19.1 Overview.... 205 19.1.1 What You Can Do in the Log Screens... 205 19.1.2 What You Need To Know About Logs... 206 19.2 The View Log Screen.... 206 19.3 The Log Settings Screen.... 208 19.4 Technical Reference.... 210 19.4.1 Example Log Messages.... 210 19.4.2 Log Commands.... 212 19.4.3 Configuring What You Want the NWA to Log.. 212 19.4.4 Displaying Logs.... 212 19.4.5 Log Command Example.... 212

Chapter 20 VLAN.... 215

20.1 Overview.... 215 20.1.1 What You Can Do in the VLAN Screen... 215 20.1.2 What You Need To Know About VLAN.. 216 20.2 Wireless VLAN Screen.... 217 20.2.1 RADIUS VLAN Screen... 219 20.3 Technical Reference.... 220 20.3.1 VLAN Tagging.... 220 20.3.2 Configuring Management VLAN Example... 220 20.3.3 Configuring Microsofts IAS Server Example.. 223 20.3.3.1 Configuring VLAN Groups... 224 20.3.3.2 Configuring Remote Access Policies.. 225 20.3.4 Second Rx VLAN ID Example... 233 20.3.4.1 Second Rx VLAN Setup Example... 233
Chapter 21 Maintenance.... 237
21.1 Overview.... 237 21.1.1 What You Can Do in the Maintenance Screens... 237 21.1.2 What You Need To Know.... 237 21.2 Association List Screen.... 238 21.3 Channel Usage Screen.... 239 21.4 F/W Upload Screen.... 240 21.5 Configuration Screen... 242 21.5.1 Backup Configuration... 242 21.5.2 Restore Configuration... 243 21.5.3 Back to Factory Defaults... 244 21.6 Restart Screen..... 244
Chapter 22 Troubleshooting.... 245
22.1 Overview.... 245 22.2 Power, Hardware Connections, and LEDs... 245 22.3 NWA Access and Login.... 246 22.4 Internet Access.... 249 22.5 Wireless Router/AP Troubleshooting... 250
Appendix A Product Specifications.... 251
22.6 Wall-Mounting Instructions.... 253
Appendix B Wireless LANs... 255 Appendix C Pop-up Windows, JavaScripts and Java Permissions.. 271 Appendix D IP Addresses and Subnetting... 279 Appendix E Text File Based Auto Configuration.. 301 Appendix F How to Access and Use the CLI... 309 Appendix G Legal Information.... 315 Appendix H Customer Support... 319 Index..... 327

P ART I

Introduction
Introduction (17) The Web Configurator (29) Tutorials (33)

CHAPTER

1.1 Overview
Your NWA extends the range of your existing wired network without additional wiring, providing easy network access to mobile users. It is highly versatile, featuring dual wireless modules and supporting up to sixteen Basic Service Set Identifiers (BSSID) simultaneously. The Quality of Service (QoS) features allow you to prioritize time-sensitive or highly important applications such as Voice over Internet Protocol (VoIP). Multiple security profiles allow you to easily assign different types of security to groups of users. The NWA controls network access with Media Access Control (MAC) address filtering, rogue Access Point (AP) detection, layer 2 isolation and an internal authentication server. It also provides a high level of network traffic security, supporting Institute of Electronic Engineers (IEEE) 802.1x, Wi-Fi Protected Access (WPA), WPA2 and Wired Equivalent Privacy (WEP) data encryption. Your NWA is easy to install, configure and use. The embedded Web-based configurator enables simple, straightforward management and maintenance. See the Quick Start Guide for instructions on how to make hardware connections.

Figure 8 Multiple BSSs

1.2.5 Pre-Configured SSID Profiles
The NWA has two pre-configured SSID profiles. VoIP_SSID. This profile is intended for use by wireless clients requiring the highest QoS level for VoIP telephony and other applications requiring low latency. The QoS level of this profile is not user-configurable. Guest_SSID. This profile is intended for use by visitors and others who require access to certain resources on the network (an Internet gateway or a network printer, for example) but must not have access to the rest of the network. Layer 2 isolation is enabled (see Section on page 146), and QoS is set to NONE. Intra-BSS traffic blocking is also enabled (see Section 8.1.2 on page 98). These fields are all user-configurable.
1.2.6 Configuring Dual WLAN Adaptors
The NWA is equipped with dual wireless adaptors. This means you can configure two different wireless networks to operate simultaneously. In the following example, the NWA (Z) uses WLAN1 in Access Point mode to allow IEEE 802.11b and IEEE 802.11g clients to access the wired network, and WLAN2 in AP + Bridge mode to allow an IEEE 802.11a AP to communicate with the wired network.
Figure 9 Dual WLAN Adaptors Example

802.11b/g Bridge

802.11b/g Access Point

Internet

1.3 CAPWAP
The NWA supports Control And Provisioning of Wireless Access Points (CAPWAP). This is ZyXELs implementation of the Internet Engineering Task Forces (IETF) CAPWAP protocol. ZyXELs CAPWAP allows a single access point to manage up to eight other access points. The managed APs receive all their configuration information from the controller AP. The CAPWAP dataflow is protected by Datagram Transport Layer Security (DTLS). The following ZyXEL AP models can be CAPWAP managed APs: NWA-3160 NWA-3163 NWA-3500 NWA-3550 NWA-3166 The following figure illustrates a CAPWAP wireless network. The user (U) configures the controller AP (C), which then automatically updates the configurations of the managed APs (M1 ~ M4).
Figure 10 CAPWAP Network Example
1.4 Ways to Manage the NWA
Use any of the following methods to manage the NWA. Web Configurator. This is recommended for everyday management of the NWA using a (supported) web browser. Command Line Interface (CLI). Line commands are mostly used for troubleshooting by service engineers. File Transfer Protocol (FTP). This protocol can be used for firmware upgrades and configuration backup and restore. Simple Network Management Protocol (SNMP). The device can be monitored by an SNMP manager. See the SNMP chapter in this Users Guide.

1.5 Good Habits for Managing the NWA
Do the following things regularly to make the NWA more secure and to manage it more effectively. Change the password often. Use a password thats not easy to guess and that consists of different types of characters, such as numbers and letters. Write down the password and put it in a safe place. Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the NWA to its factory default settings. If you backed up an earlier configuration file, you wont have to totally re-configure the NWA; you can simply restore your last configuration.

1.6 Hardware Connections

See your Quick Start Guide for information on making hardware connections.

1.7 LEDs

The following are the LED descriptions for your NWA.

Figure 11 LEDs

Table 1 LEDs

STATUS

DESCRIPTION
Either or The NWA is in AP+Bridge or Bridge/Repeater mode and has not established a Wireless Distribution System (WDS) connection. The NWA is in Access Point or MBSSID mode and is functioning normally.
The NWA is in AP+Bridge or Bridge/Repeater mode, and has successfully established a Wireless Distribution System (WDS) connection.

Table 1 LEDs (continued)

On Blinking
The wireless LAN is active. The wireless LAN is active, and transmitting or receiving data. The wireless LAN is not active. The NWA has a 10 Mbps Ethernet connection. The NWA has a 10 Mbps Ethernet connection and is sending or receiving data. The NWA has a 100 Mbps Ethernet connection. The NWA has a 100 Mbps Ethernet connection and is sending/receiving data. The NWA does not have an Ethernet connection. The NWA is receiving power and functioning properly. The NWA is not receiving power. Either or If the LED blinks after the boot up process, the system has failed. If the LED blinks during the boot up process, the system is starting up.
Off ETHERNET Green On Blinking Yellow On Blinking Off POWER/SYS Green On Off Red Blinking

Click this to return this screen to its previously-saved settings.

6.1 Overview

AP Controller Mode
This chapter discusses the Controller AP management mode. When the NWA is used as a CAPWAP (Control And Provisioning of Wireless Access Points) controller AP, the Web Configurator changes to reflect this by including the Controller and Profile Edit screens. Refer to Section 5.2 on page 71 for more information on CAPWAP.
6.1.1 What You Can Do in AP Controller Mode
Use the Navigation Menu (Section 6.2 on page 76) to manage settings across all connected APs. Use the Status screen (Section 6.3 on page 77) to view information about your managed wireless network. Use the AP Lists screen (Section 6.4 on page 79) to manage connected APs. Use the Configuration screen (Section 6.5 on page 82) to control the way in which the NWA accepts new APs to manage. Use the Redundancy screen (Section 6.6 on page 87) to set the controller AP as a primary or secondary controller. Use the Profile Edit screens (Section 6.6 on page 83) to edit an individual APs Radio, SSID, Security, RADIUS, Layer-2 Isolation, and MAC Address settings.
6.1.2 What You Need to Know
The following terms and concepts may help as you read through this chapter.

Controller AP Mode

Your NWA can be a CAPWAP controller AP. In this setup, the NWA can manage the wireless configurations and device settings of several APs at the same time.
Chapter 6 AP Controller Mode In the figure below, an administrator is able to manage the security settings of 5 APs (1 controller AP and 4 managed APs). He changes the security mode to WPAPSK just by accessing the Web Configurator of the controller AP (C).
Figure 48 CAPWAP Controller

Managed APs

Note: Be careful when configuring the controller AP as its managed APs automatically inherit some its settings. Moreover, some of these changes will automatically disconnect the wireless clients of the managed APs.

6.1.3 Before You Begin

The Controller AP options are only available when the NWA is set to function in this mode. Therefore, ensure that you have switched modes first as described in Section 5.3 on page 74 before continuing.
6.2 Controller AP Navigation Menu
When you choose Controller AP mode in the MGNT MODE screen and click Apply, you are automatically logged off from the Web Configurator. The NWA reboots and shows the following message.

Figure 49 System Restart

Note: The NWA reboots every time you change mode in the MGMT MODE screen. You can switch from Standalone AP to Controller AP (and vice versa) using the Web Configurator.
Chapter 6 AP Controller Mode After logging in again, the navigation menu changes to include links for the Controller and Profile Edit screens. The items marked below are screens that can be configured for all APs managed by the NWA.

The following terms and concepts may help as you read through this chapter. When the NWA is set to Access Point, AP + Bridge or MBSSID mode, you need to choose the SSID profile(s) you want to use in your wireless network (see page 97 for more information on operating modes). To configure the settings of your SSID profile, you need to know the Media Access Control (MAC) addresses of the devices you want to allow access to it. Each SSID profile references the settings configured in the following screens: Wireless > Security (one of the security profiles). Wireless > RADIUS (one of the RADIUS profiles). Wireless > MAC Filter (the MAC filter list, if activated in the SSID profile). Wireless > Layer 2 Isolation (the layer 2 isolation list, if activated in the SSID profile). Also, use the VLAN screen to set up wireless VLANs based on SSID. Configure the fields in the above screens to use the settings in an SSID profile.

9.2 The SSID Screen

Use this screen to select the SSID profile you want to configure. Click Wireless > SSID to display the screen as shown.

Figure 73 SSID

Table 32 SSID

Index Profile Name SSID

This field displays the index number of each SSID profile. This field displays the identification name of each SSID profile on the NWA. This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client utility. This field indicates which security profile is currently associated with each SSID profile. See Section 10.2 on page 132 for more information. This field displays which RADIUS profile is currently associated with each SSID profile, if you have a RADIUS server configured. This field displays the Quality of Service setting for this profile or NONE if QoS is not configured on a profile.

Security

RADIUS QoS

Layer 2 Isolation

This field displays which layer 2 isolation profile is currently associated with each SSID profile, or Disable if Layer 2 Isolation is not configured on an SSID profile. This field displays which MAC filter profile is currently associated with each SSID profile, or Disable if MAC filtering is not configured on an SSID profile. Click the radio button next to the profile you want to configure and click Edit to go to the SSID configuration screen.

Figure 75 Securing the Wireless Network
In the figure above, the NWA checks the identity of devices before giving them access to the network. In this scenario, Computer A is denied access to the network, while Computer B is granted connectivity. The NWA secure communications via data encryption, wireless client authentication and MAC address filtering. It can also hide its identity in the network.
10.1.1 What You Can Do in the Security Screen
Use the Wireless > Security screen (see Section 10.2 on page 132) to choose the security mode for your NWA.
Chapter 10 Wireless Security Screen
10.1.2 What You Need To Know About Wireless Security

User Authentication

Authentication is the process of verifying whether a wireless device is allowed to use the wireless network. You can make every user log in to the wireless network before they can use it. However, every device in the wireless network has to support IEEE 802.1x to do this. For wireless networks, you can store the user names and passwords for each user in a RADIUS server. This is a server used in businesses more than in homes. If you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized wireless devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network. You can configure up to 16 security profiles in your NWA. The following table shows the relative effectiveness of wireless security methods:.
Table 34 Wireless Security Levels

SECURITY LEVEL

Least Secure

SECURITY TYPE

Unique SSID (Default) Unique SSID with Hide SSID Enabled MAC Address Filtering WEP Encryption IEEE802.1x EAP with RADIUS Server Authentication Wi-Fi Protected Access (WPA) WPA2

Most Secure

The available security modes in your NWA are as follows: None. No data encryption. WEP. Wired Equivalent Privacy (WEP) encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private.
Chapter 10 Wireless Security Screen 802.1x-Only. This is a standard that extends the features of IEEE 802.11 to support extended authentication. It provides additional accounting and control features. This option does not support data encryption. 802.1x-Static64. This provides 802.1x-Only authentication with a static 64bit WEP key and an authentication server. 802.1x-Static128. This provides 802.1x-Only authentication with a static 128bit WEP key and an authentication server. WPA. Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. WPA2-MIX. This commands the NWA to use either WPA2 or WPA depending on which security mode the wireless client uses. WPA2-PSK. This adds a pre-shared key on top of WPA2 standard. WPA2-PSK-MIX. This commands the NWA to use either WPA-PSK or WPA2PSK depending on which security mode the wireless client uses.

15.1.2 What You Need To Know About Rogue AP
The following terms and concepts may help as you read through this chapter. You can configure the NWA to detect rogue IEEE 802.11a (5 GHz) and IEEE 802.11b/g (2.4 GHz) APs. You can also set the NWA to e-mail you immediately when a rogue AP is detected (see Chapter 19 on page 208 for information on how to set up e-mail logs). You can set how often you want the NWA to scan for rogue APs in the ROGUE AP > Configuration screen (see Section 15.2 on page 162).

Friendly APs

If you have more than one AP in your wireless network, you must also configure the list of friendly APs. Friendly APs are other wireless access points, aside from the NWA, that are detected in your network, as well as any others that you know are not a threat (those from neighboring networks, for example). It is recommended that you export (save) your list of friendly APs often, especially if you have a network with a large number of access points. If you do not add them to the friendly AP list, these access points will appear in the Rogue AP list each time the NWA scans. The friendly AP list displays details of all the access points in your area that you know are not a threat. If you have more than one AP in your network, you need to configure this list to include your other APs. If your wireless network overlaps with that of a neighbor (for example) you should also add these APs to the list, as they do not compromise your own networks security. If you do not add them to the friendly AP list, these access points will appear in the Rogue AP list each time the NWA scans.

Honeypot Attack

Rogue APs need not be connected to the legitimate network to pose a severe security threat. In the following example, an attacker (X) is stationed in a vehicle outside a company building, using a rogue access point equipped with a powerful antenna. By mimicking a legitimate (company network) AP, the attacker tries to capture usernames, passwords, and other sensitive information from unsuspecting clients (A and B) who attempt to connect. This is known as a honeypot attack.
Figure 98 Honeypot Attack
If a rogue AP in this scenario has sufficient power and is broadcasting the correct SSID (Service Set IDentifier) clients have no way of knowing that they are not associating with a legitimate company AP. The attacker can forward network traffic from associated clients to a legitimate AP, creating the impression of normal service. This is a variety of man-in-the-middle attack. This scenario can also be part of a wireless denial of service (DoS) attack, in which associated wireless clients are deprived of network access. Other opportunities for the attacker include the introduction of malware (malicious software) into the network.
15.2 Configuration Screen
Use this screen to enable your NWAs Rogue AP detection settings. Click Rogue AP > Configuration. The following screen appears:

Remote Management Limitations
Remote management over LAN or WLAN will not work when: You have disabled that service in one of the remote management screens. The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the NWA will disconnect the session immediately. You may only have one remote management session running at one time. The NWA automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts. The priorities for the different types of remote management sessions are as follows:

1. Telnet 2. HTTP

System Timeout
There is a default system management idle timeout of five minutes (three hundred seconds). The NWA automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling. You can change the timeout period in the SYSTEM screen.

16.2 The Telnet Screen

Use this screen to configure your NWA for remote Telnet access. You can use Telnet to access the NWAs Command Line Interface (CLS). Click REMOTE MGNT > TELNET. The following screen displays.
Figure 104 Remote Management: Telnet
Table 52 Remote Management: Telnet
TELNET Server Port You can change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Select the interface(s) through which a computer may access the NWA using Telnet. DESCRIPTION

Server Access

Secured Client IP Address DESCRIPTION A secured client is a trusted computer that is allowed to communicate with the NWA using this service. Select All to allow any computer to access the NWA using this service. Choose Selected to just allow the computer with the IP address that you specify to access the NWA using this service. SSH Server Certificate Server Port Select the certificate whose corresponding private key is to be used to identify the NWA for SSH connections. You must have certificates already configured in the Certificates > My Certificates screen. You can change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Select the interface(s) through which a computer may access the NWA using SSH. A secured client is a trusted computer that is allowed to communicate with the NWA using this service. Select All to allow any computer to access the NWA using this service. Choose Selected to just allow the computer with the IP address that you specify to access the NWA using this service. Apply Reset Click Apply to save your customized settings and exit this screen. Click Reset to begin configuring this screen afresh.

linkDown linkUp authenticationFailure (defined in RFC-1215)
1.3.6.1.6.3.1.1.5.3 1.3.6.1.6.3.1.1.5.4 1.3.6.1.6.3.1.1.5.5
Traps defined in the ZyXEL Private MIB. whyReboot 1.3.6.1.4.1.890.1.5.1 3.0.1 This trap is sent with the reason for restarting before the system reboots (warm start). "System reboot by user!" is added for an intentional reboot (for example, download new files, CI command "sys reboot"). If the system reboots because of fatal errors, a code for the error is listed. pwTFTPStatus 1.3.6.1.4.1.890.1.9.2. 3.3.1 This trap is sent to indicate the status and result of a TFTP client session that has ended.
Some traps include an SNMP interface index. The following table maps the SNMP interface indexes to the NWAs physical and virtual ports.
Table 57 SNMP Interface Index to Physical and Virtual Port Mapping

Physical

INTERFACE

enet0 enet1 enet2

Wireless LAN adaptor WLAN1 Ethernet port (LAN) Wireless LAN adaptor WLAN2

Virtual

enet3 ~ enet9 enet10 ~ enet16 enet17 ~ enet21 enet22 ~ enet26
WLAN1 in MBSSID mode WLAN2 in MBSSID mode WLAN1 in WDS mode WLAN2 in WDS mode

17.1 Overview

Internal RADIUS Server
This chapter describes how the NWA can use its internal RADIUS server to authenticate wireless clients. Remote Authentication Dial In User Service (RADIUS) is a protocol that enables you to control access to a network by authenticating user credentials. The following figure shows the NWA (Z) using its internal RADIUS server to control access to a wired network. A wireless notebook (A) requests access by sending its credentials. The NWA consults its internal RADIUS servers list of user names and passwords. If the credentials of the wireless notebook match an entry, the NWA allows the client to access the network.

Figure 108 RADIUS Server

Access Request Z

Wired Network

Allow / Deny
The NWA can also serve as a RADIUS server to authenticate other APs and their wireless clients. For more background information on RADIUS, see Section 11.1.2 on page 142.

Cancel

18.3 Trusted CAs Screen
Use this screen to view the list of trusted certificates. The NWA accepts any valid certificate signed by a certification authority on this list as being trustworthy. You do not need to import any certificate that is signed. Click Certificates > Trusted CAs to open the Trusted CAs screen. The following figure displays.
Figure 118 Certificates > Trusted CAs

Table 65 Trusted CAs

This bar displays the percentage of the NWAs PKI storage space that is currently in use. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates. This field displays the certificate index number. The certificates are listed in alphabetical order. This field displays the name used to identify this certificate. This field displays identifying information about the certificates owner, such as CN (Common Name), OU (Organizational Unit or department), O (Organization or company) and C (Country). It is recommended that each certificate have unique subject information. This field displays identifying information about the certificates issuing certification authority, such as a common name, organizational unit or department, organization or company and country. With self-signed certificates, this is the same information as in the Subject field. This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable. This field displays the date that the certificate expires. The text displays in red and includes an Expiring! or Expired! message if the certificate is about to expire or has already expired.

Index Name Subject

Table 65 Trusted CAs (continued)

CRL Issuer

This field displays Yes if the certification authority issues Certificate Revocation Lists for the certificates that it has issued and you have selected the Issues certificate revocation lists (CRL) check box in the certificates details screen to have the NWA check the CRL before trusting any certificates issued by the certification authority. Otherwise the field displays No. Click Details to view in-depth information about the certification authoritys certificate, change the certificates name and set whether or not you want the NWA to check a certification authoritys list of revoked certificates before trusting a certificate issued by the certification authority. Click Import to open a screen where you can save the certificate of a certification authority that you trust, from your computer to the NWA. Click Delete to delete an existing certificate. A window display asking you to confirm that you want to delete the certificate. Note that subsequent certificates move up by one when you take this action. Click this button to display the current validity status of the certificates.

Note: Mail and FTP servers must have the same management VLAN ID to communicate with the NWA.
See Section 20.3.2 on page 220 for more information. VLAN Mapping Table Use this table to have the NWA assign VLAN tags to packets from wireless clients based on the SSID they use to connect to the NWA. This is the index number of the SSID profile. This is the name of the SSID profile. This is the SSID the profile uses. Enter a VLAN ID number from 1 to 4094. Packets coming from the WLAN using this SSID profile are tagged with the VLAN ID number by the NWA. Different SSID profiles can use the same or different VLAN IDs. This allows you to split wireless stations into groups using similar VLAN IDs. Enter a number from 1 to 4094, but different from the VLAN ID. Traffic received from the LAN that is tagged with this VLAN ID is sent to all SSIDs with this VLAN ID configured in the VLAN ID or Second Rx VLAN ID fields. See Section 20.3.4 on page 233 for more information. Click this to save your changes to the NWA. Click this to return this screen to its last-saved settings.

Index Name SSID VLAN ID

Second Rx VLAN ID
20.2.1 RADIUS VLAN Screen
Use this screen to configure your RADIUS Virtual LAN setup. Click VLAN > RADIUS VLAN. The following screen appears.
Figure 128 VLAN > RADIUS VLAN
Table 75 VLAN > RADIUS VLAN
Block station if RADIUS server assign VLAN name error! VLAN Mapping Table
Select this to have the NWA forbid access to wireless clients when the VLAN attributes sent from the RADIUS server do not match a configured Name field. When you select this check box, only users with names configured in this screen can access the network through the NWA. Use this table to map names to VLAN IDs so that the RADIUS server can assign each user or user group a mapped VLAN ID. See your RADIUS server documentation for more information on configuring VLAN ID attributes. See Section 20.3.3 on page 223 for more information. This is the index number of the VLAN mapping ID.

Active ID Name

Select a check box to enable the VLAN mapping profile. Type a VLAN ID. Incoming traffic from the WLAN is authorized and assigned a VLAN ID before it is sent to the LAN. Type a name to have the NWA check for specific VLAN attributes on incoming messages from the RADIUS server. Access-accept packets sent by the RADIUS server contain VLAN related attributes. The configured Name fields are checked against these attributes. If a configured Name field matches these attributes, the corresponding VLAN ID is added to packets sent from this user to the LAN. If the VLAN-related attributes sent by the RADIUS server do not match a configured Name field, a wireless station is assigned the wireless VLAN ID associated with its SSID (unless the Block station if RADIUS server assign VLAN error! check box is selected).

Required Information

Product model and serial number. Warranty Information. Date that you received your device. Brief description of the problem and the steps you took to solve it. + is the (prefix) number you dial to make an international telephone call.
Corporate Headquarters (Worldwide)
Support E-mail: support@zyxel.com.tw Sales E-mail: sales@zyxel.com.tw Telephone: +886-3-578-3942 Fax: +886-3-578-2439 Web: www.zyxel.com Regular Mail: ZyXEL Communications Corp., 6 Innovation Road II, Science Park, Hsinchu 300, Taiwan
China - ZyXEL Communications (Beijing) Corp.
Support E-mail: cso.zycn@zyxel.cn Sales E-mail: sales@zyxel.cn Telephone: +86-010-82800646 Fax: +86-010-82800587 Address: 902, Unit B, Horizon Building, No.6, Zhichun Str, Haidian District, Beijing Web: http://www.zyxel.cn
Appendix H Customer Support
China - ZyXEL Communications (Shanghai) Corp.
Support E-mail: cso.zycn@zyxel.cn Sales E-mail: sales@zyxel.cn Telephone: +86-021-61199055 Fax: +86-021-52069033 Address: 1005F, ShengGao International Tower, No.137 XianXia Rd., Shanghai Web: http://www.zyxel.cn

Costa Rica

Support E-mail: soporte@zyxel.co.cr Sales E-mail: sales@zyxel.co.cr Telephone: +506-2017878 Fax: +506-2015098 Web: www.zyxel.co.cr Regular Mail: ZyXEL Costa Rica, Plaza Roble Escaz, Etapa El Patio, Tercer Piso, San Jos, Costa Rica

Czech Republic

E-mail: info@cz.zyxel.com Telephone: +420-241-091-350 Fax: +420-241-091-359 Web: www.zyxel.cz Regular Mail: ZyXEL Communications, Czech s.r.o., Modransk 621, Praha 4 - Modrany, Cesk Republika

Denmark

Support E-mail: support@zyxel.dk Sales E-mail: sales@zyxel.dk Telephone: +45-39-55-07-00 Fax: +45-39-55-07-07 Web: www.zyxel.dk Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, Denmark

Finland

Support E-mail: support@zyxel.fi Sales E-mail: sales@zyxel.fi Telephone: +358-9-4780-8411
Appendix H Customer Support Fax: +358-9-4780-8448 Web: www.zyxel.fi Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland

France

E-mail: info@zyxel.fr Telephone: +33-4-72-52-97-97 Fax: +33-4-72-52-19-20 Web: www.zyxel.fr Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France

Germany

Support E-mail: support@zyxel.de Sales E-mail: sales@zyxel.de Telephone: +49-2405-6909-69 Fax: +49-2405-6909-99 Web: www.zyxel.de Regular Mail: ZyXEL Deutschland GmbH., Adenauerstr. 20/A2 D-52146, Wuerselen, Germany

Hungary

Support E-mail: support@zyxel.hu Sales E-mail: info@zyxel.hu Telephone: +36-1-3361649 Fax: +36-1-3259100 Web: www.zyxel.hu Regular Mail: ZyXEL Hungary, 48, Zoldlomb Str., H-1025, Budapest, Hungary
Support E-mail: support@zyxel.in Sales E-mail: sales@zyxel.in Telephone: +91-11-30888144 to +91-11-30888153 Fax: +91-11-30888149, +91-11-26810715 Web: http://www.zyxel.in Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India
Support E-mail: support@zyxel.co.jp Sales E-mail: zyp@zyxel.co.jp Telephone: +81-3-6847-3700 Fax: +81-3-6847-3705 Web: www.zyxel.co.jp Regular Mail: ZyXEL Japan, 3F, Office T&U, 1-10-10 Higashi-Gotanda, Shinagawa-ku, Tokyo 141-0022, Japan

Kazakhstan

Support: http://zyxel.kz/support Sales E-mail: sales@zyxel.kz Telephone: +7-3272-590-698 Fax: +7-3272-590-689 Web: www.zyxel.kz Regular Mail: ZyXEL Kazakhstan, 43 Dostyk Ave., Office 414, Dostyk Business Centre, 050010 Almaty, Republic of Kazakhstan

Malaysia

Support E-mail: support@zyxel.com.my Sales E-mail: sales@zyxel.com.my Telephone: +603-8076-9933 Fax: +603-8076-9833 Web: http://www.zyxel.com.my Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F, Bandar Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia

North America

Support E-mail: support@zyxel.com Support Telephone: +1-800-978-7222 Sales E-mail: sales@zyxel.com Sales Telephone: +1-714-632-0882 Fax: +1-714-632-0858 Web: www.zyxel.com Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806-2001, U.S.A.

Norway

Support E-mail: support@zyxel.no
Appendix H Customer Support Sales E-mail: sales@zyxel.no Telephone: +47-22-80-61-80 Fax: +47-22-80-61-81 Web: www.zyxel.no Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, Norway

Poland

E-mail: info@pl.zyxel.com Telephone: +48-22-Fax: +48-22-Web: www.pl.zyxel.com Regular Mail: ZyXEL Communications, ul. Okrzei 1A, 03-715 Warszawa, Poland

Centralised Wireless Management at a Fraction of the Traditional Cost Do you manage multiple wireless access points?

NWA-3166

Dual-band Hybrid Wireless N Access Point
Do you have customers complaining of slow wireless and unable to connect? Do you want to find out how you can save time and money?
If the answer is "yes" to any of these questions go to www.zyxel.co.uk/hybrid to read more about the benefits of ZyXEL's unique Hybrid Wireless Access Points and how they offer a truly scalable, cost-effective wireless solution.

RRP 226.62 (excl. VAT)

"ZyXEL's hybrid technology combines superior performance and functionality at a much lower price point than traditional wireless controller solutions, bringing enterprise-class wireless to small organisations at a fraction of the cost."

A2Z Computing Ltd.

ZyXEL's Unique 3-in-1 Hybrid Wireless Range Part number
91-005-197005B 91-005-154004B 91-005-230004B 91-005-276004B
Hybrid Wireless Access Points
ZyXEL NWA-3500 Dual-radio Hybrid Wireless Access Point ZyXEL NWA-3550 Dual-radio Outdoor Hybrid Wireless Access Point ZyXEL NWA-3166 Dual-band Hybrid Wireless N Access Point NEW

RRP (Excl. VAT)

212.14 549.03 226.62
ZyXEL NWA-3160 Dual-band Hybrid Wireless Access Point ** New Standard Price ** 151.09
Power your Network with ZyXEL's New PoE Switch Part number

91-010-217004B

PoE Switch
ZyXEL GS1500-24P Gigabit Web Managed PoE Switch NEW

390.00

Find out more about Hybrid Wireless Networking and download the white paper on Deploying WiFi in a growing Business Entity at

www.zyxel.co.uk/hybrid

Free UK Tech Support
T&Cs apply. E&OE. All prices are excluding VAT.

Free Firmware Upgrades

ZyAssure Support Packs Available