intrusion Prevention Rogue AP detection, classification and containment Firewall Zone-Based Access Control List Security Zones Stateful Packet Inspection DoS/DDoS Protection User-Aware Policy Enforcement ALG Supports Custom Ports Networking Built-in DHCP serer & DHCP... for administration log-in Support administration authentication via RADIUS, LDAP or internal DB SNMP v2 support Standard MIBs & private MIBs support System logs & alerts 560 NXC5200 User's Guide
... AP load balacing based on both users & bandwidth 802.11h support for radar detection & prevention Wireless Intrusion Prevention Rogue AP detection, classification and containment Firewall Zone-Based Access Control List Security Zones Stateful Packet Inspection DoS/DDoS Protection User-Aware Policy Enforcement ALG Supports Custom Ports Networking Built-in DHCP serer & DHCP... for administration log-in Support administration authentication via RADIUS, LDAP or internal DB SNMP v2 support Standard MIBs & private MIBs support System logs & alerts 560 NXC5200 User's Guide
User Guide
Page 639
... track of IEEE 802.1x are exchanged between the wireless client and the network RADIUS server. NXC5200 User's Guide 639 It is a simple package exchange in which your AP acts as providing additional accounting and control features. Appendix E Wireless LANs Note: You must enable the same wireless security settings on the NXC and on all...
... track of IEEE 802.1x are exchanged between the wireless client and the network RADIUS server. NXC5200 User's Guide 639 It is a simple package exchange in which your AP acts as providing additional accounting and control features. Appendix E Wireless LANs Note: You must enable the same wireless security settings on the NXC and on all...