Wireless
Overview
The following figure provides an example of a wireless network.
Example of a Wireless Network
Station / Wireless Client
A station or wireless client is any wireless-capable device that can connect to an AP using a wireless signal.
Dynamic Channel Selection (DCS)
Dynamic Channel Selection (DCS) is a feature that allows an AP to automatically select the radio channel which it broadcasts. For more information, see Technical Reference.
AP Management
Use this screen to manage the Zyxel Device’s general wireless settings.
Label | Description |
|---|---|
Radio 1 Setting | |
Radio 1 Activate | Select the check box to enable the Zyxel Device’s first (default) radio. |
Radio 1 OP Mode | Select the operating mode for radio 1. AP Mode means the radio can receive connections from wireless clients and pass their data traffic through to the Zyxel Device to be managed (or subsequently passed on to an upstream gateway for managing). Root AP means the radio acts as an AP and also supports the wireless connections with other APs (in repeater mode) to form a WDS (Wireless Distribution System) to extend its wireless network. Repeater means the radio can establish a wireless connection with other APs (in either root AP or repeater mode) to form a WDS. |
Radio 1 Profile | Select the radio profile the radio uses.  You can only apply a 2.4G AP radio profile to radio 1. Otherwise, the first radio will not be working. |
Radio 1 WDS Profile | This field is available only when the radio is in Root AP or Repeater mode. Select the WDS profile the radio uses to connect to a root AP or repeater. |
Enable WDS Wireless Bridging | If you set the Zyxel Device as a root AP, the radio that’s bridging with the Zyxel Device should be in repeater mode. Be careful to avoid bridge loops. For example, if your root AP and the Zyxel Device are connected to a switch, and they’re also connected to each other using a WiFi connection. This will create bridge loops. This field is available only when the radio is in Repeater mode. Select this to enable WDS wireless bridging on the Zyxel Device. See Zyxel Device Roles for more information on Wireless Distribution System (WDS). |
Uplink Selection Mode | This field is available only when the radio is in Repeater mode. Select AUTO to have the Zyxel Device automatically use the settings in the applied WDS profile to connect to a root AP or repeater. Select Manual to have the Zyxel Device connect to the root AP or repeater with the MAC address specified in the Radio 1 Uplink MAC Address field. |
Setup Wireless Bridge Vlan ID | Click this to show the Wireless Bridge Vlan Setting pop-up window. This link is available only when the radio is in Root AP or Repeater mode. |
Wireless Bridge Vlan Setting | |
Add | Click this to add an entry in the table. |
Remove | Select an entry and click this to remove the selected entry. |
# | This field is a sequential value. It is not associated with any VLAN ID. |
Wireless Bridge Vlan ID | Enter a VLAN ID for the wireless bridge. The VLAN IDs you set on your root AP should be the same as the VLAN ID you set here. See Zyxel Device Roles for more information on wireless bridge. |
OK | Click OK to save your changes back to the Zyxel Device. |
Close | Click Close to close the pop-up window without saving your changes. |
Max Output Power | Enter the maximum output power (between 0 to 30 dBm) of the Zyxel Device in this field. If there is a high density of APs in an area, decrease the output power of the Zyxel Device to reduce interference with other APs. Reducing the output power also reduces the Zyxel Device’s effective broadcast radius. |
MBSSID Settings | |
Edit  | Click Edit icon ( )to open a screen where you can modify the entry’s settings. In some tables you can just click a table entry and edit it directly in the table. For those types of tables small red triangles display for table entries with changes that you have not yet applied. |
# | This field shows the index number of the SSID |
SSID Profile | This field displays the SSID profile that is associated with the radio profile. |
Radio 2 Setting | |
Radio 2 Activate | This displays if the Zyxel Device has a second radio. Select the check box to enable the Zyxel Device’s second radio. |
Radio 2 OP Mode | This displays if the Zyxel Device has a second radio. Select the operating mode for radio 2. AP Mode means the radio can receive connections from wireless clients and pass their data traffic through to the Zyxel Device to be managed (or subsequently passed on to an upstream gateway for managing). Root AP means the radio acts as an AP and also supports the wireless connections with other APs (in repeater mode) to form a WDS to extend its wireless network. Repeater means the radio can establish a wireless connection with other APs (in either root AP or repeater mode) to form a WDS. |
Radio 2 Profile | This displays if the Zyxel Device has a second radio. Select the radio profile the radio uses. You can only apply a 5G AP radio profile to radio 2. Otherwise, the second radio will not be working. |
Radio 2 WDS Profile | This field is available only when the radio is in Root AP or Repeater mode. Select the WDS profile the radio uses to connect to a root AP or repeater. |
Enable WDS Wireless Bridging | If you set the Zyxel Device as a root AP, the radio that’s bridging with the Zyxel Device should be in repeater mode. Be careful to avoid bridge loops. For example, if your root AP and the Zyxel Device are connected to a switch, and they’re also connected to each other using a WiFi connection. This will create bridge loops. This field is available only when the radio is in Repeater mode. Select this to enable WDS wireless bridging on the Zyxel Device. See Zyxel Device Roles for more information on Wireless Distribution System (WDS). |
Uplink Selection Mode | This field is available only when the radio is in Repeater mode. Select AUTO to have the Zyxel Device automatically use the settings in the applied WDS profile to connect to a root AP or repeater. Select Manual to have the Zyxel Device connect to the root AP or repeater with the MAC address specified in the Radio 1 Uplink MAC Address field. |
Setup Wireless Bridge Vlan ID | Click this to show the Wireless Bridge Vlan Setting pop-up window. This link is available only when the radio is in Root AP or Repeater mode. |
Wireless Bridge Vlan Setting | |
Add | Click this to add an entry in the table. |
Remove | Select an entry and click this to remove the selected entry. |
# | This field is a sequential value. It is not associated with any VLAN ID. |
Wireless Bridge Vlan ID | Enter a VLAN ID for the wireless bridge. The VLAN IDs you set on your root AP should be the same as the VLAN ID you set here. See Zyxel Device Roles for more information on wireless bridge. |
OK | Click OK to save your changes back to the Zyxel Device. |
Close | Click Close to close the pop-up window without saving your changes. |
Max Output Power | Enter the maximum output power (between 0 to 30 dBm) of the Zyxel Device in this field. If there is a high density of APs in an area, decrease the output power of the Zyxel Device to reduce interference with other APs. Reducing the output power also reduces the Zyxel Device’s effective broadcast radius. |
MBSSID Settings | |
Edit | Click Edit ( )to open a screen where you can modify the entry’s settings. In some tables you can just click a table entry and edit it directly in the table. For those types of tables small red triangles display for table entries with changes that you have not yet applied. |
# | This field shows the index number of the SSID |
SSID Profile | This field shows the SSID profile that is associated with the radio profile. |
Apply | Click Apply to save your changes back to the Zyxel Device. |
Reset | Click Reset to return the screen to its last-saved settings. |
Rogue AP
Use this screen to enable Rogue AP Detection and import/export a rogue or friendly AP list in a txt file.
Rogue APs
A rogue AP is a wireless access point operating in a network’s coverage area that is not under the control of the network administrator, and which can potentially open up holes in a network’s security.
In the following example, a corporate network’s security is compromised by a rogue AP (RG) set up by an employee at his workstation in order to allow him to connect his notebook computer wirelessly (A). The company’s legitimate wireless network (the dashed ellipse B) is well-secured, but the rogue AP uses inferior security that is easily broken by an attacker (X) running readily available encryption-cracking software. In this example, the attacker now has access to the company network, including sensitive data stored on the file server (C).
Rogue AP Example
Friendly APs
If you have more than one AP in your wireless network, you should also configure a list of “friendly” APs. Friendly APs are wireless access points that you know are not a threat. It is recommended that you export (save) your list of friendly APs often, especially if you have a network with a large number of access points. Exported lists show MAC addresses in txt file format separated by line breaks.
Rogue AP Detection
This feature allows the Zyxel Device to monitor the WiFi signals for other wireless APs (see also Radio Frequency (RF) Monitor). Detected APs will appear in the Monitor > Wireless > Detected Device screen, where the Zyxel Device will label APs with the criteria you select in Suspected Rogue AP Classification Rule as a suspected rogue. The APs which you mark as either rogue or friendly APs in the Monitor > Wireless > Detected Device screen will appear in the Wireless > Rogue AP screen. See Zyxel Device Product Feature to know which models support Rogue AP Detection.
Note: Enabling Rogue AP Detection might affect the performance of wireless clients associated with the Zyxel Device.
Label | Description |
|---|---|
Rogue AP Detection Setting | |
Enable Rogue AP Detection | Select this check box to detect Rogue APs in the network. |
Suspected Rogue AP Classification Rule | Select the check boxes (Weak Security (Open, WEP, WPA-PSK), Hidden SSID, SSID Keyword) of the characteristics an AP should have for the Zyxel Device to mark it as a Rogue AP. |
Add | Click this to add an SSID Keyword. |
Edit | Select an SSID Keyword and click this button to modify it. |
Remove | Select an existing SSID keyword and click this button to delete it. |
# | This is the SSID Keyword’s index number in this list. |
SSID Keyword | This field displays the SSID Keyword. |
Rogue/Friendly AP List | |
Add | Click this button to add an AP to the list and assign it either friendly or rogue status. |
Edit | Select an AP in the list to edit and reassign its status. |
Remove | Select an AP in the list to remove. |
# | This field is a sequential value, and it is not associated with any interface. |
Role | This field indicates whether the selected AP is a rogue-ap or a friendly-ap. To change the AP’s role, click the Edit button. |
MAC Address | This field indicates the AP’s radio MAC address. |
Description | This field displays the AP’s description. You can modify this by clicking the Edit button. |
Rogue/Friendly AP List Importing/Exporting | These controls allow you to export the current list of rogue and friendly APs or import existing lists. |
File Path / Browse / Importing | Enter the file name and path of the list you want to import or click the Browse button to locate it. Once the File Path field has been populated, click Importing to bring the list into the Zyxel Device. You need to wait a while for the importing process to finish. |
Exporting | Click this button to export the current list of either rogue APs or friendly APS. |
Apply | Click Apply to save your changes back to the Zyxel Device. |
Reset | Click Reset to return the screen to its last-saved settings. |
Add/Edit Rogue/Friendly List
Label | Description |
|---|---|
MAC | Enter the MAC address of the AP you want to add to the list. A MAC address is a unique hardware identifier in the following hexadecimal format: xx:xx:xx:xx:xx:xx where xx is a hexadecimal number separated by colons. |
Description | Enter up to 60 characters for the AP’s description. Spaces and underscores are allowed. |
Role | Select either Rogue AP or Friendly AP for the AP’s role. |
OK | Click OK to save your changes back to the Zyxel Device. |
Cancel | Click Cancel to close the window with changes unsaved. |
DCS
Use this screen to configure dynamic radio channel selection (see Dynamic Channel Selection (DCS)).
Label | Description |
|---|---|
DCS Now | Click this to have the Zyxel Device scan for and select an available channel immediately. |
Apply | Click Apply to save your changes back to the Zyxel Device. |
Reset | Click Reset to return the screen to its last-saved settings. |
Technical Reference
The following section contains additional technical information about the features described in this chapter.
Dynamic Channel Selection
When numerous APs broadcast within a given area, they introduce the possibility of heightened radio interference, especially if some or all of them are broadcasting on the same radio channel. If the interference becomes too great, then the network administrator must open his AP configuration options and manually change the channel to one that no other AP is using (or at least a channel that has a lower level of interference) in order to give the connected stations a minimum degree of interference. Dynamic channel selection frees the network administrator from this task by letting the AP do it automatically. The AP can scan the area around it looking for the channel with the least amount of interference.
In the 2.4 GHz spectrum, each channel from 1 to 13 is broken up into discrete 22 MHz segments that are spaced 5 MHz apart. Channel 1 is centered on 2.412 GHz while channel 13 is centered on 2.472 GHz.
An Example Three-Channel Deployment
Three channels are situated in such a way as to create almost no interference with one another if used exclusively: 1, 6 and 11. When an AP broadcasts on any of these 3 channels, it should not interfere with neighboring APs as long as they are also limited to same trio.
An Example Four-Channel Deployment
However, some regions require the use of other channels and often use a safety scheme with the following four channels: 1, 4, 7 and 11. While they are situated sufficiently close to both each other and the three so-called “safe” channels (1,6 and 11) that interference becomes inevitable, the severity of it is dependent upon other factors: proximity to the affected AP, signal strength, activity, and so on.
Finally, there is an alternative four channel scheme for ETSI, consisting of channels 1, 5, 9, 13. This offers significantly less overlap that the other one.
An Alternative Four-Channel Deployment