![Zyxel NXC5500 [148/469] What you need to know](/img/pdf.png)
Zyxel NXC5500 [148/469] What you need to know
![Zyxel NXC5500 [148/469] What you need to know](/views2/1169015/page148/bg94.png)
NXC Series User’s Guide
148
CHAPTER 10
Zones
10.1 Overview
Set up zones to configure network security and network policies in the NXC. A zone is a group of
interfaces. The NXC uses zones instead of interfaces in many security and policy settings, such as
firewall rules. Zones cannot overlap. Each interface can be assigned to just one zone.
10.1.1 What You Can Do in this Chapter
The Zone screens (see Section 10.2 on page 149) manage the NXC’s zones.
10.1.2 What You Need to Know
The following terms and concepts may help as you read this chapter.
Effects of Zones on Different Types of Traffic
Zones effectively divide traffic into three types--intra-zone traffic, inter-zone traffic, and extra-zone
traffic--which are affected differently by zone-based security and policy settings.
Intra-zone Traffic
• Intra-zone traffic is traffic between interfaces in the same zone.
• In each zone, you can either allow or prohibit all intra-zone traffic.
• You can also set up firewall rules to control intra-zone traffic, but many other types of zone-based
security and policy settings do not affect intra-zone traffic.
Inter-zone Traffic
Inter-zone traffic is traffic between interfaces in different zones.
Extra-zone Traffic
• Extra-zone traffic is traffic to or from any interface that is not assigned to a zone.
• Some zone-based security and policy settings may apply to extra-zone traffic, especially if you
can set the zone attribute in them to Any or All. See the specific feature for more information.
Содержание
- Default login details 1
- Nxc series 1
- Quick start guide 1
- User s guide 1
- Wireless lan controller 1
- Important 2
- Keep this guide for future reference 2
- Note it is recommended you use the web configurator to configure the nxc 2
- Read carefully before use 2
- Related documentation 2
- Contents overview 3
- Technical reference 5 3
- User s guide 5 3
- Chapter 1 introduction 6 4
- Chapter 2 hardware installation and connection 2 4
- Chapter 3 the web configurator 8 4
- Contents overview 4
- Part i user s guide 15 4
- Table of contents 4
- Chapter 4 dashboard 6 5
- Chapter 5 monitor 6 5
- Part ii technical reference 45 5
- Chapter 6 registration 9 6
- Chapter 7 wireless 2 6
- Chapter 8 interfaces 114 6
- Chapter 10 zones 48 7
- Chapter 11 nat 51 7
- Chapter 12 alg 58 7
- Chapter 13 ip mac binding 60 7
- Chapter 9 policy and static routes 38 7
- Chapter 14 captive portal 65 8
- Chapter 15 rtls 82 8
- Chapter 16 firewall 85 8
- Chapter 17 user group 94 8
- Chapter 18 ap profile 12 9
- Chapter 19 mon profile 31 9
- Chapter 20 zymesh profile 36 9
- Chapter 21 addresses 40 9
- Chapter 22 services 45 10
- Chapter 23 schedules 50 10
- Chapter 24 aaa server 54 10
- Chapter 25 authentication method 66 10
- Chapter 26 certificates 69 10
- Chapter 27 dhcpv6 86 11
- Chapter 28 system 88 11
- Chapter 29 log and report 28 12
- Chapter 30 file manager 43 12
- Chapter 31 diagnostics 54 13
- Chapter 32 packet flow explore 67 13
- Chapter 33 reboot 74 13
- Chapter 34 shutdown 75 13
- Chapter 35 troubleshooting 76 13
- User s guide 15
- Introduction 16
- Overview 16
- Zones interfaces and physical ports 16
- Interface and zone configuration 17
- Interface types 17
- Note by default all ethernet interfaces are placed into vlan0 allowing the nxc to function as a bridge device 17
- Ap management 18
- Applications 18
- Captive portal 18
- Wireless security 18
- Dynamic channel selection 19
- Load balancing 19
- User aware access control 19
- Command line interface cli 20
- Management overview 20
- Object based configuration 20
- Web configurator 20
- Chapter 1 introduction 21
- Here are some of the ways to start and stop the nxc 21
- Method description 21
- Nxc series user s guide 21
- Shutdown or the shutdown command before you turn off the nxc or remove the power not doing so can cause the firmware to become corrupt 21
- Starting and stopping the nxc 21
- Table 5 starting and stopping the nxc 21
- The nxc does not stop or start the system processes when you apply configuration files or run shell scripts although you may temporarily lose access to network resources 21
- Hardware installation and connection 22
- Rack mounted installation 22
- Rack mounted installation procedure 22
- Front panel 23
- Nxc2500 23
- Nxc5500 23
- Console port nxc5500 only 24
- Default ethernet settings 24
- Ethernet ports 24
- Chapter 2 hardware installation and connection 25
- Connect a usb storage device to a usb port on the nxc to archive the nxc system logs or save the nxc operating system core dump to it 25
- Db 9 signal db 9 pin wire color rj45 pin 25
- Front panel leds 25
- Led color status description 25
- Nxc series user s guide 25
- Nxc2500 25
- Nxc5500 25
- Table 6 rj 45 to db 9 console cable color codes 25
- Table 7 front panel leds nxc2500 25
- Table 8 front panel leds nxc5500 25
- The following table describes the leds 25
- This section describes the front panel leds 25
- Usb 2 ports 25
- 115200 bps 26
- Chapter 2 hardware installation and connection 26
- Connect this port to your computer using an rs 232 cable if you want to configure the nxc using the command line interface cli via the console port 26
- Console port nxc2500 only 26
- Figure 6 rear panel nxc2500 26
- Figure 7 rear panel nxc5500 26
- For local management you can use a computer with terminal emulation software configured to the following parameters 26
- Led color status description 26
- No flow control 26
- No parity 8 data bits 1 stop bit 26
- Nxc series user s guide 26
- Rear panel 26
- Table 8 front panel leds nxc5500 continued 26
- The nxc2500 rear panel contains a console port a power switch and a connector for the power receptacle 26
- The nxc5500 rear panel contains a power switch a connector for the power receptacle and a fan module 26
- Vt100 terminal emulation 26
- Access 28
- Overview 28
- The web configurator 28
- The main screen 29
- Title bar 30
- Chapter 3 the web configurator 31
- Click about to display basic information about the nxc 31
- Click site map to see an overview of links to the web configurator screens click a screen s link to go to that screen 31
- Figure 10 about 31
- Label description 31
- Nxc series user s guide 31
- Site map 31
- Table 10 about 31
- Table 9 title bar web configurator icons continued 31
- The following table describes labels that can appear in this screen 31
- Object reference 32
- Chapter 3 the web configurator 33
- Console 33
- Figure 13 console 33
- Label description 33
- Note to view the functions in the web configurator user interface that correspond directly to specific nxc cli commands use the cli messages window see cli messages on page 36 in tandem with this one 33
- Nxc series user s guide 33
- Table 11 object references continued 33
- The console allows you to use cli commands from directly within the web configurator rather than having to use a separate terminal program in addition to logging in directly to the nxc s cli you can also log into other devices on the network through this console it uses ssh to establish a connection 33
- Cli messages 36
- Chapter 3 the web configurator 37
- Dashboard 37
- Figure 15 navigation panel 37
- Folder or link tab function 37
- For details on the dashboard s features see chapter 4 on page 46 37
- Monitor menu 37
- Navigation panel 37
- Nxc series user s guide 37
- Table 13 monitor menu screens summary 37
- The dashboard displays general device information system status system resource usage licensed service status and interface status in widgets that you can re arrange to suit your needs 37
- The monitor menu screens display status and statistics information 37
- Use the menu items on the navigation panel to open screens to configure nxc features click the arrow in the middle of the right edge of the navigation panel to hide the navigation panel menus or drag it to resize them the following sections introduce the nxc s navigation panel menus and their screens 37
- Chapter 3 the web configurator 38
- Configuration menu 38
- Folder or link tab function 38
- Nxc series user s guide 38
- Table 13 monitor menu screens summary continued 38
- Table 14 configuration menu screens summary 38
- Use the configuration menu screens to configure the nxc s features 38
- Chapter 3 the web configurator 39
- Folder or link tab function 39
- Nxc series user s guide 39
- Table 14 configuration menu screens summary continued 39
- Chapter 3 the web configurator 40
- Figure 16 warning message 40
- Folder or link tab function 40
- Maintenance menu 40
- Nxc series user s guide 40
- Table 14 configuration menu screens summary continued 40
- Table 15 maintenance menu screens summary 40
- Use the maintenance menu screens to manage configuration and firmware files run diagnostics and reboot or shut down the nxc 40
- Warning messages 40
- Warning messages such as those resulting from misconfiguration display in a popup window 40
- Manipulating table display 41
- Tables and lists 41
- Chapter 3 the web configurator 43
- Here are descriptions for the most common table icons 43
- Label description 43
- Nxc series user s guide 43
- Table 16 common table icons 43
- Table 17 common table icons 43
- The tables have icons for working with table entries a sample is shown next you can often use the shift or ctrl key to select multiple entries to remove activate or deactivate 43
- Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time 43
- Working with table entries 43
- Chapter 3 the web configurator 44
- Figure 17 working with lists 44
- Label description 44
- Nxc series user s guide 44
- Table 17 common table icons continued 44
- When a list of available entries displays next to a list of selected entries you can often just double click an entry to move it from one list to the other in some lists you can also use the shift or ctrl key to select multiple entries and then use the arrow button to move them to the other list 44
- Working with lists 44
- Technical reference 45
- Dashboard 46
- Overview 46
- What you can do in this chapter 46
- Dashboard 47
- Chapter 4 dashboard 48
- Label description 48
- Nxc series user s guide 48
- Table 18 dashboard 48
- The following table describes the labels in this screen 48
- Chapter 4 dashboard 49
- Label description 49
- Nxc series user s guide 49
- Table 18 dashboard continued 49
- Chapter 4 dashboard 50
- Label description 50
- Nxc series user s guide 50
- Table 18 dashboard continued 50
- Chapter 4 dashboard 51
- Cpu usage 51
- Label description 51
- Nxc series user s guide 51
- Table 18 dashboard continued 51
- The following table describes the labels in this screen 51
- Use this screen to look at a chart of the nxc s recent cpu usage to access this screen click show cpu usage in the dashboard 51
- Memory usage 52
- Session usage 52
- Dhcp table 53
- Chapter 4 dashboard 54
- Dhcp table 54
- Label description 54
- Number of login users 54
- Nxc series user s guide 54
- The following table describes the labels in this screen 54
- Use this screen to look at a list of the users currently logged into the nxc to access this screen click the dashboard s number of login users icon 54
- Chapter 4 dashboard 55
- Label description 55
- Number of login users 55
- Nxc series user s guide 55
- The following table describes the labels in this screen 55
- Monitor 56
- Overview 56
- What you can do in this chapter 56
- Port statistics 57
- What you need to know 57
- Chapter 5 monitor 58
- Label description 58
- Nxc series user s guide 58
- Port statistics and then the switch to graphic view button 58
- Port statistics continued 58
- Port statistics graph 58
- Chapter 5 monitor 59
- Interface status 59
- Interface status to access this screen 59
- Label description 59
- Nxc series user s guide 59
- Switch to graphic view 59
- The following table describes the labels in this screen 59
- Chapter 5 monitor 60
- Each field is described in the following table 60
- Interface status 60
- Label description 60
- Nxc series user s guide 60
- Chapter 5 monitor 61
- Interface status continued 61
- Label description 61
- Nxc series user s guide 61
- Chapter 5 monitor 62
- Interface status continued 62
- Label description 62
- Lan ip with heaviest traffic and how much traffic has been sent to and from each one 62
- Most used protocols or service ports and the amount of traffic on each one 62
- Most visited web sites and the number of times each one was visited this count may not be accurate in some cases because the nxc counts http get packets 62
- Nxc series user s guide 62
- Traffic statistics 62
- Traffic statistics to display this screen this screen provides basic information about the different kinds of data traffic moving through the nxc for example 62
- You use the traffic statistics screen to tell the nxc when to start and when to stop collecting information for these reports you cannot schedule data collection you have to start and stop it manually in the traffic statistics screen 62
- Chapter 5 monitor 63
- Label description 63
- Nxc series user s guide 63
- There is a limit on the number of records shown in the report see table 28 on page 64 for more information the following table describes the labels in this screen 63
- Traffic statistics 63
- Chapter 5 monitor 64
- Label description 64
- Nxc series user s guide 64
- Table 28 maximum values for reports 64
- The following table displays the maximum number of records shown in the report the byte count limit and the hit count limit 64
- Traffic statistics continued 64
- Session monitor 65
- Chapter 5 monitor 66
- Label description 66
- Nxc series user s guide 66
- Session monitor 66
- The following table describes the labels in this screen 66
- Ip mac binding monitor 67
- Login users 67
- Chapter 5 monitor 68
- Label description 68
- Login users 68
- Nxc series user s guide 68
- The following table describes the labels in this screen 68
- Chapter 5 monitor 69
- Dynamic guest 69
- Label description 69
- Note if you delete a valid user account which is in use the nxc ends the user session 69
- Nxc series user s guide 69
- The following table describes the labels in this screen 69
- Chapter 5 monitor 70
- Label description 70
- Nxc series user s guide 70
- The following table describes the labels in this screen 70
- Usb storage 70
- Usb storage to display this screen 70
- Ap list 71
- Chapter 5 monitor 71
- Label description 71
- Nxc series user s guide 71
- The following table describes the labels in this screen 71
- Ap list continued 72
- Ap list icons 72
- Chapter 5 monitor 72
- Label description 72
- Nxc series user s guide 72
- Station count of ap 72
- The following table describes the icons in this screen 72
- Use this screen to look at configuration information port status and station statistics for the connected ap to access this screen select an entry and click the more information button in the ap list screen 72
- Ap information 73
- Chapter 5 monitor 73
- Label description 73
- Nxc series user s guide 73
- The following table describes the labels in this screen 73
- Ap information continued 74
- Chapter 5 monitor 74
- Config ap 74
- Label description 74
- Nxc series user s guide 74
- Use this screen to change the group and radio vlan and port settings of the connected ap to access this screen select an entry and click the config ap button in the ap list screen 74
- Chapter 5 monitor 76
- Config ap 76
- Label description 76
- Note ensure you restart the managed ap after you change its operating mode 76
- Note the root ap and repeater ap s in a zymesh must use the same country code and ap radio profile settings in order to communicate with each other 76
- Note to prevent bidge loops do not set both radios on a managed ap to repeater ap mode 76
- Nxc series user s guide 76
- The following table describes the labels in this screen 76
- Chapter 5 monitor 77
- Config ap continued 77
- Label description 77
- Nxc series user s guide 77
- Chapter 5 monitor 78
- Config ap continued 78
- Label description 78
- Nxc series user s guide 78
- Radio list 78
- The following table describes the labels in this screen 78
- Ap mode radio information 79
- Ap mode radio information 81
- Chapter 5 monitor 81
- Label description 81
- Nxc series user s guide 81
- The following table describes the labels in this screen 81
- Zymesh link info 81
- Zymesh link info to access this screen 81
- Chapter 5 monitor 82
- Label description 82
- Nxc series user s guide 82
- Station list 82
- Station list to access this screen 82
- The following table describes the labels in this screen 82
- Zymesh link info 82
- Ap management screen in order to detect other wireless devices in its vicinity 83
- Chapter 5 monitor 83
- Detected device 83
- Detected device to access this screen 83
- Label description 83
- Nxc series user s guide 83
- Station list 83
- The following table describes the labels in this screen 83
- Chapter 5 monitor 84
- Detected device 84
- Events that generate an alert as well as a log message display in red regular logs display in black click a column s heading cell to sort the table entries by that column s criteria click the heading cell again to reverse the sort order 84
- For individual log descriptions see appendix a on page 385 84
- For the maximum number of log messages in the nxc see the datasheet 84
- Label description 84
- Log messages are stored in two separate logs one for regular log messages and one for debugging messages in the regular log you can look at all the log messages by selecting all logs or you can select a specific category of log messages for example user you can also look at the debugging log by selecting debug log all debugging messages have the same priority 84
- Log the log is displayed in the following screen 84
- Note when a log reaches the maximum number of log messages new log messages automatically overwrite existing log messages starting with the oldest existing log message first 84
- Nxc series user s guide 84
- The following table describes the labels in this screen 84
- View log 84
- Chapter 5 monitor 85
- Label description 85
- Nxc series user s guide 85
- The following table describes the labels in this screen 85
- View log 85
- Chapter 5 monitor 86
- Label description 86
- Nxc series user s guide 86
- The web configurator saves the filter settings if you leave the view log screen and return to it later 86
- View ap log 86
- View ap log to access this screen 86
- View log continued 86
- Chapter 5 monitor 87
- Label description 87
- Note this criterion only appears when you show filter 87
- Nxc series user s guide 87
- The following table describes the labels in this screen 87
- View ap log 87
- Chapter 5 monitor 88
- Label description 88
- Note this criterion only appears when you show filter 88
- Nxc series user s guide 88
- View ap log 88
- Overview 89
- Registration 89
- What you can do in this chapter 89
- What you need to know 89
- Maximum number of zymesh root aps 90
- Registration 90
- Service 90
- Chapter 6 registration 91
- Label description 91
- Nxc series user s guide 91
- Service 91
- The following table describes the labels in this screen 91
- Overview 92
- What you can do in this chapter 92
- What you need to know 92
- Wireless 92
- Controller 93
- Ap management 94
- Ap management to access this screen 94
- Chapter 7 wireless 94
- Controller screen you set the registration type to always accept then as soon as you remove an ap from this list it reconnects 94
- Each field is described in the following table 94
- Label description 94
- Note dcs is not supported on the radio which is working in repeater ap mode 94
- Note you should have enabled dcs in the applied ap radio profile berfore the aps can use dcs 94
- Nxc series user s guide 94
- Ap management continued 95
- Chapter 7 wireless 95
- Label description 95
- Nxc series user s guide 95
- Edit ap list 96
- Chapter 7 wireless 97
- Each field is described in the following table 97
- Edit ap list 97
- Label description 97
- Note ensure you restart the managed ap after you change its operating mode 97
- Note the root ap and repeater ap s in a zymesh must use the same country code and ap radio profile settings in order to communicate with each other 97
- Note to prevent bidge loops do not set both radios on a managed ap to repeater ap mode 97
- Nxc series user s guide 97
- Chapter 7 wireless 98
- Edit ap list continued 98
- Edit ap list screen 98
- Label description 98
- Nxc series user s guide 98
- Port setting edit 98
- Use this screen to enable or disable a port on the managed ap and configure the port s pvid 98
- Vlan add edit 99
- Chapter 7 wireless 100
- Each field is described in the following table 100
- Edit vlan 100
- Label description 100
- Nxc series user s guide 100
- Ap policy 101
- Ap policy to access this screen 101
- Chapter 7 wireless 101
- Each field is described in the following table 101
- Label description 101
- Nxc series user s guide 101
- Ap group 102
- Ap group to access this screen 102
- Ap policy continued 102
- Chapter 7 wireless 102
- Each field is described in the following table 102
- Label description 102
- Note dcs is not supported on the radio which is working in repeater ap mode 102
- Note you cannot remove a group with which an ap is associated 102
- Note you should have enabled dcs in the applied ap radio profile berfore the aps can use dcs 102
- Nxc series user s guide 102
- Ap group continued 103
- Chapter 7 wireless 103
- Label description 103
- Nxc series user s guide 103
- Add edit ap group 104
- Add edit 105
- Chapter 7 wireless 105
- Each field is described in the following table 105
- Label description 105
- Note ensure you restart the managed ap after you change its operating mode 105
- Note reducing the output power also reduces the nxc s effective broadcast radius 105
- Note to prevent bidge loops do not set both radios on a managed ap to repeater ap mode 105
- Note you can select root ap in an ap group only when the zymesh license is activated 105
- Nxc series user s guide 105
- Add edit continued 106
- Chapter 7 wireless 106
- Label description 106
- Note load balancing is not supported on the radio which is working in root ap or repeater ap mode 106
- Nxc series user s guide 106
- Add edit continued 107
- Chapter 7 wireless 107
- Label description 107
- Mon mode 107
- Mon mode to access this screen 107
- Note if you enable this function you should ensure that there are multiple aps within the broadcast radius that can accept any rejected or kicked wireless clients otherwise a wireless client attempting to connect to an overloaded ap will be kicked continuously and never be allowed to connect 107
- Nxc series user s guide 107
- Use this screen to assign aps either to the rogue ap list or the friendly ap list a rogue ap is a wireless access point operating in a network s coverage area that is not under the control of the network administrator and which can potentially open up holes in a network s security 107
- Chapter 7 wireless 108
- Each field is described in the following table 108
- Label description 108
- Mon mode 108
- Nxc series user s guide 108
- Add edit rogue friendly 109
- Add edit rogue friendly ap list 109
- Add edit rogue friendly list 109
- Chapter 7 wireless 109
- Each field is described in the following table 109
- Label description 109
- Mon mode continued 109
- Mon mode table to display this screen 109
- Nxc series user s guide 109
- Auto healing 110
- Auto healing to access this screen 110
- Chapter 7 wireless 110
- Each field is described in the following table 110
- Label description 110
- Nxc series user s guide 110
- Dynamic channel selection 111
- Technical reference 111
- Load balancing 112
- Disassociating and delaying connections 113
- Interface overview 114
- Interfaces 114
- What you can do in this chapter 114
- What you need to know 114
- Ethernet summary 115
- Chapter 8 interfaces 116
- Each field is described in the following table 116
- Edit ethernet 116
- Ethernet 116
- Label description 116
- Note if you create ip address objects based on an interface s ip address subnet or gateway the nxc automatically updates every rule or setting that uses the object whenever the interface s ip address settings change for example if you change lan s ip address the nxc automatically updates the corresponding interface based lan subnet address object 116
- Nxc series user s guide 116
- This screen lets you configure ip address assignment and interface parameters to access this screen select an interface and click its edit icon in the ethernet screen 116
- Chapter 8 interfaces 118
- Label description 118
- Nxc series user s guide 118
- This screen s fields are described in the table below 118
- Chapter 8 interfaces 119
- Edit continued 119
- Label description 119
- Note make sure you also enable this option in the dhcpv6 server to make rapid commit work 119
- Nxc series user s guide 119
- Chapter 8 interfaces 120
- Edit continued 120
- Label description 120
- Nxc series user s guide 120
- Chapter 8 interfaces 121
- Edit continued 121
- Label description 121
- Nxc series user s guide 121
- Chapter 8 interfaces 122
- Edit continued 122
- Label description 122
- Nxc series user s guide 122
- Add dhcpv6 request options 123
- Object references 123
- Add dhcpv6 request options 124
- Add edit dhcp extended options 124
- Add edit extended options 124
- Chapter 8 interfaces 124
- Edit select dhcp server in the dhcp setting section and then click add or edit in the extended options table 124
- Label description 124
- Nxc series user s guide 124
- The following table describes labels that can appear in this screen 124
- Add edit extended options 125
- Chapter 8 interfaces 125
- Label description 125
- Nxc series user s guide 125
- Option name code description 125
- Table 62 dhcp extended options 125
- The following table lists the available dhcp extended options defined in rfcs on the nxc see rfcs for more information 125
- Note by default the nxc acts a bridge device this means all interfaces ge1 g6 are grouped together into a single vid vlan0 also note that vlan0 cannot be removed and the vid cannot be changed 126
- Vlan interfaces 126
- Vlan summary 127
- Chapter 8 interfaces 128
- Each field is explained in the following table 128
- Label description 128
- Nxc series user s guide 128
- Add edit vlan 129
- Add edit 131
- Chapter 8 interfaces 131
- Each field is explained in the following table 131
- Label description 131
- Nxc series user s guide 131
- Add edit continued 132
- Chapter 8 interfaces 132
- Label description 132
- Note make sure you also enable this option in the dhcpv6 server to make rapid commit work 132
- Nxc series user s guide 132
- Add edit continued 133
- Chapter 8 interfaces 133
- Label description 133
- Nxc series user s guide 133
- Add edit continued 134
- Chapter 8 interfaces 134
- Label description 134
- Nxc series user s guide 134
- Interface parameters 135
- Ip address assignment 135
- Technical reference 135
- Dhcp settings 136
- Overview 138
- Policy and static routes 138
- What you can do in this chapter 138
- What you need to know 138
- Diffserv 139
- Dscp marking and per hop behavior 139
- Policy route 139
- Chapter 9 policy and static routes 140
- Ippr follows the existing packet filtering facility of ras in style and in implementation 140
- Label description 140
- Nxc series user s guide 140
- Policy route 140
- The following table describes the labels in this screen 140
- Add edit policy route 141
- Chapter 9 policy and static routes 141
- Label description 141
- Nxc series user s guide 141
- Policy route continued 141
- Routing to open the policy route screen then click the add or edit icon to open the policy route edit screen use this screen to configure or edit a policy route 141
- Add edit 142
- Chapter 9 policy and static routes 142
- Label description 142
- Nxc series user s guide 142
- The following table describes the labels in this screen 142
- Add edit continued 143
- Chapter 9 policy and static routes 143
- Label description 143
- Nxc series user s guide 143
- Add edit continued 144
- Chapter 9 policy and static routes 144
- Label description 144
- Nxc series user s guide 144
- Static route 144
- Static route to open the static route screen this screen displays the configured static routes 144
- The following table describes the labels in this screen 144
- Add edit 145
- Chapter 9 policy and static routes 145
- Label description 145
- Nxc series user s guide 145
- Select a static route index number and click add or edit the screen shown next appears use this screen to configure the required information for a static route 145
- Static route setting 145
- Technical reference 145
- The following section contains additional technical information about the features described in this chapter 145
- The following table describes the labels in this screen 145
- Assured forwarding af behavior is defined in rfc 2597 the af behavior group defines four af classes inside each class packets are given a high medium or low drop precedence the drop precedence determines the probability that routers in the network will drop packets when congestion occurs if congestion occurs between classes the traffic in the higher class smaller numbered class is generally given priority combining the classes and drop precedence produces the following twelve dscp encodings from af11 through af43 the decimal equivalent is listed in brackets 146
- Assured forwarding af phb for diffserv 146
- Chapter 9 policy and static routes 146
- Class 1 class 2 class 3 class 4 146
- Nat and snat 146
- Nat network address translation nat rfc 1631 is the translation of the ip address in a packet in one network to a different ip address in another network use snat source nat to change the source ip address in one network to a different ip address in another network 146
- Nxc series user s guide 146
- Priority wmm ac 802 d priority dscp hex value 146
- Table 71 assured forwarding af behavior group 146
- Table 72 wmm to diffserv conversion on the nxc 146
- The wmm acs as implemented on the nxc have the following functions 146
- Video all wireless traffic to the ssid is tagged as video data this is recommended for activities like video conferencing 146
- Voice all wireless traffic to the ssid is tagged as voice data this is recommended if an ssid is used for activities like placing and receiving voip phone calls 146
- Wi fi multimedia wmm provides basic quality of service qos features to wireless networks the four categories of qos described by wmm are voice vo video vi best effort be and background bk these categories known as a access categories ac are mapped to 802 d priority values which can then be mapped to their corresponding dscp hex values 146
- Overview 148
- What you can do in this chapter 148
- What you need to know 148
- Add edit zone 149
- Chapter 10 zones 149
- Label description 149
- Nxc series user s guide 149
- The following table describes the labels in this screen 149
- This screen allows you to add or edit a zone to access this screen go to the zone screen and click the add icon or an edit icon 149
- Add edit 150
- Chapter 10 zones 150
- Label description 150
- Nxc series user s guide 150
- The following table describes the labels in this screen 150
- Nat summary 151
- Overview 151
- What you can do in this chapter 151
- Add edit nat 152
- Chapter 11 nat 152
- Label description 152
- Nxc series user s guide 152
- The following table describes the labels in this screen 152
- This screen lets you create new nat rules and edit existing ones to open this window open the nat summary screen then click on an add icon or edit icon to open the following screen 152
- Add edit 153
- Chapter 11 nat 153
- Label description 153
- Nxc series user s guide 153
- The following table describes the labels in this screen 153
- Add edit continued 154
- Chapter 11 nat 154
- Label description 154
- Nxc series user s guide 154
- Add edit continued 155
- Chapter 11 nat 155
- Label description 155
- Nxc series user s guide 155
- Nat loopback 156
- Technical reference 156
- Xxx lan smtp com 156
- Xxx lan smtp com 1 156
- Before you begin 158
- Overview 158
- What you can do in this chapter 158
- What you need to know 158
- Technical reference 159
- Ip mac binding 160
- Overview 160
- What you can do in this chapter 160
- What you need to know 160
- Chapter 13 ip mac binding 161
- Interfaces used with ip mac binding 161
- Ip mac address bindings are grouped by interface you can use ip mac binding with ethernet and vlan interfaces you can also enable or disable ip mac binding and logging in an interface s configuration screen 161
- Ip mac binding summary 161
- Ip mac binding to open the ip mac binding summary screen this screen lists the total number of ip to mac address bindings for devices connected to each supported interface 161
- Label description 161
- Nxc series user s guide 161
- Summary 161
- The following table describes the labels in this screen 161
- Chapter 13 ip mac binding 162
- Edit ip mac binding 162
- Edit to open this screen use this screen to configure an interface s ip to mac address binding settings 162
- Label description 162
- Nxc series user s guide 162
- The following table describes the labels in this screen 162
- Add edit 163
- Add edit static dhcp rule 163
- Chapter 13 ip mac binding 163
- Edit continued 163
- Edit to open this screen click the add or edit icon to open the following screen use this screen to configure an interface s ip to mac address binding settings 163
- Exempt list to open the ip mac binding exempt list screen use this screen to configure ranges of ip addresses to which the nxc does not apply ip mac binding 163
- Ip mac binding exempt list 163
- Label description 163
- Nxc series user s guide 163
- The following table describes the labels in this screen 163
- Chapter 13 ip mac binding 164
- Exempt list 164
- Label description 164
- Nxc series user s guide 164
- The following table describes the labels in this screen 164
- Captive portal 165
- Overview 165
- Captive portal type 166
- Option portal type user defined portal pages where to configure 166
- Table 82 captive portal options 166
- What you can do in this chapter 166
- Captive portal 167
- Note you can configure the look and feel of the captive portal web page on the login page screen see section 14 on page 173 for details 167
- Captive portal 168
- Chapter 14 captive portal 168
- Label description 168
- Note it is recommended to have the external web server on the same subnet as the login users 168
- Nxc series user s guide 168
- The following table describes the labels in this screen 168
- Captive portal continued 169
- Chapter 14 captive portal 169
- Label description 169
- Note if the authentication with qr code option is selected make sure you also have the nxc use the local user database to authenticate clients 169
- Note the authenticator must be able to access the ip address of the specified vlan interface 169
- Nxc series user s guide 169
- Add exceptional services 170
- Captive portal continued 170
- Chapter 14 captive portal 170
- Label description 170
- Note if you want 802 x to work properly you must set bootp_client and dns as exceptional services 170
- Nxc series user s guide 170
- This screen allows you to manage exceptions to captive portal interception click the add button in the exceptional services table on the captive portal screen to access this screen 170
- Add exceptional services 171
- Auth policy add edit 171
- Chapter 14 captive portal 171
- Label description 171
- Nxc series user s guide 171
- The following table describes the labels in this screen 171
- This screen allows you to add authentication policies to captive portal interception click the add or edit button for an existing policy in the authentication policy summary table on the captive portal screen to access this screen 171
- Auth policy add edit 172
- Chapter 14 captive portal 172
- Label description 172
- Nxc series user s guide 172
- Login page 173
- Chapter 14 captive portal 174
- Label description 174
- Login page 174
- Nxc series user s guide 174
- The following table describes the labels in this screen 174
- Chapter 14 captive portal 175
- Custom login and access pages 175
- Label description 175
- Login page 175
- Nxc series user s guide 175
- The following identify the parts you can customize in the login and access pages 175
- Background 177
- Color of all text 177
- External or uploaded web portal details 177
- Last line of text 177
- Logo title 177
- Message color 177
- Note message 177
- Chapter 14 captive portal 181
- Nxc series user s guide 181
- Parameter description login welcome session logout error 181
- Table 88 http parameters for external url 181
- Overview 182
- What you can do in this chapter 182
- A dedicated rtls ssid is recommended 183
- At least three aps managed by the nxc the more aps the better since it increases the amount of information the ekahau rtls controller has for calculating the location of the tags 183
- Before you begin 183
- Chapter 15 rtls 183
- Configuring rtls 183
- Ekahau rtls controller in blink mode with tzsp updater enabled 183
- Firewall rules to allow rtls traffic if the nxc firewall is enabled or the ekahau rtls controller is behind a firewall 183
- For example if the ekahau rtls controller is behind a firewall open ports 8550 8553 and 8569 to allow traffic the aps send to reach the ekahau rtls controller 183
- Ip addresses for the ekahau wi fi tags 183
- Nxc series user s guide 183
- Port number type description 183
- Rtls to open this screen use this screen to turn rtls real time location system on or off and specify the ip address and server port of the ekahau rtls controller 183
- Table 89 rtls traffic port numbers 183
- The following table lists default port numbers and types of packets rtls uses 183
- You need 183
- Chapter 15 rtls 184
- Label description 184
- Nxc series user s guide 184
- The following table describes the labels in this screen 184
- Firewall 185
- Overview 185
- What you can do in this chapter 185
- What you need to know 185
- Asymmetrical routes 186
- Firewall rule criteria 186
- Global firewall rules 186
- Session limits 186
- To nxc rules 186
- User specific firewall rules 186
- Firewall 187
- Chapter 16 firewall 188
- Firewall continued 188
- Label description 188
- Note allowing asymmetrical routes may let traffic from the wan go directly to the lan without passing through the nxc 188
- Nxc series user s guide 188
- Add edit 189
- Add edit firewall screen 189
- Chapter 16 firewall 189
- Firewall continued 189
- In the firewall screen click the edit or add icon to display this screen 189
- Label description 189
- Nxc series user s guide 189
- The following table describes the labels in this screen 189
- Add edit continued 190
- Chapter 16 firewall 190
- Label description 190
- Note if you specified a source ip address group instead of any in the field below the user s ip address should be within the ip address range 190
- Nxc series user s guide 190
- Chapter 16 firewall 191
- Label description 191
- Nxc series user s guide 191
- Session control 191
- Session control to display the firewall session control screen use this screen to limit the number of concurrent nat firewall sessions a client can use you can apply a default limit for all users and individual limits for specific users addresses or both the individual limit takes priority if you apply both 191
- The following table describes the labels in this screen 191
- Add edit 192
- Add edit session limit 192
- Chapter 16 firewall 192
- Label description 192
- Nxc series user s guide 192
- Session control continued 192
- Session limit and the add or edit icon to display the firewall session limit edit screen use this screen to configure rules that define a session limit for specific users or addresses 192
- Add edit 193
- Chapter 16 firewall 193
- Label description 193
- Note if you specified an ip address or address group instead of any in the field below the user s ip address should be within the ip address range 193
- Nxc series user s guide 193
- The following table describes the labels in this screen 193
- Overview 194
- User group 194
- What you can do in this chapter 194
- What you need to know 194
- Dynamic guest accounts 195
- Ext group user accounts 195
- Ext server accounts 195
- Ext user accounts 195
- Note if the nxc tries to authenticate an ext user using the local database the attempt always fails 195
- Note the default admin account is always authenticated locally regardless of the authentication method setting 195
- Mac address accounts 196
- Note you cannot put access users and admin users in the same user group 196
- Note you cannot put the default admin account into any user group 196
- User awareness 196
- User groups 196
- User role priority 196
- Chapter 17 user group 197
- Label description 197
- Nxc series user s guide 197
- The following table describes the labels in this screen 197
- User group 197
- User summary 197
- Add edit a user 198
- Add edit user 198
- Alphanumeric a z 0 9 there is no unicode support 198
- Chapter 17 user group 198
- Dashes 198
- Enter a user name from 1 to 31 characters 198
- Here are the reserved user names 198
- Nxc series user s guide 198
- Rules for user names 198
- The first character must be alphabetical a z a z an underscore _ or a dash other limitations on user names are 198
- The user add edit screen allows you to create a new user account or edit an existing one 198
- The user name can only contain the following characters 198
- To access this screen go to the user screen and click add or edit 198
- User names are case sensitive if you enter a user bob but use bob when connecting via cifs or ftp it will use the account settings used for bob not bob 198
- User names have to be different than user group names 198
- _ underscores 198
- Add edit a user 199
- Chapter 17 user group 199
- Label description 199
- Nxc series user s guide 199
- The following table describes the labels in this screen 199
- Add edit group 200
- Group summary 200
- Add edit group 201
- Chapter 17 user group 201
- Label description 201
- Nxc series user s guide 201
- Setting 201
- The following table describes the labels in this screen 201
- This screen controls default settings login settings lockout settings and other user settings for the nxc you can also use this screen to specify when users must log in to the nxc before it routes traffic for them 201
- Chapter 17 user group 203
- Label description 203
- Nxc series user s guide 203
- Setting 203
- The following table describes the labels in this screen 203
- Chapter 17 user group 204
- Label description 204
- Nxc series user s guide 204
- Setting continued 204
- Chapter 17 user group 205
- Edit user authentication timeout settings 205
- Label description 205
- Nxc series user s guide 205
- Setting continued 205
- Setting screen and click one of the default authentication timeout settings section s edit icons 205
- The following table describes the labels in this screen 205
- This screen allows you to set the default authentication timeout settings for the selected type of user account these default authentication timeout settings also control the settings for any existing user accounts that are set to use the default settings you can still manually configure any user account s authentication timeout settings 205
- Access users cannot use the web configurator to browse the configuration of the nxc instead after access users log into the nxc the following user aware login screen appears 206
- Add edit dynamic guest group 206
- Chapter 17 user group 206
- Edit user authentication timeout settings continued 206
- Label description 206
- Nxc series user s guide 206
- Setting screen and click either the add icon or an edit icon in the dynamic guest group section 206
- The following table describes the labels in this screen 206
- User aware login example 206
- Chapter 17 user group 207
- Figure 115 user aware login 207
- Guest manager login example 207
- Label description 207
- Nxc series user s guide 207
- Table 104 user aware login 207
- The following table describes the labels in this screen 207
- To create dynamic guest accounts enter the guest manager account information in the web configurator login screen after you log in successfully the following guest manager screen appears 207
- After you click apply to create dynamic guest accounts the following guest account list screen appears 208
- Chapter 17 user group 208
- Figure 116 guest manager login 208
- Guest account list 208
- Label description 208
- Nxc series user s guide 208
- Table 105 guest manager login 208
- The following table describes the labels in this screen 208
- Chapter 17 user group 209
- Figure 117 guest account list 209
- Label description 209
- Nxc series user s guide 209
- Table 106 guest account list 209
- The following figure shows the dynamic guest account printout example 209
- The following table describes the labels in this screen 209
- Dynamic guest note 210
- Mac address 210
- Add edit 211
- Add edit mac address 211
- Chapter 17 user group 211
- Label description 211
- Mac address continued 211
- Nxc series user s guide 211
- The following table describes the labels in this screen 211
- Use the mac address add edit screen to map a wireless client s mac address or oui to a mac role mac address user account 211
- Ap profile 212
- Overview 212
- What you can do in this chapter 212
- What you need to know 212
- Ieee 802 x 213
- Note you can have a maximum of 32 radio profiles on the nxc 213
- Wpa and wpa2 213
- Add edit radio profile 214
- Chapter 18 ap profile 214
- Label description 214
- Nxc series user s guide 214
- The following table describes the labels in this screen 214
- This screen allows you to create a new radio profile or edit an existing one to access this screen click the add button or select a radio profile from the list and click the edit button 214
- Add edit radio profile 216
- Chapter 18 ap profile 216
- Label description 216
- Note if you change the country code later channel selection is set to manual automatically 216
- Nxc series user s guide 216
- The following table describes the labels in this screen 216
- Add edit radio profile continued 217
- Chapter 18 ap profile 217
- Label description 217
- Nxc series user s guide 217
- Add edit radio profile continued 218
- Chapter 18 ap profile 218
- Label description 218
- Nxc series user s guide 218
- Add edit radio profile continued 219
- Chapter 18 ap profile 219
- Label description 219
- Note you can have a maximum of 32 ssid profiles on the nxc 219
- Nxc series user s guide 219
- Ssid list 219
- The ssid screens allow you to configure three different types of profiles for your networked aps an ssid list which can assign specific ssid configurations to your aps a security list which can assign specific encryption methods to the aps when allowing wireless clients to connect to them and a mac filter list which can limit connections to an ap based on wireless clients mac addresses 219
- This screen allows you to create and manage ssid configurations that can be used by the aps an ssid or service set identifier is basically the name of the wireless network to which a wireless client can connect the ssid appears as readable text to any device capable of scanning for wireless frequencies such as the wifi adapter in a laptop and is displayed as the wireless network name when a person makes a connection to it 219
- Add edit ssid profile 220
- Chapter 18 ap profile 220
- Label description 220
- Nxc series user s guide 220
- Ssid list 220
- The following table describes the labels in this screen 220
- This screen allows you to create a new ssid profile or edit an existing one to access this screen click the add button or select an ssid profile from the list and click the edit button 220
- Add edit ssid profile 221
- Chapter 18 ap profile 221
- Label description 221
- Note it is highly recommended that you create security profiles for all of your ssids to enhance your network security 221
- Nxc series user s guide 221
- The following table describes the labels in this screen 221
- Add edit ssid profile continued 222
- Chapter 18 ap profile 222
- Label description 222
- Nxc series user s guide 222
- Add edit ssid profile continued 223
- Chapter 18 ap profile 223
- Label description 223
- Note if you associate a layer 2 isolation profile with the ssid this option will be selected automatically and cannot be configured 223
- Note you can have a maximum of 32 security profiles on the nxc 223
- Nxc series user s guide 223
- Security list 223
- The following table describes the labels in this screen 223
- This screen allows you to manage wireless security configurations that can be used by your ssids wireless security is implemented strictly between the ap broadcasting the ssid and the stations that are connected to it 223
- Add edit security profile 224
- Note this screen s options change based on the security mode selected only the default screen is displayed here 224
- Add edit security profile 225
- Chapter 18 ap profile 225
- Label description 225
- Nxc series user s guide 225
- The following table describes the labels in this screen 225
- Add edit security profile 226
- Chapter 18 ap profile 226
- Label description 226
- Nxc series user s guide 226
- Add edit mac filter profile 227
- Add edit security profile 227
- Chapter 18 ap profile 227
- Label description 227
- Mac filter list 227
- Note you can have a maximum of 32 mac filtering profiles on the nxc 227
- Nxc series user s guide 227
- The following table describes the labels in this screen 227
- This screen allows you to create a new mac filtering profile or edit an existing one to access this screen click the add button or select a mac filtering profile from the list and click the edit button 227
- Add edit mac filter profile 228
- Chapter 18 ap profile 228
- If a device s mac addresses is not listed in a layer 2 isolation profile it is blocked from communicating with other devices in an ssid on which layer 2 isolation is enabled 228
- Label description 228
- Layer 2 isolation list 228
- Note you can have a maximum of 32 layer 2 isolation profiles on the nxc 228
- Nxc series user s guide 228
- The following table describes the labels in this screen 228
- Add edit layer 2 isolation profile 229
- Note you need to know the mac address of each device that you want to allow to be accessed by other devices in the ssid to which the layer 2 isolation profile is applied 229
- Add edit layer 2 isolation profile 230
- Chapter 18 ap profile 230
- Label description 230
- Nxc series user s guide 230
- The following table describes the labels in this screen 230
- Mon profile 231
- Overview 231
- What you can do in this chapter 231
- What you need to know 231
- Add edit mon profile 232
- Chapter 19 mon profile 232
- Label description 232
- Mon profile 232
- Nxc series user s guide 232
- The following table describes the labels in this screen 232
- This screen allows you to create a new monitor mode profile or edit an existing one to access this screen click the add button or select and existing monitor mode profile and click the edit button 232
- Add edit mon profile 233
- Chapter 19 mon profile 233
- Label description 233
- Nxc series user s guide 233
- The following table describes the labels in this screen 233
- Add edit mon profile continued 234
- Chapter 19 mon profile 234
- Figure 133 rogue ap example 234
- In the example above a corporate network s security is compromised by a rogue ap rg set up by an employee at his workstation in order to allow him to connect his notebook computer wirelessly 234
- Label description 234
- Nxc series user s guide 234
- Rogue aps 234
- Rogue aps are wireless access points operating in a network s coverage area that are not under the control of the network s administrators and can open up holes in a network s security attackers can take advantage of a rogue ap s weaker or non existent security to gain access to the network or set up their own rogue aps in order to capture information from wireless clients if a scan reveals a rogue ap you can use commercially available software to physically locate it 234
- Technical reference 234
- The following section contains additional technical information about the features described in this chapter 234
- Friendly aps 235
- Overview 236
- Zymesh profile 236
- Note a zymesh wds link with more hops has lower throughput 237
- Note when the wireless connection between the root ap and the repeater is up in order to prevent bridge loops the repeater would not be able to transmit data through its ethernet port s the repeater then could only receive power from a poe device if you use poe to provide power to the managed ap via an 8 ping etherent cable 237
- What you can do in this chapter 237
- Zymesh profile 237
- Add edit zymesh profile 238
- Add edit zymesh profile 239
- Chapter 20 zymesh profile 239
- Label description 239
- Note the zymesh ssid is hidden in the outgoing beacon frame so a wireless device cannot obtain the ssid through scanning using a site survey tool 239
- Nxc series user s guide 239
- The following table describes the labels in this screen 239
- Address summary 240
- Addresses 240
- Overview 240
- What you can do in this chapter 240
- What you need to know 240
- Add edit 241
- Add edit address 241
- Address summary 241
- Chapter 21 addresses 241
- Label description 241
- Nxc series user s guide 241
- The add edit address screen allows you to create a new address or edit an existing one to access this screen go to the address screen and click either the add icon or an edit icon 241
- The following table describes the labels in this screen 241
- Add edit 242
- Address group 242
- Address group click a column s heading cell to sort the table entries by that column s criteria click the heading cell again to reverse the sort order 242
- Address group summary 242
- Chapter 21 addresses 242
- Label description 242
- Note the nxc automatically updates address objects that are based on an interface s ip address subnet or gateway if the interface s ip address settings change for example if you change ge1 s ip address the nxc automatically updates the corresponding interface based lan subnet address object 242
- Nxc series user s guide 242
- The following table describes the labels in this screen 242
- Add edit 243
- Add edit address group rule 243
- Address group 243
- Chapter 21 addresses 243
- Label description 243
- Nxc series user s guide 243
- The add edit address group rule screen allows you to create a new address group or edit an existing one to access this screen go to the address group screen and click either the add icon or an edit icon 243
- The following table describes the labels in this screen 243
- Add edit continued 244
- Chapter 21 addresses 244
- Label description 244
- Nxc series user s guide 244
- Overview 245
- Services 245
- What you can do in this chapter 245
- What you need to know 245
- Service objects and service groups 246
- Service summary 246
- Add edit 247
- Add edit service rule 247
- Chapter 22 services 247
- Label description 247
- Nxc series user s guide 247
- Service 247
- The add edit service rule screen allows you to create a new service or edit an existing one to access this screen go to the service screen and click either the add icon or an edit icon 247
- The following table describes the labels in this screen 247
- Add edit service group rule 248
- Service group summary 248
- Add edit 249
- Chapter 22 services 249
- Label description 249
- Nxc series user s guide 249
- The following table describes the labels in this screen 249
- Overview 250
- Schedule summary 250
- Schedules 250
- What you can do in this chapter 250
- What you need to know 250
- Chapter 23 schedules 251
- Label description 251
- Nxc series user s guide 251
- Schedule 251
- The following table describes the labels in this screen 251
- Add edit one time 252
- Add edit schedule one time rule 252
- Chapter 23 schedules 252
- Label description 252
- Nxc series user s guide 252
- The add edit schedule one time rule screen allows you to define a one time schedule or edit an existing one to access this screen go to the schedule screen and click either the add icon or an edit icon in the one time section 252
- The following table describes the labels in this screen 252
- Add edit recurring 253
- Add edit schedule recurring rule 253
- Chapter 23 schedules 253
- Label description 253
- Nxc series user s guide 253
- The add edit schedule recurring rule screen allows you to define a recurring schedule or edit an existing one to access this screen go to the schedule screen and click either the add icon or an edit icon in the recurring section 253
- The year month and day columns are not used in recurring schedules and are disabled in this screen the following table describes the remaining labels in this screen 253
- Aaa server 254
- Overview 254
- What you can do in this chapter 254
- What you need to know 254
- Aaa servers supported by the nxc 255
- Authentication capability list 255
- Chapter 24 aaa server 255
- Figure 148 radius server network example 255
- If it matches the user is allowed access otherwise access is blocked 255
- Internal authentication method external radius 255
- Local user database 255
- Nxc series user s guide 255
- Radius remote authentication dial in user service authentication is a popular protocol used to authenticate users by means of an external server instead of or in addition to an internal device user database that is limited to the memory capacity of the device in essence radius authentication allows you to validate a large number of users from a central location 255
- Radius server 255
- Table 134 authentication capability list 255
- The following lists the types of authentication server the nxc supports 255
- The nxc uses the built in local user database to authenticate administrative users logging into the nxc s web configurator or network access users logging into the network through the nxc 255
- This list displays the nxc s authentication capabilities 255
- Directory structure 256
- Distinguished name dn 256
- Note because the nxc has an internal authentication database you can create local login accounts on it without needing to rely on an external authentication server the built in authentication server supports peap eap tls eap ttls 256
- Active directory ldap 257
- Base dn 257
- Bind dn 257
- Note both the active directory and ldap screens while on separate tabs are identical in configuration this section applies to both equally 257
- Add edit active directory ldap server 258
- Note the active directory and ldap server setup screens are almost identical so the features for both screens are described in this section 258
- O zyxel c u 258
- Add edit 260
- Chapter 24 aaa server 260
- Label description 260
- Nxc series user s guide 260
- O zyxel c u 260
- The following table describes the labels in these screens 260
- Add edit 261
- Chapter 24 aaa server 261
- Cn zyadmi 261
- Label description 261
- Note this is only for active directory 261
- Nxc series user s guide 261
- Zyadmi 261
- Add edit radius 262
- Radius 262
- Add edit 263
- Chapter 24 aaa server 263
- Label description 263
- Nxc series user s guide 263
- The following table describes the labels in this screen 263
- Add edit continued 264
- Chapter 24 aaa server 264
- Label description 264
- Nxc series user s guide 264
- Add edit continued 265
- Chapter 24 aaa server 265
- Label description 265
- Nxc series user s guide 265
- Authentication method 266
- Before you begin 266
- Overview 266
- What you can do in this chapter 266
- Add authentication method 267
- Chapter 25 authentication method 268
- Click ok to save the settings or click cancel to discard all changes and return to the previous screen 268
- Label description 268
- Nxc series user s guide 268
- The following table describes the labels in this screen 268
- Certificates 269
- Overview 269
- What you can do in this chapter 269
- What you need to know 269
- Advantages of certificates 270
- Certificate file formats 270
- Factory default certificate 270
- Self signed certificates 270
- Note be careful not to convert a binary file to text during the transfer process it is easy for this to occur since many programs use text files by default 271
- Verifying a certificate 271
- Chapter 26 certificates 272
- Label description 272
- My certificates 272
- My certificates to open this screen this is the nxc s summary list of certificates and certification requests 272
- Nxc series user s guide 272
- The following table describes the labels in this screen 272
- Chapter 26 certificates 273
- Label description 273
- My certificates continued 273
- Nxc series user s guide 273
- Add my certificates 274
- Chapter 26 certificates 275
- Label description 275
- Nxc series user s guide 275
- The following table describes the labels in this screen 275
- Add continued 276
- Chapter 26 certificates 276
- If you configured the my certificate create screen to have the nxc enroll a certificate and the certificate enrollment is not successful you see a screen with a return button that takes you back to the my certificate create screen click return and check your information in the my certificate create screen make sure that the certification authority information is correct and that your internet connection is working properly if you want the nxc to enroll a certificate online 276
- Label description 276
- Nxc series user s guide 276
- Edit my certificates 277
- Chapter 26 certificates 278
- Label description 278
- Nxc series user s guide 278
- The following table describes the labels in this screen 278
- Chapter 26 certificates 279
- Import certificates 279
- Import to open the my certificate import screen follow the instructions in this screen to save an existing certificate to the nxc 279
- Label description 279
- Note you can import a certificate that matches a corresponding certification request that was generated by the nxc you can also import a certificate in pkcs 12 format including the certificate s public and private keys 279
- Nxc series user s guide 279
- The certificate you import replaces the corresponding request in the my certificates screen 279
- You must remove any spaces in the certificate s filename before you can import it 279
- Chapter 26 certificates 280
- Import 280
- Label description 280
- Nxc series user s guide 280
- The following table describes the labels in this screen 280
- Trusted certificates 280
- Trusted certificates to open the trusted certificates screen this screen displays a summary list of certificates that you have set the nxc to accept as trusted the nxc also accepts any valid certificate signed by a certificate on this list as being trustworthy thus you do not need to import any certificate that is signed by one of these certificates 280
- Chapter 26 certificates 281
- Label description 281
- Nxc series user s guide 281
- The following table describes the labels in this screen 281
- Trusted certificates 281
- Edit trusted certificates 282
- Chapter 26 certificates 283
- Label description 283
- Nxc series user s guide 283
- The following table describes the labels in this screen 283
- Chapter 26 certificates 284
- Edit continued 284
- Import to open the trusted certificates import screen follow the instructions in this screen to save a trusted certificate to the nxc 284
- Import trusted certificates 284
- Label description 284
- Note you must remove any spaces from the certificate s filename before you can import the certificate 284
- Nxc series user s guide 284
- Technical reference 285
- Dhcpv6 286
- Dhcpv6 request 286
- Overview 286
- What you can do in this chapter 286
- Add edit 287
- Add edit dhcpv6 request object 287
- Chapter 27 dhcpv6 287
- Label description 287
- Nxc series user s guide 287
- Request continued 287
- The following table describes the labels in this screen 287
- The request add edit screen allows you to create a new request object or edit an existing one to access this screen go to the request screen and click either the add icon or an edit icon 287
- Overview 288
- System 288
- What you can do in this chapter 288
- Host name 289
- Note only connect one usb device it must allow writing it cannot be read only and use the fat16 fat32 ext2 or ext3 file system 289
- Usb storage 289
- Chapter 28 system 290
- Date and time 290
- For effective scheduling and logging the nxc system time must be accurate the nxc s real time chip rtc keeps track of the time and date there is also a software mechanism to set the time manually or get the current time and date from an external server 290
- Label description 290
- Nxc series user s guide 290
- The following table describes the labels in this screen 290
- Usb storage 290
- Chapter 28 system 291
- Date time 291
- Date time the screen displays as shown you can manually set the nxc s time and date or have the nxc get the date and time from a time server 291
- Label description 291
- Nxc series user s guide 291
- The following table describes the labels in this screen 291
- Chapter 28 system 292
- Date time continued 292
- Label description 292
- Nxc series user s guide 292
- Pre defined ntp time servers list 293
- Time server synchronization 293
- Console speed 294
- Dns overview 294
- Configuring the dns screen 295
- Dns server address assignment 295
- Chapter 28 system 296
- Label description 296
- Nxc series user s guide 296
- The following table describes the labels in this screen 296
- A ptr pointer record is also called a reverse record or a reverse lookup record it is a mapping of an ip address to a domain name 297
- Adding an address ptr record 297
- Address record 297
- An address record contains the mapping of a fully qualified domain name fqdn to an ip address an fqdn consists of a host and domain name for example www zyxel com is a fully qualified domain name where www is the host zyxel is the second level domain and com is the top level domain mail myzyxel com tw is also a fqdn where mail is the host myzyxel is the third level domain com is the second level domain and tw is the top level domain 297
- Chapter 28 system 297
- Click the add icon in the address ptr record table to add an address ptr record 297
- Dns continued 297
- Label description 297
- Nxc series user s guide 297
- Ptr record 297
- The nxc allows you to configure address records about the nxc itself or another device this way you can keep a record of dns names and addresses that people on your network may use frequently if the nxc receives a dns query for an fqdn for which the nxc has an address record the nxc can send the ip address in a dns response without having to query a dns name server 297
- Add domain zone forwarder 298
- Domain zone forwarder 298
- A mx mail exchange record indicates which host is responsible for the mail for a particular domain that is controls where mail is sent for that domain if you do not configure proper mx records for your domain or other domain external e mail from other mail servers will not be able to be delivered to your mail server and vice versa each host or domain can have only one mx record that is one domain is mapping to one host 299
- Add domain zone forwarder 299
- Chapter 28 system 299
- Label description 299
- Mx record 299
- Note if all interfaces are static then this field is hidden 299
- Nxc series user s guide 299
- The following table describes the labels in this screen 299
- 0 add service control 300
- Add mx record 300
- Service access limitations 301
- System timeout 301
- Www overview 301
- Note if you disable http in the www screen then the nxc blocks all http connection attempts 302
- Configuring www service control 303
- Note admin service control deals with management access to the web configurator user service control deals with user access to the nxc 303
- Chapter 28 system 304
- Label description 304
- Nxc series user s guide 304
- Service control 304
- The following table describes the labels in this screen 304
- Add edit 305
- Chapter 28 system 305
- Click add or edit in the service control table in a www ssh telnet ftp or snmp screen to add a service control rule 305
- Label description 305
- Nxc series user s guide 305
- Service control continued 305
- Service control rules 305
- Add edit 306
- Chapter 28 system 306
- Figure 179 security alert dialog box internet explorer 306
- Https example 306
- If you haven t changed the default https port on the nxc then in your browser enter https nxc ip address as the web site address where nxc ip address is the ip address or domain name of the nxc you wish to access 306
- Internet explorer warning messages 306
- Label description 306
- Nxc series user s guide 306
- The following table describes the labels in this screen 306
- When you attempt to access the nxc https server a windows dialog box pops up asking if you trust the server certificate click view certificate if you want to verify that the certificate is from the nxc 306
- You see the following security alert screen in internet explorer select yes to proceed to the web configurator login screen if you select no then web configurator access is blocked 306
- Avoiding browser warning messages 307
- Enrolling and importing ssl client certificates 307
- Login screen 307
- Installing the ca s certificate 308
- Installing a personal certificate 309
- Using a certificate when accessing the nxc 311
- How ssh works 313
- Configuring ssh 314
- Note it is recommended that you disable telnet and ftp when you configure ssh for secure connections 314
- Requirements for using ssh 314
- Ssh implementation on the nxc 314
- A window displays prompting you to store the host key in you computer click yes to continue 315
- Chapter 28 system 315
- Configure the ssh client to accept connection using ssh version 1 315
- Example 1 microsoft windows 315
- Examples of secure telnet using ssh 315
- Label description 315
- Launch the ssh client and specify the connection information ip address port number for the nxc 315
- Nxc series user s guide 315
- Ssh continued 315
- This section describes how to access the nxc using the secure shell client program 315
- This section shows two examples using a command interface and a graphical interface ssh client program to remotely access the nxc the configuration and connection steps are similar for most ssh client programs refer to your ssh client program user s guide 315
- Example 2 linux 316
- Chapter 28 system 317
- Label description 317
- Nxc series user s guide 317
- Telnet 317
- Telnet to configure your nxc for remote telnet access use this screen to specify from which zones telnet can be used to manage the nxc you can also specify from which ip addresses the access can come 317
- The following table describes the labels in this screen 317
- Chapter 28 system 318
- Ftp tab the screen appears as shown use this screen to specify from which zones ftp can be used to access the nxc you can also specify from which ip addresses the access can come 318
- Label description 318
- Nxc series user s guide 318
- Telnet continued 318
- The following table describes the labels in this screen 318
- You can upload and download the nxc s firmware and configuration files using ftp to use this feature your computer must have an ftp client see chapter 30 on page 343 for more information about firmware and configuration files 318
- Chapter 28 system 319
- Ftp continued 319
- Label description 319
- Nxc series user s guide 319
- Chapter 28 system 321
- Nxc series user s guide 321
- Object label object id description 321
- Snmp traps 321
- Supported mibs 321
- Table 165 snmp traps 321
- The nxc supports mib ii that is defined in rfc 1213 and rfc 1215 the nxc also supports private mibs zywall mib and zyxel zywall zld common mib to collect information about cpu and memory usage the focus of the mibs is to let administrators collect statistical data and monitor status and performance you can download the nxc s mibs from www zyxel com 321
- The nxc will send traps to the snmp manager when any one of the following events occurs 321
- Trap used by the agent to inform the manager of some events 321
- Configuring snmp 322
- Chapter 28 system 323
- Label description 323
- Nxc series user s guide 323
- Snmp continued 323
- Adding or editing an snmpv3 user profile 324
- Auth server tab the screen appears as shown use this screen to enable the authentication server feature of the nxc and specify the radius client s ip address 324
- Authentication server 324
- Chapter 28 system 324
- Label description 324
- Nxc series user s guide 324
- Snmp screen s add button or select a snmpv3 user profile from the list and click the edit button 324
- The following table describes the labels in this screen 324
- Auth server 325
- Chapter 28 system 325
- Label description 325
- Nxc series user s guide 325
- The following table describes the labels in this screen 325
- Add edit 326
- Add edit trusted radius client 326
- Auth server to display the auth server screen click the add icon or an edit icon to display the following screen use this screen to create a new entry or edit an existing one 326
- Chapter 28 system 326
- Label description 326
- Language 326
- Language to open this screen use this screen to select a display language for the nxc s web configurator screens 326
- Nxc series user s guide 326
- The following table describes the labels in this screen 326
- Chapter 28 system 327
- Ipv6 to open the following screen use this screen to enable ipv6 support on the nxc 327
- Label description 327
- Language 327
- Nxc series user s guide 327
- The following table describes the labels in this screen 327
- Email daily report 328
- Log and report 328
- Overview 328
- What you can do in this chapter 328
- Chapter 29 log and report 329
- Email daily report 329
- Label description 329
- Nxc series user s guide 329
- The following table describes the labels in this screen 329
- Chapter 29 log and report 330
- Email daily report continued 330
- For alerts the log settings tab controls which events generate alerts and where alerts are e mailed 330
- Label description 330
- Log settings 330
- Nxc series user s guide 330
- The log settings summary screen provides a summary of all the settings you can use the log settings edit screen to maintain the detailed settings such as log categories e mail addresses server names etc for any log alternatively if you want to edit what events is included in each log you can also use the log category settings screen to edit this information for all logs at the same time 330
- The log settings tab also controls what information is saved in each log for the system log you can also specify which log messages are e mailed where they are e mailed and how often they are e mailed 330
- The nxc provides a system log and supports e mail profiles and remote syslog servers the system log is available on the view log tab the e mail profiles are used to mail log messages to the specified destinations and the other four logs are stored on specified syslog servers 330
- These screens control log messages and alerts a log message stores the information for viewing for example in the view log tab or regular e mailing later and an alert is e mailed immediately usually alerts are used for events that require more serious attention such as system errors and attacks 330
- Chapter 29 log and report 331
- Label description 331
- Log settings 331
- Log settings summary 331
- Nxc series user s guide 331
- The following table describes the labels in this screen 331
- Chapter 29 log and report 332
- Label description 332
- Log settings continued 332
- Nxc series user s guide 332
- Edit system log settings 333
- Chapter 29 log and report 334
- Edit system log 334
- Label description 334
- Nxc series user s guide 334
- The following table describes the labels in this screen 334
- Chapter 29 log and report 335
- Edit system log continued 335
- Edit usb storage log settings 335
- Label description 335
- Nxc series user s guide 335
- The edit log on usb storage setting screen controls the detailed settings for saving logs to a connected usb storage device go to the log settings summary screen and click the usb storage edit icon 335
- Chapter 29 log and report 336
- Edit usb storage 336
- Label description 336
- Nxc series user s guide 336
- The following table describes the labels in this screen 336
- Chapter 29 log and report 337
- Edit remote server log settings 337
- Edit usb storage continued 337
- Label description 337
- Nxc series user s guide 337
- This screen controls the settings for each log in the remote server syslog go to the log settings summary screen and click a remote server edit icon 337
- Chapter 29 log and report 339
- Edit remote server 339
- Label description 339
- Log category settings 339
- Nxc series user s guide 339
- The following table describes the labels in this screen 339
- This screen allows you to view and to edit what information is included in the system log usb storage e mail profiles and remote servers at the same time it does not let you change other log settings for example where and how often log information is e mailed or remote server names to access this screen go to the log settings summary screen and click the log category settings button 339
- Chapter 29 log and report 341
- Label description 341
- Log category settings 341
- Nxc series user s guide 341
- The following table describes the fields in this screen 341
- Chapter 29 log and report 342
- Label description 342
- Log category settings continued 342
- Nxc series user s guide 342
- File manager 343
- Overview 343
- What you can do in this chapter 343
- What you need to know 343
- Comments in configuration files or shell scripts 344
- Note exit or must follow sub commands if it is to make the nxc exit sub command mode 344
- Configuration file 345
- Errors in configuration files or shell scripts 345
- Configuration file flow at restart 346
- Do not turn off the nxc while configuration file upload is in progress 346
- Chapter 30 file manager 347
- Configuration file 347
- Label description 347
- Nxc series user s guide 347
- The following table describes the labels in this screen 347
- Chapter 30 file manager 348
- Configuration file continued 348
- Label description 348
- Nxc series user s guide 348
- Firmware package 349
- Note the web configurator is the recommended method for uploading firmware you only need to use the command line interface if you need to recover the firmware see the cli reference guide for how to determine if you need to recover the firmware and how to recover it 349
- The firmware update can take up to five minutes do not turn off or reset the nxc while the firmware update is in progress 349
- Chapter 30 file manager 350
- Firmware package 350
- Label description 350
- Nxc series user s guide 350
- The following table describes the labels in this screen 350
- Note the nxc automatically reboots after a successful firmware update 351
- Shell script 351
- Chapter 30 file manager 352
- Each field is described in the following table 352
- Label description 352
- Note you should include write commands in your scripts if you do not use the write command the changes will be lost when the nxc restarts you could use multiple write commands in a long script 352
- Nxc series user s guide 352
- Shell script 352
- Shell script to open this screen use the shell script screen to store name download upload and run shell script files you can store multiple shell script files on the nxc at the same time 352
- Chapter 30 file manager 353
- Label description 353
- Nxc series user s guide 353
- Shell script continued 353
- Diagnostics 354
- Overview 354
- What you can do in this chapter 354
- Chapter 31 diagnostics 355
- Collect on ap to open the diagnostic screen 355
- Collect on controller 355
- Diagnostics ap configuration 355
- Label description 355
- Nxc series user s guide 355
- The following table describes the labels in this screen 355
- This screen provides an easy way for you to generate a file containing the selected managed ap s configuration and diagnostic information you may need to generate this file and send it to customer support during troubleshooting 355
- Chapter 31 diagnostics 356
- Collect on ap 356
- Label description 356
- Nxc series user s guide 356
- The following table describes the labels in this screen 356
- Chapter 31 diagnostics 357
- Collect on ap 357
- Diagnostics files 357
- Files to open the diagnostic files screen this screen lists the files of diagnostic information the nxc has collected and stored on the nxc or a connected usb storage device you may need to send these files to customer support for troubleshooting 357
- Label description 357
- Nxc series user s guide 357
- The following table describes the labels in this screen 357
- Capture 358
- Chapter 31 diagnostics 358
- Label description 358
- Note new capture files overwrite existing files of the same name change the file suffix field s setting to avoid this 358
- Nxc series user s guide 358
- Packet capture 358
- Packet capture to open the packet capture screen 358
- The following table describes the labels in this screen 358
- Use this screen to capture network traffic going through the nxc s interfaces studying these packet captures may help you identify network problems 358
- Chapter 31 diagnostics 359
- Label description 359
- Note if you have existing capture files and have not selected the continuously capture and overwrite old ones option you may need to set this size larger or delete existing capture files 359
- Note the nxc reserves some usb storage space as a buffer 359
- Note the nxcl reserves some onboard storage space as a buffer 359
- Nxc series user s guide 359
- Packet capture continued 359
- Chapter 31 diagnostics 360
- Files to open the packet capture files screen this screen lists the files of packet captures stored on the nxc or a connected usb storage device you can download the files to your computer where you can study them using a packet analyzer also known as a network or protocol analyzer such as wireshark 360
- Label description 360
- Nxc series user s guide 360
- Packet capture continued 360
- Packet capture files 360
- The following table describes the labels in this screen 360
- Core dump 361
- Example of viewing a packet capture file 361
- Core dump files 362
- Chapter 31 diagnostics 363
- Label description 363
- Nxc series user s guide 363
- System log 363
- System log to open the system log files screen this screen lists the files of system logs stored on a connected usb storage device the files are in comma separated value csv format you can download them to your computer and open them in a tool like microsoft s excel 363
- The following table describes the labels in this screen 363
- Capture 364
- Chapter 31 diagnostics 364
- Label description 364
- Note new capture files overwrite existing files of the same name change the file prefix field s setting to avoid this 364
- Nxc series user s guide 364
- The following table describes the labels in this screen 364
- Use this screen to capture wireless network traffic going through the ap interfaces connected to your nxc studying these frame captures may help you identify network problems 364
- Wireless frame capture 364
- Wireless frame capture to display this screen 364
- Capture continued 365
- Chapter 31 diagnostics 365
- Files to open this screen this screen lists the files of wireless frame captures the nxc has performed you can download the files to your computer where you can study them using a packet analyzer also known as a network or protocol analyzer such as wireshark 365
- Label description 365
- Note if you have existing capture files you may need to set this size larger or delete existing capture files 365
- Nxc series user s guide 365
- Wireless frame capture files 365
- Chapter 31 diagnostics 366
- Label description 366
- Nxc series user s guide 366
- The following table describes the labels in this screen 366
- Overview 367
- Packet flow explore 367
- The routing status screen 367
- What you can do in this chapter 367
- Chapter 32 packet flow explore 369
- Label description 369
- Nxc series user s guide 369
- Routing status 369
- Routing status main route 369
- The following table describes the labels in this screen 369
- Chapter 32 packet flow explore 370
- Label description 370
- Note once a packet matches the criteria of an snat rule the nxc takes the corresponding action and does not perform any further flow checking 370
- Nxc series user s guide 370
- Routing status continued 370
- Snat status 370
- The order of the snat flow may vary depending on whether you 370
- The snat status screen 370
- Use policy routes to control 1 1 nat by using the policy control virtual server rules activate command 370
- Chapter 32 packet flow explore 372
- Label description 372
- Nxc series user s guide 372
- Snat status 372
- Snat status default snat 372
- The following table describes the labels in this screen 372
- Chapter 32 packet flow explore 373
- Label description 373
- Nxc series user s guide 373
- Snat status continued 373
- Overview 374
- Reboot 374
- What you need to know 374
- Overview 375
- Shutdown 375
- What you need to know 375
- General 376
- Overview 376
- Troubleshooting 376
- Hackers have accessed my wep encrypted wireless lan 377
- I can t enter the interface name i want 377
- I cannot access the internet 377
- My rules and settings that apply to a particular interface no longer work 377
- The nxc is not applying the custom policy route i configured 377
- The wireless security is not following the re authentication timer setting i specified 377
- I cannot get the radius server to authenticate the nxc s default admin account 378
- I changed the lan ip address and can no longer access the internet 378
- The nxc fails to authenticate the ext user user accounts i configured 378
- The nxc is not applying an interface s configured ingress bandwidth limit 378
- The nxc keeps resetting the connection 378
- The nxc routes and applies snat for traffic from some interfaces but not from others 378
- I cannot add the admin users to a user group with access users 379
- I cannot add the default admin account to a user group 379
- I cannot get a certificate to import into the nxc 379
- The schedule i configured is not being applied at the configured times 379
- I can only see newer logs older logs are missing 380
- I cannot access the nxc from a computer connected to the internet 380
- I uploaded a logo to display on the upper left corner of the web configurator login screen and access page but it does not display properly 380
- I uploaded a logo to use as the screen or window background but it does not display properly 380
- Note be careful not to convert a binary file to text during the transfer process it is easy for this to occur since many programs use text files by default 380
- Note exit or must follow sub commands if it is to make the nxc exit sub command mode 380
- The commands in my configuration file or shell script are not working properly 380
- The nxc s traffic throughput rate decreased after i started collecting traffic statistics 380
- I cannot get the firmware uploaded using the commands 381
- My earlier packet capture files are missing 381
- My packet capture captured less than i wanted or failed 381
- Wireless 381
- Wireless clients cannot connect to an ap 381
- A wireless client cannot be authenticated through the captive portal 382
- The ap status is registered as offline even though it is on 382
- Ap list screen there is no load balancing indicator associated with any aps assigned to the load balancing task 383
- Note this procedure removes the current configuration 383
- Resetting the nxc 383
- The nxc sends wireless clients the default logout page instead of a login page 383
- Wireless clients are not being load balanced among my aps 383
- Getting more troubleshooting help 384
- Log descriptions 385
- Ppendi 385
- Appendix a log descriptions 401
- Code description 401
- Log message description 401
- Nxc series user s guide 401
- Register ftp alg extra port d failed 401
- Register ftp alg signal port d failed 401
- Table 202 nat logs continued 401
- Table 203 certificate path verification failure reason codes 401
- Ap reboot mac 02x 02x 02x 02x 02x 02x name s model s 408
- Ap ssid stop mac 02x 02x 02x 02x 02x 02x radio d ssid s stop 408
- Appendix a log descriptions 408
- Log message description 408
- Nxc series user s guide 408
- Send retransmit configuration to ap mac 02x 02x 02x 02x 02x 02x name s retry count d model s 408
- Start send configuration to ap mac 02x 02x 02x 02x 02x 02x name s model s 408
- Start send updating configuration to ap mac 02x 02x 02x 02x 02x 02x name s model s 408
- Sucess send configuration to ap mac 02x 02x 02x 02x 02x 02x name s model s 408
- Sucess send updating configuration to ap mac 02x 02x 02x 02x 02x 02x name s model s 408
- Table 212 capwap server logs 408
- Upgrade ap firmware mac 02x 02x 02x 02x 02x 02x name s model s 408
- Common services 412
- Ppendi 412
- Appendix b common services 413
- Name protocol port s description 413
- Nxc series user s guide 413
- Table 219 commonly used services continued 413
- Appendix b common services 414
- Name protocol port s description 414
- Nxc series user s guide 414
- Table 219 commonly used services continued 414
- Importing certificates 415
- Ppendi 415
- Internet explorer 416
- Installing a stand alone certificate file in internet explorer 420
- Removing a certificate in internet explorer 421
- Firefox 423
- Installing a stand alone certificate file in firefox 424
- Removing a certificate in firefox 426
- Ppendi 428
- Wireless lans 428
- Channel 430
- Note enabling the rts threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy 431
- Rts cts 431
- Fragmentation threshold 432
- Ieee 802 1g wireless lan 432
- Note the wireless devices must use the same preamble mode in order to communicate 432
- Preamble type 432
- Wireless security overview 432
- Ieee 802 x 433
- Note you must enable the same wireless security settings on the nxc and on all wireless clients that you want to associate with it 433
- Radius 433
- Types of eap authentication 434
- Types of radius messages 434
- Dynamic wep key exchange 435
- Eap md5 message digest algorithm 5 435
- Eap tls transport layer security 435
- Eap ttls tunneled transport layer service 435
- Peap protected eap 435
- Appendix d wireless lans 436
- Both wpa and wpa2 improve data encryption by using temporal key integrity protocol tkip message integrity check mic and ieee 802 x wpa and wpa2 use advanced encryption standard aes in the counter mode with cipher block chaining message authentication code protocol ccmp to offer stronger encryption than tkip 436
- Eap md5 eap tls eap ttls peap leap 436
- Encryption 436
- For added security certificate based authentications eap tls eap ttls and peap use dynamic keys for data encryption they are often deployed in corporate environments but for public deployment a simple user name and password pair is more practical the following table is a comparison of the features of authentication types 436
- If both an ap and the wireless clients support wpa2 and you have an external radius server use wpa2 for stronger data encryption if you don t have an external radius server you should use wpa2 psk wpa2 pre shared key that only requires a single identical password entered into each access point wireless gateway and wireless client as long as the passwords match a wireless client will be granted access to a wlan 436
- If the ap or the wireless clients do not support wpa2 just use wpa or wpa psk depending on whether you have an external radius server or not 436
- If this feature is enabled it is not necessary to configure a default encryption key in the wireless security configuration screen you may still configure and store keys but they will not be used while dynamic wep is enabled 436
- Key differences between wpa or wpa2 and wep are improved data encryption and user authentication 436
- Note eap md5 cannot be used with dynamic wep key exchange 436
- Nxc series user s guide 436
- Select wep only when the ap and or wireless clients do not support wpa or wpa2 wep is less secure than wpa or wpa2 436
- Table 222 comparison of eap authentication types 436
- Tkip uses 128 bit keys that are dynamically generated and distributed by the authentication server aes advanced encryption standard is a block cipher that uses a 256 bit mathematical algorithm 436
- Wi fi protected access wpa is a subset of the ieee 802 1i standard wpa2 ieee 802 1i is a wireless security standard that defines stronger encryption authentication and key management than wpa 436
- Wpa and wpa2 436
- User authentication 437
- Wireless client wpa supplicants 437
- Wpa 2 psk application example 438
- Wpa 2 with radius application example 438
- Appendix d wireless lans 439
- Authentication method key management protocol 439
- Encryption method 439
- Enter manual key ieee 802 x 439
- Figure 236 wpa 2 psk authentication 439
- Nxc series user s guide 439
- Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type mac address filters are not dependent on how you configure these security features 439
- Security parameters summary 439
- Table 223 wireless security relational matrix 439
- The ap and wireless clients use the tkip or aes encryption process the pmk and information exchanged in a handshake to create temporal encryption keys they use these keys to encrypt data exchanged between them 439
- Ppendi 440
- Global address 441
- Loopback address 441
- Multicast address 441
- Unspecified address 441
- Eui 64 442
- Interface id 442
- Stateless autoconfiguration 442
- Subnet masking 442
- Dhcp relay agent 443
- Dhcpv6 443
- Identity association 443
- Rebind 443
- Renew rebind 443
- Renew to s1 443
- Icmpv6 444
- Ipv6 cache 444
- Neighbor discovery protocol ndp 444
- Prefix delegation 444
- Mld messages 445
- Multicast listener discovery 445
- Example enabling dhcpv6 on windows xp 446
- Example enabling ipv6 on windows xp 2003 vista 446
- Example enabling ipv6 on windows 7 447
- Customer support 449
- Ppendi 449
- Austria 450
- Belarus 450
- Europe 450
- Malaysia 450
- Pakistan 450
- Philipines 450
- Singapore 450
- Taiwan 450
- Thailand 450
- Vietnam 450
- Belgium 451
- Bulgaria 451
- Denmark 451
- Estonia 451
- Finland 451
- France 451
- Germany 451
- Hungary 451
- Latvia 451
- Lithuania 452
- Netherlands 452
- Norway 452
- Poland 452
- Romania 452
- Russia 452
- Slovakia 452
- Sweden 452
- Switzerland 452
- Argentina 453
- Ecuador 453
- Latin america 453
- Middle east 453
- North america 453
- Turkey 453
- Ukraine 453
- Africa 454
- Australia 454
- Oceania 454
- South africa 454
- Legal information 455
- Ppendi 455
- Appendix g legal information 456
- Ce emc statement class a products only nxc5500 for example 456
- European union 456
- Industry canada ices statement 456
- List of national codes 456
- Nxc series user s guide 456
- Safety warnings 456
- Appendix g legal information 457
- Environment statement 457
- Erp energy related products class b products only nxc2500 for example 457
- Nxc series user s guide 457
- Weee directive 457
- Environmental product declaration 458
- Appendix g legal information 459
- Nxc series user s guide 459
- Open source licenses 459
- Registration 459
- Viewing certifications 459
- Zyxel limited warranty 459
- 台灣 459
Похожие устройства
- Zyxel NXC5500 Инструкция по установке
- Zyxel NXC5500 Технические характеристики
- Zyxel NXC5500 Справочник командного интерфейса
- Zyxel NXC5500 Рекомендации по настройке
- HP 1410-24 switch, j9663a Инструкция по эксплуатации
- HP 1405-8 v2 switch, j9793a Инструкция по эксплуатации
- Zyxel NXC5200 Инструкция по эксплуатации
- HP 1405-5g v2 switch, j9792a Инструкция по эксплуатации
- Zyxel NXC5200 Инструкция по установке
- Zyxel NXC5200 Рекомендации по настройке
- Zyxel NXC5200 Технические характеристики
- Zyxel NXC5200 Справочник командного интерфейса
- HP 1405-5 v2 switch, j9791a Инструкция по эксплуатации
- Zyxel NWA3000-N series Инструкция по эксплуатации
- Zyxel NWA3000-N series Технические характеристики
- HP probook 4540s, h5j04ea Инструкция по эксплуатации
- HP envy dv6-7263er, c5u12ea Инструкция по эксплуатации
- Zyxel NWA5123-NI Инструкция по эксплуатации
- Zyxel NWA5123-NI Инструкция по установке
- Zyxel NWA5123-NI Технические характеристики