ZyXEL provides Paten Hotels with wireless broadband

Overview

Challenges:
Four hotels with different network requirements To increase occupancy rates and improve customer service through the delivery of internet access Two hotels are listed buildings No on-site technical staff

Free broadband access

Paten Hotels wanted to provide free broadband and wireless access across the group, in all public areas, conference rooms and bedrooms. The coverage needed to be reliable, low maintenance and accessible to clients 24 hours a day, seven days a week. Paten Hotels was using The Cloud to provide broadband into its hotels. As part of the contract they were tied to the same provider for three years, but the contract was coming to an end. Paten Hotels wanted to provide a free added value service and The Cloud were unable to provide a solution at the time. Robert Smith, sales and marketing director, Paten Hotels, was behind the decision to upgrade. We were already offering broadband to guests, but we really needed to move to a non-charging model to meet customer demands. Hotel Broadband came in to meet us and were quick to understand how important it was to have a reliable, easy-to-use framework in place. Hotel Broadband made the decision to use ZyXEL products in the implementations. Each of the groups hotels has a different set of products in order to maximise the benefits of the offering for their guests. ZyXEL was chosen because it has a rich feature set and provides exceptional value for the price in the hospitality market. It was important to look at the needs of each individual hotel when we did the analysis, commented James Richmond, sales director, Hotel Broadband. We had the brief from head office to provide straightforward, free wired and wireless broadband, but we had to really think about what each hotel needed rather than rolling out a generic solution for everyone, which just wouldnt have worked. All hotels benefit from Hotel Broadbands custom developed guest service gateway and remote monitoring to cater for any potential system faults. A guest support helpline is available. Staff at the help centre are able to remotely diagnose any issues with the network at any of the hotels. If this can be sorted out over the phone then someone will help the hotel staff fix the problem. Alternatively, an engineer will be sent to the site to fix any problems within eight business hours of it being reported.

Benefits:

Provide free, easy to manage, wired and wireless Internet access to hotel guests Reliable service with minimal calls to help centre Future-proof to enable future applications across existing products

ZyXEL wireless solution:

G-3000H access points ES-2024PWR Power over Ethernet managed switches ES-2108PWR Power over Ethernet managed switches

ZyXEL wired solution:

ES-2024PWR managed switches

Paten Hotels

Paten Hotels is a small, privately owned group of 3 and 4 star hotels located in the South East and Midlands. The group's hotels include the Bedford Swan Hotel (Bedford), the Langstone Hotel (Havant, near Portsmouth), the Marks Tey Hotel (Colchester) and the Best Western Grosvenor Hotel (Stratford-Upon-Avon). The philosophy of Paten Hotels is to deliver excellent levels of customer service, attended by pleasant staff, in comfortable surroundings designed to meet the demands of the modern traveller. Hotel Broadband, a leading provider of high speed Internet solutions, was chosen to undertake the project. Hotel Broadband is a Bristol-based company that provides high speed Internet access to 2-5 star hotels.
ZyXEL provides tailored solutions
The Langstone Hotel in Portsmouth is the biggest hotel in the Paten Group, with 148 rooms. It was important that the installation made use of the network that was already in place in the hotel, so all existing hardwiring to the bedrooms was kept in place. The switches running the wired network were changed to ZyXEL ES-2024PWR managed switches, which provide Power over Ethernet (PoE). These switches not only provide high levels of security, they also offer traffic prioritisation for multi-services, which means they offer future-proofing if the hotel decides to deploy VoIP or other on-demand services. The hotel also put in six G-3000H wireless access points to cover the public areas and these are connected via the ES-2024PWR switches. The wireless access points were chosen as they have enterprise level security features, whilst offering low operating costs, ideal for providing wireless Internet access in the public areas of the hotel. In Bedford, the Swan Hotel also required a combination of wired and wireless access for its guests. The wireless connection had to cover the older part of the hotel which was listed and therefore could not be altered to support fixed connectivity. For this implementation they used 13 G-3000H wireless access points to cover the public areas and five ES-2024PWR switches to manage the wired connectivity into each of the 125 bedrooms. With 110 rooms, Marks Tey Hotel is situated in Colchester which makes it a popular choice for business travellers using Stansted airport. This hotel opted for a totally wireless solution. Wireless covers the whole hotel via 11 G-3000H wireless access points. These are data connected and powered via an ES-2024PWR switch. Finally, the smallest hotel in the group, with 73 rooms, is the Grade II listed Best Western Grosvenor Hotel in Stratford-Upon-Avon. This hotel uses 13 G-3000H wireless access points to support wireless coverage throughout the hotel. These are run using two ES2024 PWR switches. The hotel required more access points because it is an older building developed over a more sprawled site.

Reliable access - every day
During the first month of the implementation, the Langstone Hotel supported 358 Internet sessions, each from a different guest. Paten Hotels is now able to support a much higher number of people accessing the Internet via their networks without worrying the network will fail. Weve gone from a situation of receiving complaints about network problems more or less every day, to having a high rate of people using the systems successfully, said Smith. Were also in a situation where we not only trust the technology, but support is available at the end of the phone. Although the hotel group benefits from a remote help centre there have only been a handful of support calls made to Hotel Broadband since the go-live in November, and they have not required any site visits. The hotels are all extremely pleased with the technology that has been put in place and are even starting to think about the next phases.
About ZyXEL Communications
ZyXEL Communications Corp. (TSE: 2391), headquartered in Hsinchu, Taiwan, is the worlds leading residential gateway provider and was recently ranked as Taiwans First Green Enterprise, and the second best Green Company in Asia (2007 CG watch, Asian Corporate Governance Association). ZyXEL's comprehensive Internet Protocol-based (IP) networking solutions include access multiplexers, customer premise equipment, Internet security and Wireless LAN equipment, enabling high-performance network services for SOHO, small to mid-sized businesses and service providers. ZyXEL works closely with worldwide network equipment vendors, telecommunications companies, ISPs, and other major businesses. For more information, visit the company's website at http://www.zyxel.com
Copyright 2008 ZyXEL Communications Corp. All rights reserved. ZyXEL, ZyXEL logo are registered trademarks of ZyXEL Communications Corp. All other brands, product names, or trademarks mentioned are the property of their respective owners. All specifications are subject to change without notice.

7. Why can't I configure B-100/B-101/B-200/B-220/B-300/B-400/G-100 client adapter with the supplied utility in Windows XP? This is because XP uses its default configuration for wireless adapter. You can disable it by entering Control Panel->Network and Dialup Connections->Wireless network connection->Advance and uncheck the use Windows to configure wireless configuration check box and click OK. Now you need to exit the supplied configuration utility in the Windows task bar and restart it again. Now you can use the supplied utility to configure your B-100. 8. What is the default user name and password to login the ZyAIR via the browser? To restrict only the adminstrator can configure the router, there is a login procedure prompted for asking User Name and Password. The default User Name is 'admin' and the default password is the default SMT password, '1234'. 9. How can I manage the ZyAIR?
Configuration via web browser to the embedded Web Configurator. Telnet remote management TFTP (Trivial File Transfer Protocol), FTP firmware upgrade and configuration backup and restore.
10. What network interface does the ZyAIR support? The ZyAIR supports 1 auto MDX/MDIX 10/100M Ethernet interface to connect to your existing wired Ethernet network and 1 802.11g wireless interface to connect to the wireless stations in the coverage range.
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/faq/faq.htm (3 of 6)2005/7/15 02:14:41
11. What is the maximum number of wireless client can associated with ZyAIR simultaneously? We did not limit the number of wireless client can associated with ZyAIR simultaneously, the suggest number are no more than 32, a good number is under 10 to ensure the performance of each wireless client.
Advanced FAQ 1. What is the default antenna type and gain on ZyAIR? The ZyAIR are equip with omni directional antenna with 2 dBi Gains. 2. Can I change the antenna on ZyAIR? Yes, you can change the antenna on ZyAIR to fit your implementation needs. To change antenna you must remove it first. You can remove the antenna by holding the outer ring of the antenna and turn it counter clock wise, and firmly remove the antenna from the ZyAIR. To install it simply reverse the removing procedure. 3. What are the connector type required on the replacement antenna? ZyAIR are equip with Reverse Polarity SMA jack, so it will work with any 2.4Ghz wireless antenna with Reverse Polarity SMA Plug. 4. What is the RF power output of ZyAIR? The output power of ZyAIR is 12dBm or 16mW from the RF module. 5. What wireless security mechanism are supported by ZyAIR? ZyAIR supports below security mechanisms. 1. MAC address filtering. 2. 64bit/128bit WEP (Wired Equivalent Privacy). 3. 802.1x/WPA authentication support. 6. What is the difference between Open System and Shared Key of Authentication Type?
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/faq/faq.htm (4 of 6)2005/7/15 02:14:41

Open System: The default authentication service that simply announces the desire to associate with another station or access point. A station can authenticate with any other station or access point using open system authentication if the receiving station designates open system authentication. Share Key: The optional authentication that involves a more rigorous exchange of frames, ensuring that the requesting station is authentic. For a station to use shared key authentication, it must implement WEP. 7. What authentication type does ZyAIR support? ZyAIR support null authentication when WEP is disabled as specified by IEEE 802.11b/802.11g standard, and when WEP is enabled it is using shared key authentication and data are encrypted at the same time. 8. Why is the supplied utility for B-100/B-101/B-200/B-220/B-300/G-100 keep on prompting "Invalid WEP key length" when I try to save my WEP configuration and I am sure the configuration is correct? Please make sure all 4 set of keys are with correct and WEP key length are also correct. Do not leave any key field blank. Note: Please make sure all 4 set of keys are consistent with the 4 set of keys configured in AP. 9. I have problem associated with ZyAIR with Symbol wireless PCMCIA card when WEP is enabled, why? This is because when WEP is enabled in ZyAIR it is authenticating using Shared key authentication. Symbol PcMCIA client do not support Shared key Authentication. When configuring WEP encryption please ensure open system is selected for authentication method. If you have several wireless NIC card in your network and all are from different vendor please configure the authentication method to 'Auto'. The system will auto detect the authentication method of the station. 10. What are 802.1x authentication type and which authentication type does ZyAIR 802.1x embedded server support. 802.1x specify the following authentication type, and the ZyAIR's embedded 802.1x server only support MD5/CHAP authentication. 1. 2. 3. 4. MD5/CHAP One time password Generic Token Card TLS
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/faq/faq.htm (5 of 6)2005/7/15 02:14:41
5. TTLS 6. LEAP 7. PEAP 11. How does the ZyAIR support TFTP and FTP? In addition to the direct console port connection, the Prestige supports the uploading/download of the firmware and configuration file using TFTP (Trivial File Transfer Protocol) or FTP over LAN. 12. Which 802.1x authentication software client can ZyAIR work with? ZyAIR can work with the below test 802.1x authentication software. For embedded MD5/CHAP authentication server 1. Windows XP embedded 802.1x client (Before SP1 patch). 2. Meetinghouse AEGIS client. 3. Funk Software Odyssey client. For external TLS authentication server (Odyssey server). 1. Windows XP embedded 802.1x client 2. Funk Software Odyssey client For external TTLS authentication server (Odyssey server) 1. Funk Software Odyssey client. Note: 1. XP only support MD5/CHAP and TLS before SP1 patch, after upgrade SP1, XP support only PEAT authentication. 2. When using external server ZyAIR only act as a pass-through thus no extra setting are required.

file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/faq/Wireless_faq.htm (2 of 9)2005/7/15 02:14:42
Installing a wireless LAN system can be fast and easy and can eliminate the need to pull cable through walls and ceilings. c. Installation Flexibility: Wireless technology allows the network to go where wire cannot go. d. Reduced Cost-of-Ownership: While the initial investment required for wireless LAN hardware can be higher than the cost of wired LAN hardware, overall installation expenses and life-cycle costs can be significantly lower. Long-term cost benefits are greatest in dynamic environments requiring frequent moves and changes. e. Scalability: Wireless LAN systems can be configured in a variety of topologies to meet the needs of specific applications and installations. Configurations are easily changed and range from peer-to-peer networks suitable for a small number of users to full infrastructure networks of thousands of users that enable roaming over a broad area. 3. What are the disadvantages of Wireless LANs ? The speed of Wireless LAN is still relative slower than wired LAN. The most popular wired LAN is operated in 100Mbps, which is almost 10 times of that of Wireless LAN (10Mbps). A faster wired LAN standard (1000Mbps), which is 100 times faster, becomes popular as well. The setup cost of Wireless LAN is relative high because the equipment cost including access point and PCMCIA Wireless LAN card is higher than hubs and CAT 5 cables. 4. Where can you find wireless 802.11 networks ? Airports, hotels, and even coffee shops like Starbucks are deploying 802.11 networks so people can wirelessly browse the Internet with their laptops. As these types of networks increase, this will create additional security risk for the remote user if not properly protected. 5. What is an Access Point ? The AP (access point also known as a base station) is the wireless server that with an antenna and a wired Ethernet connection that broadcasts information using radio signals. AP typically act as a bridge for the clients. It can pass information to wireless LAN cards that have been installed in computers or laptops allowing those computers to connect to the campus network and the Internet without wires. 6. What is IEEE 802.11 ? The IEEE 802.11 is a wireless LAN industry standard, and the objective of IEEE 802.11 is to make sure that different manufactures' wireless LAN devices can communicate to each other.802.11 provides 1 or 2 Mbps transmission in the 2.4 GHz ISM band using either FHSS or DSSS. 7. What is 802.11b ? 802.11b is the first revision of 802.11 standard allowing data rates up to 11Mbps in the 2.4GHz ISM

file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/faq/Wireless_faq.htm (3 of 9)2005/7/15 02:14:42
band. Also known as 802.11 High-Rate and Wi-Fi. 802.11b only uses DSSS, the maximum speed of 11Mbps has fallbacks to 5.5, 2 and 1Mbps. 8. How fast is 802.11b ? The IEEE 802.11b standard has a nominal speed of 11 megabits per second (Mbps). However, depending on signal quality and how many other people are using the wireless ethernet through a particular Access Point, usable speed will be much less (on the order of 4 or 5 Mbps, which is still substantially faster than most dialup, cable and DSL modems). 9. What is 802.11a ? 802.11a the second revision of 802.11 that operates in the unlicensed 5 GHz band and allows transmission rates of up to 54Mbps. 802.11a uses OFDM (orthogonal frequency division multiplexing) as opposed to FHSS or DSSS. Higher data rates are possible by combining channels. Due to higher frequency, range is less than lower frequency systems (i.e., 802.11b and 802.11g) and can increase the cost of the overall solution because a greater number of access points may be required. 802.11a is not directly compatible with 802.11b or 802.11g networks. In other words, a user equipped with an 802.11b or 802.11g radio card will not be able to interface directly to an 802.11a access point. Multi-mode NICs will solve this problem. 10. What is 802.11g ? 802.11g is an extension to 802.11b. 802.11g increases 802.11b's data rates to 54 Mbps and still utilize the the 2.4 GHz ISM. Modulation is based upon OFDM (orthogonal frequency division multiplexing) technology. An 802.11b radio card will interface directly with an 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. The range at 54 Mbps is less than for 802.11b operating at 11 Mbps. 11. Is it possible to use products from a variety of vendors ? Yes. As long as the products comply to the same IEEE 802.11 standard. The Wi-Fi logo is used to define 802.11b compatible products. Wi-Fi5 is a compatibility standard for 802.11a products running in the 5GHz band. 12. What is Wi-Fi ? The Wi-Fi logo signifies that a product is interoperable with wireless networking equipment from other vendors. A Wi-Fi logo product has been tested and certified by the Wireless Ethernet Compatibility Alliance (WECA). The Socket Wireless LAN Card is Wi-Fi certified, and that means that it will work (interoperate) with any brand of Access Point that is also Wi-Fi certified. 13. What types of devices use the 2.4GHz Band ? Various spread spectrum radio communication applications use the 2.4 GHz band. This includes WLAN systems (not necessarily of the type IEEE 802.11b), cordless phones, wireless medical telemetry equipment and Bluetooth short-range wireless applications, which include connecting printers to computers and connecting modems or hands-free kits to mobile phones.

file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/faq/Wireless_faq.htm (4 of 9)2005/7/15 02:14:42
14. Does the 802.11 interfere with Bluetooth devices ? Any time devices are operated in the same frequency band, there is the potential for interference. Both the 802.11b and Bluetooth devices occupy the same2.4-to-2.483-GHz unlicensed frequency rangethe same band. But a Bluetooth device would not interfere with other 802.11 devices much more than another 802.11 device would interefere. While more collisions are possible with the introduction of a Bluetooth device, they are also possible with the introduction of another 802.11 device, or a new 2.4 GHz cordless phone for that matter. But, BlueTooth devices are usually low-power, so the effects that a Bluetooth device may have on an 802.11 network, if any, aren't far-reaching. 15. Can radio signals pass through walls ? Transmitting through a wall is possible depending upon the material used in its construction. In general, metals and substances with a high water content do not allow radio waves to pass through. Metals reflect radio waves and concrete attenuates radio waves. The amount of attenuation suffered in passing through concrete will be a function of its thickness and amount of metal re-enforcement used.
16. What are potential factors that may causes interference among WLAN products ?
Factors of interference: 1. Obstacles: walls, ceilings, furniture etc. 2. Building Materials: metal door, aluminum studs. 3. Electrical devices: microwaves, monitors, electric motors. Solution : 1.Minimizing the number of walls and ceilings 2.Antenna is positioned for best reception 3.Keep WLAN products away from electrical devices, eg: microwaves, monitors, electric motors,, etc. 4. Add additional APs if necessary. 17. What's the difference between a WLAN and a WWAN ? WLANs are generally privately owned, wireless systems that are deployed in a corporation, warehouse, hospital, or educational campus setting. Data rates are high and there are no per-packet charges for data transmission. WWANs are generally publicly shared data networks designed to provide coverage in metropolitan areas and along traffic corridors. WWANs are owned by a service provider or carrier. Data rates are low and charges are based on usage. Specialized applications are characteristically designed around short, burst messaging.
Advanced FAQ 1. What is Ad Hoc mode ? A wireless network consists of a number of stations without access points. Without using an access point
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/faq/Wireless_faq.htm (5 of 9)2005/7/15 02:14:42
or any connection to a wired network. 2. What is Infrastructure mode ? Infrastructure mode implies connectivity to a wired communications infrastructure. If such connectivity is required the Access Points must be used to connected to the wired LAN backbone. Wireless clients have their configurations set for "infrastructure mode" in order to utilize access points relaying. 3. How many Access Points are required in a given area ? This depends on the surrounding terrain, the diameter of the client population, and the number of clients. If an area is large with dispersed pockets of populations then extension points can be used for extend coverage. 4. What is Direct-Sequence Spread Spectrum Technology (DSSS) ? DSSS spreads its signal continuously over a wide frequency band. DSSS maps the information bearing bit-pattern at the sending station into a higher data rate bit sequence using a "chipping" code. The chipping code (also known as processing gain) introduces redundancy which allows data recovery if certain bit errors occur during transmission. The FCC rules the minimum processing gain should be 10, typical systems use processing gains of 20. IEEE 802.11b specifies the use of DSSS. 5. What is Frequency-hopping Spread Spectrum Technology (FHSS) ? FHSS uses a narrowband carrier which hops through a predefined sequence of several frequencies at a specific rate. This avoids problems with fixed channel narrowband noise and simple jamming. Both transmitter and receiver must have their hopping sequences synchronized to create the effect of a single "logical channel". To an unsynchronised receivers an FHSS transmission appears to be short-duration impulse noise. 802.11 may use FHSS or DSSS. 6. Do I need the same kind of antenna on both sides of a link ? No. Provided the antenna is optimally designed for 2.4GHz or 5GHz operation. WLAN NICs often include an internal antenna which may provide sufficient reception. 7. Why the 2.4 Ghz Frequency range ? This frequency range has been set aside by the FCC, and is generally labeled the ISM band. A few years ago Apple and several other large corporations requested that the FCC allow the development of wireless networks within this frequency range. What we have today is a protocol and system that allows for unlicensed use of radios within a prescribed power level. The ISM band is populated by Industrial, Scientific and Medical devices that are all low power devices, but can interfere with each other. 8. What is Server Set ID (SSID) ? SSID is a configurable identification that allows clients to communicate to the appropriate base station. With proper configuration, only clients that are configured with the same SSID can communicate with base stations having the same SSID. SSID from a security point of view acts as a simple single shared password between base stations and clients.

Configuration for Wireless Station A
To configure Ad hoc mode on your ZyAIR B-100/B-200/B-300 wireless NIC card please follow the following step.
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/Adhoc.htm (1 of 7)2005/7/15 02:14:43
1. Double click on the utility icon in your windows task bar the utility will pop up on your windows screen. 2. Select configuration tab.
3. Select Ad hoc from the operation mode pull down menu, fill you an SSID and select a channel you want to use than press OK to apply. 4. Since there is no DHCP server to give the host IP you must first designate a static IP for your station. From Windows Start select Control Panel >Network Connection>Wireless Network Connection.
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/Adhoc.htm (2 of 7)2005/7/15 02:14:43
5. From general tab select TCP/IP and click property
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/Adhoc.htm (3 of 7)2005/7/15 02:14:43
6. Fill in your network IP address and subnet mask and click OK to finish.
Configuration for Wireless Station B
To configure Ad hoc mode on your ZyAIR B-100/B-200/B-300 wireless NIC card please follow the following step. 1. Double click on the utility icon in your windows task bar the utility will pop up on your windows screen. 2. Select configuration tab.
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/Adhoc.htm (4 of 7)2005/7/15 02:14:43
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/Adhoc.htm (5 of 7)2005/7/15 02:14:43
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/Adhoc.htm (6 of 7)2005/7/15 02:14:43
6. Fill in your network IP address and subnet mask and click OK to finish. 7. Station A now are able to connect to Station B.
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/Adhoc.htm (7 of 7)2005/7/15 02:14:43
Infrastructure Introduction Configure wireless access point to Infrastructure mode with SMT Configure wireless access point to Infrastructure mode with Web configurator
Menu 3.5 - Wireless LAN Setup
ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A Authen. Method= N/A
Edit MAC Address Filter= No Edit Roaming Configuration= No Block Intra-BSS Traffic= Yes Number of Associated Stations= 32 Breathing LED= Yes Output Power= 17dBm

Press ENTER to Confirm or ESC to Cancel:

MAC Filter Overview

Menu 3.5.1 - WLAN MAC Address Filter Active= No Filter Action= Allowed Association -----------------------------------------------------------------------------1= 2= 3= 4= 5= 6= 7= 8= 9= 10= 11= 12= 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 13= 14= 15= 16= 17= 18= 19= 20= 21= 22= 23= 24= 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 25= 26= 27= 28= 29= 30= 31= 32= 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00
------------------------------------------------------------------------------
Enter here to CONFIRM or ESC to CANCEL:
Wired Equivalent Privacy (WEP)
Setup WEP (Wired Equivalent Privacy)
Introduction Setting up the Access Point Setting up the Station
Introduction The 802.11 standard describes the communication that occurs in wireless LANs. The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from eavesdropping, because wireless transmissions are easier to intercept than transmissions over wired networks, and wireless is a shared medium, everything that is transmitted or received over a wireless network can be intercepted. WEP relies on a secret key that is shared between a mobile station (e.g. a laptop with a wireless Ethernet card) and an access point (i.e. a base station). The secret key is used to encrypt packets before they are transmitted, and an integrity check is used to ensure that packages are not modified during the transition. The standard does not discuss how the shared key is established. In practice, most installations use a single key that is shared between all mobile stations and access points APs. WEP employs the key encryption algorithm, Ron's Code 4 Pseudo Random Number Generator (RC4 PRNG). The same key is used to encrypt and decrypt the data.

Menu 3.5.2 - Roaming Configuration Active= Yes Port #= 3517 Press ENTER to Confirm or ESC to Cancel:

field Active

description Press [SPACE BAR] and then [ENTER] to select Yes to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet. Port # Enter the port number to communicate roaming information between access points. The port number must be the same on all access points. The default is 3517. Make sure this port is not used by other services. When you have completed this menu, press [ENTER] at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press [ESC] to cancel and go back to the previous screen.
description Use the pull down menu to select Yes to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet. Port # Enter the port number to communicate roaming information between access points. The port number must be the same on all access points. The default is 3517. Make sure this port is not used by other services. When you have completed this menu, press [Apply] on the bottom of the page for the configuration to take effect.

Site survey

Site Survey
Site survey introduction Preparation Survey on site
What is Site Survey? An RF site survey is a MAP to RF contour of RF coverage in a particular facility. With wireless system it is very difficult to predict the propagation of radio waves and detect the presence of interfering signals. Walls, doors, elevator shafts, and other obstacles offer different degree of attenuation. This will cause the RF coverage pattern be irregular and hard to predict. Site survey can help us overcome these problem and even provide us a map of RF coverage of the facility.
Preparation Below are the step to complete a simple site survey with simple tools. 1. First you will need to Obtain a facility diagram, such as a blueprints. This is for you to mark and take record on. 2. Visually inspect the facility, walk through the facility to verify the accuracy of the diagram and mark down any large obstacle you see that may effect the RF signal such as metal shelf, metal desk, etc on the diagram. 3. Identify user's area, when doing so ask a question where is wireless coverage needed and where does not, and note and take note on the diagram this is information is needed to determine the number of AP required. 4. Determine the preliminary access point location on the facility diagram base on the service area needed, obstacles, power wall jack considerations.
Survey on Site 1. With the diagram with all information you gathered in the preparation phase. Now you are ready to make the survey.

file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/AP+bridge%20mode.htm (1 of 6)2005/7/15 02:14:53
1. Click Advanced and Wireless. 2. Select AP+Bridge in the Operation Mode drop-down list box to display the screen as down. 3. Type a name to identify the ZyAIR in the wireless LAN(up to 32 characters) as the ESSID. 4. Select the Channel in the Choose Channel ID field. 5. Type the MAC address of peer device in the Remote Bridge MAC Address field, that is, six hexadecimal character pairs. 6. Click Apply to finish.
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/AP+bridge%20mode.htm (2 of 6)2005/7/15 02:14:53
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/AP+bridge%20mode.htm (3 of 6)2005/7/15 02:14:53
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/AP+bridge%20mode.htm (4 of 6)2005/7/15 02:14:53
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/AP+bridge%20mode.htm (5 of 6)2005/7/15 02:14:53
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/AP+bridge%20mode.htm (6 of 6)2005/7/15 02:14:53
IEEE 802.1x Access Control
Setup IEEE 802.1x Access Control (Authentication and Accounting)
What is IEEE 802.1x ? IEEE 802.1x Introduction Authentication Port State and Authentication Control s Re-Authentication s EAPOL Setup 802.1x in Wireless Access Point
Enable 802.1x s Using Internal Authentication Server s Using External RADIUS Authentication Server s Using Internal RADIUS Authentication Server Setup 802.1x client in the Station

Configure 802.1x and WPA

What is the WPA Functionality? Configuration for Access Point Configuration for your PC

IEEE 802.1x Introduction

IEEE 802.1x port-based authentication is desired to prevent unauthorized devices (clients) from gaining access to the network. As LANs extend to hotels, airports, and corporate lobbies, insecure environments could be created. 802.1x port-based network access control makes use of the physical access characteristics of IEEE 802 LAN infrastructures, such as 802.3 Ethernet, 802.11 Wireless LAN and VDSL LRE (Long Reach Ethernet), in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connection characteristics, and of preventing access to that port in cases the authentication process fails.

1. Force Authorized : Disables 802.1x and causes the port to transition to the authorized state without any authentication exchange required. The port transmits and
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/8021x.htm (3 of 27)2005/7/15 02:14:56
receives normal traffic without 802.1x-based authentication of the client. This is the default port control setting. While AP is setup as Force Authorized, Wireless client (supported 802.1x client or none-802.1x client) can always access the network. 2. Force Unauthorized : Causes the port to remain in the unauthorized state, ignoring all attempts by the client to authenticate. The authenticator cannot provide authentication services to the supplicants through the port. While AP is setup as Force Unauthorized, Wireless clients (supported 802.1x client or none-802.1x client) never have the access for the network. 3. Auto : Enables 802.1x and causes the port to begin in the unauthorized state, allowing only EAPOL frames to be sent and received through the port. The authentication process begins when the link state of the port transitions from down to up, or when an EAPOL-start frame is received requests the identity of the client and begins relaying authentication messages between supplicant and the authentication server. Each supplicant attempting to access the network is uniquely identified by the authenticator by using the clients MAC address. While AP is setup as Auto, only Wireless client supported 802.1x client can access the network.

Re-Authentication

The administrator can enable periodic 802.1x client re-authentication and specify how often it occurs. When re-authentication time out, Authenticator will send EAP-Request/ Identity to reinitiate authentication process. In ZyXEL Wireless AP 802.1x implementation, if you do not specify a time period before enabling re-authentication, the number of seconds between reauthentication attempts is 1800 seconds (30 minutes).
EAPOL (Extensible Authentication Protocol over LAN)
Authenticators and supplicants communicate with one another by using the Extensible Authentication Protocol (EAP, RFC-2284). EAP was originally designed to run over PPP and to authenticate dial-in users, but 802.1x defines an encapsulation method for passing EAP packets over Ethernet frames. This method is referred to as EAP over LANs, or EAPOL. Ethernet type of EAPOL is 88-8E , two octets in length. EAPOL encapsulations are described for IEEE 802 compliant environment, such as 802.3 Ethernet, 802.11 Wireless LAN and Token Ring/FDDI.
The EAP protocol can support multiple authentication mechanisms, such as MD5-challenge, One-Time Passwords, Generic Token Card, TLS and TTLS etc. Typically, the authenticator will send an initial Identity Request followed by one or more Requests for authentication information. When supplicant receive the EAP request, it will reply associated EAP response. So far, ZyXEL Wireless AP only supports MD-5 challenge authentication mechanism, but will support TLS and TTLS in the future.

file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/8021x.htm (4 of 27)2005/7/15 02:14:56
EAPOL Exchange between 802.1x Authenticator and Supplicant The authenticator or the supplicant can initiate authentication. If you enable 802.1x authentication on the Wireless AP, the authenticator must initiate authentication when it determines that the Wireless link state transitions from down to up. It then sends an EAP-request/identity frame to the 802.1x client to request its identity (typically, the authenticator sends an initial identity/request frame followed by one or more requests for authentication information). Upon receipt of the frame, the supplicant responds with an EAP-response/identity frame. However, if during bootup, the supplicant does not receive an EAP-request/identity frame from the Wireless AP, the client can initiate authentication by sending an EAPOL-Start frame, which prompts the switch to request the supplicants identity. In above case, authenticator co-locate with authentication server. When the supplicant supplies its identity, the authenticator directly exchanges EAPOL to the supplicant until authentication succeeds or fails. If the authentication succeeds, the port becomes authorized. If the authentication fails, the port becomes unauthorized. When the supplicant does not need Wireless access any more, it sends EAPOL-Logoff packet to terminate its 802.1x session, the port state will become unauthorized. The following figure shows the EAPOL exchange ping-pong chart.
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/8021x.htm (5 of 27)2005/7/15 02:14:56
The EAPOL packet contains the following fields: protocol version, packet type, packet body length and packet body. Most of the fields are obvious. The packet type can have four different values, and these values are described below:
EAP-Packet : Both the supplicant and the authenticator send this packet when authentication is taking place. This is the packet that contains either the MD5Challenge or TLS information required for authentication. EAPOL-Start : This supplicant sends this packet when it wants to initiate the authentication process. EAPOL-Logoff : The supplicant sends this packet when it wants to terminate its 802.1x session. EAPOL-Key : This is used for TLS authentication method. The Wireless AP uses this packet to send the calculated WEP key to the supplicant after TLS negotiation has completed between the supplicant and the RADIUS server.
IEEE 802.1x Configuration in ZyXEL Wireless Access Point

Enable 802.1x in AP

When the IEEE 802.1x authentication is enabled, the wireless client must be authenticated by the ZyXEL AP before it can communicate on your network through ZyXEL AP. By default, the 802.1x function is disabled (Authentication Control= Force Authorized) to allow all wireless client. You can use SMT or Web Configuration to configure it.

file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/8021x.htm (6 of 27)2005/7/15 02:14:56
Enter SMT Menu 23.4 to setup the 802.1x authentication control.
Menu 23.4 - System Security - IEEE802.1X Wireless Port Control= No Access Allowed/No Authentication Required/ Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in second)= 3600 Key Management Protocol= 802.1x/WPA/WPA-PSK
Key Settings : Option Descriptions To control wireless clients access to the wired network, select a control method from the drop-down list box. Choose from No Authentication Required, Authentication Required and No Access Allowed. No Authentication Required allows all wireless stations access to the wired network without entering usernames and passwords. This is the default setting. Wireless Port Control Authentication Required means that all wireless stations have to enter usernames and passwords before access to the wired network is allowed. No Access Allowed blocks all wireless stations access to the wired network. Select Authentication Required to configure Key Management Protocol and other related fields. Key Management Protocol Choose 802.1x from the drop-down list.
If you use WEB Configuration,
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/8021x.htm (7 of 27)2005/7/15 02:14:56

1. 2. 3. 4.

From the Web Configurator main menu, go to Main Menu->WIRELESS->802.1x/WPA. In the Wireless Port Control, select Authentication Required option. In the Key Management Protocol, select 802.1x to enable 802.1x authentication function. Click Apply to make your setting work.
After 802.1x authentication function is enabled, you have to setup the authentication server, you may use internal authentication server inside ZyXEL wireless AP or External RADIUS authentication server or Internal RADIUS authentication server.
Using Internal Authentication Server
ZyXEL Wireless Access Point has an internal authentication server for authenticating the wireless 802.1x client users. It builds total 32-users database and allows up to 32 authorized users to login to the Wireless AP simultaneously. When you use internal authentication server, ZyXEL wireless AP is acted as Authenticator and Authentication Server. By storing wireless 802.1x client profiles locally, your ZyXEL AP is able to authenticate wireless client without interacting with a extra network RADIUS server. Follow the steps to add user accounts on your ZyXEL AP. 1. From the SMT main menu, enter 14 to display Menu 14 Dial-in User Setup

Configuration for your PC
1. Double click on your wireless utility icon(here is the Centrion on Windows XP) in your windows task bar the utility will pop up on your windows screen. 2. Select the wireless card that you want to configure. 3. Select on from the Switch Radio.
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/8021x.htm (20 of 27)2005/7/15 02:14:56
4. choose Network option. 5. Add a new wireless profile.
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/8021x.htm (21 of 27)2005/7/15 02:14:56
6. Type the Profile Name and Network Name (SSID) in the field. 7. Click Next button.
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/8021x.htm (22 of 27)2005/7/15 02:14:56
8. Select WPA-PSK from the Network Authentication field. 9. Select TKIP from the Data Encryption field. 10. Type the Pre Share Key (8-63 character) in the Pass phrase field. 11. Click Finish to exit the Profile Wizard screen.
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/8021x.htm (23 of 27)2005/7/15 02:14:56
12. After you finished the profile settings, choose the profile you configured. Then, click Connect button to associate with the Access Point.
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/8021x.htm (24 of 27)2005/7/15 02:14:56
13. Click the General option, we will see the following information, that means the PC associated and authenticated with AP successfully.
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/8021x.htm (25 of 27)2005/7/15 02:14:56
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/8021x.htm (26 of 27)2005/7/15 02:14:56
file:///D|/work%20info/Support%20Note/ZyAIR_G3000H/app/8021x.htm (27 of 27)2005/7/15 02:14:56
Setup 802.1x client in the station
Setup Windows XP 802.1x client Setup MeetingHouse AEGIS 802.1x client
The EAP protocol can support multiple authentication mechanisms, such as MD5-challenge, One-Time Passwords, Generic Token Card, TLS and TTLS etc. So far, ZyXEL Wireless AP only supports MD-5 challenge authentication mechanism, but will support TLS and TTLS in the future. Here we just take MD-5 challenge authentication mechanism as a example.
Setup Windows XP 802.1x client
Please install Windows XP that support 802.1x MD-5 challenge authentication mechanism. Don't upgrade to Service Pack 1, it support TLS authentication mechanism by default, instead of MD-5 challenge. ZyXEL Wireless AP will support TLS and TTLS in the future. 1.In the Network windows, choose Wireless Network Connection entry and click the Properties button. 2. In Wireless Networks tab, check use windows to configure my wireless network. 3. In Preferred Networks field, from the AP list found, move up the AP shmin (e.g.) that you want to use to the top by clicking on the Move up button (Windows XP will automatically detect the AP's ESSID and show it in Available networks field). If the AP is not shown in Available networks field, you can use the Add. button in Preferred networks to add the target AP into the list.