Use the system screens to configure general NWA/WAC settings.
A host name is the unique name by which a device is known on a network.
For effective scheduling and logging, the NWA/WAC system time must be accurate. The NWA/WAC has a software mechanism to set the time manually or get the current time and date from an external server.
You can manually set the NWA/WAC’s time and date or have the NWA/WAC get the date and time from a time server.
|
Label |
Description |
|---|---|
|
Current Time and Date |
|
|
Current Time |
This field displays the present time of your NWA/WAC. |
|
Current Date |
This field displays the present date of your NWA/WAC. |
|
Time and Date Setup |
|
|
Manual |
Select this radio button to enter the time and date manually. If you configure a new time and date, time zone and daylight saving at the same time, the time zone and daylight saving will affect the new time and date you entered. When you enter the time settings manually, the NWA/WAC uses the new setting once you click Apply. |
|
New Time (hh:mm:ss) |
This field displays the last updated time from the time server or the last time configured manually. |
|
New Date (yyyy-mm-dd) |
This field displays the last updated date from the time server or the last date configured manually. |
|
Get from Time Server |
Select this radio button to have the NWA/WAC get the time and date from the time server you specify below. The NWA/WAC requests time and date settings from the time server under the following circumstances. • When the NWA/WAC starts up. • When you click Apply or Sync. Now in this screen. • 24-hour intervals after starting up. |
|
Time Server Address |
Enter the IP address or URL of your time server. Check with your ISP/network administrator if you are unsure of this information. |
|
Sync. Now |
Click this button to have the NWA/WAC get the time and date from a time server (see the Time Server Address field). This also saves your changes (except the daylight saving settings). |
|
Time Zone Setup |
|
|
Time Zone |
Choose the time zone of your location. This will set the time difference between your time zone and Greenwich Mean Time (GMT). |
|
Daylight saving is a period from late spring to fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening. Select this option if you use Daylight Saving Time. |
|
|
Start Date |
Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving. The at field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the second Sunday of March. Each time zone in the United States starts using Daylight Saving Time at 2 A.M. local time. So in the United States you would select Second, Sunday, March and type 2 in the at field. Daylight Saving Time starts in the European Union on the last Sunday of March. All of the time zones in the European Union start using Daylight Saving Time at the same moment (1 A.M. GMT or UTC). So in the European Union you would select Last, Sunday, March. The time you type in the at field depends on your time zone. In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). |
|
End Date |
Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving. The at field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the first Sunday of November. Each time zone in the United States stops using Daylight Saving Time at 2 A.M. local time. So in the United States you would select First, Sunday, November and type 2 in the at field. Daylight Saving Time ends in the European Union on the last Sunday of October. All of the time zones in the European Union stop using Daylight Saving Time at the same moment (1 A.M. GMT or UTC). So in the European Union you would select Last, Sunday, October. The time you type in the at field depends on your time zone. In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). |
|
Offset |
Specify how much the clock changes when daylight saving begins and ends. Enter a number from 1 to 5.5 (by 0.5 increments). For example, if you set this field to 3.5, a log occurred at 6 P.M. in local official time will appear as if it had occurred at 10:30 P.M. |
|
Apply |
Click Apply to save your changes back to the NWA/WAC. |
|
Reset |
Click Reset to return the screen to its last-saved settings. |
Pre-defined NTP Time Servers List
When you turn on the NWA/WAC for the first time, the date and time start at 2003-01-01 00:00:00. The NWA/WAC then attempts to synchronize with one of the following pre-defined list of Network Time Protocol (NTP) time servers.
The NWA/WAC continues to use the following pre-defined list of NTP time servers if you do not specify a time server or it cannot synchronize with the time server you specified.
|
0.pool.ntp.org |
|
1.pool.ntp.org |
|
2.pool.ntp.org |
When the NWA/WAC uses the pre-defined list of NTP time servers, it randomly selects one server and tries to synchronize with it. If the synchronization fails, then the NWA/WAC goes through the rest of the list in order from the first one tried until either it is successful or all the pre-defined NTP time servers have been tried.
Click the Sync. Now button to get the time and date from the time server you specified in the Time Server Address field.
The Current Time and Current Date fields will display the appropriate settings if the synchronization is successful.
If the synchronization was not successful, a log displays in the View Log screen. Try re-configuring the Date/Time screen.
To manually set the NWA/WAC date and time:
1 Click System > Date/Time.
2 Select Manual under Time and Date Setup.
3 Enter the NWA/WAC’s time in the New Time field.
4 Enter the NWA/WAC’s date in the New Date field.
5 Under Time Zone Setup, select your Time Zone from the list.
6 As an option you can select the Enable Daylight Saving check box to adjust the NWA/WAC clock for daylight savings.
7 Click Apply.
To get the NWA/WAC date and time from a time server:
1 Click System > Date/Time.
2 Select Get from Time Server under Time and Date Setup.
3 Under Time Zone Setup, select your Time Zone from the list.
4 Under Time and Date Setup, enter a Time Server Address.
5 Click Apply.
Note: If you disable HTTP in the WWW screen, then the NWA/WAC blocks all HTTP connection attempts.
Use this screen to specify HTTP or HTTPS settings.
|
Label |
Description |
|---|---|
|
HTTPS |
|
|
Enable |
Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA/WAC Web Configurator using secure HTTPs connections. |
|
Server Port |
The HTTPS server listens on port 443 by default. If you change the HTTPS server port to a different number on the NWA/WAC, for example 8443, then you must notify people who need to access the NWA/WAC Web Configurator to use “https://NWA/WAC IP Address:8443” as the URL. |
|
Authenticate Client Certificates |
Select Authenticate Client Certificates (optional) to require the SSL client to authenticate itself to the NWA/WAC by sending the NWA/WAC a certificate. To do that the SSL client must have a CA-signed certificate from a CA that has been imported as a trusted CA on the NWA/WAC. |
|
Select a certificate the HTTPS server (the NWA/WAC) uses to authenticate itself to the HTTPS client. You must have certificates already configured in the My Certificates screen. |
|
|
To allow only secure Web Configurator access, select this to redirect all HTTP connection requests to the HTTPS server. |
|
|
HTTP |
|
|
Enable |
Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA/WAC Web Configurator using HTTP connections. |
|
Server Port |
You may change the server port number for a service if needed, however you must use the same port number in order to use that service to access the NWA/WAC. |
|
Apply |
Click Apply to save your changes back to the NWA/WAC. |
|
Reset |
Click Reset to return the screen to its last-saved settings. |
You can use SSH (Secure SHell) to securely access the NWA/WAC’s command line interface.
SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network.
1 Host Identification
The SSH client sends a connection request to the SSH server. The server identifies itself with a host key. The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server.
The client automatically saves any new server public keys. In subsequent connections, the server public key is checked against the saved version on the client computer.
2 Encryption Method
Once the identification is verified, both the client and server must agree on the type of encryption method to use.
3 Authentication and Data Transmission
After the identification is verified and data encryption activated, a secure tunnel is established between the client and the server. The client then sends its authentication information (user name and password) to the server to log in to the server.
SSH Implementation on the NWA/WAC
Your NWA/WAC supports SSH versions 1 and 2 using RSA authentication and four encryption methods (AES, 3DES, Archfour, and Blowfish). The SSH server is implemented on the NWA/WAC for management using port 22 (by default).
You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the NWA/WAC over SSH.
Use this screen to configure your NWA/WAC’s Secure Shell settings.
Note: It is recommended that you disable Telnet and FTP when you configure SSH for secure connections.
|
Label |
Description |
|---|---|
|
Enable |
Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA/WAC CLI using this service. |
|
Version 1 |
Select the check box to have the NWA/WAC use both SSH version 1 and version 2 protocols. If you clear the check box, the NWA/WAC uses only SSH version 2 protocol. |
|
Server Port |
You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. |
|
Select the certificate whose corresponding private key is to be used to identify the NWA/WAC for SSH connections. You must have certificates already configured in the My Certificates screen. |
|
|
Apply |
Click Apply to save your changes back to the NWA/WAC. |
|
Reset |
Click Reset to return the screen to its last-saved settings. |
You can use Telnet to access the NWA/WAC’s command line interface. Use this screen to enable or disable Telnet and set the server port number.
|
Label |
Description |
|---|---|
|
Enable |
Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA/WAC CLI using this service. |
|
Server Port |
You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. |
|
Apply |
Click Apply to save your changes back to the NWA/WAC. |
|
Reset |
Click Reset to return the screen to its last-saved settings. |
You can upload and download the NWA/WAC’s firmware and configuration files using FTP. To use this feature, your computer must have an FTP client.
Use this screen to specify FTP settings.
|
Label |
Description |
|---|---|
|
Enable |
Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the NWA/WAC using this service. |
|
Select the check box to use FTP over TLS (Transport Layer Security) to encrypt communication. This implements TLS as a security mechanism to secure FTP clients and/or servers. |
|
|
Server Port |
You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. |
|
Select the certificate whose corresponding private key is to be used to identify the NWA/WAC for FTP connections. You must have certificates already configured in the My Certificates screen |
|
|
Apply |
Click Apply to save your changes back to the NWA/WAC. |
|
Reset |
Click Reset to return the screen to its last-saved settings. |
Simple Network Management Protocol is a protocol used for exchanging management information between network devices. Your NWA/WAC supports SNMP agent functionality, which allows a manager station to manage and monitor the NWA/WAC through the network. The NWA/WAC supports SNMP version one (SNMPv1), version two (SNMPv2c), and version three (SNMPv3).
An SNMP managed network consists of two main types of component: agents and a manager.
An agent is a management software module that resides in a managed device (the NWA/WAC). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.
The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects.
SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations:
• Get - Allows the manager to retrieve an object variable from the agent.
• GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations.
• Set - Allows the manager to set values for object variables within an agent.
• Trap - Used by the agent to inform the manager of some events.
The NWA/WAC supports MIB II that is defined in RFC-1213 and RFC-1215. The NWA/WAC also supports private MIBs (ZYXEL-ES-CAPWAP.MIB, ZYXEL-ES-COMMON.MIB, ZYXEL-ES-ZyXELAPMgmt.MIB, ZYXEL-ES-PROWLAN.MIB, ZYXEL-ES-RFMGMT.MIB, ZYXEL-ES-SMI.MIB, and ZYXEL-ES-WIRELESS.MIB) to collect information about CPU and memory usage and VPN total throughput. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. You can download the NWA/WAC’s MIBs from www.zyxel.com.
The NWA/WAC will send traps to the SNMP manager when any one of the following events occurs.
|
OBJECT LABEL |
OBJECT ID |
description |
|---|---|---|
|
linkDown |
1.3.6.1.6.3.1.1.5.3 |
This trap is sent when the Ethernet link is down. |
|
linkUp |
1.3.6.1.6.3.1.1.5.4 |
This trap is sent when the Ethernet link is up. |
|
authenticationFailure |
1.3.6.1.6.3.1.1.5.5 |
This trap is sent when an SNMP request comes from non-authenticated hosts. |
Use this screen to configure your SNMP settings. You can also configure user profiles that define allowed SNMPv3 access.
|
Label |
Description |
|---|---|
|
Enable |
Select the check box to allow or disallow users to access the NWA/WAC using SNMP. |
|
Server Port |
You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. |
|
Trap |
|
|
Community |
Type the trap community, which is the password sent with each trap to the SNMP manager. The default is public and allows all requests. |
|
Destination |
Type the IP address of the station to send your SNMP traps to. |
|
SNMPv2c |
Select this to allow SNMP managers using SNMPv2c to access the NWA/WAC. |
|
Get Community |
Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station. The default is public and allows all requests. |
|
Set Community |
Enter the Set community, which is the password for incoming Set requests from the management station. The default is private and allows all requests. |
|
SNMPv3 |
Select this to allow SNMP managers using SNMPv3 to access the NWA/WAC. |
|
Add |
Click this to create a new entry. Select an entry and click Add to create a new entry after the selected entry. |
|
Edit |
Double-click an entry or select it and click Edit to be able to modify the entry’s settings. |
|
Remove |
To remove an entry, select it and click Remove. The NWA/WAC confirms you want to remove it before doing so. Note that subsequent entries move up by one when you take this action. |
|
# |
This the index number of an SNMPv3 user profile. |
|
User Name |
This is the name of the user for which this SNMPv3 user profile is configured. |
|
Authentication |
This field displays the type of authentication the SNMPv3 user must use to connect to the NWA/WAC using this SNMPv3 user profile. |
|
Privacy |
This field displays the type of encryption the SNMPv3 user must use to connect to the NWA/WAC using this SNMPv3 user profile. |
|
Privilege |
This field displays whether the SNMPv3 user can have read-only or read and write access to the NWA/WAC using this SNMPv3 user profile. |
|
Apply |
Click Apply to save your changes back to the NWA/WAC. |
|
Reset |
Click Reset to return the screen to its last-saved settings. |
Adding or Editing an SNMPv3 User Profile
This screen allows you to add or edit an SNMPv3 user profile.
|
Label |
Description |
|---|---|
|
User Name |
Select the user name of the user account for which this SNMPv3 user profile is configured. |
|
Authentication |
Select the type of authentication the SNMPv3 user must use to connect to the NWA/WAC using this SNMPv3 user profile. Select MD5 to require the SNMPv3 user’s password be encrypted by MD5 for authentication. Select SHA to require the SNMPv3 user’s password be encrypted by SHA for authentication. |
|
Privacy |
Select the type of encryption the SNMPv3 user must use to connect to the NWA/WAC using this SNMPv3 user profile. Select NONE to not encrypt the SNMPv3 communications. Select DES to use DES to encrypt the SNMPv3 communications. Select AES to use AES to encrypt the SNMPv3 communications. |
|
Privilege |
Select whether the SNMPv3 user can have read-only or read and write access to the NWA/WAC using this SNMPv3 user profile. |
|
OK |
Click OK to save your changes back to the NWA/WAC. |
|
Cancel |
Click Cancel to exit this screen without saving your changes. |