NWD-170 - Wi-Fi Adapter ZYXEL - Free user manual and instructions

USER MANUAL NWD-170 ZYXEL

ZyXEL NWD-170N User's Guide Copyright Copyright © 2006 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice. Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners. Copyright

ZyXEL NWD-170N User's Guide Certifications Federal Communications Commission (FCC) Interference Statement The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: + This device may not cause harmful interference. + This device must accept any interference received, including interference that may cause undesired operations. This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna. 2 Increase the separation between the equipment and the receiver. 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. 4 Consult the dealer or an experienced radio/TV technician for help.

FCC Radiation Exposure Statement + This device has been tested to the FCC exposure requirements (Specific Absorption Rate). + This device complies with the requirements of Health Canada Safety Code 6 for Canada. + Testing was performed on laptop computers with antennas at Omm spacing. The maximum SAR value is: 0.26 W/kg. The device must not be collocated with any other antennas or transmitters. + This equipment has been SAR-evaluated for use in laptops (notebooks) with side slot configuration. 4 Certifications

ZyXEL NWD-170N User's Guide + The device complies with FCC RF radiation exposure limits set forth for an uncontrolled environment, under 47 CFR 2.1093 paragraph (d)(2). End users must follow the specific operating instructions for satisfying RF exposure compliance. To maintain compliance with FCC RF exposure compliance requirements, please follow operation instruction as documented in this manual. + _ This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. + IEEE 802.11b or 802.11g operation of this product in the U.S.A. is firmware-limited to channels 1 through 11. HE !

URI SR EDR Fra AE]: RER BÉBÉ SERE DADIRRE RER RER DNSE Æ TTUtE IEEE BRIE MER ERNMAER TERRES : MR ï SRE - LEE T Fe ERA. SAR: FT : SAR ÉÈËIE LEW/kg SRÉMmAAUÉS : 0.26 W/kg - Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This device has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France. This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product on the ZyXEL home page to go to that product's page. 3 Select the certification you wish to view from this page. Certifications 5

ZyXEL NWD-170N User's Guide Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. + Do NOT use this product near water, for example, in a wet basement or near a swimming pool. + Do NOT expose your device to dampness, dust or corrosive liquids. + Do NOT store things on the device. + Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. + Connect ONLY suitable accessories to the device. + ONLY qualified service personnel should service or disassemble this device. + _ Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning. + Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the included antenna(s). This product is recyclable. Dispose of it properly. 6 Safety Warnings

ZyXEL NWD-170N User's Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions. Note Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser. To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country. Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. ZyXEL Limited Warranty 7

ZyXEL NWD-170N User's Guide Customer Support Please have the following information ready when you contact customer support. Product model and serial number. Warranty Information. Date that you received your device. Brief description of the problem and the steps you took to solve it. sales@zyxel.co.cr +506-2015098 fip.zyxel.co.cr

ZyXEL NWD-170N User's Guide

ZyXEL NWD-170N User's Guide 10 Customer Support

ZyXEL NWD-170N User's Guide Table of Contents Copyright … Certifications …. Safety Warnings ZyXEL Limited Warranty... Customer Support Table of Contents List of Figures List of Tables . Preface

1.3 NWD-170N Hardware and Utility Installation

2.1 Connecting to a Wireless LAN

2.2 Creating and Using a Profile .…

3.2.1 User Authentication and Encryption

Table of Contents 11

ZyXEL NWD-170N User's Guide

3.2.1.3 WPA and WPA2

5.3 Upgrading the ZyXEL Utility

6.1 Problems Starting the ZyXEL Utility

6.2 Problems with the Link Quality ….

6.3 Problems Communicating With Other Computers

Appendix A Product Specifications Appendix B Management with Wireless Zero Configuration …. Appendix C Wireless Security Appendix D Setting up Your Computer’s IP Address...

ZyXEL NWD-170N User's Guide List of Figures Figure 1 The NWD-170N Figure 2 Application: Infrastructure Figure 3 Application: Ad-Hoc Figure 4 ZyXEL Utility: System Tray Icon Figure 5 Enable WZC Figure 6 Infrastructure Network Figure 7 ZyXEL Utility: Site Survey … Figure 8 ZyXEL Utility: Security Settings Figure 9 ZyXEL Utility: Confirm Save …… Figure 10 ZyXEL Utility: Link Info Figure 11 ZyXEL Utility: Profile Figure 12 ZyXEL Utility: Add New Profile . Figure 13 ZyXEL Utility: Profile Security Figure 14 ZyXEL Utility: Profile Encryption . Figure 15 ZyXEL Utility: Profile Confirm Save Figure 16 ZyXEL Utility: Profile Activate Figure 17 Example of a Wireless Network Figure 18 ZyXEL Utility Menu Summary Figure 19 Link Info Figure 20 Link Info: Trend Chart Figure 21 Site Survey Figure 22 Security Setting: WEP Figure 23 Security Setting: WPA-PSK/WPA2-PSK Figure 24 Security Settings: WPA/WPA2 . Figure 25 Security Setting: 802.1x Figure 26 Confirm Save Screen . Figure 27 Profile Figure 28 Profile: Add a New Profile Figure 29 Profile: Wireless Settings . Figure 30 Profile: Wireless Settings . Figure 31 Profile: Security Settings Figure 32 Profile: Confirm New Settings Figure 33 Profile: Activate the Profile Figure 34 Adapter Figure 35 About … Figure 36 Uninstall: Confirm Figure 37 Uninstall: Finish … Figure 38 Windows XP SP2: WZC Not Available List of Figures

ZyXEL NWD-170N User's Guide 16 List of Tables

ZyXEL NWD-170N User's Guide Preface Congratulations on your purchase of the NWD-170N Draft 802.11n Wireless CardBus Card. Your NWD-170N plugs into a PCMCIA slot on your computer and allows you to access wireless networks. Your NWD-170N is easy to install and configure. About This User's Guide This manual is designed to guide you through the configuration of your NWD-170N for its various applications. Related Documentation + Supporting Disk Refer to the included CD for support documents. + Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. They contain hardware installation/connection information. + ZyXEL Web Site Please go to http://www.zyxel.com for product news, firmware, updated documents, and other support materials. User Guide Feedback Help us help you. E-mail all User’s Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you. Syntax Conventions + “Enter” means for you to type one or more characters. “Select” or “Choose” means for you to use one predefined choice. + Mouse action sequences are denoted using a right angle bracket (> ). For example, “In Windows, click Start > Settings > Control Panel” means first click the Start button, then point your mouse pointer to Settings and then click Control Panel. + “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”. + The NWD-170N Draft 802.11n Wireless CardBus Card may be referred to as the NWD- 170N in this user’s guide. Preface 17

ZyXEL NWD-170N User's Guide Graphics Icons Key Wireless Access Point

ZyXEL NWD-170N User's Guide

Getting Started This chapter introduces the NWD-170N and prepares you to use the ZyXEL utility. The ZyXEL utility is a tool that helps you configure your NWD-170N.

1.1 About Your NWD-170N

The NWD-170N is an IEEE 802.11n draft compliant wireless LAN adapter, using MIMO (Multiple-In, Multiple-Out) antenna technology to deliver high-speed wireless networking. It can also connect to IEEE 802.11b/g wireless networks. See the appendix for detailed product specifications. Figure 1 The NWD-170N The following table describes the NWD-170N. Table 1 External View LABEL DESCRIPTION PCMCIA connector 2 PWR LED (light) 3 LINK LED (light)

Chapter 1 Getting Started 19

ZyXEL NWD-170N User's Guide

1.2 Application Overview

The following table describes the operation of the PWR and LINK LEDs on the device. Table 2 NWD-170N LEDs STATE DESCRIPTION The PWR LED is off The NWD-170N is not receiving power. The PWR LED is blinking The NWD-170N is receiving power. The PWR and LINK LEDs are blinking alternately. The NWD-170N is not connected to a wireless network. The PWR and LINK LEDs are blinking simultaneously and regularly. The NWD-170N is connected to a wireless network. The PWR and LINK LEDs are blinking simultaneously and irregularly. The NWD-170N is connected to a wireless network and is sending or receiving data. This section describes some network applications for the NWD-170N. You can either set the network type to Infrastructure and connect to an AP or use Ad-Hoc mode and connect to a peer computer (another wireless device in Ad-Hoc mode).

1.2.0.1 Infrastructure

To connect to a network via an access point (AP), set the NWD-170N network type to Infrastructure. Through the AP, you can access the Internet or the wired network behind the AP.

Chapter 1 Getting Started

To set up a small independent wireless workgroup without an AP, use Ad-Hoc. Ad-Hoc does not require an AP or a wired network. Two or more wireless clients communicate directly with each other. Figure 3 Application: Ad-Hoc

Chapter 1 Getting Started 21

ZyXEL NWD-170N User's Guide

1.3 NWD-170N Hardware and Utility Installation

Follow the instructions in the Quick Start Guide to install the ZyXEL utility and make hardware connections.

1.3.1 ZyXEL Utility Icon

After you install and start the ZyXEL utility, an icon for the ZyXEL utility appears in the system tray. Note: The ZyXEL utility system tray icon displays only when the NWD-170N is installed properly. When you use the ZyXEL utility, it automatically disables Wireless Zero Configuration (WZC). Figure 4 ZyXEL Utility: System Tray Icon 1 PM The color of the ZyXEL utility system tray icon indicates the status of the NWD-170N. Refer to the following table for details. Table 3 ZyXEL Utility: System Tray Icon COLOR DESCRIPTION Red The NWD-170N is not connected to a wireless network. Green The NWD-170N is connected to a wireless network.

1.4 Configuration Methods

To configure your NWD-170N, use one of the following applications: + Wireless Zero Configuration (WZC) (the Windows XP wireless configuration tool) + ZyXEL Utility Note: Do NOT use WZC at the same time you use the ZyXEL utility.

Note: When you use the ZyXEL utility, it automatically disables WZC. If you want to use WZC to configure the NWD-170N, you need to disable the ZyXEL utility by right-clicking the utility icon ( [Æ] ) in the system tray and selecting Use Windows Zero Configuratio

Chapter 1 Getting Started

ZyXEL NWD-170N User's Guide Figure 5 Enable WZC Use Windows Zero Configuration Exit Refer to the appendices for information on how to use WZC to manage the NWD-170N. To reactivate the ZyXEL utility, double-click the ([Æ] ) icon on your desktop or click Start, (AID Programs, ZyXEL NWD-170N Wireless Adapter Utility, ZyXEL NWD-170N Wireless Adapter Software.

1.4.2 Accessing the ZyXEL Utility

Double-click on the ZyXEL wireless LAN utility icon in the system tray to open the ZyXEL utility. The ZyXEL utility screens are similar in all Microsoft Windows versions. Screens for Windows XP are shown in this User’s Guide. Note: Click the I] icon (located in the top right corner) to display the online help window.

Chapter 1 Getting Started 23

ZyXEL NWD-170N User's Guide 24 Chapter 1 Getting Started

ZyXEL NWD-170N User's Guide

Tutorial The following sections show you how to join a wireless network using the ZyXEL utility, as in the following diagrams. The wireless client is labeled € and the access point is labeled AP. Figure 6 Infrastructure Network Let | | )) gi h Internet ) —S 1] "à There are three ways to connect the wireless client (the NWD-170N) to a network. + _Configure nothing and leave the wireless client to automatically scan for and connect to any available network that has no wireless security configured. + Manually connect to a network (see Section 2.1 on page 25). Configure a profile to have the wireless client automatically connect to a specific network or peer computer (see Section 2.2 on page 27).

2.1 Connecting to a Wireless LAN

This example illustrates how to manually connect your wireless client to an access point (AP) configured for WPA-PSK security and connected to the Internet. Before you connect to the access point, you must know its Service Set IDentity (SSID) and WPA-PSK pre-shared key. In this example, the AP’s SSID is “SSID_Example3” and its pre-shared key is “Thisismy WPA- PSKpre-sharedkey”. After you install the ZyXEL utility and then insert the wireless client, follow the steps below to connect to a network using the Site Survey screen. 1 Open the ZyXEL utility and click the Site Survey tab to open the screen shown next.

Chapter 2 Tutorial 25

ZyXEL NWD-170N User's Guide Figure 7 ZyXEL Utility: Site Survey Site Information Network Type: Infrastructure Dos zveims 6 62% Network Mode: 802.119 Q ze 6 62% Channel: 6 Security: MPA-PSK MAC Address: 00:13:49:00:00:01 Surveyed at: 11:50:41 © uss 6 se | Scan Connect 2 The wireless client automatically searches for available wireless networks. Click Scan if you want to search again. If no entry displays in the Available Network List, that means there is no wireless network available within range. Make sure the AP or peer computer is turned on, or move the wireless client closer to the AP or peer computer. See Table 4.3 on page 37 for detailed field descriptions. 3 To connect to an AP or peer computer, either click an entry in the list and then click Connect or double-click an entry (SSID_Example3 in this example). 4 When you try to connect to an AP with security configured, a window will pop up prompting you to specify the security settings. Enter the pre-shared key and leave the encryption type at the default setting. Use the Next button to move on to the next screen. You can use the Back button at any time to return to the previous screen, or the Exit button to return to the Site Survey screen. Figure 8 ZyXEL Utility: Security Settings y Settings # Encryption Type: Fra FE # Pre-Shared Key: [ThisismyWwPA-PSKpre-sharedkey| Back Next] [Exit 5 The Confirm Save window appears. Check your settings and click Save to continue. 26 Chapter 2 Tutorial

ZyXEL NWD-170N User's Guide Figure 9 ZyXEL Utility: Confirm Save 2 Network Name: SSID_Examples à Network Type: Infrastructure > Channek Auto > Security: WPA-PSK Back Save Büt 6 The ZyXEL utility returns to the Link Info screen while it connects to the wireless network using your settings. When the wireless link is established, the ZyXEL utility icon in the system tray turns green and the Link Info screen displays details of the active connection. Check the network information in the Link Info screen to verify that you have successfully connected to the selected network. If the wireless client is not connected to a network, the fields in this screen remain blank. See Table 4.2 on page 35 for detailed field descriptions. Figure 10 ZyXEL Utility: Link Info Network Status Statistics + Profile Name: Transmit Rate: 2 Kbps + Network Name(SS1D}: 551D_Example3 Receive Rate: 0 Kbps + AP MAC Address: 00;A0:C5:CD:1F:64 Authentication: None + Network Type: Infrastructure Network Mode: 602.119 > Transmission Rate: 18 Mbps Total Transmit: 46 3 Security: WPA-PSK Total Receive: 3 > Channek 6 Link Quality: -68 dëm Trend Chart Signal Strength © œeeee;e Link Quality ®.2,2,0,9,9,e 8,0 € 7 Open your Internet browser and enter http:/www.zyxel.com or the URL of any other web site in the address bar. If you are able to access the web site, your wireless connection is successfully configured. If you cannot access the web site, check the Troubleshooting section of this User's Guide or contact your network administrator if necessary.

2.2 Creating and Using a Profile

A profile lets you automatically connect to the same wireless network every time you use the ZyXEL utility. You can also configure different profiles for different networks, for example if you connect a notebook computer to wireless networks at home and at work.

Chapter 2 Tutorial 27

ZyXEL NWD-170N User's Guide This example illustrates how to set up a profile and connect the wireless client to an access point configured for WPA-PSK security. In this example, the AP’s SSID is “SSID_Example3” and its pre-shared key is “ThisismyWPA-PSKpre-sharedkey”. You have chosen the profile name “PN_Example3”. 1 Open the ZyXEL utility and click the Profile tab to open the screen as shown. Click Add to configure a new profile. Figure 11 ZyXEL Utility: Profile Profile List Profile Info T Profile Nan=1[ 55ID | pans xp Network Type: Infrastructure Network Mode: 802.1in Channek: Auto Security: DISABLE Connect | | Add Delete Edit 2 The Add New Profile screen appears. The wireless client automatically searches for available wireless networks, which are displayed in the Scan Info box. You can also configure your profile for a wireless network that is not in the list. Figure 12 ZyXEL Utility: Add New Profile 2 Network Type: Add New Protite Scan into 2 Profile Name: FP_Exemples I ss GE > ssiD: FSID_Examples © CPE_5257_00 Mes cesse

Jos SSID Exemples G'infrastructure -- Connect to an Access point ad zyxel C Ad-Hoc — Connect directly to other computers û 2yXEL xl Scan Select Next ET 3 Give the profile a descriptive name (of up to 32 printable ASCII characters). Select Infrastructure and either manually enter or select the AP's SSID in the Scan Info table and click Select. 4 Choose the same encryption method as the AP to which you want to connect (In this example, WPA-PSK). 28 Chapter 2 Tutorial

ZyXEL NWD-170N User's Guide Figure 13 ZyXEL Utility: Profile Security Security Settings > Encryption Type: WP Back Next Büt 5 This screen varies depending on the encryption method you selected in the previous screen. In this example, enter the pre-shared key and leave the encryption type at the default setting. Figure 14 ZyXEL Utility: Profile Encryption Security Settings + Pre-Shared Key: [ThisismyWwPA-PSKpre-sharedkey| Back Next Ext 6 Verify the profile settings in the ready-only screen. Click Save to save and go to the next screen. Figure 15 ZyXEL Utility: Profile Confirm Save 3 Network Name(SSID}: 551D_Example3 2 Network Type: Infrastructure 2 Network Mode: 802.11n 3 Channel: Auto à Security: WPA-PSK Back Save ][ Bat 7 Click Activate Now to use the new profile immediately. Otherwise, click the Activate Later button to go back to the Profile List screen. If you clicked Activate Later you can select the profile from the list in the Profile screen and click Connect to activate it.

Chapter 2 Tutorial 29

ZyXEL NWD-170N User's Guide Note: Only one profile can be activated and used at any given time. Figure 16 ZyXEL Utility: Profile Activate

Your network has been configured successfully! Activate Now Activate Later 8 When you activate the new profile, the ZyXEL utility goes to the Link Info screen while it connects to the AP using your settings. When the wireless link is established, the ZyXEL utility icon in the system tray turns green and the Link Info screen displays details of the active connection. 9 Make sure the selected AP in the active profile is on and connected to the Internet. Open your Internet browser, enter http://www.zyxel.com or the URL of any other web site in the address bar and press ENTER. If you are able to access the web site, your new profile is successfully configured. 101f you cannot access the Internet, go back to the Profile screen. Select the profile you are using and click Edit. Check the details you entered previously. Also, refer to the Troubleshooting section of this User's Guide or contact your network administrator if necessary. 30 Chapter 2 Tutorial

ZyXEL NWD-170N User's Guide

Wireless LAN Network This chapter provides background information on wireless LAN networks.

3.1 Wireless LAN Overview

The following figure provides an example of a wireless network with an AP. See Figure 3 on page 21 for an Ad Hoc network example. Figure 17 Example of a Wireless Network IL]

The wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients. The wireless clients use the access point (AP) to interact with other devices (such as the printer) or with the Internet Every wireless network must follow these basic guidelines. + Every device in the same wireless network must use the same SSID. The SSID is the name of the wireless network. It stands for Service Set IDentity. + _Iftwo wireless networks overlap, they should use a different channel. Like radio stations or television channels, each wireless network uses a specific channel, or frequency, to send and receive information.

Chapter 3 Wireless LAN Network 31

ZyXEL NWD-170N User's Guide + Every device in the same wireless network must use security compatible with the AP or peer computer. Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network.

3.2 Wireless LAN Security

Wireless LAN security is vital to your network to protect wireless communications. If you do not enable any wireless security on your NWD-170N, the NWD-170N's wireless communications are accessible to any wireless networking device that is in the coverage area. Note: You can use only WEP encryption if you set the NWD-170N to Ad-hoc mode. See the appendices for more detailed information about wireless security.

3.2.1 User Authentication and Encryption

You can make every user log in to the wireless network before they can use it. This is called user authentication. However, every wireless client in the wireless network has to support IEEE 802.1x to do this. Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message.

WEP (Wired Equivalent Privacy) encryption scrambles all data packets transmitted between the NWD-170N and the AP or other wireless stations to keep network communications private. Both the wireless stations and the access points must use the same WEP key for data encryption and decryption. There are two ways to create WEP keys in your NWD-170N. + Automatic WEP key generation based on a “password phrase” called a passphrase. The passphrase is case sensitive. You must use the same passphrase for all WLAN adapters with this feature in the same WLAN. For WLAN adapters without the passphrase feature, you can still take advantage of this feature by writing down the four automatically generated WEP keys from the Security Settings screen of the ZyXEL utility and entering them manually as the WEP keys in the other WLAN adapter(s). + Enter the WEP keys manually.

ZyXEL NWD-170N User's Guide Your NWD-170N allows you to configure up to four 64-bit, 128-bit or 152-bit WEP keys. Only one key is used as the default key at any one time.

3.2.1.1.2 Authentication Type

The IEEE 802.11b/g standard describes a simple authentication method between the wireless stations and AP. Three authentication types are defined: Auto, Open and Shared. + Open mode is implemented for ease-of-use and when security is not an issue. The wireless station and the AP or peer computer do not share a secret key. Thus the wireless stations can associate with any AP or peer computer and listen to any transmitted data that is not encrypted. + Shared mode involves a shared secret key to authenticate the wireless station to the AP or peer computer. This requires you to enable the wireless LAN security and use same settings on both the wireless station and the AP or peer computer. + Auto authentication mode allows the NWD-170N to switch between the open system and shared key modes automatically. Use the auto mode if you do not know the authentication mode of the other wireless stations.

The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management. Authentication can be done using an external RADIUS server.

3.2.1.2.1 EAP Authentication

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. The NWD-170N supports EAP-TLS, EAP-TTLS and EAP-PEAP. Refer to Appendix C on page 71 for descriptions. For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). Certificates (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.

3.2.1.3 WPA and WPA2

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Key differences between WPA(2) and WEP are improved data encryption and user authentication.

Chapter 3 Wireless LAN Network 33

ZyXEL NWD-170N User's Guide Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption than TKIP. Ifboth an AP and the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. Ifthe AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. 34 Chapter 3 Wireless LAN Network

ZyXEL NWD-170N User's Guide

Wireless Configuration This chapter shows you how to configure your NWD-170N.

4.1 ZyXEL Utility Screen Summary

This section describes the ZyXEL utility screens. Figure 18 ZyXEL Utility Menu Summary

Profile : Adapter Site Survey The following table describes the menus. Table 4 ZyXEL Utility Menu Summary TAB DESCRIPTION Link Info Use this screen to see your current connection status, configuration and data rate statistics. Site Survey Use this screen to + scan for a wireless network + __ configure wireless security (if activated on the selected network). *__ connect to a wireless network. Profile Use this screen to add, delete, edit or activate a profile with a set of wireless and security settings. Adapter Use this screen to configure preamble type and enable power saving.

4.2 The Link Info Screen

When the ZyXEL utility starts, the Link Info screen displays, showing the current configuration and connection status of your NWD-170N.

Chapter 4 Wireless Configuration 35

ZyXEL NWD-170N User's Guide Figure 19 Link Info Signal Strength © > Profile Name: DEFAULT Transmit Rate: 0 kbps > Network Name(SSID}: 12096_AdHoc Receive Rate: 0 kbps à} AP MAC Address: 00:13:49:67:44:10 Authentication: OPEN > Network Type: Infrastructure Network Mode: N + Transmission Rate: 54 Mbps Total Transmit: 746 % Security: DISABLE Total Receive: 526 > Channek 8 Link Quality: -54 d&m Trend Chart eeecee Link Quality @® The following table describes the labels in this screen. Table 5 Link Info LABEL DESCRIPTION Wireless Network Status Profile Name This is the name of the profile you are currently using. Network Name (SSID) The SSID identifies the wireless network to which a wireless station is associated. This field displays the name of the wireless device to which the NWD-170N is associated. AP MAC Address This field displays the MAC address of the AP or peer computer to which the NWD- 170N is associated. Network Type This field displays the network type (Infrastructure or Ad-Hoc) of the wireless network. Transmission Rate This field displays the current transmission rate of the NWD-170N in megabits per second (Mbps). Security This field displays whether data encryption is activated (WEP (WEP or 802.1x), TKIP (WPA/WPA-PSK/WPA2/WPA2-PSK), AES (WPA/WPA-PSKAWPA2/WPA2- PSK)) or inactive (DISABLE). Channel This field displays the radio channel the NWD-170N is currently using. Statistics Transmit Rate This field displays the current data transmission rate in kilobits per second (Kbps). Receive Rate This field displays the current data receiving rate in kilobits per second (Kbps). Authentication This field displays the authentication method of the NWD-170N. Network Mode This field displays the wireless standard (802.11b, 802.11g or 802.11n) of the AP or peer computer. Total Transmit This field displays the total number of data frames transmitted. Total Receive This field displays the total number of data frames received. Link Quality This field displays the signal strength of the NWD-170N.

Chapter 4 Wireless Configuration

ZyXEL NWD-170N User's Guide Table 5 Link Info (continued) LABEL DESCRIPTION Trend Chart Click this button to display the real-time statistics of the data rate in kilobits per second (Kbps). Signal Strength The status bar shows the strength of the signal. The signal strength mainly depends on the antenna output power and the distance between your NWD-170N and the AP or peer computer. Link Quality The status bar shows the quality of wireless connection. This refers to the percentage of packets transmitted successfully. If there are too many wireless stations in a wireless network, collisions may occur which could result in a loss of messages even though you have high signal strength.

Click Trend Chart in the Link Info screen to display a screen as shown below. Use this screen to view real-time data traffic statistics. Figure 20 Link Info: Trend Chart > Transmit: |6 Kbps > Receive: [232 Kbps

The following table describes the labels in this screen. Table 6 Link Info: Trend Chart LABEL DESCRIPTION Transmit This field displays the current data transmission rate in kilobits per second (Kbps). Receive This field displays the current data receiving rate in kilobits per second (Kbps).

4.3 The Site Survey Screen

Use the Site Survey screen to scan for and connect to a wireless network automatically.

Chapter 4 Wireless Configuration

ZyXEL NWD-170N User's Guide Figure 21 Site Survey A ble Network LIST Site Information [ SSID El Channel] Sigr 2 Network Type: Infrastructure Network Mode: 802119 nl P-320W 6 61 { Channel: 6 @® APP R 5 s Security: WPA-PSK ®es CPE-SS18 AP “1 Le MAC Address: 00:13:49:00:00:01 nl cs CPE_5548_99 1 73 Surveyed at: 11:50:41 ml 550 1 CA « Li Scan Connect The following table describes the labels in this screen. Table 7 Site Survey LABEL DESCRIPTION Available Network | Click a column heading to sort the entries. List n denotes that the wireless device is in infrastructure mode and the wireless Œe fe security is activated. n denotes that the wireless device is in infrastructure mode but the wireless ® , security is deactivated. es or Le denotes that the wireless device is in Ad-Hoc mode and the wireless LS security is activated. x denotes that the wireless device is in Ad-Hoc mode but the wireless security is deactivated. S y is deactivated SSID This field displays the SSID (Service Set IDentifier) of each wireless device. Channel This field displays the channel number used by each wireless device. Signal This field displays the signal strength of each wireless device. Scan Click Scan to search for available wireless devices within transmission range. Connect Click Connect to associate to the selected wireless device. Site Information Click an entry in the Available Network List table to display the information of the selected wireless device. Network Type This field displays the network type (Infrastructure or Ad Hoc) of the wireless device. Network Mode This field displays the wireless standard (802.11b, 802.11g or 802.11n) used by the selected wireless device. Channel This field displays the channel number used by each wireless device. Security This field shows whether data encryption is activated (WEP, WPA, WPA-PSK, WPA2, WPA2-PSK or 802.1x) or inactive (DISABLE). MAC address This field displays the MAC address of the wireless device. Surveyed at This field displays the time when the wireless device was scanned. 38 Chapter 4 Wireless Configuration

ZyXEL NWD-170N User's Guide

4.3.1 Security Settings

When you configure the NWD-170N to connect to a network with wireless security activated and the security settings are disabled on the NWD-170N, the screen varies according to the encryption method

4.3.1.1 WEP Encryption

used by the selected network. Figure 22 Security Setting: WEP 2 WEP: à Encryption Type : + Pass Phrase: 3 Transmit Key: 2 keyl: Back Next Büt The following table describes the labels in this screen. Table 8 Security Setting: WEP LABEL DESCRIPTION Security Settings WEP Select 64 Bits, 128 Bits or 152 Bits to activate WEP encryption and then fill in the related fields. Encryption Type | Select an authentication method. Choices are Open, Shared and Auto Switch. Refer to Section 3.2.1.1.2 on page 33 for more information. Pass Phrase Enter a passphrase of up to 63 case-sensitive printable characters. As you enter the passphrase, the NWD-170N automatically generates four different WEP keys and displays it in the key field below. Refer to Section 3.2.1.1.1 on page 32 for more information. Transmit Key Select a default WEP key to use for data encryption. The key displays in the field below.

Chapter 4 Wireless Configuration 39

ZyXEL NWD-170N User's Guide Table 8 Security Setting: WEP (continued) LABEL DESCRIPTION Key x (where xis a number between 1 and 4) Select this option if you want to manually enter the WEP keys. Enter the WEP key in the field provided. If you select 64 Bits in the WEP field. Enter either 10 hexadecimal digits in the range of “A-F”, “a-f’ and “0-9” (for example, 11AA22BB33) for HEX key type.

Enter 5 ASCII characters (case sensitive) ranging from “a-z”, ‘A-Z” and “0-9” (for example, MyKey) for ASCII key type. If you select 128 Bits in the WEP field, Enter either 26 hexadecimal digits in the range of “A-F”, “a-f’ and “0-9” (for example, 00112233445566778899AABBCC) for HEX key type

Enter 13 ASCII characters (case sensitive) ranging from “a-z”, “A-Z” and “0-9” (for example, MyKey12345678) for ASCII key type. If you select 152 Bits in the WEP field, Enter either 32 hexadecimal digits in the range of "A-F", “a-f' and "0-9" (for example, 00112233445566778899AABBCCDDEEFF) for HEX key type

Enter 16 ASCII characters (case sensitive) ranging from "a-z", "A-Z" and "0-9" (for example, MyKey12345678901) for ASCII key type. Note: The values for the WEP keys must be set up exactly the same on all wireless devices in the same wireless LAN. ASCII WEP keys are case sensitive. Back Click Back to go to the Site Survey screen to select and connect to another network. Next Click Next to confirm your selections and advance to the Confirm Save screen. Refer to Section 4.3.2 on page 43. Exit Click Exit to return to the Site Survey screen without saving.

Chapter 4 Wireless Configuration

ZyXEL NWD-170N User's Guide The following table describes the labels in this screen. Table 9 Security Setting: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Encryption Type The encryption mechanisms used for WPA/WPA2 and WPA-PSK/WPA2-PSK are the same. The only difference between the two is that WPA-PSK/WPA2-PSK uses a simple common password, instead of user-specific credentials. Select the encryption type (TKIP or AES) for data encryption. Refer to Section 3.2.1.3 on page 33 for more information. Pre-Shared Key Type a pre-shared key (same as the AP or peer device) of between 8 and 63 case- sensitive ASCII characters (including spaces and symbols) or 64 hexadecimal characters. Back Click Back to go to the Site Survey screen to select and connect to another network. Next Click Next to confirm your selections and advance to the Confirm Save screen. Refer to Section 4.3.2 on page 43. Exit Click Exit to return to the Site Survey screen without saving.

Figure 24 Security Settings: WPA/WPA2 2 Encryption Type: 2 Login Name: 2 Password: à Server CA: 2 PEAP Inner EAP: EEE) 2 Authentication Type: PEAP F <Trust Any> F Ms CHaP v2 F Back Next Exit The following table describes the labels in this screen. Table 10 Security Setting: WPA/WPA2 LABEL DESCRIPTION Encryption Type The encryption mechanisms used for WPA/WPA2 and WPA-PSK/WPA2-PSK are the same. The only difference between the two is that WPA-PSK/WPA2-PSK uses a simple common password, instead of user-specific credentials. Select the encryption type (TKIP or AES) for data encryption. Refer to Section 3.2.1.3 on page 33 for more information. Authentication The type of authentication you use depends on the RADIUS server or AP. Type Select an authentication method from the drop down list. Options are TLS, TTLS and PEAP. Login Name Enter a user name. This is the user name that you or an administrator set up on a RADIUS server.

Chapter 4 Wireless Configuration 41

ZyXEL NWD-170N User's Guide Table 10 Security Setting: WPA/WPA2 LABEL DESCRIPTION Password This field is not available when you select TLS in the Authentication Type field. Enter the password associated with the user name above. Certificate This field is only available when you select TLS in the Authentication Type field. Click Browse to select a certificate. Note: You must first have a wired connection to a network and obtain the certificate(s) from a certificate authority (CA). Consult your network administrator for more information. Server CA Select a certificate authority (CA) that you trust and accept any certificates signed by the CA. Otherwise, select Trust Any to accept certificates from any CA. PEAP Inner EAP This field is only available when you select PEAP in the Authentication Type field. The PEAP method used by the RADIUS server or AP for client authentication is MS CHAP v2. Back Click Back to go to the Site Survey screen to select and connect to another network. Next Click Next to confirm your selections and advance to the Confirm Save screen. Refer to Section 4.3.2 on page 43. Exit Click Exit to return to the Site Survey screen without saving.

Chapter 4 Wireless Configuration

ZyXEL NWD-170N User's Guide The following table describes the labels in this screen. Table 11 Security Settings: IEEE 802.1x LABEL DESCRIPTION Authentication The type of authentication you use depends on the RADIUS server or AP. Type Select an authentication method from the drop down list. Options are TLS, TTLS and PEAP. Login Name Enter a user name. This is the user name that you or an administrator set up on a RADIUS server. Password This field is not available when you select TLS in the Authentication Type field. Enter the password associated with the user name above. Certificate This field is only available when you select TLS in the Authentication Type field. Click Browse to select a certificate. Note: You must first have a wired connection to a network and obtain the certificate(s) from a certificate authority (CA). Consult your network administrator for more information. Server CA Select a certificate authority (CA) that you trust and accept any certificates signed by the CA. Otherwise, select Trust Any to accept certificates from any CA. PEAP Inner EAP This field is only available when you select PEAP in the Authentication Type field. The PEAP method used by the RADIUS server or AP for client authentication is MS CHAP v2. Back Click Back to go to the Site Survey screen to select and connect to another network. Next Click Next to confirm your selections and advance to the Confirm Save screen. Refer to Section 4.3.2 on page 43. Exit Click Exit to return to the Site Survey screen without saving.

4.3.2 Confirm Save Screen

Use this screen to confirm and save the security settings.

Chapter 4 Wireless Configuration 43

ZyXEL NWD-170N User's Guide Figure 26 Confirm Save Screen > Channel: à Security: . EU Network Name(SSID} 56u > Network Type: + Network Mode: Back Save ET The following table describes the labels in this screen. Table 12 Confirm Save Screen LABEL DESCRIPTION Security Setting Network Name (SSID) This field displays the SSID previously entered. Network Type This field displays the network type (Infrastructure or Ad-Hoc) of the wireless device. Network Mode This field displays the wireless standard (802.11b, 802.11g or 802.11n) used by the selected wireless device. Channel This field displays the channel number used by the profile. Security This field shows whether data encryption is activated (WEP, WPA, WPA-PSK, WPA2, WPA2-PSK, 802.1x) or inactive (DISABLE). Back Click Back to return to the previous screen. Save Click Save to save the changes back to the NWD-170N and display the Link Info screen. Exit Click Exit to discard changes and return to the Site Survey screen.

4.4 The Profile Screen

A profile is a set of wireless parameters that you need to connect to a wireless network. With a profile activated, each time you start the NWD-170N, it automatically scans for the specific SSID and joins that network with the pre-defined wireless security settings. If the specified network is not available, the NWD-170N cannot connect to a network. If you do not configure and activate a profile, each time you start the NWD-170N, the NWD- 170N uses the default profile to connect to any available network that has no security enabled.

Chapter 4 Wireless Configuration

ZyXEL NWD-170N User's Guide The default profile is a profile that allows you to connect to any SSID that has no security enabled. Click the Profile tab in the ZyXEL utility program to display the Profile screen as shown next. The profile function allows you to save the wireless network settings in this screen, or use one of the pre-configured network profiles. Figure 27 Profile [Profile Nan] DEFAULT Network Type: Infrastructure Network Mode: 602.11n Channel: Auto Security: DISABLE Connect Add Delete Edit The following table describes the labels in this screen. Table 13 Profile LABEL DESCRIPTION Profile List Click a column heading to sort the entries. le» denotes that the wireless device is in infrastructure mode and the wireless Lil security is activated. it denotes that the wireless device is in infrastructure mode but the wireless : 1 security is deactivated. Des or LS denotes that the wireless device is in Ad-Hoc mode and the wireless security is activated. S LS denotes that the wireless device is in Ad-Hoc mode but the wireless security is deactivated. Profile Name This is the name of the pre-configured profile. SSID This is the SSID of the wireless network to which the selected profile associate. Connect To use and activate a previously saved network profile, select a pre-configured profile name in the table and click Connect. Add To add a new profile into the table, click Add. Delete To delete an existing wireless network configuration, select a profile in the table and click Delete. Edit To edit an existing wireless network configuration, select a profile in the table and click Edit.

Chapter 4 Wireless Configuration 45

ZyXEL NWD-170N User's Guide Table 13 Profile (continued) LABEL DESCRIPTION Profile Info The following fields display detailed information of the selected profile in the Profile List table. Network Type This field displays the network type (Infrastructure or Ad-Hoc) of the profile. Network Mode This field displays the wireless standard (802.11b, 802.11g or 802.11n) used by the selected wireless device. Channel This field displays the channel number used by the profile. Security This field shows whether data encryption is activated (WEP, WPA, WPA-PSK, WPA2, WPA2-PSK or 802.1x) or inactive (DISABLE). Transfer Rate This field displays the transmission speed of the selected profile in megabits per second (Mbps).

Profile Follow the steps below to add a new profile. 1 Click Add in Click Next to the Profile screen. An Add New Profile screen displays as shown next. continue. Figure 28 Profile: Add a New Profile 3 ProfleName: CS > SSID: RE Te vs 3 Network Type: Û WirelessA & infrastructure - -Connect to an Access paint il fafafafaf © Ad-hoc --Connect directly to other computers ni CPE_5540 _. Scan Select Next ET The following tabl Table 14 Profile: e describes the labels in this screen. Add a New Profile LABEL DESCRIPTION Add New Profile Profile Name Enter a descriptive name in this field. SSID Select an available wireless device in the Scan Info table and click Select, or enter the SSID of the wireless device to which you want to associate in this field manually. Otherwise, enter Any to have the NWD-170N associate to any AP or roam between any infrastructure wireless networks.

Chapter 4 Wireless Configuration

ZyXEL NWD-170N User's Guide Table 14 Profile: Add a New Profile (continued) LABEL DESCRIPTION Network Type Select Infrastructure to associate to an AP. Select Ad-Hoc to associate to a peer computer. Next Click Next to go to the next screen. Exit Click Exit to go back to the previous screen without saving. Scan Info This table displays the information of the available wireless networks within the transmission range. “ “ denotes that the wireless device is in infrastructure mode and the wireless Œe , Qe security is activated. n denotes that the wireless device is in infrastructure mode but the wireless ® , J security is deactivated. es or Le denotes that the wireless device is in Ad-Hoc mode and the wireless LS security is activated. x denotes that the wireless device is in Ad-Hoc mode but the wireless security % is deactivated. SSID This field displays the SSID (Service Set IDentifier) of each AP or peer device. Scan Click Scan to search for available wireless devices within transmission range. Select Select an available wireless device in the table and click Select to add it to this profile. Whenever you activate this profile, the NWD-170N associates to the selected wireless network only. 2 If you select the Infrastructure network type in the previous screen, skip to step 3. If you select the Ad-Hoc network type in the previous screen, a screen displays as follows. Select a channel number and click Next to continue. Note: To associate to an ad-hoc network, you must use the same channel as the peer computer. Figure 29 Profile: Wireless Settings

ZyXEL NWD-170N User's Guide The following table describes the labels in this screen. Table 15 Profile: Wireless Settings LABEL DESCRIPTION Wireless Settings Wireless Mode This is the wireless standard the NWD-170N uses. In Ad-Hoc mode, you can use only 802.11g. Channel Select a channel number from the drop-down list box. To associate to an ad-hoc network, you must use the same channel as the peer computer. 3 If you selected Infrastructure network type in the first screen, select WEP, WPA, WPA2, WPA-PSK, WPA2-PSK or 802.1x from the drop-down list box to enable data encryption. If you selected Ad-Hoc network type in the first screen, you can use only WEP encryption method. Otherwise, select DISABLE to allow the NWD-170N to communicate with the access points or other peer wireless computers without any data encryption, and skip to step 5. Figure 30 Profile: Wireless Settings > Encryption Type : DISABLE > Back Next Bt 4 The screen varies depending on the encryption method you select in the previous screen. The settings must be exactly the same on the APS or other peer wireless computers as they are on the NWD-170N. Refer to Section 4.3.1 on page 39 for detailed information on wireless security configuration.

Chapter 4 Wireless Configuration

ZyXEL NWD-170N User's Guide Figure 31 Profile: Security Settings % Encryption Type: # Authentication Type: # Login Name: X Certificate: > Server CA: <Trust Any> > Back Next Bit SecUrt SEURY 5 This read-only screen shows a summary of the new profile settings. Verify that the settings are correct. Click Save to save and go to the next screen. Click Back to return to the previous screen. Otherwise, click Exit to go back to the Profile screen without saving. Figure 32 Profile: Confirm New Settings à Network Name(SSID): ? Network Type: ? Network Mode: # Channel: à Security: 5éu Infrastructure 802.1in Auto MPA-PSK Back Save Security setting Büt 6 To use this network profile, click the Activate Now button. Otherwise, click the Activate Later button. You can activate only one profile at a time. Note: Once you activate a profile, the ZyXEL utility will use that profile the next time it is started.

Chapter 4 Wireless Configuration

ZyXEL NWD-170N User's Guide Figure 33 Profile: Activate the Profile

Your network has been configured successfully! Activate Now Activate Later

4.5 The Adapter Screen

To set the other advanced features on the NWD-170N, click the Adapter tab. Figure 34 Adapter Adapter Setting # Preamble Type: Auto F4 + Power Saving Mode: Continuous Access Mode = Save The following table describes the labels in this screen. Table 16 Adapter LABEL DESCRIPTION Adapter Setting Preamble Type Preamble is used to signal that data is coming to the receiver. Select the preamble type that the AP uses. Short preamble increases performance as less time sending preamble means more time for sending data. AIl IEEE 802.11b/g compliant wireless adapters support Long preamble, but not all support short preamble. Select Auto to have the NWD-170N automatically use short preamble when the access point supports it; otherwise the NWD-170N uses long preamble. Note: The NWD-170N and the access point MUST use the same preamble mode in order to communicate. 50 Chapter 4 Wireless Configuration

ZyXEL NWD-170N User's Guide Table 16 Adapter (continued) LABEL DESCRIPTION Power Saving Select Maximum Power Save or Fast Power Save to save power (especially for Mode notebook computers). This forces the NWD-170N to go to sleep mode when it is not transmitting data. When you select Continuous Access Mode, the NWD-170N will never go to sleep mode. Save Click Save to save the changes to the NWD-170N and return to the Link Info screen.

Chapter 4 Wireless Configuration 51

ZyXEL NWD-170N User's Guide 52 Chapter 4 Wireless Configuration

ZyXEL NWD-170N User's Guide

Maintenance This chapter describes how to uninstall or upgrade the ZyXEL utility.

5.1 The About Screen

The About screen displays driver and utility version numbers of the NWD-170N. To display the screen as shown below, click the about ( ) button. Figure 35 About ZyXEL NWD-170N Utility Copyright(C) 2006 by ZyXEL Communications Corp. Allrights reserved Driver Versi Utility Version: : 6.0.0.204 0.0b2 The following table describes the read-only fields in this screen. Table 17 About LABEL DESCRIPTION Driver Version This field displays the version number of the NWD-170N driver. Utility Version This field displays the version number of the ZyXEL utility.

5.2 Uninstalling the ZyXEL U

Follow the steps below to remove (or uninstall) the ZyXEL utility from your computer. Note: Before you uninstall the ZyXEL utility, take note of your current wireless

configurations. 1 Click Start, (AID) Programs, ZyXEL NWD-170N Utility, Uninstall ZyXEL NWD- 170N Wireless CardBus Card Utility.

Chapter 5 Maintenance

ZyXEL NWD-170N User's Guide 2 When prompted, click OK or Yes to remove the driver and the utility software. Figure 36 Uninstall: Confirm Do you want to completely remove the selected application and all of its features? Cm) 3 Click Finish to complete uninstalling the software and restart the computer when prompted. Figure 37 Uninstall: Finish tall Complete 2 fiished urinstai esta e any disks from)

5.3 Upgrading the ZyXEL Utility

Note: Before you uninstall the ZyXEL utility, take note of your current wireless configurations. To perform the upgrade, follow the steps below. 1 Download the latest version of the utility from the ZyXEL web site and save the file on your computer. 2 Follow the steps in Section 5.2 on page 53 to remove the current ZyXEL utility from your computer. 3 Restart your computer when prompted. 4 Disconnect the NWD-170N from your computer. 5 Double-click on the setup program for the new utility to start the ZyXEL utility installation. 6 Insert the NWD-170N and check the version numbers in the About screen to make sure the new utility is installed properly.

Chapter 5 Maintenance

ZyXEL NWD-170N User's Guide

Troubleshooting This chapter covers potential problems and the possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem.

6.1 Problems Starting the ZyXEL Utility

Cannot start the Make sure the NWD-170N is properly inserted and the LEDs are on. Refer to the ZyXEL Wireless Quick Start Guide for the LED descriptions. LAN utility Use the Device Manager to check for possible hardware contiicts. Click Start, Settings, Control Panel, System, Hardware and Device Manager. Verify the status of the NWD-170N under Network Adapter. (Steps may vary depending on the version of Windows). Install the NWD-170N in another computer. If the error persists, you may have a hardware problem. In this case, you should contact your local vendor. The ZyXEL utility icon does not display. If you have installed the Funk Odyssey Client software on the computer, uninstall (remove) both the Funk Odyssey Client software and ZyXEL utility, and then install the ZyXEL utility again after restarting the computer.

6.2 Problems with the Link Quality

Table 19 Troubleshooting Link Quality PROBLEM CORRECTIVE ACTION The link quality and/or signal strength is poor. Search and connect to another AP with a better link quality using the Site Survey screen. Move your computer closer to the AP or the peer computer(s) within the transmission range. There may be too much radio interference (for example microwave or another AP using the same channel) around your wireless network. Lower the output power of each AP. Make sure there are not too many wireless stations connected to a wireless network.

ZyXEL NWD-170N User's Guide

6.3 Problems Communicating With Other Computers

Table 20 Troubleshooting Communication Problems PROBLEM CORRECTIVE ACTION The computer with the NWD-170N installed cannot communicate with the other computer(s). In Infrastructure Mode + Make sure that the AP and the associated computers are turned on and working properly. Make sure the NWD-170N computer and the associated AP use the same SSID. + Change the AP and the associated wireless clients to use another radio channel if interference is high. + Make sure that the computer and the AP share the same security option and key. Verify the settings in the Profile Security Setting screen. + __lf you are using WPA(2) or WPA(2)-PSK security, try changing your encryption type from TKIP to AES or vice versa. In Ad-Hoc (IBSS) Mode + Verify that the peer computer(s) is turned on. + Make sure the NWD-170N computer and the peer computer(s) are using the same SSID and channel. + Make sure that the computer and the peer computer(s) share the same security settings. + Change the wireless clients to use another radio channel if interference is high.

ZyXEL NWD-170N User's Guide APPENDIX A Product Specifications Table 21 Product Specifications

20 - 95% (non-condensing)

20 - 95% (non-condensing)

WPA/WPA-PSK/WPA2/WPA2-PSK

ZyXEL NWD-170N User's Guide APPENDIX B Management with Wireless Zero Configuration This appendix shows you how to manage your NWD-170N using the Windows XP wireless zero configuration tool. Be sure you have the Windows XP service pack 2 installed on your computer. Otherwise, you should at least have the Windows XP service pack 1 already on your computer and download the support patch for WPA from the Microsoft web site. Windows XP SP2 screen shots are shown unless otherwise specified. Click the help icon (2) in most screens, move the cursor to the item that you want the information about and click to view the help. Activating Wireless Zero Configuration Make sure the Use Windows to configure my wireless network settings check box is selected in the Wireless Network Connection Properties screen. Refer to Appendix C on page 71. If you see the following screen, refer to article 871122 on the Microsoft web site for information on starting WZC. Figure 38 Windows XP SP2: WZC Not Available Wireless Network Connection 7 £a Network Tasks Choose a wireless network ( Rafrechnetnon is Chk an en he Dow Lo cornet à iles nSAOIK I range 1 Lo get re informaten 24 Setup auirelessnetnork Far ahone o sal of Related Tasks ND Len ot wncon camnatceneure ts res onrexeon étaoine 2 aura enabled noter pren ta manage Ens awrelesconrezcon, Charge he order cf ÉTES préferred netwurs 1 jaune inde oeofigure the ire cennectien, tar he rl Zero Gp Cr sant Coiguaton (HE) save Far orneton su startrgthe WC see, see ane de 371122 he Meresft inaleuge Bee on the moral com Was Appendix B 59

ZyXEL NWD-170N User's Guide Connecting to a Wireless Network 1 Double-click the network icon for wireless connections in the system tray to open the Wireless Network Connection Status screen. Figure 39 Windows XP SP2: System Tray Icon The type of the wireless network icon in Windows XP SP2 indicates the status of the NWD- 170N. Refer to the following table for details. Table 22 Windows XP SP2: System Tray Icon ICON DESCRIPTION The NWD-170N is connected to a wireless network. The NWD-170N is in the process of connecting to a wireless network. The connection to a wireless network is limited because the network did not assign a network address to the computer. The NWD-170N is not connected to a wireless network. 2 Windows XP SP2: In the Wireless Network Connection Status screen, click View Wireless Networks to open the Wireless Network Connection screen. ireless Network Connection Status Figure 40 Windows XP SP: less Network Connection 6 Status General | Support Connection Status Connected Netvotk 2w701 Duration: 00:01:56 Speed 48.0 Mbps Signal Strength «ill Activity Sent Received

ZyXEL NWD-170N User’s Guide Windows XP SP1: In the Wireless Network Connection Status screen, click Properties and the Wireless Networks tab to open the Wireless Network Connection Properties screen. Figure 41 Windows XP SP1: Wireless Network Connection Status General | Support Connection Status: Duration: Speed Signal Strength: Activity Bytes: Connected

all Sent — — Recsied 289 | 0 3 Windows XP SP2: Click Refresh network list to reload and search for available wireless devices within transmission range. Select a wireless network in the list and click Connect to join the selected wireless network. Network Tasks Figure 42 Windows XP SP2: Wireless Network Connection Wireless Network Connection 7. Choose a wireless network hck an item in the Ist below to connect to a wireless network in range or ta get more information. Wireless for a home or small office &2 Setup a wireless netnork CJ Related Tasks

4) Learn about wireless

netuoring fr Change the order of referred networks Ge Change advanced settings Unsecured reless network connected Ye will TI demo

Î Unsecured wireless network cpe_swi_5275

Unsecured wireless netotk CPE_5242

ZyXEL NWD-170N User's Guide The following table describes the icons in the wireless network list. Table 23 Windows XP SP2: Wireless Network Connection ICON DESCRIPTION # This denotes that wireless security is activated for the wireless network. Fa This denotes that this wireless network is your preferred network. Ordering your preferred networks is important because the NWD-170N tries to associate to the preferred network first in the order that you specify. Refer to the section on ordering the preferred networks for detailed information. ul This denotes the signal strength of the wireless network. Al Move your cursor to the icon to see details on the signal strength. Windows XP SP1: Click Refresh to reload and search for available wireless devices within transmission range. Select a wireless network in the Available networks list, click Configure and set the related fields to the same security settings as the associated AP to add the selected network into the Preferred networks table. Click OK to join the selected wireless network. Refer to the section on security settings (discussed later) for more information. Figure 43 Windows XP SP1: Wireless Network Connection Properties Wireless Network Connection 6 Prop: General! Wireless Networks | Advanced Use Windows to configure my wireless network settings ‘Available networks: To connect ta an available network, click Configure. à cpe_swl_5275 ñ À cpe_5254_g2kplus @ zw7ot # Refresh Ereferred netwoiks: Automatically connect to available networks in the order listed below $ zw7ot dove À pan-3225-p3w Leam about setting up wireless network

4 4.Windows XP SP2: Ifthe wireless security is activated for the selected wireless network, the Wireless Network Connection screen displays. You must set the related fields in the Wireless Network Connection screen to the same security settings as the associated AP and click Connect. Refer to the section about security settings for more information. Otherwise click Cancel and connect to another wireless network without data encryption.

ZyXEL NWD-170N User's Guide If there is no security activated for the selected wireless network, a warning screen appears. Click Connect Anyway if wireless security is not your concern. Figure 44 Windows XP SP2: Wireless Network Connection: WEP or WPA-PSK Wireless Network Connection The network 'cpe_5236 requires a network key (also called a WEP key or WPA key). À network key helps prevent unknown intruders from connecting to this network. Type the key, and then click Connect. Network key: [osssssee Confirm network key: [ 000000! Figure 45 Windows XP SP2: Wireless Network Connection: No Security Wireless Network Connection You are connecting to the unsecured network "CPE_5242", Information sent over this network is not encrypted and might be visible to other people. EG) 5 Verify that you have successfully connected to the selected network and check the connection status in the wireless network list or the connection icon in the Preferred networks or Available networks list. The following table describes the connection icons. Table 24 Windows XP: Wireless Networks ICON DESCRIPTION i This denotes the wireless network is an available wireless network. Lo] This denotes the NWD-170N is associated to the wireless network. ñ This denotes the wireless network is not available. Security Settings When you configure the NWD-170N to connect to a secure network but the security settings are not yet enabled on the NWD-170N, you will see different screens according to the authentication and encryption methods used by the selected network. Association Select a network in the Preferred networks list and click Properties to view or configure security. Appendix B

ZyXEL NWD-170N User's Guide Figure 46 Windows XP: Wireless (network) properties: Association Wireless properties Netwoik name (SSID} Wiless netok key Netork Authentication: Data encrplion Netork key Conlim netwotk key Kep index [acanced} Association | Authenticalion | Connection This netork requires a key for the folowing: Ce Re provided me automate} Wireless network properties Association | Authenticalon| ] Netrak ane SSD} [AVTOT ] cs retokkp Th ao rues say foing Ses Netork Authentication: Shared WEP Data encypion Er ] Neloik key ] ] Conlim netwotk key ] N- Key index (advanced [1 Clés Ke provided me automatic} [I This is à gomputerto-computer (ad hoc] netwoik: less acces points are not used The following table describes the labels in this screen. Table 25 Windows XP: Wireless (network) properties: Association LABEL DESCRIPTION Network name This field displays the SSID (Service Set IDentifier) of each wireless network. (SSID) Network This field automatically shows the authentication method (Share, Open, WPA or Authentication WPA-PSK) used by the selected network. Data Encryption This field automatically shows the encryption type (TKIP, WEP or Disable) used by the selected network. Network Key Enter the pre-shared key or WEP key. The values for the keys must be set up exactly the same on all wireless devices in the same wireless LAN. Confirm network Enter the key again for confirmation. provided for me automatically key Key index Select a default WEP key to use for data encryption. (advanced) This field is available only when the network use WEP encryption method and the The key is provided for me automatically check box is not selected. The key is If this check box is selected, the wireless AP assigns the NWD-170N a key. This is a computer-to- computer (ad hoc) network; wireless access points are If this check box is selected, you are connecting to another computer directly. not used OK Click OK to save your changes. Cancel Click Cancel to leave this screen without saving any changes you may have made. Appendix B

ZyXEL NWD-170N User's Guide Authentication Click the Authentication tab in the Wireless (network) properties screen to display the screen shown next. The fields on this screen are grayed out when the network is in Ad-Hoc mode or data encryption is disabled. Figure 47 Windows XP: Wireless (network) properties: Authentication Wireless properties @) Wireless network properties ex Association | Authenticalion | Connection ‘Association | Authenticaion EAP pe: [Smart Card or other Cerñicate Müihenieaie 35 computer when compuietinfoimalon is avsl8blé Authenticate as computer when computer information is available [lAuthenticate as quest when user or computer information is [lAuthenticate as quest when user or computer information is Select is apion ta provide authenlcated netnoïk access for wireless Ethemet networks RIRE 600 He auPenEsn TE EAP pe: [Smart Card or other Cerñicate The following table describes the labels in this screen. Table 26 Windows XP: Wireless (network) properties: Authentication LABEL DESCRIPTION Enable IEEE This field displays whether the IEEE 802.1x authentication is active. 802.1x Ifthe network authentication is set to Open in the previous screen, you can choose authentication for |{o disable or enable this feature. this network EAP Type Select the type of EAP authentication. Options are Protected EAP (PEAP) and Smart Card or other Certificate. Properties Click this button to open the properties screen and configure certificates. The screen varies depending on what you select in the EAP type field. Authenticate as computer when computer information is available Select this check box to have the computer send its information to the network for authentication when a user is not logged on. Authenticate as guest when user or computer information is Select this check box to have the computer access to the network as a guest when a user is not logged on or computer information is not available. unavailable OK Click OK to save your changes. Cancel Click Cancel to leave this screen without saving any changes you may have made. Appendix B

ZyXEL NWD-170N User's Guide Authentication Properties Select an EAP authentication type in the Wireless (network) properties: Authentication screen and click the Properties button to display the following screen. Protected EAP Properties Figure 48 Windows XP: Protected EAP Properties Prot d EAP Properties Vihen comecting: PAR Eve CRE connect to these servers: Trusted Root Certication Authors: [] ABA.ECOM Root CA « [] Autoridad Certicadora de la Asociacion Nacional del Notaria [] Autoridad Certicadora del Colegio Nacional de Correduria P [] Baltimore EZ by DST [] Belgacom E-Trust Primary CA [2 ca HKT Securenet CA Class À [2 ca HkT Secureet CA Class 8 # < 2 [CIDo nat prompt user to authorize new server or trusted certicaion authorkies. Select Authentication Method: (ecsopesme Euro 2) 3 Ce.) LEnable Fast Reconnect The following table describes the labels in this screen. Table 27 Windows XP: Protected EAP Properties LABEL DESCRIPTION Validate server Select the check box to verify the certificate of the authentication server. certificate Connect to these | Select the check box and specify a domain in the field below to have your servers computer connect to a server which resides only within this domain. Trusted Root Select a trusted certification authority from the list below. Certification Authorities: Note: You must first have a wired connection to a network and obtain the certificate(s) from a certificate authority (CA). Consult your network administrator for more information. user to authorize | prompting. new server or trusted certification authorities. Do not prompt Select this check box to verify a new authentication server or trusted CA without This field is available only if you installed the Windows XP server pack 2. Authentication to do settings. Method: Select Select an authentication method from the drop-down list box and click Configure

ZyXEL NWD-170N User's Guide Table 27 Windows XP: Protected EAP Properties LABEL DESCRIPTION Enable Fast Select the check box to automatically reconnect to the network (without re- Reconnect authentication) if the wireless connection goes down. OK Click OK to save your changes. Cancel Click Cancel to leave this screen without saving any changes you may have made. Smart Card or other Certificate Properties he connecing OUse my mat card OÙ à gafeste on onu jaidate server cetificate [I Connect ta these server: [J ABAECOM Root CA [] Balimore EZ by DST

The following table describes the labels in this screen. Table 28 Windows XP: Smart Card or other Certificate Properties LABEL DESCRIPTION Use my smart card Select this check box to use the smart card for authentication. Use a certificate on this computer Select this check box to use a certificate on your computer for authentication. Validate server certificate Select the check box to check the certificate of the authentication server. Connect to these servers Select the check box and specify a domain in the field below to have your computer connect to a server which resides only within this domain. Trusted Root Certification Authorities: Select a trusted certification authority from the list below. Note: You must first have a wired connection to a network and obtain the certificate(s) from a certificate authority (CA). Consult your network administrator for more information. View Certificate Click this button if you want to verify the selected certificate. Appendix B

ZyXEL NWD-170N User's Guide Ordering the Preferred Networks Table 28 Windows XP: Smart Card or other Certificate Properties LABEL DESCRIPTION Use a different Select the check box to use a different user name when the user name in the smart user name for the | card or certificate is not the same as the user name in the domain that you are connection: logged on to. OK Click OK to save your changes. Cancel Click Cancel to leave this screen without saving any changes you may have made. Follow the steps below to manage your preferred networks. 1 Windows XP SP2: Click Change the order of preferred networks in the Wireless Network Connection screen (see Figure 42 on page 61). The screen displays as shown. Figure 50 Windows XP SP2: Wireless Networks: Preferred Networks less Network Connection 7 Propert General! Wireless Netwoiks | Advanced Use Windows to configure my Wireless netwoik setings Available networks: To connect to, disconnect om, or find out more information: about wireless networks in range, click the button below: View Wireless Networks Preferred networks: Automatically connect to available networks in the order listed belowr à ZHKEL_MIS (Automatic) à cpe_5236 (Automatic À Wicss (Automate) TI demo (automatic) Leam about setting up wireless network Windows XP SP1: In the Wireless Network Connection Status screen, click Properties and the Wireless Networks tab to open the screen as shown.

ZyXEL NWD-170N User's Guide Figure 51 Windows XP SP1: Wireless Networks: Preferred Networks less Netwo General| Wireless Netoiks | Advanced] Use Windows to configure my wireless network settings Available networks: To connect to an available network, cick Configure. à cpe_swl_5275 | ( Longue à cpe_5254_g2kplus = @ zwrot | (CReresh (Ectereé networks: Automaicaly connect to available netwaiks in the order listed below $ zw7ot Move up À pgs-3225-p334w setting up wireless network Sn R 2 Whenever the NWD-170N tries to connect to a new network, the new network is added in the Preferred networks table automatically. Select a network and click Move up or Move down to change it's order, click Remove to delete it or click Properties to view the security, authentication or connection information of the selected network. Click Add to add a preferred network into the list manually. Appendix B

ZyXEL NWD-170N User's Guide APPENDIX C Wireless Security Types of EAP Authentication This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. Your wireless LAN device may not support all authentication types. EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. EAP-MD5 (Message-Digest Algorithm 5) MDS authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless station. The wireless station ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MDS authentication method does not perform mutual authentication. Finally, MDS authentication method does not support data encryption with dynamic session key. You must configure WEP encryption keys for data encryption. Appendix C 71

ZyXEL NWD-170N User's Guide EAP-TLS (Transport Layer Security) With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead. EAP-TTLS (Tunneled Transport Layer Service) EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. PEAP (Protected EAP) LEAP Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MDS5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled. Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange

ZyXEL NWD-170N User's Guide For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types. Table 29 Comparison of EAP Authentication Types

EAP-MD5 EAP-TLS |EAP-TTLS PEAP LEAP

Mutual Authentication No Yes Yes Yes Yes Certificate — Client No Yes Optional Optional No Certificate — Server No Yes Yes Yes No Dynamic Key Exchange No Yes Yes Yes Yes Credential Integrity None Strong Strong Strong Moderate Deployment Difficulty Easy Hard Moderate Moderate | Moderate Client Identity Protection No No Yes Yes No WPA and WPA2 Encrypti Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Key differences between WPA(2) and WEP are improved data encryption and user authentication. Ifboth an AP and the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. Ifthe AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. ion Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption than TKIP. Appendix C

ZyXEL NWD-170N User's Guide TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server. AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm called Rijndael. They both include a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the PMK to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless stations. This all happens in the background automatically. The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped. By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a Wi-Fi network than WEP and difficult for an intruder to break into the network. The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it’s still an improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of WEP) User Authentication WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless stations using an external RADIUS database. WPA2 reduces the number of key exchange messages from six to four (CCMP 4-way handshake) and shortens the time required to connect to a network. Other WPA2 authentication features that are different from WPA include key caching and pre-authentication. These two features are optional and may not be supported in all wireless devices. Key caching allows a wireless client to store the PMK it derived through a successful authentication with an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not need to go with the authentication process again. Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform IEEE 802.1x authentication with another AP before connecting to it.

ZyXEL NWD-170N User's Guide WPA(2)-PSK Application Example A WPA(2)s-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols). 2 The AP checks each client's password and (only) allows it to join the network if it matches its password. 3 The AP and wireless clients use the pre-shared key to generate a common PMK. 4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them. Figure 52 WPA-PSK Authentication

WPA(2) with RADIUS Application Example You need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system. 1 The AP passes the wireless client's authentication request to the RADIUS server. 2 The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly. 3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. Appendix C 75

ZyXEL NWD-170N User's Guide Figure 53 WPA(2) with RADIUS Application Example

Cu) Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 30 Wireless Security Relational Matrix METHODIKEY ENCRYPTION |ENTER |iece 802.1x MANAGEMENT PROTOCOL Open None No Disable Enable without Dynamic WEP Key Open WEP No Enable with Dynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable Shared WEP No Enable with Dynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable WPA TKIP/AES No Enable WPA-PSK TKIP/AES Yes Disable WPA2 TKIP/AES No Enable WPA2-PSK TKIP/AES Yes Disable

ZyXEL NWD-170N User's Guide APPENDIX D Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 98/Me/2000/XP and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package. TCP/IP should already be installed on computers using Windows 2000 and XP. After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order to "communicate" with your network. Windows 98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window Appendix D

ZyXEL NWD-170N User's Guide Figure 54 Windows 98/Me: Network: Configuration Client for Microsoft Networks F Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 Inthe Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: 1 Inthe Network window, click Add. 2 Select Protocol and then click Add. 3 Select Microsoft from the list of manufacturers. 4 Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks: 1 Click Add. 2 Select Client and then click Add. 78 Appendix D

ZyXEL NWD-170N User's Guide 3 Select Microsoft from the list of manufacturers. OK. Configuring DNS Configuration | Gateway | WINS Configuration | IP Address and click Properties 2 Click the IP Address tab. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry + If your IP address is dynamic, select Obtain an IP address automatically. + If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Figure 55 Windows 98/Me: TCP/IP Properties: IP Address Bindings | Advanced | NetBl0S | An IP address can be automaticall assigned to this computer. If your network does not automatically assign IP addresses, ask your network administretor for an address, and then type it in the space below. F Detect connection to netwark media Cancel 3 Click the DNS Configuration tab. + If you do not know your DNS information, select Disable DNS. + If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). Appendix D

ZyXEL NWD-170N User's Guide Figure 56 Windows 98/Me: TCP/IP Properties: DNS Configuration TCP/IP Propeities 2x] Bindings | Advanced | NetBl0S DNS Configuration | Gateway | WINS Configuration | 1P Address EE Enble DNS Host Domena arch Order a —— Cl 4 Click the Gateway tab. + __ If you do not know your gateway’s IP address, remove previously installed gateways. + __ If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Restart your computer when prompted. Verifying Settings 1 Click Start and then Run. 2 In the Run window, type "winipcfg" and then click OK to open the IP Configuration window. 3 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/XP 1 For Windows XP, click start, Control Panel. In Windows 2000, click Start, Settings, Control Panel. 80 Appendix D

ZyXEL NWD-170N User's Guide Figure 59 Windows XP: Control Panel: Network Connections: Properties Fle Edit View Favorites Tools Advanced Help Qex - Q D sen [f> roers © Network Connections LAN or High-Speed Internet Network Tasks FE create a new connection © Set up a home or small Disable office network © Disabie this network Status device Repair À Repair this connection Bridge Connections Œ Rename this connection Create Shortcut © view status of this connection ‘ Change settings of this Rename connection 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 60 Windows XP: Local Area Connection Properties L Area Conne: General | Authentication | Advanced Connect using 1 Accton EN1207D-TX PCI Fast Ethemet Adapter This connection uses the following items: M (81 Cent for Microsoft Networks | 1%) File and Printer Shaïng for Microsoft Networks M JE Qos Packet Scheduler Description Transmission Control Protocol/Intemet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks. [1 Show icon in notification area when connected 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). + If you have a dynamic IP address click Obtain an IP address automatically. Appendix D

ZyXEL NWD-170N User's Guide If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. Figure 61 Windows XP: Advanced TCP/IP Settings Advanced TCP/IP Settings IP addresses | IP address DHCP Enabled Default gateways Gateway [Automatic metic: IP Settings | DNS | WINS | Options: Ed] Subnet mask Metic 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: In the IP Settings tab, in IP addresses, click Add. In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add. Repeat the above two steps for each IP address you want to add. Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways. In TCP/IP Gateway Address, type the IP address of the default gateway in Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metrie check box and type a metric in Metric. Click Add. Repeat the previous three steps for each default gateway you want to add. Click OK when finished. 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): Appendix D

ZyXEL NWD-170N User's Guide Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. Figure 62 Windows XP: Internet Protocol (TCP/IP) Properties General | Altemate Configuration the appropriate IP settings. nternet Protocol (TCP/IP) Properties You can get IP settings assigned automatically if your network supports this capabilty. Dtherwise, you need ta ask your network administrator far © Obtain an IP address automatically © Use the following IP address: © Obtain DNS server address automatically © Use the following DNS server addresses:

8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click OK to close the Local Area Connection Properties window. 10Restart your computer (if prompted). Verifying Settings 1 Click Start, AIL Programs, Accessories and then Command Prompt. 2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. Appendix D

ZyXEL NWD-170N User's Guide

About 53 About your ZyXEL AG-220 19 Access point (AP) 31 Access point. See also AP. ACT LED 20 Activating a profile 49 Adapter 50 Ad-Hoc 21, 47 Advanced Encryption Standard 34, 73 Advanced settings 50

See also access point. AP MAC address 36 Authentication 36 Authentication type 33, 41 auto 33 open system 33 shared key 33 Auto authentication 33 Automatic connection 37 Automatic network scan 25, 44 Band 57

CCMP 34 Certificate Authority (CA) 33, 72 certifications 4 notices 5 viewing 5 Channel 31, 36, 38, 47, 57 Configuration method 22 important note 22 Wireless Zero Configuration (WZC) 22 Configuration methods ZyXEL utility 22 Configuration status 35 Index Connection status 35 contact information 8 Continuous access mode 51 copyright 3 Creating a new profile 46 Current configuration 35 Current connection status 35 customer support 8

ZyXEL NWD-170N User's Guide

Getting started 19 Graphics icons key 18

Network mode 36 Network name 36 Network overlap 31 Network scan 44 Network type 36, 38 [e] Online help 23 Output power 57

Quick Start Guide 17, 22, 55

ZyXEL NWD-170N User's Guide Radio specifications 57 RADIUS 33, 34 RADIUS server 74 Real-time data traffic statistics 37 Receive rate 36 registration product 7 Related Documentation 17

Uninstalling the ZyXEL Utility 53 Upgrading the ZyXEL Utility important step 54 Upgrading ZyXEL Utility 54 User authentication 32, 74 Utility installation 22 Utility version 53

ZyXEL NWD-170N User's Guide WPA2 33, 41,73 WPA2-Pre-Shared Key 34, 73 WPA2-PSK 34, 40, 73 WPA-PSK 34, 40, 73 WZC (Wireless Zero Configuration) 22

ZyXEL Utility 22 accessing 23 driver version number 53 exiting 22 help 23 reactivating 23 status 22 system tray icon 22 upgrading 54 version number 53