ZyXEL NXC2500 User Guide
ZyXEL NXC2500 Manual
 |
View all ZyXEL NXC2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
ZyXEL NXC2500 manual content summary:
- ZyXEL NXC2500 | User Guide - Page 1
User's Guide NXC Series Wireless LAN Controller Default Login Details LAN IP Address User Name Password https://192.168.1.1 admin 1234 Version 6.0 Edition 1, 10/2019 Copyright © 2019 Zyxel Communications Corporation - ZyXEL NXC2500 | User Guide - Page 2
user's guide to know which access points can be managed by the NXC. It also lists the features of the NXC-managed access points. • Web Configurator Online Help Click the help icon in any screen for help in configuring that screen and supplementary information. • More Information Go to support.zyxel - ZyXEL NXC2500 | User Guide - Page 3
and notes are shown in this guide. Warnings tell you about things that models in this series may be referred to as the "NXC" in this guide. • Product labels, screen names, field labels and field choices are all in Figures in this guide may use the following generic icons. The NXC icon is not - ZyXEL NXC2500 | User Guide - Page 4
Contents Overview Contents Overview User's Guide ...18 Introduction ...19 Hardware Installation and Connection 25 The Web Configurator ...33 Setup Wizard ...47 Technical Reference ...57 Dashboard ...58 Monitor ...69 Registration ...116 Wireless ...119 Interfaces ...147 Policy and Static Routes ... - ZyXEL NXC2500 | User Guide - Page 5
Contents Overview Appendices and Troubleshooting 426 Troubleshooting ...427 NXC Series User's Guide 5 - ZyXEL NXC2500 | User Guide - Page 6
Applications ...21 1.3.1 AP Management ...21 1.3.2 Wireless Security ...21 1.3.3 Captive Portal ...21 1.3.4 Load Balancing ...22 1.3.5 Dynamic Channel Selection 22 1.3.6 User-Aware Access Control 22 1.4 Management Overview ...23 1.5 Object-based Configuration ...23 1.6 Starting and Stopping the - ZyXEL NXC2500 | User Guide - Page 7
Setup Wizard...47 4.1 Accessing the Wizard ...47 4.2 Using the Wizard ...47 4.2.1 Step 1 Password and Time Settings 47 4.2.2 Step 2 Uplink Connection and Management ...64 5.2.4 DHCP Table ...64 5.2.5 Number of Login Users ...66 5.2.6 AP Status ...66 5.2.7 Station Traffic ...68 Chapter 6 Monitor - ZyXEL NXC2500 | User Guide - Page 8
8 Wireless ...119 8.1 Overview ...119 8.1.1 What You Can Do in this Chapter 119 8.1.2 What You Need to Know 119 8.2 Controller ...120 8.3 AP Management ...120 8.3.1 Mgmt. AP List ...121 8.3.2 AP Policy ...130 8.3.3 AP Group ...131 8.3.4 Firmware ...138 8.4 Rogue AP ...140 NXC Series User's Guide 8 - ZyXEL NXC2500 | User Guide - Page 9
Do in this Chapter 177 10.1.2 What You Need to Know 177 10.2 Policy Route ...178 10.2.1 Add/Edit Policy Route ...180 10.3 Static Route ...183 10.3.1 Static Route Setting ...184 10.4 Technical Reference You Need to Know 186 11.2 Zone ...187 11.2.1 Add/Edit Zone ...187 NXC Series User's Guide 9 - ZyXEL NXC2500 | User Guide - Page 10
208 15.3.2 Custom Login and Access Pages 211 15.3.3 External or Uploaded Web Portal Details 213 15.4 Redirect on Controller ...216 15.4.1 Auth. Policy Add/Edit ...217 15.5 Redirect on AP ...221 15.5.1 Auth. Policy Group Add/Edit 223 15.5.2 Auth. Policy Add/Edit ...224 NXC Series User's Guide 10 - ZyXEL NXC2500 | User Guide - Page 11
18.4 Setting ...246 18.4.1 Edit User Authentication Timeout Settings 250 18.4.2 Add/Edit Dynamic Guest Group 251 18.4.3 User Aware Login Example 251 18.4.4 Guest Manager Login Example 252 18.5 MAC Address ...255 18.5.1 Add/Edit MAC Address ...256 Chapter 19 AP Profile ...257 19.1 Overview ...257 - ZyXEL NXC2500 | User Guide - Page 12
...293 23.1.1 What You Can Do in this Chapter 293 23.1.2 What You Need to Know 293 23.2 Service Summary ...294 23.2.1 Add/Edit Service Rule ...295 23.3 Service Group Summary ...296 23.3.1 Add/Edit Service Group Rule 296 Chapter 24 Schedules ...298 24.1 Overview ...298 NXC Series User's Guide 12 - ZyXEL NXC2500 | User Guide - Page 13
Need To Know 302 25.2 Active Directory / LDAP ...305 25.2.1 Add/Edit Active Directory / LDAP Server 306 25.3 RADIUS ...309 25.3.1 Add/Edit RADIUS ...309 Chapter 26 Authentication Method ...313 26.1 Overview ...313 26.1.1 331 28.1.1 What You Can Do in this Chapter 331 NXC Series User's Guide 13 - ZyXEL NXC2500 | User Guide - Page 14
Add MX Record ...344 29.6.10 Add Service Control ...345 29.7 WWW Overview ...345 29.7.1 Service Access Limitations 346 29.7.2 System Timeout ...346 29.7.3 HTTPS ...346 29.7.4 Configuring WWW Service Control 347 29.7.5 Service Control ...367 29.11.1 Supported MIBs ...368 NXC Series User's Guide 14 - ZyXEL NXC2500 | User Guide - Page 15
User Profile 370 29.12 Authentication Server ...371 29.12.1 Add Manager 392 31.3 Firmware Package ... AP ...408 32.3.2 Packet Capture Files ...411 32.3.3 Example of Viewing a Packet Capture File 412 32.4 Core Dump ...413 32.4.1 Core Dump Files ...413 32.5 System Log ...414 NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 16
432 36.2 Resetting the NXC ...434 36.3 Getting More Troubleshooting Help 435 Appendix A Log Descriptions...436 Appendix B Common Services ...463 Appendix C Importing Certificates 466 Appendix D Wireless LANs ...490 Appendix E IPv6...502 Appendix F Customer Support ...510 NXC Series User's Guide 16 - ZyXEL NXC2500 | User Guide - Page 17
Table of Contents Appendix G Legal Information ...516 Index ...521 NXC Series User's Guide 17 - ZyXEL NXC2500 | User Guide - Page 18
PART I User's Guide 18 - ZyXEL NXC2500 | User Guide - Page 19
Aggregation Group (LAG) Support Two USB Ports Console Port (Serial Port) Max. no, of managed APs NXC2500 No Yes DB-9 Connector 8; can be upgraded up to 64 NXC5500 Yes Yes RJ-45 Connector 64; can be upgraded up to 1024 The NXC is a comprehensive wireless LAN controller. Its flexible configuration - ZyXEL NXC2500 | User Guide - Page 20
management • The LAN zone contains the ge1~ ge6 interfaces (physical ports P1~P6). By default, all LAN interfaces are put in vlan0. • The console port is not in a zone and can be directly accessed by a computer attached to it using a special console-to-Ethernet adapter. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 21
managed Access Points (C), such as NWA5123-NI, which in turn provide access to the network for the wireless clients (D) within their broadcast radius. 1.3.2 Wireless Security Keep the connections between wireless clients and your APs secure with the NXC's comprehensive wireless security tools. APs - ZyXEL NXC2500 | User Guide - Page 22
APs and determining what channels are currently being used by other devices not connected to the network. 1.3.6 User-Aware Access Control Set up security policies that restrict access to sensitive information and shared resources based on the user who is trying to access it. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 23
allows easy NXC setup and management using an Internet browser. This User's Guide provides information about the Web Configurator. Command-Line Interface (CLI) The CLI allows you to use text-based commands to configure the NXC. You can access it using remote management (for example, SSH - ZyXEL NXC2500 | User Guide - Page 24
start. Using the RESET button If you press the RESET button, the NXC sets the configuration to its default then manually turn off start the system processes when you apply configuration files or run shell scripts although you may temporarily lose access to network resources. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 25
already attached - see Figure 4 on page 26. 3 Set the NXC on a smooth, level surface strong enough to support the weight of the NXC and the connected cables. Make sure there is a power outlet nearby. 4 Make sure cable (Category 5e, 6UTP/STP, or better Ethernet cable). NXC Series User's Guide 25 - ZyXEL NXC2500 | User Guide - Page 26
rack using a rack-mounting kit. Make sure the rack will safely support the combined weight of all the equipment it contains and that the position to anchor the rack securely before installing the unit. Note: Zyxel provides a sliding rail accessory for your use with your device. Series User's Guide 26 - ZyXEL NXC2500 | User Guide - Page 27
hang the NXC on the screws. Wall-mount the NXC with the Ethernet ports facing down and the ventilation holes on the side. NXC Series User's Guide 27 - ZyXEL NXC2500 | User Guide - Page 28
2.5.1 NXC2500 There are LEDs, one reset button, two USB ports and six Ethernet ports on the NXC2500 front panel. Figure 7 Front Panel: NXC2500 2.5.2 NXC5500 There are one reset button, six Ethernet ports, one console port, two USB ports and LEDs on the NXC5500 front panel. NXC Series User's Guide 28 - ZyXEL NXC2500 | User Guide - Page 29
duplex mode of the connected device. An auto-crossover (auto-MDI/MDI-X) port automatically works with a straight-through or crossover Ethernet cable. Default Ethernet Settings The factory default negotiation settings for the Ethernet ports on the NXC are: • Speed: Auto • Duplex: Auto • Flow control - ZyXEL NXC2500 | User Guide - Page 30
panel LEDs. 2.5.3.1 NXC2500 The following table describes the LEDs. Table 7 Front Panel LEDs: NXC2500 LED COLOR STATUS DESCRIPTION If the LED turns red again, then please contact your vendor. Blinking Firmware upgrade is in progress. P1~P6 Green (Traffic) Blinking Off The User's Guide 30 - ZyXEL NXC2500 | User Guide - Page 31
red again, then please contact your vendor. Blinking Firmware upgrade is in progress. P1~P6 Traffic (Left) Rear Panel The NXC2500 rear panel contains a console port, a power switch module. Figure 10 Rear Panel: NXC5500 Console Port (NXC2500 Only) Connect this port to your computer (using - ZyXEL NXC2500 | User Guide - Page 32
: • VT100 terminal emulation • 115200 bps • No parity, 8 data bits, 1 stop bit • No flow control Connect the male 9-pin end of the RS-232 console cable to the console port of the NXC. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer. NXC Series User's Guide 32 - ZyXEL NXC2500 | User Guide - Page 33
is 1024 x 768 pixels and higher. 3.2 Access 1 Make sure your NXC hardware is properly connected. See the Quick Start Guide. 2 Browse to https://192.168.1.1. The Login screen appears. 3 Enter the user name (default: "admin") and password (default: "1234"). Select the language you prefer for - ZyXEL NXC2500 | User Guide - Page 34
This screen appears every time you log in using the default user name and default password. If you change the password for the default user account, this screen does not appear anymore. 3.3 The Main Screen This guide uses the NXC2500 screens as an example. The screens may vary slightly for - ZyXEL NXC2500 | User Guide - Page 35
Click this to log out of the Web Configurator. Wizard Click this to open screens where you can configure the NXC's time zone, Internet access and wireless settings. Help Click this to open the help page for the current screen. About Click this to display basic information about the NXC. Site - ZyXEL NXC2500 | User Guide - Page 36
NXC. This shows the date (yyyy-mm-dd) and time (hh:mm:ss) when the firmware is released. Click this to close the screen. Site Map Click Site MAP to see an overview of links to the Web Configurator screens. Click a screen's link to go to that screen. NXC Series User's Guide 36 - ZyXEL NXC2500 | User Guide - Page 37
screen in the main window. # This field is a sequential value, and it is not associated with any entry. Service This is the type of setting that references the selected object. Click a service's name to display the service's configuration screen in the main window. NXC Series User's Guide 37 - ZyXEL NXC2500 | User Guide - Page 38
Figure 16 CLI Messages Click Clear to remove the currently displayed information. See the Command Reference Guide for information about the commands. 3.3.2 Navigation Panel Use the menu items on the navigation panel the NXC's navigation panel menus and their screens. NXC Series User's Guide 38 - ZyXEL NXC2500 | User Guide - Page 39
licensed service status, and interface status in widgets that you can re-arrange to suit your needs. AP Status Top N APs Display the number of wireless stations which are connected to the top "N" managed APs and data usage. Single AP status of all current sessions. NXC Series User's Guide 39 - ZyXEL NXC2500 | User Guide - Page 40
latest AP firmware from the firmware server. Rogue AP Rogue/Friendly AP List Configure how the NXC monitors for rogue APs. Auto Healing Auto Healing Enable auto healing to extend the wireless service coverage area of the managed APs when one of the APs fails. Network NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 41
/Group User Create and manage users. Group Create and manage groups of users. Setting Manage default settings for all users, general settings for user sessions, and rules to force user authentication. MAC Address Map wireless client MAC addresses to MAC roles (MAC address user accounts). AP - ZyXEL NXC2500 | User Guide - Page 42
AAA Server Active Directory Configure the default Active Directory settings. LDAP Configure the default LDAP settings. RADIUS Configure the default RADIUS settings. Auth. Method Authentication Method Create and manage ways of authenticating users. Certificate My Certificates Create and - ZyXEL NXC2500 | User Guide - Page 43
USB device to the NXC and archive the NXC system logs to it here. Wireless Frame Capture Capture wireless frames from APs for analysis. Packet Flow Explore Routing Status Check how the NXC determines where to the table's entries according to that column's criteria. NXC Series User's Guide 43 - ZyXEL NXC2500 | User Guide - Page 44
to change the column order. A green check mark displays next to the column's title when you drag the column to a valid new location. NXC Series User's Guide 44 - ZyXEL NXC2500 | User Guide - Page 45
the bottom of the table to navigate to different pages of entries and control how many entries display at a time. Working with Table Entries The the table's entries in order), you can select an entry and click Add to create a new entry after the selected entry. Edit Double-click an User's Guide 45 - ZyXEL NXC2500 | User Guide - Page 46
] key to select multiple entries, and then use the arrow button to move them to the other list. Figure 19 Working with Lists NXC Series User's Guide 46 - ZyXEL NXC2500 | User Guide - Page 47
CHAPTER 4 Setup Wizard 4.1 Accessing the Wizard Connect a router or switch with Internet access to port 1 (ge1), and your computer to ports 2-6 (ge 2-6) of the NXC. When you log into the Web Configurator for the first time or when you reset the NXC to its default configuration, the wizard screens - ZyXEL NXC2500 | User Guide - Page 48
1 Password and Time Settings 4.2.2 Step 2 Uplink Connection and Management VLAN A Virtual Local Area Network (VLAN) allows you to group ports into multiple independent logical networks. Use this screen to configure the IP address of port 1 (ge1) for Internet access and configure vlan0, the default - ZyXEL NXC2500 | User Guide - Page 49
your managed APs to the correct ports according to the settings of the VLAN interface in order to communicate with the NXC. Click the Add button to add a VLAN. You cannot configure members for VLAN interfaces in the Wizard. The default members are ports 2-6 (ge2-6). • Guest VLAN: This field displays - ZyXEL NXC2500 | User Guide - Page 50
Add or Remove to manage web site addresses that all users can access without logging in. The web site link(s) displays in the user login page. • Create Dynamic Guest Manager: If you select Guest VLAN, select this option and enter a user name and password to create a guest manager account. This user - ZyXEL NXC2500 | User Guide - Page 51
Chapter 4 Setup Wizard Figure 23 Wizard: Step 3 Add/Edit Interface Add Customized Page Use this screen . • Logo: The logo corresponds to the "Zyxel" logo image in the default page. • Customized Login/Access/User-logout Page: Customize the other elements on the captive portal JPG. NXC Series User's Guide 51 - ZyXEL NXC2500 | User Guide - Page 52
SSID profile from the list, and click the On or Off icon to enable or disable the selected SSID profiles of a managed AP by the NXC. To change an SSID profile's settings, such as the SSID (WiFi network name) and WiFi password, double-click the SSID profile from the list. NXC Series User's Guide 52 - ZyXEL NXC2500 | User Guide - Page 53
frequency used by IEEE 802.11b/g/n/ax wireless clients. 5 GHz is the frequency used by IEEE 802.11ax/ac/a/n wireless clients. Not all managed APs support both 2.4 GHz and 5 GHz frequency bands. • Security Mode: Select WPA2 to add security on this wireless network. Otherwise, select Open to allow any - ZyXEL NXC2500 | User Guide - Page 54
: Edit (802.1x) Figure 27 Wizard: SSID: Edit (Pre-Shared Key) 4.2.5 Step 5 Radio Use this screen to configure managed APs' radio transmitter(s). • Channel Selection: This shows Auto and the managed AP will automatically choose a radio channel that has least interference. NXC Series User's Guide 54 - ZyXEL NXC2500 | User Guide - Page 55
Chapter 4 Setup Wizard • Channel Width: Select the wireless channel bandwidth you want the managed AP to use. Because not all devices support 40 MHz and/or 80 MHz channels, select 20/40/80MHz to allow the AP to adjust the channel bandwidth automatically. • Maximum Output Power: Enter the maximum - ZyXEL NXC2500 | User Guide - Page 56
Chapter 4 Setup Wizard Figure 29 Wizard: Summary NXC Series User's Guide 56 - ZyXEL NXC2500 | User Guide - Page 57
PART II Technical Reference 57 - ZyXEL NXC2500 | User Guide - Page 58
, licensed service status AP > Status screen (Section 5.2.6 on page 66) displays how many wireless stations are connected to the managed AP(s) and data usage. • The Station > Traffic screen (Section 5.2.7 on page 68) displays data usage of the connected wireless station(s). NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 59
every time you click the Dashboard icon in the navigation panel. The Dashboard displays general device information, system status, system resource usage, licensed service status, and interface status in widgets that you can rearrange to suit your needs. You can also collapse, refresh, and close - ZyXEL NXC2500 | User Guide - Page 60
Date/ Time DHCP Table Current Login User Number of Login Users Speed / Duplex - The Ethernet reserved for specific MAC addresses. This field displays the user name used to log in to the current session of users currently logged in to the NXC. Click the link to popopen a list of the users who are - ZyXEL NXC2500 | User Guide - Page 61
device connected to the NXC. This shows a summary of connected wireless Access Points (APs). This displays the number of currently connected managed APs and the number of all managed APs. Click the link to go to the Monitor > Wireless > AP information > AP List screen. NXC Series User's Guide 61 - ZyXEL NXC2500 | User Guide - Page 62
the top 5 Access Points (APs) with the highest number of station (aka wireless client) connections. # This field displays the rank of the AP. AP MAC This field displays the MAC address of the AP to which the address (if any) in the packet that generated the log. NXC Series User's Guide 62 - ZyXEL NXC2500 | User Guide - Page 63
this screen to look at a chart of the NXC's recent CPU usage. To access this screen, click Show CPU Usage in the dashboard. Figure 31 Dashboard > CPU chart of the NXC's recent memory (RAM) usage. To access this screen, click Show Memory Usage in the dashboard. Figure 32 Dashboard > Memory Usage NXC - ZyXEL NXC2500 | User Guide - Page 64
screen to look at a chart of the NXC's recent traffic session usage. To access this screen, click Show Active Sessions in the dashboard. Figure 33 Dashboard > Session for specific MAC addresses. To access this screen, click the link beside DHCP Table in the dashboard. NXC Series User's Guide 64 - ZyXEL NXC2500 | User Guide - Page 65
this screen to be automatically updated. Click this to update the information in the screen right away. Click this to close the screen. NXC Series User's Guide 65 - ZyXEL NXC2500 | User Guide - Page 66
. Click this icon to end a user's session. 5.2.6 AP Status Use this screen to view how many wireless stations are connected to the managed AP(s) and the data usage. To access this screen, click Dashboard > AP > Status. Click the Single AP tab to view a specific AP's usage details, or click the Top - ZyXEL NXC2500 | User Guide - Page 67
also updates the station count chart for these APs, and vice versa. You can also filter the data by wireless bandwidth (2.4G or 5G). The pie chart other APs not shown in the graph. Figure 36 Dashboard > AP > Status: Top N APs Figure 37 Dashboard > AP > Status: Single AP NXC Series User's Guide 67 - ZyXEL NXC2500 | User Guide - Page 68
view data usage of the connected wireless station(s). To access this screen, click Dashboard > Station > Traffic. Click the Single Station tab to view a specific wireless station's usage details, or click N Stations Figure 39 Dashboard > Station > Traffic: Single Station NXC Series User's Guide 68 - ZyXEL NXC2500 | User Guide - Page 69
on page 105) displays statistics about the ZyMesh connections between the managed APs. • The SSID Info screen (Section 6.14 on page 106) displays the number of wireless clients that are currently connected to an SSID and the SSID's security mode. • The Station List screen (Section 6.15 on page 107 - ZyXEL NXC2500 | User Guide - Page 70
chapter. Rogue AP Rogue APs are wireless access points operating in a network's coverage area that are not under the control of the network 128-bit (16-byte) number which can be used to identify a service, a device, a manufacturer or an owner. The 2-byte major number 2 1 NXC Series User's Guide 70 - ZyXEL NXC2500 | User Guide - Page 71
look at packet statistics for each Gigabit Ethernet port. To access this screen, click Monitor > System Status > Port Statistics. uses. Click this to stop the window from updating automatically. You can start it again by setting the Poll Interval and clicking Set Interval. Click this User's Guide 71 - ZyXEL NXC2500 | User Guide - Page 72
The y-axis represents the speed of transmission or reception. time The x-axis shows the time period over which the transmission or reception occurred NXC Series User's Guide 72 - ZyXEL NXC2500 | User Guide - Page 73
IPv6 in the Configuration > System > IPv6 screen, you can also view your IPv6 interface status on this screen. Click Monitor > System Status > Interface Status to access this screen. Figure 42 Monitor > System Status > Interface Status NXC Series User's Guide 73 - ZyXEL NXC2500 | User Guide - Page 74
. Examples include DHCP relay and DHCP server. This field displays n/a if the interface does not provide any services to the network. Use this field to get or to update the IP address for the interface. Click Renew screen. This field displays the name of each interface. NXC Series User's Guide 74 - ZyXEL NXC2500 | User Guide - Page 75
-used protocols or service ports and the amount of traffic on each one. • LAN IP with heaviest start and when to stop collecting information for these reports. You cannot schedule data collection; you have to start and stop it manually in the Traffic Statistics screen. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 76
real-time, but you can click the Refresh button to update it. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. Statistics Interface Select the interface from which to collect information. You can collect information - ZyXEL NXC2500 | User Guide - Page 77
Kbytes, Mbytes, Gbytes, or Tbytes, depending on the amount of traffic for the particular protocol or service port. The count starts over at zero if the number of bytes passes the byte count limit. See Table 28 on the interface(s) from which the NXC collects information. NXC Series User's Guide 77 - ZyXEL NXC2500 | User Guide - Page 78
about active sessions for debugging or statistical analysis. It is not possible to manage sessions in this screen. The following information is displayed. • User who started the session • Protocol or service port used • Source IP address • Destination IP address • Number of bytes received (so - ZyXEL NXC2500 | User Guide - Page 79
users - display all active sessions grouped by user sessions by services - display all active sessions grouped by service the screen. The User, Service, Source Address, and services that is defined. (See Chapter 23 on page 293 for more information about services the User, Service, Source Address, and - ZyXEL NXC2500 | User Guide - Page 80
DESCRIPTION User This field displays the user in each active session. Service If you are looking at the sessions by users (or all sessions) report, click + or - to display or hide details about a user's sessions to show to which devices it has assigned an IP address. NXC Series User's Guide 80 - ZyXEL NXC2500 | User Guide - Page 81
Last Access This is managed AP through which the user logs into the NXC. Type The default description is "AP-" followed by the AP's MAC address. A "-" displays if the user is not connecting to the NXC wirelessly. This field displays the way the user logged in to the NXC. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 82
-created user name and password that allows a guest user to access the Internet or the NXC's services in a specified period of time. Multiple dynamic guest accounts can be automatically generated at one time for guest users by using the web configurator and the guest-manager account. Guest users can - ZyXEL NXC2500 | User Guide - Page 83
lists the wireless client which has been authenticated by MAC address and allowed to access the network. To access this screen, click Monitor > System Status > Login Users > Trusted MAC Address. Figure 48 Monitor > System Status > Login Users > Trusted MAC Address List NXC Series User's Guide 83 - ZyXEL NXC2500 | User Guide - Page 84
profile in which the associated SSID is defined, This field displays the SSID to which the wireless client is currently connecting. This field displays the MAC address of the client device. This field of the USB storage device is not supported by the NXC, such as NTFS. NXC Series User's Guide 84 - ZyXEL NXC2500 | User Guide - Page 85
not supported management. Note: Smart Connect is enabled by default in the NXC. Use this screen to view the NXC's neighboring devices in one place. To access this screen, click Monitor > System Status > Ethernet Neighbor. Figure 50 Monitor > System Status > Ethernet Neighbor NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 86
the type of APs you want to display. Select All to show all kinds of APs that are currently or used to be connected to the NXC. Status Select NebulaFlexPRO to show the APs that can work in Nebula cloud management mode. Select the status of APs you want to display. NXC Series User's Guide 86 - ZyXEL NXC2500 | User Guide - Page 87
if the selected AP doesn't support suppression mode. Select an AP and click this button to run the locator feature. The AP's Locator LED will start to blink for 10 minutes by default. It will show the actual location of the AP between several devices in the network. NXC Series User's Guide 87 - ZyXEL NXC2500 | User Guide - Page 88
(aka wireless clients) associated with the AP's 5 GHz WiFi network. This displays the most recent time the AP came on-line. N/A displays if the AP has not come online since the NXC last started up. This displays the AP's MAC address. This displays the Access Controller (the NXC) management VLAN ID - ZyXEL NXC2500 | User Guide - Page 89
with the VLAN ID setting on the Access Controller (the NXC). • A setting the NXC assigns to this AP does not match the AP's capability. • Packets sent out on a LAN port of this AP loop back to the AP. This AP is offline and in the process of having its firmware updated. NXC Series User's Guide 89 - ZyXEL NXC2500 | User Guide - Page 90
supported and cannot be managed by the NXC. 6.11.1 Station Count of AP Use this screen to look at configuration information, port status and station statistics for the connected AP. To access this screen, select an entry and click the More Information button in the AP List screen. NXC Series User - ZyXEL NXC2500 | User Guide - Page 91
with the NXC's settings for the AP. Conflict If any of the AP's configuration conflicts with the NXC's settings for the AP, this field displays which configuration conflicts. It displays n/a if none of the AP's configuration conflicts with the NXC's settings for the AP. NXC Series User's Guide 91 - ZyXEL NXC2500 | User Guide - Page 92
field displays the firmware version of the discovered device. Port(Description) This field displays the discovered device's port which is connected to the AP. IP Address This field displays the IP address of the discovered device. Click the IP address to access and manage the discovered device - ZyXEL NXC2500 | User Guide - Page 93
Chapter 6 Monitor Figure 53 Monitor > Wireless > AP Information > AP List > Edit AP List NXC Series User's Guide 93 - ZyXEL NXC2500 | User Guide - Page 94
is not assigned to an AP, it will belong to a default group. See Table 59 on page 135. Radio 1/2 Setting Override Group Radio Setting Each AP can belong to up to two groups. Select this option to overwrite the AP radio settings with the settings you configure here. NXC Series User's Guide 94 - ZyXEL NXC2500 | User Guide - Page 95
AP or repeater. Enable Wireless Bridging This field is available only when the radio is in Repeater AP mode. Select this option to enable wireless bridging on the radio. The managed AP must support LAN This section is available only when the AP supports Bluetooth Low Energy (BLE). Edit Click - ZyXEL NXC2500 | User Guide - Page 96
Wireless > AP Information > AP List > Edit AP of the gateway. The AP sends packets to the gateway AP LAN port settings with the settings you configure here. This section displays only when you select Override Group LAN managed AP. This shows the port's PVID. A PVID (Port VLAN ID) is a tag that adds - ZyXEL NXC2500 | User Guide - Page 97
Wireless > AP Information > AP List > Edit AP List (continued) LABEL DESCRIPTION VLAN Configuration This section displays only when you select Override Group LAN Setting. Add using the CLI (see CLI Reference Guide). Multicast Storm Control Enabling this will drop ingress multicast traffic - ZyXEL NXC2500 | User Guide - Page 98
LED will start to blink for the number of minutes set here. If you make changes to the time default setting, it will be stored as the default when the AP restarts. Reset AP Configuration This section is available only when the AP is online. Apply Factory Default Click the button to reset all of - ZyXEL NXC2500 | User Guide - Page 99
on the NXC. To access this screen, click Add or select a VLAN and click the Edit button in the VLAN Configuration table of the Monitor > Wireless > AP Information > AP List > Edit AP List or Configuration > Wireless > AP Management > Mgmt. AP List > Edit AP List screen. NXC Series User's Guide 99 - ZyXEL NXC2500 | User Guide - Page 100
settings of a tri-mode AP and set it to run in Nebula cloud management mode immediately. The AP that supports tri-mode can work as a normal AP, a CAPWAP managed AP controlled by the NXC, or an AP managed by the Zyxel Nebula Control Center (NCC). See the AP's user's guide for more information about - ZyXEL NXC2500 | User Guide - Page 101
button to change its management mode. To access this screen, select a tri-mode AP from the list and click the Nebula button in the Monitor > Wireless > AP Information > AP List screen. Figure 57 Monitor > Wireless > AP Information > AP List > Change mode behavior The following table describes - ZyXEL NXC2500 | User Guide - Page 102
Nebula cloud management mode and removed from the managed AP list right after you click OK. Click Cancel to exit this screen without saving your changes. 6.12 Radio List Use this screen to view statistics about the wireless radio transmitters in each of the APs connected to the NXC. To access this - ZyXEL NXC2500 | User Guide - Page 103
address of the radio. This indicates the radio number on the AP to which it belongs. This indicates the radio's operating mode. Operating modes are AP (access point), MON (monitor), Root AP or Repeater. This indicates the AP radio and ZyMesh profile names to which the radio belongs. This indicates - ZyXEL NXC2500 | User Guide - Page 104
Chapter 6 Monitor Figure 59 Monitor > Wireless > AP Information > Radio List > AP Mode Radio Information NXC Series User's Guide 104 - ZyXEL NXC2500 | User Guide - Page 105
Click this to close this window. 6.13 ZyMesh Link Info Use this screen to view the ZyMesh traffic statistics between the managed APs. Click Monitor > Wireless > ZyMesh > ZyMesh Link Info to access this screen. Figure 60 Monitor > Wireless > ZyMesh > ZyMesh Link Info NXC Series User's Guide 105 - ZyXEL NXC2500 | User Guide - Page 106
the time the managed AP last associated with the root AP or repeater. This is the MAC address of the managed AP (in repeater mode). This is the output power of the managed AP (in repeater mode). This is the descriptive name of the root AP to which the managed AP is connected wirelessly. This is the - ZyXEL NXC2500 | User Guide - Page 107
wireless network to which the client is connected. A single AP can have multiple SSIDs or networks. 2.4GHz This shows the number of wireless , Security Mode This indicates wireless clients"). Click Monitor > Wireless > Station Info > Station List to access this screen. NXC Series User's Guide 107 - ZyXEL NXC2500 | User Guide - Page 108
screens. Click this to return the search criteria to the factory defaults and display all connected stations without a filter. Select one or multiple stations and click this to disconnect the station(s) from the AP. This is the station's index number in this list. NXC Series User's Guide 108 - ZyXEL NXC2500 | User Guide - Page 109
. AP List > Edit AP List screen to detect other wireless devices in its vicinity. Or, if this feature is not supported by your AP, you could also set at least one radio of the AP connected to the NXC to monitor mode (in the Configuration > Wireless > AP Management screen). NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 110
indicates the detected device's channel ID. This indicates the 802.11 mode (a/b/g/n/ac/ax) transmitted by the detected device. This indicates the encryption on managing friendly and rogue APs, see the Configuration > Wireless > Rogue AP screen (Chapter 8 on page 119). NXC Series User's Guide 110 - ZyXEL NXC2500 | User Guide - Page 111
selecting All Logs, or you can select a specific category of log messages (for example, user). You can also look at the debugging log by selecting Debug Log. All debugging messages have the same priority. To access this screen, click Monitor > Log. The log is displayed in the following screen. Note - ZyXEL NXC2500 | User Guide - Page 112
double quotes, and brackets are not allowed. Protocol Search This displays when you show the filter. Select a service protocol whose log messages you would like to see. This displays when you show the filter. Click this in the event that generated the log message. NXC Series User's Guide 112 - ZyXEL NXC2500 | User Guide - Page 113
leave the View Log screen and return to it later. 6.18 View AP Log Use this screen to view the NXC's current wireless AP log messages. Click Monitor > Log > View AP Log to access this screen. Figure 65 Monitor > Log > View AP Log The following table describes the labels in this screen. Table 52 - ZyXEL NXC2500 | User Guide - Page 114
Show Filter. Select a service type to display only AP. This field is a sequential value, and it is not associated with a specific log message. This indicates the time that the log messages was created or recorded on the AP. This indicates the selected log message's priority. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 115
Chapter 6 Monitor Table 52 Monitor > Log > View AP Log LABEL DESCRIPTION Category This indicates the selected log message's category. Message This displays content of selected log message. Note This displays any notes associated with the selected log message. NXC Series User's Guide 115 - ZyXEL NXC2500 | User Guide - Page 116
of APs that the NXC can support is shown on Table 1 on page 19. Maximum Number of ZyMesh Root APs The NXC by default allows up to one ZyMesh root AP, which means only one radio of the managed AP can be set to root AP mode. Buy a ZyMesh license to have more root APs. NXC Series User's Guide 116 - ZyXEL NXC2500 | User Guide - Page 117
> Service LABEL DESCRIPTION License Status # This is the entry's position in the list. Service This lists the services that are available on the NXC. Status This field displays whether this is a default service (Default) or an activated license upgrade (Licensed). NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 118
how many managed APs the NXC can support with your current license. This field does not apply to the other services. License Refresh Service License Refresh Click this button to renew service license information (such as the registration status and expiration day). NXC Series User's Guide 118 - ZyXEL NXC2500 | User Guide - Page 119
Overview Use the Wireless screens to configure how the NXC manages the Access Point that are connected to it. 8.1.1 What You Can Do in this Chapter • The Controller screen (Section 8.2 on page 120) sets how the NXC allows new APs to connect to the network. • The AP Management screen (Section 8.3 on - ZyXEL NXC2500 | User Guide - Page 120
table. Table 54 Configuration > Wireless > Controller LABEL DESCRIPTION Controller Setting Country Code Select the country where the NXC is located/installed. Registration Type Select Manual to add each AP to the NXC for management, or Always Accept to automatically add APs to the NXC for - ZyXEL NXC2500 | User Guide - Page 121
. Select one or multiple APs and click this button to remove the AP(s) from the manged AP list. Note: If in the Configuration > Wireless > Controller screen you set the Registration Type to Always Accept, then as soon as you remove an AP from this list it reconnects. NXC Series User's Guide 121 - ZyXEL NXC2500 | User Guide - Page 122
This button is not available if the selected AP doesn't support suppression mode. Select an AP and click this button to run the locator feature. The AP's Locator LED will start to blink for 10 minutes by default. It will show the actual location of the AP between several devices in the network. This - ZyXEL NXC2500 | User Guide - Page 123
number of stations (aka wireless clients) associated with the AP's 5 GHz WiFi network. This displays the most recent time the AP came on-line. N/A displays if the AP has not come on-line since the NXC last started up. This displays the Access Controller (the NXC) management VLAN ID setting for the - ZyXEL NXC2500 | User Guide - Page 124
Table 55 Configuration > Wireless > AP Management > Mgmt. AP List (continued) LABEL DESCRIPTION Location This field displays the AP's location you configured. Roaming Group This field displays the name of roaming group to which the AP belongs. S/N This field displays the serial number - ZyXEL NXC2500 | User Guide - Page 125
Edit AP List Select an AP and click the Edit the selected rule button or double-click an entry in the Configuration > Wireless > AP Management > Mgmt. AP List table to display this screen. Figure 70 Configuration > Wireless > AP Management > Mgmt. AP List > Edit AP List NXC Series User's Guide 125 - ZyXEL NXC2500 | User Guide - Page 126
is not assigned to an AP, it will belong to a default group. See Table 59 on page 135. Radio 1/2 Setting Override Group Radio Setting Each AP can belong to up to two groups. Select this option to overwrite the AP radio settings with the settings you configure here. NXC Series User's Guide 126 - ZyXEL NXC2500 | User Guide - Page 127
radio is in Root AP or Repeater AP mode. Select the ZyMesh profile the radio uses to connect to a root AP or repeater. This field is available only when the radio is in Repeater AP mode. Select this option to enable wireless bridging on the radio. The managed AP must support LAN provision and the - ZyXEL NXC2500 | User Guide - Page 128
Wireless > AP Management > Mgmt. AP List > Edit AP of the gateway. The AP sends packets to the AP LAN port settings with the settings you configure here. This section displays only when you select Override Group LAN managed AP. This shows the port's PVID. A PVID (Port VLAN ID) is a tag that adds - ZyXEL NXC2500 | User Guide - Page 129
Wireless > AP Management > Mgmt. AP List > Edit AP List (continued) LABEL DESCRIPTION VLAN Configuration This section displays only when you select Override Group LAN Setting. Add using the CLI (see CLI Reference Guide). Multicast Storm Control Enabling this will drop ingress multicast traffic - ZyXEL NXC2500 | User Guide - Page 130
the button to reset all of the AP settings to the factory defaults. OK Click OK to save your changes back to the NXC. Cancel Click Cancel to close the window with changes unsaved. 8.3.2 AP Policy Use this screen to configure the AP controller's IP address on the managed APs and determine the - ZyXEL NXC2500 | User Guide - Page 131
update firmware on the managed APs. Updating Mode Select FTP to allow the managed APs to download the latest firmware from the NXC using FTP. Select Auto so the NXC checks the AP's firmware version and updates it automatically to the NXC's latest supported version. Apply Reset Select Manual so - ZyXEL NXC2500 | User Guide - Page 132
58 Configuration > Wireless > AP Management > AP Group LABEL DESCRIPTION Group Setting Default Group Select a group that is used as the default group. Any AP that is not configured to associate with a specific AP group belongs to the default group automatically. Group Summary Add Click this - ZyXEL NXC2500 | User Guide - Page 133
Chapter 8 Wireless 8.3.3.1 Add/Edit AP Group Click Add or select an AP group and click the Edit button in the Configuration > Wireless > AP Management > AP Group table to display this screen. NXC Series User's Guide 133 - ZyXEL NXC2500 | User Guide - Page 134
Chapter 8 Wireless Figure 73 Configuration > Wireless > AP Management > AP Group > Add/Edit NXC Series User's Guide 134 - ZyXEL NXC2500 | User Guide - Page 135
radio is in Root AP or Repeater AP mode. Select the ZyMesh profile the radio uses to connect to a root AP or repeater. This field is available only when the radio is in Repeater AP mode. Select this option to enable wireless bridging on the radio. The managed AP must support LAN provision and the - ZyXEL NXC2500 | User Guide - Page 136
Table 59 Configuration > Wireless > AP Management > AP Group > Add/Edit (continued) LABEL DESCRIPTION Edit # SSID Profile VLAN Settings Force Overwrite VLAN Config Management VLAN ID As Native VLAN port(s) that is a member of this VLAN. Load Balancing Setting NXC Series User's Guide 136 - ZyXEL NXC2500 | User Guide - Page 137
Chapter 8 Wireless Table 59 Configuration > Wireless > AP Management > AP Group > Add/Edit (continued) LABEL DESCRIPTION Enable Load Balancing Select this to enable load balancing on the NXC. Use this section to configure wireless network traffic load balancing between the managed APs in this - ZyXEL NXC2500 | User Guide - Page 138
an AP firmware in order to manage supported APs. This screen allows the NXC to check for and download new AP firmware when it becomes available on the firmware server. When an AP connects to the NXC wireless controller, the NXC will check if the AP has the same firmware version as the AP firmware on - ZyXEL NXC2500 | User Guide - Page 139
table. Table 60 Configuration > Wireless > AP Management > Firmware LABEL DESCRIPTION AP Firmware Runtime Firmware Available Firmware This displays the latest AP firmware version currently on the NXC. The NXC must have the latest AP firmware to manage all supported APs. This field displays if - ZyXEL NXC2500 | User Guide - Page 140
Refresh Click this to update the model firmware table. 8.4 Rogue AP Use this screen to assign APs either to the rogue AP list or the friendly AP list. A rogue AP is a wireless access point operating in a network's coverage area that is not under the control of the network administrator, and which - ZyXEL NXC2500 | User Guide - Page 141
this to quarantine the selected rogue AP(s). A quarantined AP cannot grant access to any network services. Any stations that attempt to connect to a quarantined AP are disconnected automatically. Apply Reset Note: This feature only works when the AP is in monitor mode. Click Apply to save your - ZyXEL NXC2500 | User Guide - Page 142
Use this screen to enable auto healing, which allows you to extend the wireless service coverage area of the managed APs when one of the APs fails. Click Configuration > Wireless > Auto Healing to access this screen. Figure 77 Configuration > Wireless > Auto Healing NXC Series User's Guide 142 - ZyXEL NXC2500 | User Guide - Page 143
the AP controller obtains the same scan result that the AP is missing from the neighbor list of other APs three times. Set the power level (in dBm) to which the neighbor APs of the failed AP increase their output power in order to extend their wireless service coverage areas. Apply Reset When the - ZyXEL NXC2500 | User Guide - Page 144
Balancing Because there is a hard upper limit on an AP's wireless bandwidth, load balancing can be crucial in areas crowded with wireless users. Rather than let every user connect and subsequently dilute the available bandwidth to the point where each connecting device receives a meager trickle, the - ZyXEL NXC2500 | User Guide - Page 145
wireless network as long as the AP has the bandwidth to spare. If too many people connect and the AP the nearest identical AP. 8.6.3 Disassociating and Delaying Connections When your AP becomes overloaded, AP with bandwidth to spare. Figure 81 Delaying a Connection The second response your AP - ZyXEL NXC2500 | User Guide - Page 146
. The NXC first looks to see which devices have been idle the longest, then starts kicking them in order of highest idle time. If no connections are idle, the next criteria the NXC analyzes is signal strength. Devices with the weakest signal strength are kicked first. NXC Series User's Guide 146 - ZyXEL NXC2500 | User Guide - Page 147
that is directly connected to the NXC. For example, You connect the LAN network to the interface. • Zones are groups of interfaces used to ease . VLAN interfaces receive and send tagged frames. The NXC automatically adds or removes the tags as needed. • The LAG screens ( Series User's Guide 147 - ZyXEL NXC2500 | User Guide - Page 148
The NXC automatically adds or removes networks on this screen. To access this screen, click Configuration > services, and they can verify the gateway is available. Use Ethernet interfaces to control management. Figure 83 Configuration > Network > Interface > Ethernet NXC Series User's Guide 148 - ZyXEL NXC2500 | User Guide - Page 149
dynamically assigned (DHCP). Mask PVID Apply Reset In the IPv6 network, this screen assignment and interface parameters. To access this screen, select an interface LAN's IP address, the NXC automatically updates the corresponding interface-based, LAN subnet address object. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 150
Chapter 9 Interfaces Figure 84 Configuration > Network > Interface > Ethernet > Edit (general) NXC Series User's Guide 150 - ZyXEL NXC2500 | User Guide - Page 151
adds default route and SNAT settings for traffic it routes from internal interfaces to external interfaces; for example LAN manually configure a policy route to add is a tag that adds to incoming untagged frames LAN interface, you should also change the corresponding LAN and gateway manually. This field - ZyXEL NXC2500 | User Guide - Page 152
, that is, the network address. Enter the IPv6 address of the default outgoing gateway using colon (:) hexadecimal notation. Enter the priority of the reduce heavy network traffic load. Request Address DHCPv6 Request Options Add Note: Make sure you also enable this option in the User's Guide 152 - ZyXEL NXC2500 | User Guide - Page 153
you specify to make sure it is still available. Check Period Check Timeout Check Fail Tolerance Check Default Gateway Check this address Check Port DHCP Setting Select tcp to have the NXC regularly perform a TCP when you set the Interface Type to Internal or General. NXC Series User's Guide 153 - ZyXEL NXC2500 | User Guide - Page 154
default router, select Custom Defined and enter the IP address. Specify how long each computer can use the information (especially the IP address) before it has to request the information again. Choices are: infinite - select this if IP addresses never expire. Extended Options Add User's Guide 154 - ZyXEL NXC2500 | User Guide - Page 155
when you set the Interface Type to External or General. Use Default MAC Address Overwrite Default MAC Address Related Setting Configure Policy Route Have the interface use either the factory assigned default MAC address, a manually specified MAC address, or clone the MAC address of another device - ZyXEL NXC2500 | User Guide - Page 156
Service This is the type of setting that references the selected object. Click a service's name to display the service can additionally add DHCPv6 request options which have the NXC to add more information in the DHCPv6 Setting section, and then click Add in the DHCPv6 Request Options table. Select a - ZyXEL NXC2500 | User Guide - Page 157
Option Select which DHCP option that you want to add in the DHCP packets sent through the interface. See Table 68 on page 158 for more information. Name This field displays the name of the selected DHCP option. If you selected User Defined in the Option field, enter a descriptive name to - ZyXEL NXC2500 | User Guide - Page 158
Interface > Ethernet > Edit > Add/Edit Extended Options LABEL DESCRIPTION Value Access Controller addresses option TFTP Server The Control And Provisioning of Wireless Access Points Protocol allows a Wireless Termination Point (WTP) to use DHCP to discover the Access Controllers User's Guide 158 - ZyXEL NXC2500 | User Guide - Page 159
divides a physical network into multiple logical networks. The standard is defined in IEEE 802.1q. Note: By default, the NXC acts a bridge device. This means all interfaces (ge1~g6) are grouped together into a (network layer, IP addresses). It is handled by the router. NXC Series User's Guide 159 - ZyXEL NXC2500 | User Guide - Page 160
another VLAN. • Better manageability - You can align network policies more appropriately for users. For example, you can used for your IPv6 networks on this screen. To access this screen, click Configuration > Network > Interface > Add Click this to create a new VLAN. NXC Series User's Guide 160 - ZyXEL NXC2500 | User Guide - Page 161
STATIC) or dynamically assigned (DHCP). VID Member Apply Reset In the IPv6 network, this screen also shows whether NXC. Click Reset to return the screen to its last-saved settings. 9.3.2 Add/Edit VLAN This interface. To access this screen, click the Add icon at the top of the Add column or click - ZyXEL NXC2500 | User Guide - Page 162
Chapter 9 Interfaces Figure 91 Configuration > Network > Interface > VLAN > Add/Edit NXC Series User's Guide 162 - ZyXEL NXC2500 | User Guide - Page 163
Use Fixed IP Address Select this if you want to specify the IP address, subnet mask, and gateway manually. IP Address This field is enabled if you select Use Fixed IP Address. Subnet Mask Enter the IP priority, the NXC uses the one that was configured first. NXC Series User's Guide 163 - ZyXEL NXC2500 | User Guide - Page 164
, that is, the network address. Enter the IPv6 address of the default outgoing gateway using colon (:) hexadecimal notation. Enter the priority of the determine what additional information to get from the DHCPv6 server. Add Click this to create an entry in this table. See Series User's Guide 164 - ZyXEL NXC2500 | User Guide - Page 165
services. There is already a DHCP server on the network. DHCP Relay - the NXC routes DHCP requests to one or more DHCP servers you specify. The DHCP server(s) may be on another network. Relay Server 1 Relay Server 2 IP Pool Start specific computer, click Add Static DHCP. Pool Size User's Guide 165 - ZyXEL NXC2500 | User Guide - Page 166
for IP/MAC Binding Violation Static DHCP Table Add Edit Remove # IP Address MAC Address Description NXC assigns an IP address dynamically using the interface's IP Pool Start Address and Pool Size. Click this to create a new entry default gateway for the connectivity check. NXC Series User's Guide 166 - ZyXEL NXC2500 | User Guide - Page 167
can manually configure -duplex mode. You support Link Aggregation Group (LAG). 9.4.1 LAG Summary Screen This screen lists every LAG created on the NXC. To access this screen, click Configuration > Network > Interface > LAG. Figure 92 Configuration > Network > Interface > LAG NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 168
Mode Control Reset to return the screen to its last-saved settings. 9.4.2 LAG Add/Edit This screen lets you configure Interface and LAG parameters for each LAG interface. To access this screen, click the Add or Edit icon in the LAG screen. The following screen appears. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 169
Chapter 9 Interfaces Figure 93 Configuration > Network > Interface > LAG > Add NXC Series User's Guide 169 - ZyXEL NXC2500 | User Guide - Page 170
Add manually adds default adds this interface to the default WAN trunk. Interface Name PVID For general, the rest of the screen's options do not automatically adjust and you must manually configure a policy route to add that adds to Mode management Mode Control Mode. This field sets the - ZyXEL NXC2500 | User Guide - Page 171
top of it. • It is already used in a different LAG interface. Select one, and click the >> arrow to add it to the LAG interface. This field displays the interfaces that are part of the LAG interface. Select one, and check. Select this to turn on the connection check. NXC Series User's Guide 171 - ZyXEL NXC2500 | User Guide - Page 172
NXC does not provide any DHCP services. There is already a DHCP server on the network. DHCP Relay - the NXC routes DHCP requests to one or more DHCP servers you specify. The DHCP server(s) may be on another network. Relay Server 1 Relay Server 2 IP Pool Start Address DHCP Server - the NXC assigns - ZyXEL NXC2500 | User Guide - Page 173
Add/Edit (continued) LABEL DESCRIPTION First WINS Server, Second WINS Server Default Router Type the IP address of the WINS (Windows Internet Naming Service manually using a bound IP address on another device connected to this interface. Use this to make use only the intended users Start manually - ZyXEL NXC2500 | User Guide - Page 174
, you can enter the IP address and subnet mask manually. In many interfaces, you can also let the IP this case, the packet is dropped. However, if there is a default router to which the NXC should send this packet, you can specify support ingress bandwidth management. NXC Series User's Guide 174 - ZyXEL NXC2500 | User Guide - Page 175
interface's IP address is 9.9.9.1 and subnet mask is 255.255.255.0, the starting IP address in the pool is 9.9.9.2, and the pool size is 253. to three DNS servers that provide DNS services for DHCP clients. You can specify each IP address manually (for example, a company's own DNS User's Guide 175 - ZyXEL NXC2500 | User Guide - Page 176
Chapter 9 Interfaces WINS WINS (Windows Internet Naming Service) is a Windows implementation of NetBIOS Name Server (NBNS) on Windows. It keeps track of NetBIOS computer names. It DNS). A network can have more than one WINS server. Samba can also serve as a WINS server. NXC Series User's Guide 176 - ZyXEL NXC2500 | User Guide - Page 177
distribute traffic among multiple paths. Static Routes The NXC usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the NXC send data to devices not could configure a policy route and an equivalent static route. NXC Series User's Guide 177 - ZyXEL NXC2500 | User Guide - Page 178
the same priority. CoS (class of service) is a way of managing traffic in a network by grouping similar Code Points (DSCPs) indicating the level of service service levels. The following figure illustrates the DS field. DSCP (6 bits) Unused (2 bits) DSCP is backward compatible User's Guide 178 - ZyXEL NXC2500 | User Guide - Page 179
the packets directly to a connected network. Click this to create a new entry. Select an entry and click Add to create a new entry after the selected entry. Double-click an entry or select it and click Edit IP address (group) object. any means all IP addresses. NXC Series User's Guide 179 - ZyXEL NXC2500 | User Guide - Page 180
preferences. Service Source . default means Reset It Add/Edit Policy Route Click Configuration > Network > Routing to open the Policy Route screen. Then click the Add or Edit icon to open the Policy Route Edit screen. Use this screen to configure or edit a policy route. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 181
describes the labels in this screen. Table 76 Configuration > Network > Routing > Policy Route > Add/Edit LABEL DESCRIPTION Show / Hide Advanced Settings Click this button to display a greater or lesser IP address object to which the traffic is being sent. NXC Series User's Guide 181 - ZyXEL NXC2500 | User Guide - Page 182
of three drop preferences. User-Defined DSCP Code Schedule Service Source Port Next-Hop Type The "wmm" entries are for QoS. For more information on QoS and WMM categories, see WMM on page 185. Use this field to specify a custom DSCP code point. Select a schedule to control when the policy route - ZyXEL NXC2500 | User Guide - Page 183
describes the labels in this screen. Table 77 Configuration > Network > Routing > Static Route LABEL DESCRIPTION Add Click this to create a new static route. Edit Double-click an entry or select it and click smaller the number, the higher priority the route has. NXC Series User's Guide 183 - ZyXEL NXC2500 | User Guide - Page 184
required information for a static route. Figure 97 Configuration > Network > Routing > Static Route > Add/Edit The following table describes the labels in this screen. Table 78 Configuration > Network > Routing one network to a different IP address in another network. NXC Series User's Guide 184 - ZyXEL NXC2500 | User Guide - Page 185
of Service (QoS) features to wireless networks access categories take precedence over this one. If traffic from an SSID does not have strict throughput requirements, then this access category is recommended. For example, an SSID that only has network printers connected to it. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 186
in this Chapter The Zone screens (see Section 11.2 on page 187) manage the NXC's zones. 11.1.2 What You Need to Know The following terms all intra-zone traffic. • You can also set up firewall rules to control intra-zone traffic, but many other types of zone-based security and policy User's Guide 186 - ZyXEL NXC2500 | User Guide - Page 187
between members in the zone. Member This field displays the names of the interfaces that belong to each zone. 11.2.1 Add/Edit Zone This screen allows you to add or edit a zone. To access this screen, go to the Zone screen, and click the Add icon or an Edit icon. NXC Series User's Guide 187 - ZyXEL NXC2500 | User Guide - Page 188
not belong to any zone. Select the interfaces that you want to add to the zone you are editing, and click the right arrow button to add them. Member lists the interfaces that belong to the zone. Select screen. Cancel Click Cancel to exit this screen without saving. NXC Series User's Guide 188 - ZyXEL NXC2500 | User Guide - Page 189
in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the new NAT rules and edit and delete existing NAT rules. To access this screen, log into the Web Configurator and click Configuration > Network - ZyXEL NXC2500 | User Guide - Page 190
field displays the service used by the packets for this NAT entry. It displays Add/Edit NAT This screen lets you create new NAT rules and edit existing ones. To open this window, open the NAT summary screen. Then, click on an Add icon or Edit icon to open the following screen. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 191
table describes the labels in this screen. Table 84 Configuration > Network > NAT > Add/Edit LABEL DESCRIPTION Create new Object Use to configure any new settings objects that you first character cannot be a number. This value is case-sensitive. Port Mapping Type NXC Series User's Guide 191 - ZyXEL NXC2500 | User Guide - Page 192
access supports one destination port. Ports - this NAT rule supports a range of destination ports. You might use a range of destination ports for unknown services or when one server supports more than one service. This field is read-only and displays any for Many 1:1 NAT. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 193
features described in this chapter. NAT Loopback Suppose a NAT 1:1 rule maps a public IP address to the private IP address of a LAN SMTP e-mail server to give WAN users access. NAT loopback allows other users to also use the rule's original IP to access the mail server. NXC Series User's Guide 193 - ZyXEL NXC2500 | User Guide - Page 194
NXC's LAN IP address and the NXC changes the source address to 1.1.1.1 before sending it to the LAN user. The return traffic's source matches the original destination address (1.1.1.1). If the SMTP server replied directly to the LAN user without the traffic going through NAT, NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 195
Chapter 12 NAT the source would not match the original destination address which would cause the LAN user's computer to shut down the session. Figure 105 LAN to LAN Return Traffic NAT Source 192.168.1.21 SMTP LAN 192.168.1.21 Source 1.1.1.1 SMTP 192.168.1.89 NXC Series User's Guide 195 - ZyXEL NXC2500 | User Guide - Page 196
file transfer service. The supports all of the NXC's NAT mapping types. FTP ALG The FTP ALG allows TCP packets with a specified port destination to pass through. If the FTP server is located on the LAN, you must also configure NAT (port forwarding) rules if you want to allow access User's Guide 196 - ZyXEL NXC2500 | User Guide - Page 197
Signaling Port Additional FTP Signaling Port for Transformations Apply Reset Clear this option if you have an FTP save your changes back to the NXC. Click Reset to return the screen to its last-saved settings Protocol (FTP) is an Internet file transfer service that operates on the Internet and over - ZyXEL NXC2500 | User Guide - Page 198
checks incoming connection attempts against this list. A user cannot manually assign another IP to his computer and use it to connect to the NXC. Suppose you configure access privileges for IP address 192.168.1.27 and use on the NXC's dynamic and static DHCP entries. NXC Series User's Guide 198 - ZyXEL NXC2500 | User Guide - Page 199
dimmed when the entry is inactive. Interface This is the name of an interface that supports IP/MAC binding. Number of Binding This field displays the interface's total number of back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC Series User's Guide 199 - ZyXEL NXC2500 | User Guide - Page 200
address is in the table, the NXC assigns the corresponding IP address. You can also access this table from the interface's edit screen. Add Click this to create a new entry. Edit Double-click an entry or select it address. Description This helps identify the entry. NXC Series User's Guide 200 - ZyXEL NXC2500 | User Guide - Page 201
Click Cancel to exit this screen without saving. 14.2.2 Add/Edit Static DHCP Rule Click Configuration > Network > IP/MAC Binding > Edit to open this screen. Click the Add or Edit icon to open the following screen. Use this to which the NXC does not apply IP/MAC binding. NXC Series User's Guide 201 - ZyXEL NXC2500 | User Guide - Page 202
89 Configuration > Network > IP/MAC Binding > Exempt List LABEL DESCRIPTION Add Click this to create a new entry. Edit Click an entry or MAC binding list entry. Name Enter a name to help identify this entry. Start IP Enter the first IP address in a range of IP addresses for User's Guide 202 - ZyXEL NXC2500 | User Guide - Page 203
and hotel rooms, to name a few; as soon as you attempt to open a web page, the hotspot's AP reroutes your browser to a captive portal page that prompts you to log in. Figure 112 Captive Portal Example The captive See Section 15.3.3 on page 213 for portal pages details. NXC Series User's Guide 203 - ZyXEL NXC2500 | User Guide - Page 204
through the NXC. • The Redirect on AP screen (Section 15.5 on page 221) configures the authentication policy rules for traffic from specific SSIDs of the managed APs. 15.2 Captive Portal This screen allows you to enable captive portal and define any exceptional services. NXC Series User's Guide 204 - ZyXEL NXC2500 | User Guide - Page 205
to access this an IP address that users can use to terminate their sessions manually by entering the IP address Controller or Redirect on AP > Auth. Policy Add/Edit screen. This table shows the SSID profile's MAC caching time. If you didn't set the MAC caching time for an SSID profile, the wireless - ZyXEL NXC2500 | User Guide - Page 206
the NXC. Reset Click Reset to return the screen to its last-saved settings. 15.2.1 Add Exceptional Services This screen allows you to manage exceptions to captive portal interception. Click the Add button in the Exceptional Services table on the Captive Portal screen to access this screen. Note - ZyXEL NXC2500 | User Guide - Page 207
Exceptional Services table. OK Click OK to save your changes back to the NXC. Cancel Click Cancel to exit this screen without saving. 15.3 Custom Captive Portal The login page appears whenever the captive portal intercepts network traffic, preventing unauthorized users from gaining access to - ZyXEL NXC2500 | User Guide - Page 208
put it on the NXC. Click Reset to return the screen to its last-saved settings. 15.3.1 Add Customized Page This screen allows you to add a customized login page. Click the Add button in the Customized Page table on the Custom Captive Portal screen to access this screen. NXC Series User's Guide 208 - ZyXEL NXC2500 | User Guide - Page 209
Chapter 15 Captive Portal Figure 116 Configuration > Captive Portal > Custom Captive Portal > Add Customized Page NXC Series User's Guide 209 - ZyXEL NXC2500 | User Guide - Page 210
Add to the "Zyxel" logo image in the default page. Browse image file replaces the default "Zyxel" logo on the login "NXC" title in the default page. Select a font color , or JPG. Customized Access Page Title Message Color elements on the 'access' page that JPG. Customized User-logout Page Title Message - ZyXEL NXC2500 | User Guide - Page 211
Configuration > Captive Portal > Custom Captive Portal > Add Customized Page LABEL DESCRIPTION Note Message Background Enter a saving. 15.3.2 Custom Login and Access Pages The following identify the parts you can customize in the login and access pages. Figure 117 Login Page Customization - ZyXEL NXC2500 | User Guide - Page 212
Chapter 15 Captive Portal Figure 118 Access Page Customization Logo Title Message Color (color of all text) Background Note Message (last line of text) Figure 119 User Logout Page Customization Logo Title Message to choose. • Enter the name of the desired color. NXC Series User's Guide 212 - ZyXEL NXC2500 | User Guide - Page 213
field, click Apply, or press [ENTER]. If your desired color does not display, your browser may not support it. Try selecting another color. 15.3.3 External or Uploaded Web Portal Details You can also configure the Figure 121 External Web Portal Welcome Page Example NXC Series User's Guide 213 - ZyXEL NXC2500 | User Guide - Page 214
Chapter 15 Captive Portal Figure 122 External Web Portal Session Page Example Figure 123 External Web Portal Logout Page Example NXC Series User's Guide 214 - ZyXEL NXC2500 | User Guide - Page 215
Login denied Login attempt from a locked out address -3 Login denied Simultaneous admin/access logons or users have reached the maximum number Here are the HTTP parameters the NXC uses with authentication timeout LOGIN WELCOME V V SESSION V V LOGOUT V ERROR V NXC Series User's Guide 215 - ZyXEL NXC2500 | User Guide - Page 216
from the managed AP's WiFi clients and is not forwarded to the NXC, go to the Captive Portal > Redirect on AP screen. Click Configuration > Captive Portal > Redirect on Controller to access this screen. Figure 126 Configuration > Captive Portal > Redirect on Controller NXC Series User's Guide 216 - ZyXEL NXC2500 | User Guide - Page 217
Reset Add/Edit This screen allows you to add authentication policies to captive portal interception. Click the Add or Edit button (for an existing policy) in the Authentication Policy Summary table on the Captive Portal > Redirect on Controller screen to access this screen. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 218
Chapter 15 Captive Portal Figure 127 Configuration > Captive Portal > Redirect on Controller: Add/Edit NXC Series User's Guide 218 - ZyXEL NXC2500 | User Guide - Page 219
Redirect on Controller: Add/Edit LABEL DESCRIPTION Create New Object General Settings Enable Policy Description User Auth Policy whenever the web portal intercepts network traffic, preventing unauthorized users from gaining access to the network. Enable Domain Name Redirect Link User's Guide 219 - ZyXEL NXC2500 | User Guide - Page 220
Portal > Redirect on Controller: Add/Edit LABEL DESCRIPTION Welcome pointing the camera or webcam to the QR code. They then can quickly log into the website without entering a username and password. Guest Account Select a user or guest account that you created in the Object > User/Group > User - ZyXEL NXC2500 | User Guide - Page 221
by the managed APs. Click Configuration > Captive Portal > Redirect on AP to access this screen. Note: To apply an authentication policy rule to a specific SSID, make sure the SSID is set to work in local bridge forwarding mode and associated with an AP group. You also need to add the authentication - ZyXEL NXC2500 | User Guide - Page 222
you to view, create and manage the authentication policies which can be added to a policy group or applied to an individual managed AP. Add Edit Remove Activate Inactivate # Status your changes back to the NXC. Click Reset to return the screen to its last-saved settings. NXC Series User's Guide 222 - ZyXEL NXC2500 | User Guide - Page 223
Add/Edit This screen allows you to add authentication policy groups for managed AP groups. Click the Add or Edit button (for an existing policy) in the Authentication Policy Group table on the Captive Portal > Redirect on AP screen to access this screen without saving. NXC Series User's Guide 223 - ZyXEL NXC2500 | User Guide - Page 224
policy rules. Click the Add or Edit button (for an existing policy) in the Authentication Policy Rule table on the Captive Portal > Redirect on AP screen to access this screen. Figure 130 Configuration > Captive Portal > Redirect on AP: Auth. Policy Add/Edit NXC Series User's Guide 224 - ZyXEL NXC2500 | User Guide - Page 225
> Redirect on AP: Auth. Policy Add/Edit LABEL DESCRIPTION User Auth Policy SSID Select a pre-defined SSID profile to which the policy is applied. Note: You cannot select and apply the policy to an SSID profile in Tunnel forwarding mode preventing unauthorized users from gaining access to the - ZyXEL NXC2500 | User Guide - Page 226
101 Configuration > Captive Portal > Redirect on AP: Auth. Policy Add/Edit LABEL DESCRIPTION Welcome URL Specify the welcome page the users use the "ua-users" account to log into the NXC and access the Internet. Promotion URL The AP opens the specified web site when a user attempts to access the - ZyXEL NXC2500 | User Guide - Page 227
4 The Ekahau RTLS Controller calculates the tag positions. Figure 131 RTLS Example 2 4 1 3 16.1.1 What You Can Do in this Chapter Use the RTLS screen (Section 16.3 on page 228) to use the managed APs as part of an Ekahau RTLS to track the location of Ekahau WiFi tags. NXC Series User's Guide 227 - ZyXEL NXC2500 | User Guide - Page 228
managed by the NXC (the more APs the better since it increases the amount of information the Ekahau RTLS Controller has for calculating the location of the tags) • IP addresses for the Ekahau WiFi tags. • A dedicated RTLS SSID is recommended. • Ekahau RTLS Controller in blink mode with TZSP Updater - ZyXEL NXC2500 | User Guide - Page 229
. IP Address Specify the IP address of the Ekahau RTLS Controller. Server Port Specify the server port number of the Ekahau RTLS Controller. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC Series User's Guide 229 - ZyXEL NXC2500 | User Guide - Page 230
, LAN to WAN, LAN to DMZ, and LAN to WLAN traffic is allowed. This also includes traffic to or from interfaces that are not assigned to a zone (extra-zone traffic). To-NXC Rules Rules with EnterpriseWLAN as the To Zone apply to traffic going to the NXC itself. By default: NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 231
• The firewall allows any computers to access or manage the NXC. When you configure a firewall rule for packets destined for the NXC itself, make sure it does not conflict with your service control rule. The NXC checks the firewall rules before the service control rules for traffic destined for the - ZyXEL NXC2500 | User Guide - Page 232
not been acknowledged. Select this check box to have the NXC permit the use of asymmetrical route topology on the network (not reset the connection). Note: Allowing asymmetrical routes may let traffic from the WAN go directly to the LAN without passing through the NXC. NXC Series User's Guide 232 - ZyXEL NXC2500 | User Guide - Page 233
displays for the default firewall behavior that the NXC performs on traffic that does not match any other firewall rule. This is the direction of travel of packets to which the firewall rule applies. To Schedule User IPv4 Source IPv4 Destination Service Access Log Apply Reset This field tells - ZyXEL NXC2500 | User Guide - Page 234
following table describes the labels in this screen. Table 106 Configuration > Firewall > Add/Edit LABEL DESCRIPTION Create new Object Enable From Use to configure any new settings objects rule applies. Select any if the policy is effective for every destination. NXC Series User's Guide 234 - ZyXEL NXC2500 | User Guide - Page 235
> Add/Edit (continued) LABEL DESCRIPTION Service Access Select a service or service group from the drop-down list box. Use the drop-down list box to select what the firewall is to do with packets that match this rule. Select deny to silently discard the packets without sending a TCP reset - ZyXEL NXC2500 | User Guide - Page 236
Control (continued) LABEL DESCRIPTION Enable Session limit IPv4 Rule Summary Default Session per Host Select this check box to control user or address is allowed to have. Click Apply to save your changes back to the NXC. Click Reset to return the screen to its last-saved settings. 17.3.1 Add - ZyXEL NXC2500 | User Guide - Page 237
can have. For this rule's users and addresses, this setting overrides the Default Session per Host setting in the general Firewall Session Limit screen. Click OK to save your customized settings and exit this screen. Click Cancel to exit this screen without saving. NXC Series User's Guide 237 - ZyXEL NXC2500 | User Guide - Page 238
. In addition, this screen allows you to add, edit, and remove user groups. User groups may consist of access users and other user groups. You cannot put admin users in user groups • The Setting screen (see Section 18.4 on page 246) controls default settings, login settings, lockout settings, and - ZyXEL NXC2500 | User Guide - Page 239
Address Accounts Use an external server to authenticate wireless clients by MAC address. After authentication the NXC maps the wireless client to a mac-address user account (MAC role). Configure user-aware features to control MAC address user access to network services. NXC Series User's Guide 239 - ZyXEL NXC2500 | User Guide - Page 240
in ext-user. 2 User role setting in ext-group-user. 3 User role setting in default user (ldap-users, ad-users, radius-users). 18.2 User Summary The User screen provides a summary of all user accounts. To access this screen click Configuration > Object > User/Group. NXC Series User's Guide 240 - ZyXEL NXC2500 | User Guide - Page 241
wireless client to a MAC address user account (MAC role). User-aware features control MAC address user access to specific resources. This field displays the description for each user. This field displays the number of times an object reference is used in a profile. 18.2.1 Add/Edit User The User Add - ZyXEL NXC2500 | User Guide - Page 242
• lp • mail • radius-users • root • uucp • zyxel • bin • games • news • shutdown • daemon • halt • nobody • sshd To access this screen, go to the User screen, and click Add or Edit. Figure 138 Configuration > Object > User/Group > User > Add/Edit A User (user) NXC Series User's Guide 242 - ZyXEL NXC2500 | User Guide - Page 243
the NXC maps a wireless client to a MAC address user account (MAC role). User-aware features control MAC address user access to specific resources. This field is not available if you select the ext-user, ext-group-user or mac-address type. Retype Enter the password of this user account. It can - ZyXEL NXC2500 | User Guide - Page 244
changes. 18.3 Group Summary User groups consist of access users and other user groups. You cannot put admin users in user groups. The Group screen provides a summary of all user groups. In addition, this screen allows you to add, edit, and remove user groups. To access this screen, log into the - ZyXEL NXC2500 | User Guide - Page 245
a group does not remove the user accounts in the group. Object References Add/Edit Group This screen allows you to add a new user group or edit an existing one. To access this screen, go to the Group screen, and click either the Add icon or an Edit icon. Figure 141 Configuration > User/Group > Group > Add - ZyXEL NXC2500 | User Guide - Page 246
your changes. 18.4 Setting This screen controls default settings, login settings, lockout settings, and other user settings for the NXC. You can also use this screen to specify when users must log in to the NXC before it routes traffic for them. To access this screen, login to the Web Configurator - ZyXEL NXC2500 | User Guide - Page 247
Chapter 18 User/Group Figure 142 Configuration > Object > User/Group > Setting NXC Series User's Guide 247 - ZyXEL NXC2500 | User Guide - Page 248
authentication the NXC maps a wireless client to a MAC address user account (MAC role). User-aware features control MAC address user access to specific resources. You do not need to set the lease time and reauthentication time for this type of user account. This is the default lease time in minutes - ZyXEL NXC2500 | User Guide - Page 249
services) you wan to display in the paper along with the account information you print out for dynamic guest users. You can enter up to 1024 ASCII characters. Apply Click Apply to save the changes. Reset Click Reset to return the screen to its last-saved settings. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 250
- this user has access to the NXC's services but cannot look at the configuration. • ext-user - this user account is maintained in a remote server, such as RADIUS or LDAP. • ext-group-user - this user account is maintained in a remote server, such as RADIUS or LDAP. • guest-manager - this user can - ZyXEL NXC2500 | User Guide - Page 251
guest group or edit an existing one. To access this screen, go to the Configuration > Object > User/Group > Setting screen, and click either the Add icon or an Edit icon in the Dynamic Guest Group section. Figure 144 User/Group > Setting > Add/Edit Dynamic Guest Group The following table describes - ZyXEL NXC2500 | User Guide - Page 252
can specify a lease time shorter than or equal to the one that you specified. The default value is the lease time that you specified. Renew Access users can click this button to reset the lease time, the amount of time remaining before the NXC automatically logs them out. The NXC sets this amount - ZyXEL NXC2500 | User Guide - Page 253
QR code. Create account Guest Name Users scan the QR code on the web portal by running a scanning app on their mobile devices or desktops and pointing the camera or webcam to the QR code. They then can quickly log into the website without entering a username and password. Enter the number (up to - ZyXEL NXC2500 | User Guide - Page 254
the descriptive name for an account. User Name This is the user name of an account. Password This is the password of an account. Return Click this User/Group > Setting screen for dynamic guests. The following figure shows the dynamic guest account printout example. NXC Series User's Guide 254 - ZyXEL NXC2500 | User Guide - Page 255
user accounts and MAC roles. Click Configuration > Object > User/Group > MAC Address to open this screen. Figure 149 Configuration > Object > User > User/Group > MAC Address LABEL DESCRIPTION MAC Authentication Add Click specific entry. MAC Address/ The wireless client MAC address or OUI ( - ZyXEL NXC2500 | User Guide - Page 256
The following table describes the labels in this screen. Table 121 Configuration > Object > User/Group > MAC Address > Add/Edit LABEL DESCRIPTION MAC Address/ OUI Specify the wireless client's MAC address or OUI (Organizationally Unique Identifier). The OUI is the first three octets in a MAC - ZyXEL NXC2500 | User Guide - Page 257
shows you how to configure preset profiles for the Access Points (APs) connected to your NXC's wireless network. 19.1.1 What You Can Do in this Chapter • The Radio screen (Section 19.2 on page 258) creates radio configurations that can be used by the APs. • The SSID screen (Section 19.3 on page 265 - ZyXEL NXC2500 | User Guide - Page 258
profile is a list of settings that a supported managed AP (NWA5121-N for example) can use to configure either one of its two radio transmitters. To access this screen click Configuration > Object > AP Profile. Note: You can have a maximum of 32 radio profiles on the NXC. NXC Series User's Guide 258 - ZyXEL NXC2500 | User Guide - Page 259
Reset to return the screen to its last-saved settings. 19.2.1 Add/Edit Radio Profile This screen allows you to create a new radio profile or edit an existing one. To access this screen, click the Add button or select a radio profile from the list and click the Edit button. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 260
Chapter 19 AP Profile Figure 152 Configuration > Object > AP Profile > Add/Edit Radio Profile NXC Series User's Guide 260 - ZyXEL NXC2500 | User Guide - Page 261
. Select 20MHz if you want to lessen radio interference with other wireless devices in your neighborhood or the wireless clients do not support channel bonding. Note: If the environment has poor signal-to-noise ratio (SNR), the AP will switch to a lower bandwidth. NXC Series User's Guide 261 - ZyXEL NXC2500 | User Guide - Page 262
wireless clients and the AP to which this profile is assigned. Select DCS to have the AP supported. This field is available only when you set Channel Selection to DCS and set 2.4 GHz Channel Selection Method to manual. Select the check boxes of the channels that you want the AP User's Guide 262 - ZyXEL NXC2500 | User Guide - Page 263
to DCS and set 5 GHz Channel Selection Method to manual. Time Interval DCS Time Interval Select the check boxes of the channels that you want the AP to use. Select this option to have the AP survey the other APs within its broadcast radius at the end of the specified time interval. This field - ZyXEL NXC2500 | User Guide - Page 264
. A high value helps save current consumption of the access point. Delivery Traffic Indication Message (DTIM) is the time period after which broadcast and multicast packets are transmitted to mobile clients in the Active Power Management mode. A high DTIM value can cause clients to lose connectivity - ZyXEL NXC2500 | User Guide - Page 265
> AP Profile > Add/Edit Radio Profile (continued) LABEL DESCRIPTION Multicast Rate (Mbps) If you set the multicast transmission mode to manage SSID configurations that can be used by the APs. An SSID, or Service Set IDentifier, is basically the name of the wireless network to which a wireless - ZyXEL NXC2500 | User Guide - Page 266
appears to wireless clients. mode is set to Tunnel. 19.3.1.1 Add/Edit SSID Profile This screen allows you to create a new SSID profile or edit an existing one. To access this screen, click the Add button or select an SSID profile from the list and click the Edit button. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 267
this screen. Table 125 Configuration > Object > AP Profile > SSID List > Add/Edit SSID Profile LABEL DESCRIPTION Create new Object for management purposes. Spaces are not allowed. SSID Enter the SSID name for this profile. This is the name visible on the network to wireless User's Guide 267 - ZyXEL NXC2500 | User Guide - Page 268
of Service (QoS) access category to associate with this SSID. Access categories minimize the delay of data packets across a wireless network. GHz WiFi network can also function in the 5 GHz band but doesn't support 802.11v, the AP disconnects the client after it has been idle longer than 5 seconds. - ZyXEL NXC2500 | User Guide - Page 269
If you selected the Tunnel forwarding mode, select a VLAN interface. All the station's traffic is forwarded to the NXC first. Controller offline policy This field is available only when the forwarding mode is Local Bridge. When the AP cannot connect to the NXC and Radius Server Type is set - ZyXEL NXC2500 | User Guide - Page 270
screen allows you to manage wireless security configurations that can be used by your SSIDs. Wireless security is implemented strictly between the AP broadcasting the SSID and the stations that are connected to it. To access this screen click Configuration > Object > AP Profile > SSID > Security - ZyXEL NXC2500 | User Guide - Page 271
This screen allows you to create a new security profile or edit an existing one. To access this screen, click the Add button or select a security profile from the list and click the Edit button. Note: This screen's options change based on the Security Mode selected. NXC Series User's Guide 271 - ZyXEL NXC2500 | User Guide - Page 272
Chapter 19 AP Profile Figure 156 Configuration > Object > AP Profile > SSID > Security Profile > Add/Edit Security Profile NXC Series User's Guide 272 - ZyXEL NXC2500 | User Guide - Page 273
open) and fallback (WPA2 or open) security method. If Security Mode is wpa3, enabling this will force Management Frame Protection to be set to Optional. If this is disabled or if the Security Mode is enhanced open, Management Frame Protection will be set to Required. NXC Series User's Guide 273 - ZyXEL NXC2500 | User Guide - Page 274
(MFP) to add security to 802.11 management frames. Select Optional if you do not require the wireless clients to support MFP. Management frames will be encrypted if the clients support MFP. Fast Roaming Settings 802.11r Select Required and wireless clients must support MFP in order to join the AP - ZyXEL NXC2500 | User Guide - Page 275
user accounts. Auth. Method An external server can use the wireless client's account (username/password RADIUS servers can require the MAC address in the Calling Station ID RADIUS manage MAC filtering profiles that can be used by your SSIDs. To access this screen click Configuration > Object > AP - ZyXEL NXC2500 | User Guide - Page 276
Object > AP Profile > SSID > MAC Filter List LABEL DESCRIPTION Add Click this to add a new access this screen, click the Add button or select a MAC filtering profile from the list and click the Edit button. Figure 158 SSID > MAC Filter List > Add/Edit MAC Filter Profile NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 277
saving your changes. 19.3.4 Layer-2 Isolation List This screen allows you to create and manage layer-2 isolation profiles that can be used by your SSIDs. To access this screen click Configuration > Object > AP Profile > SSID > Layer-2 Isolation List. If a device's MAC addresses is NOT listed in - ZyXEL NXC2500 | User Guide - Page 278
Object > AP Profile > isolation profile or edit an existing one. To access this screen, click the Add button or select a layer-2 isolation profile from Web Configurator and is only for management purposes. Underscores are allowed. Add Click this to add a MAC address to the profile User's Guide 278 - ZyXEL NXC2500 | User Guide - Page 279
other wireless devices broadcasting on the 802.11 frequencies. 20.2 MON Profile This screen allows you to create monitor mode configurations that can be used by the APs. To access this screen, login to the Web Configurator, and click Configuration > Object > MON Profile. NXC Series User's Guide 279 - ZyXEL NXC2500 | User Guide - Page 280
the screen to its last-saved settings. 20.2.1 Add/Edit MON Profile This screen allows you to create a new monitor mode profile or edit an existing one. To access this screen, click the Add button or select and existing monitor mode profile and click the Edit button. NXC Series User's Guide 280 - ZyXEL NXC2500 | User Guide - Page 281
mode profile. Enter the interval (in milliseconds) before the AP switches to another channel for monitoring. Select auto to have the AP switch to the next sequential channel once the Channel dwell time expires. Country Code Select manual an AP and all APs connected to the NXC, in order to - ZyXEL NXC2500 | User Guide - Page 282
ax/b/g/n). Select a channel's check box to have the APs using this profile scan that channel when Scan Channel Mode is set to manual. OK Cancel These channels are limited to the 5 Rogue APs Rogue APs are wireless access points operating in a network's coverage area that are not under the control of - ZyXEL NXC2500 | User Guide - Page 283
APs If you have more than one AP in your wireless network, you should also configure a list of "friendly" APs. Friendly APs are other wireless access points that (save) your list of friendly APs often, especially if you have a network with a large number of access points. NXC Series User's Guide 283 - ZyXEL NXC2500 | User Guide - Page 284
connection. • Repeater: a managed AP that transmits and/or receives data from the NXC via a wireless connection through a root AP. Note: When managed APs are deployed to form a ZyMesh for the first time, the root AP must be connected to an AP controller (the NXC). NXC Series User's Guide 284 - ZyXEL NXC2500 | User Guide - Page 285
(Section 21.2 on page 285) creates preset ZyMesh configurations that can be used by the NXC. 21.2 ZyMesh Profile This screen allows you to manage and create ZyMesh profiles that can be used by the APs. To access this screen, click Configuration > Object > ZyMesh Profile. NXC Series User's Guide 285 - ZyXEL NXC2500 | User Guide - Page 286
AP controller's MAC address. Otherwise, reset all managed APs to the factory defaults and set up a new ZyMesh with the second AP controller's MAC address. Click this button and follow the on-screen instructions to update the AP controller's MAC address. Click this to add NXC Series User's Guide 286 - ZyXEL NXC2500 | User Guide - Page 287
name. ZyMesh SSID Enter the SSID with which you want the managed AP to connect to a root AP or repeater to build a ZyMesh link. Pre-Shared Key OK Cancel Note: The ZyMesh SSID is hidden in the outgoing beacon frame so a wireless device cannot obtain the SSID through scanning using a site survey - ZyXEL NXC2500 | User Guide - Page 288
22.3 on page 290) and the Address Group Add/Edit screen maintain address groups in the NXC. 22 . • RANGE - a range address is defined by a Starting IP Address and an Ending IP Address. • SUBNET - of all addresses in the NXC. To access this screen, click Configuration > Object > User's Guide 288 - ZyXEL NXC2500 | User Guide - Page 289
.2.1 Add/Edit Address The Add/Edit Address screen allows you to create a new address or edit an existing one. To access this screen, go to the Address screen, and click either the Add icon or an Edit icon. Figure 167 Configuration > Object > Address > Address > Add/Edit NXC Series User's Guide 289 - ZyXEL NXC2500 | User Guide - Page 290
Address > Address > Add/Edit LABEL DESCRIPTION Name the corresponding interface-based, LAN subnet address object. IP/IPv6 this address object represents. Starting IP Address/IPv6 Starting Address This field is all address groups. To access this screen, click Configuration User's Guide 290 - ZyXEL NXC2500 | User Guide - Page 291
LABEL DESCRIPTION Add Click this to Add/Edit Address Group Rule The Add/Edit Address Group Rule screen allows you to create a new address group or edit an existing one. To access this screen, go to the Address Group screen and click either the Add icon or an Edit icon. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 292
describes the labels in this screen. Table 139 Configuration > Object > Address > Address Group > Add/Edit LABEL DESCRIPTION Name Description Member List Enter a name for the address group. You may use . Click Cancel to exit this screen without saving your changes. NXC Series User's Guide 292 - ZyXEL NXC2500 | User Guide - Page 293
investigate problems. For example, ICMP is used to send the response if a computer cannot be reached. Another use is ping. ICMP does not guarantee delivery, but networks often treat ICMP messages differently, sometimes looking at the message itself to decide where to send it. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 294
and their definitions. In addition, this screen allows you to add, edit, and remove services. To access this screen, log in to the Web Configurator, and click Configuration > Object > Service > Service. Click a column's heading cell to sort the table entries by that column's criteria. Click the - ZyXEL NXC2500 | User Guide - Page 295
times an object reference is used in a profile. 23.2.1 Add/Edit Service Rule The Add/Edit Service Rule screen allows you to create a new service or edit an existing one. To access this screen, go to the Service screen and click either the Add icon or an Edit icon. Figure 171 Configuration > Object - ZyXEL NXC2500 | User Guide - Page 296
is used in a profile. 23.3.1 Add/Edit Service Group Rule The Add/Edit Service Group Rule screen allows you to create a new service group or edit an existing one. To access this screen, go to the Service Group screen and click either the Add icon or an Edit icon. NXC Series User's Guide 296 - ZyXEL NXC2500 | User Guide - Page 297
this screen. Table 143 Configuration > Object > Service > Service Group > Add/Edit LABEL DESCRIPTION Name Description Member List Enter the name of the service group. You may use 1-31 alphanumeric characters Cancel to exit this screen without saving your changes. NXC Series User's Guide 297 - ZyXEL NXC2500 | User Guide - Page 298
are useful for defining the workday and offwork hours. 24.2 Schedule Summary The Schedule summary screen provides a summary of all schedules in the NXC. To access this screen, click Configuration > Object > Schedule. NXC Series User's Guide 298 - ZyXEL NXC2500 | User Guide - Page 299
> Schedule LABEL DESCRIPTION One Time Add Click this to create a new is used to refer to the schedule. Start Day / Time This field displays the date is used in a profile. Recurring Add Click this to create a new entry used to refer to the schedule. Start Time This field displays the time - ZyXEL NXC2500 | User Guide - Page 300
access this screen, go to the Schedule screen and click either the Add icon or an Edit icon in the One Time section. Figure 175 Configuration > Object > Schedule > Add Object > Schedule > Add/Edit (One-Time) LABEL DESCRIPTION Configuration Name Date Time Start Date Type the name User's Guide 300 - ZyXEL NXC2500 | User Guide - Page 301
access this screen, go to the Schedule screen and click either the Add icon or an Edit icon in the Recurring section. Figure 176 Configuration > Object > Schedule > Add Object > Schedule > Add/Edit (Recurring) LABEL DESCRIPTION Configuration Name Date Time Start Time Type the name User's Guide 301 - ZyXEL NXC2500 | User Guide - Page 302
access control to your network. The AAA server can be a Active Directory, LDAP, or RADIUS server. Use the AAA Server screens to create and manage Service Client and Server The following describes the user authentication procedure via an LDAP/AD server. 1 A user logs in with a user name and password - ZyXEL NXC2500 | User Guide - Page 303
Chapter 25 AAA Server 4 If it matches, the user is allowed access. Otherwise, access is blocked. RADIUS Server RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol used to authenticate users by means of an external server instead of (or in addition to) an internal - ZyXEL NXC2500 | User Guide - Page 304
for controlling access to a network. The directory consists of a database specialized for fast information retrieval and filtering activities. You create and store user profile and login information on the external server. • RADIUS RADIUS (Remote Authentication Dial-In User Service) authentication - ZyXEL NXC2500 | User Guide - Page 305
user. If the bind password is incorrect, the login will fail. 25.2 Active Directory / LDAP Use the Active Directory or LDAP screen to manage the list of AD or LDAP servers the NXC can use in authenticating users LABEL DESCRIPTION AD Server Summary Add Click this to create a new User's Guide 305 - ZyXEL NXC2500 | User Guide - Page 306
specifies a directory. For example, o=Zyxel, c=US. 25.2.1 Add/Edit Active Directory / LDAP Server the Active Directory (or LDAP) screen. Click the Add icon or an Edit icon to display the following one. Note: The Active Directory and LDAP server setup screens are almost identical, so the features for - ZyXEL NXC2500 | User Guide - Page 307
> Object > AAA Server > Active Directory (or LDAP) > Add/Edit LABEL DESCRIPTION General Settings Name Description Server Settings Server Address Backup to 127 alphanumerical characters). For example, o=Zyxel, c=US. Select Use SSL to establish a secure connection to the AD or LDAP server(s). - ZyXEL NXC2500 | User Guide - Page 308
Name Note: This is only for Active Directory. Enter the user name for the user who has rights to add a machine to the domain. User Password Note: This is only for Active Directory. Enter the password for the associated user name. Retype to Confirm Realm Note: This is only for Active Directory - ZyXEL NXC2500 | User Guide - Page 309
> Active Directory (or LDAP) > Add/Edit (continued) LABEL DESCRIPTION OK Click OK to save the changes. Cancel Click Cancel to discard the changes. 25.3 RADIUS Use the RADIUS screen to manage the list of RADIUS servers the NXC can use in authenticating users. Click Configuration > Object > AAA - ZyXEL NXC2500 | User Guide - Page 310
screen. Table 151 Configuration > Object > AAA Server > RADIUS > Add/Edit LABEL DESCRIPTION General Settings Name Enter a descriptive name Address Enter the address of the RADIUS authentication server. Authentication Port Specify the port number on the RADIUS server to which the NXC sends - ZyXEL NXC2500 | User Guide - Page 311
its authentication policy and send CoA (Change of Authorization) or RADIUS Disconnect messages in order to terminate the subscriber's service. Select this option to allow the NXC to disconnect wireless clients based on the information (such as client's user name and MAC address) specified in CoA or - ZyXEL NXC2500 | User Guide - Page 312
151 Configuration > Object > AAA Server > RADIUS > Add/Edit (continued) LABEL DESCRIPTION NAS Identifier Case-sensitive User Names User Login Settings Group Membership Attribute If the RADIUS server requires the NXC to provide the Network Access Server identifier attribute with a specific value - ZyXEL NXC2500 | User Guide - Page 313
server groups specified by AAA server objects. By default, user accounts created and stored on the NXC are authenticated locally. 26.1.1 What You Can Do in this Chapter The Auth. Method screens (Section 26.2 on page 313) create and manage authentication method objects. 26.1.2 Before You Begin - ZyXEL NXC2500 | User Guide - Page 314
> Object > Auth. Method LABEL DESCRIPTION Add Click this to create a new entry. Edit password that doesn't match the one on the first authentication server. 7 Click OK to save the settings or click Cancel to discard all changes and return to the previous screen. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 315
Add LABEL DESCRIPTION Name Specify a descriptive name for identification purposes. Add . Select an entry and click Add to create a new entry after as NXC authenticates the users using the authentication methods users using the databases (in the local user the username and password that doesn't - ZyXEL NXC2500 | User Guide - Page 316
27 Certificates 27.1 Overview The NXC can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner's identity they cannot re-sign the message with Tim's private key). NXC Series User's Guide 316 - ZyXEL NXC2500 | User Guide - Page 317
certificate when you first turn it on. This certificate is referred to in the GUI as the factory default certificate. Certificate File Formats Any certificate that you want to import has to be in one of these to convert a binary PKCS#7 certificate into a printable form. NXC Series User's Guide 317 - ZyXEL NXC2500 | User Guide - Page 318
within a password-encrypted envelope. The file's password is not connected to your certificate's public or private passwords. Exporting a easy for this to occur since many programs use text files by default. 27.1.3 Verifying a Certificate Before you import a trusted certificate into User's Guide 318 - ZyXEL NXC2500 | User Guide - Page 319
unnecessary certificates before adding more certificates. My Certificate Setting Add Click this to go to the screen where you can unless you specifically delete them. Uploading a new firmware or default configuration file does not delete your certificates. To remove . NXC Series User's Guide 319 - ZyXEL NXC2500 | User Guide - Page 320
icon to open the My Certificates Add screen. Use this screen to have the NXC create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request. Figure 187 Configuration > Object > Certificate > My Certificates > Add NXC Series User's Guide 320 - ZyXEL NXC2500 | User Guide - Page 321
although you must specify a Host IP Address, Host Domain Name, or E-Mail. The certification authority may add fields (such as a serial number) to the subject information when it issues a certificate. It is Details screen and then send it to the certification authority. NXC Series User's Guide 321 - ZyXEL NXC2500 | User Guide - Page 322
Chapter 27 Certificates Table 155 Configuration > Object > Certificate > My Certificates > Add (continued) LABEL DESCRIPTION OK Click OK to begin certificate or certification request 's name. Figure 188 Configuration > Object > Certificate > My Certificates > Edit NXC Series User's Guide 322 - ZyXEL NXC2500 | User Guide - Page 323
digest that the NXC calculated using the MD5 algorithm. This is the certificate's message digest that the NXC calculated using the SHA1 algorithm. NXC Series User's Guide 323 - ZyXEL NXC2500 | User Guide - Page 324
editor and save the file on a management computer for later manual enrollment. Export Export Certificate Only Password Export Certificate with Private Key OK to open the My Certificate Import screen. Follow the instructions in this screen to save an existing certificate to the User's Guide 324 - ZyXEL NXC2500 | User Guide - Page 325
in the location of the file you want to upload in this field or click Browse to find it. Browse Password OK Cancel You cannot import a certificate with the same name as a certificate that is already in the NXC any certificate that is signed by one of these certificates. NXC Series User's Guide 325 - ZyXEL NXC2500 | User Guide - Page 326
The NXC keeps all of your certificates unless you specifically delete them. Uploading a new firmware or default configuration file does not delete your certificates. To remove an entry, select it and click to display the current validity status of the certificates. NXC Series User's Guide 326 - ZyXEL NXC2500 | User Guide - Page 327
check a certification authority's list of revoked certificates before trusting a certificate issued by the certification authority. Figure 191 Configuration > Object > Certificate > Trusted Certificates > Edit NXC Series User's Guide 327 - ZyXEL NXC2500 | User Guide - Page 328
Type the password (up to 31 ASCII characters) from the entity maintaining the OCSP server (usually a certification authority). LDAP Server Select this check box if the directory server uses LDAP (Lightweight Directory Access Protocol). LDAP is a protocol over TCP that specifies how clients access - ZyXEL NXC2500 | User Guide - Page 329
copy and paste the certificate into a text editor and save the file on a management computer for later distribution (via floppy disk for example). Click this button and Import to open the Trusted Certificates Import screen. Follow the instructions in this screen to save a trusted certificate to the - ZyXEL NXC2500 | User Guide - Page 330
it needs to verify, not a huge list. When the NXC requests certificate status information, the OCSP server returns a "expired", "current" or "unknown" response. NXC Series User's Guide 330 - ZyXEL NXC2500 | User Guide - Page 331
request type objects. 28.2 DHCPv6 Request The Request screen allows you to add, edit, and remove DHCPv6 request type objects. To access this screen, click Configuration > Object > DHCPv6 > Request. Figure 193 . This field displays the request type of each request object. NXC Series User's Guide 331 - ZyXEL NXC2500 | User Guide - Page 332
edit an existing one. To access this screen, go to the Request screen and click either the Add icon or an Edit icon. Figure 194 Configuration > Object > DHCPv6 > Request > Add The following table describes the Cancel to exit this screen without saving your changes. NXC Series User's Guide 332 - ZyXEL NXC2500 | User Guide - Page 333
NXC. You can also specify from which IP addresses the access can come. • The Auth. Server screen (Section 29.12 on page 371) configures the device to operate as a RADIUS server. • The Language screen (Section 29.13 on page 373) sets the user interface language for the NXC's Web Configurator screens - ZyXEL NXC2500 | User Guide - Page 334
not allowed, but dashes "-" are accepted. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. 29.3 USB Storage The NXC can use a connected > System > USB Storage to open the screen as shown next. NXC Series User's Guide 334 - ZyXEL NXC2500 | User Guide - Page 335
Storage LABEL DESCRIPTION General Activate USB storage service Select this if you want to use to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings manually or get the current time and date from an external server. NXC Series User's Guide 335 - ZyXEL NXC2500 | User Guide - Page 336
and then click Apply. New Date (yyyy-mm-dd) This field displays the last updated date from the time server or the last date configured manually. When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply. NXC Series User's Guide 336 - ZyXEL NXC2500 | User Guide - Page 337
Setup Time Zone Enable Daylight Savings • When the NXC starts Start Date Select this option if you use starts in most parts of the United States on the second Sunday of March. Each time zone in the United States starts start to 5.5 (by 0.5 increments). Apply Reset For example, if you set this - ZyXEL NXC2500 | User Guide - Page 338
Setup. 3 Enter the NXC's time in the New Time field. 4 Enter the NXC's date in the New Date field. 5 Under Time Zone Setup, select your Time Zone from the list. 6 As an option you can select the Enable Daylight Saving check box to adjust the NXC clock for daylight savings. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 339
Port Speed Use the drop-down list box to change the speed of the console port. Your NXC supports 9600, 19200, 38400, 57600, and 115200 bps (default) for the console port. Apply Reset The Console Port Speed applies to a console port connection using terminal emulation software and NOT the Console - ZyXEL NXC2500 | User Guide - Page 340
you must know the IP address of a machine before you can access it. 29.6.1 DNS Server Address Assignment The NXC can get the DNS server fields to get the DNS server address from the ISP. • You can manually enter the IP addresses of other DNS servers. 29.6.2 Configuring the DNS Screen User's Guide 340 - ZyXEL NXC2500 | User Guide - Page 341
default record if the domain zone that needs to be resolved does not match any of the other domain zone forwarder records. A domain zone is a fully qualified domain name without the host. For example, zyxel.com.tw is the domain zone for the www.zyxel configured manually (User-Defined User's Guide 341 - ZyXEL NXC2500 | User Guide - Page 342
Service Control Add Edit Remove Move # This specifies from which computers and zones you can send DNS queries to the NXC. Click this to create a new entry. Select an entry and click Add have to use the default policy. This is the zone on the NXC the user is allowed or denied to access. This is the - ZyXEL NXC2500 | User Guide - Page 343
, zyxel.com is the domain zone for the www.zyxel.com fully qualified domain name. 29.6.7 Add Domain Zone Forwarder Click the Add icon in the Domain Zone Forwarder table to add a domain zone forwarder record. Figure 202 Configuration > System > DNS > Add Domain Zone Forwarder NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 344
Add Domain Zone Forwarder LABEL DESCRIPTION Domain Zone A domain zone is a fully qualified domain name without the host. For example, zyxel.com.tw is the domain zone for the www.zyxel responsible for the mail for a particular domain, that is, controls where mail is sent for that domain. If you do - ZyXEL NXC2500 | User Guide - Page 345
and exit this screen. Click Cancel to exit this screen without saving. 29.7 WWW Overview The following figure shows secure and insecure management of the NXC coming in from the WAN. HTTPS and SSH access are secure. HTTP, and Telnet management access are not secure. NXC Series User's Guide 345 - ZyXEL NXC2500 | User Guide - Page 346
System Figure 205 Secure and Insecure Service Access From the WAN 29.7.1 Service Access Limitations A service cannot be used to access the NXC when: 1 You have disabled that service in the corresponding screen. 2 The allowed IP address (address object) in the Service Control table does not match the - ZyXEL NXC2500 | User Guide - Page 347
from which zones you can access the NXC using HTTP or HTTPS. You can also specify which IP addresses the access can come from. Note: Admin Service Control deals with management access (to the Web Configurator). User Service Control deals with user access to the NXC. NXC Series User's Guide 347 - ZyXEL NXC2500 | User Guide - Page 348
the Service Control table to access the NXC Web Configurator using secure HTTPs connections. Server Port The HTTPS server listens on port 443 by default. If you change the HTTPS server port to a different number on the NXC, for example 8443, then you must notify people who need to access - ZyXEL NXC2500 | User Guide - Page 349
specify the IP addresses from which the administrators can manage the NXC. Add Edit Remove Move # User Service Control specifies from which zones a user can use HTTP to log into the NXC. You can also specify the IP addresses from which the users can access the NXC. Click this to create a new entry - ZyXEL NXC2500 | User Guide - Page 350
the NXC. Reset Click Reset to return the screen to its last-saved settings. 29.7.5 Service Control Rules Click Add or Edit in the Service Control table in a WWW, SSH, TELNET, FTP or SNMP screen to add a service control rule. Figure 208 Configuration > System > Service Control Rule > Add/Edit The - ZyXEL NXC2500 | User Guide - Page 351
default HTTPS port on the NXC, then in your browser enter "https://NXC IP Address/" as the web site address where "NXC IP Address" is the IP address or domain name of the NXC you wish to access you attempt to access the NXC HTTPS server, a screen with the message "There is a problem with this website - ZyXEL NXC2500 | User Guide - Page 352
Explorer 11) 29.7.7 Mozilla Firefox Warning Messages When you attempt to access the NXC HTTPS server, a This Connection is Untrusted or Your connection the case, click I Understand the Risks or Advanced and then the Add Exception... button. Figure 211 Security Alert (Mozilla Firefox 53.0) Confirm the - ZyXEL NXC2500 | User Guide - Page 353
Chapter 29 System Figure 212 Security Alert (Mozilla Firefox 53.0) EXAMPLE 29.7.8 Google Chrome Warning Messages When you attempt to access the NXC HTTPS server, a Your connection is not private screen may display. If that is the case, click Advanced and then Proceed to x.x.x.x (unsafe) to - ZyXEL NXC2500 | User Guide - Page 354
not one of the browser's trusted certificate authorities. The issuing certificate authority of the NXC's factory default certificate is the NXC itself since the certificate is a self-signed certificate. • For the or next to the website address denotes a secure connection. NXC Series User's Guide 354 - ZyXEL NXC2500 | User Guide - Page 355
the NXC's Trusted Certificates Web Configurator screen). Figure 215 Trusted Certificates The CA sends you a package containing the CA's trusted certificate(s), your personal certificate(s) and a password to install the personal certificate(s). NXC Series User's Guide 355 - ZyXEL NXC2500 | User Guide - Page 356
Chapter 29 System 29.7.8.4 Installing the CA's Certificate 1 Double click the CA's trusted certificate to produce a screen similar to the one shown next. 2 Click Install Certificate and follow the wizard as shown earlier in this appendix. NXC Series User's Guide 356 - ZyXEL NXC2500 | User Guide - Page 357
Chapter 29 System 29.7.8.5 Installing a Personal Certificate You need a password in advance. The CA may issue the password or you may have to specify it during the enrollment. Double-click the personal text box. Click Browse if you wish to import a different certificate. NXC Series User's Guide 357 - ZyXEL NXC2500 | User Guide - Page 358
Chapter 29 System 3 Enter the password given to you by the CA. 4 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location. NXC Series User's Guide 358 - ZyXEL NXC2500 | User Guide - Page 359
wizard and begin the import process. 6 You should see the following screen when the certificate is correctly installed on your computer. 29.7.8.6 Using a Certificate When Accessing the NXC To access the NXC via HTTPS: 1 Enter 'https://NXC IP Address/ in your browser's web address field. NXC Series - ZyXEL NXC2500 | User Guide - Page 360
can use SSH (Secure SHell) to securely access the NXC's command line interface. Specify which zones allow SSH access and from which IP address the access can come. SSH is a secure communication SSH to securely connect to the WAN port of the NXC for a management session. NXC Series User's Guide 360 - ZyXEL NXC2500 | User Guide - Page 361
3 Authentication and Data Transmission After the identification is verified and data encryption activated, a secure tunnel is established between the client and the server. The client then sends its authentication information (user name and password) to the server to log in to the server. NXC Series - ZyXEL NXC2500 | User Guide - Page 362
port number in order to use that service for remote management. Server Certificate Select the certificate whose corresponding private key is to be used to identify the NXC for SSH connections. You must have certificates already configured in the My Certificates screen. NXC Series User's Guide 362 - ZyXEL NXC2500 | User Guide - Page 363
. # This the index number of the service control rule. Zone This is the zone on the NXC the user is allowed or denied to access. Address This is the object name of the Example 1: Store Host Key Enter the password to log in to the NXC. The CLI screen displays next. NXC Series User's Guide 363 - ZyXEL NXC2500 | User Guide - Page 364
which IP address the access can come. Click Configuration > System > TELNET to configure your NXC for remote Telnet access. Use this screen to specify from which zones Telnet can be used to manage the NXC. You can also specify from which IP addresses the access can come. NXC Series User's Guide 364 - ZyXEL NXC2500 | User Guide - Page 365
matches the IP address(es) in the Service Control table to access the NXC CLI using this service. You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. This specifies from which computers you can - ZyXEL NXC2500 | User Guide - Page 366
page 390 for more information about firmware and configuration files. To change Service Control table to access the NXC using this service. Select the check box to use FTP over TLS (Transport Layer Security) to encrypt communication. Server Port Server Certificate Service Control Add User's Guide 366 - ZyXEL NXC2500 | User Guide - Page 367
> System > FTP (continued) LABEL DESCRIPTION # This the index number of the service control rule. Zone Address Action Apply Reset The entry with a hyphen (-) instead of a number is the NXC's (non-configurable) default policy. The NXC applies this to traffic that does not match any other - ZyXEL NXC2500 | User Guide - Page 368
translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices. The managed devices contain - ZyXEL NXC2500 | User Guide - Page 369
service for remote management. Trap Community Type the trap community, which is the password sent with each trap to the SNMP manager. The default is public and allows all requests. Destination Type the IP address of the SNMP manager to which your SNMP traps are sent. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 370
Privilege Service Control Add Edit Remove Move # Select this option to have the NXC send a trap to the SNMP manager when a managed AP is connected to or disconnected from the NXC. Select this to allow SNMP managers using SNMPv2c to access the NXC. Enter the Get Community, which is the password for - ZyXEL NXC2500 | User Guide - Page 371
access to the NXC using this SNMPv3 user profile. Click OK to save your changes back to the NXC. Click Cancel to exit this screen without saving your changes. 29.12 Authentication Server You can set the NXC to work as a RADIUS server to exchange messages with a RADIUS client, such as an AP for user - ZyXEL NXC2500 | User Guide - Page 372
Mask This is the subnet mask of the RADIUS client. Description This is the description of the RADIUS client. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. 29.12.1 Add/Edit Trusted Client Click Configuration > System - ZyXEL NXC2500 | User Guide - Page 373
182 Configuration > System > Auth. Server > Add/Edit LABEL DESCRIPTION Activate Profile Name IP Address Netmask mask of the RADIUS client. Enter a password (up to 64 alphanumeric characters) as the key to be shared between the NXC and the RADIUS client. Description NXC Series User's Guide 373 - ZyXEL NXC2500 | User Guide - Page 374
support, such as the Configuration > Network > Interface > Ethernet, and VLAN screens. The NXC discards all IPv6 packets if you clear this check box. Apply Click Apply to save your changes back to the NXC. Reset Click Reset to return the screen to its last-saved settings. NXC Series User - ZyXEL NXC2500 | User Guide - Page 375
are e-mailed, and how often they are e-mailed. 30.2 Email Daily Report Use this screen to start or stop data collection and view various statistics about traffic passing through your NXC. Note: Data collection screen to have the NXC e-mail you system statistics every day. NXC Series User's Guide 375 - ZyXEL NXC2500 | User Guide - Page 376
Chapter 30 Log and Report Figure 231 Configuration > Log & Report > Email Daily Report NXC Series User's Guide 376 - ZyXEL NXC2500 | User Guide - Page 377
the subject. Mail From Mail To SMTP Authentication User Name Password Retype to Confirm Send Report Now Time for sending report Report Items Reset counters after sending report successfully Reset All Counters Apply Reset Select Append date time to add the NXC's system date and time to the subject - ZyXEL NXC2500 | User Guide - Page 378
system log and supports e-mail profiles and remote syslog servers. The system log is available on the View Log tab, the e-mail profiles are used to mail log messages to the specified destinations, and the other four logs are stored on specified syslog servers. The Log Settings tab also controls what - ZyXEL NXC2500 | User Guide - Page 379
CEF/Syslog - Common Event Format, syslog-compatible format. This field is a summary of the settings for each log. Click this button to open the Log Category Settings screen. Click this button to save your changes (activate and deactivate logs) and make them take effect. NXC Series User's Guide 379 - ZyXEL NXC2500 | User Guide - Page 380
Settings This screen controls the detailed settings for each log in the system log (which includes the e-mail profiles). Go to the Log Settings Summary screen and click the system log Edit icon. Figure 233 Configuration > Log & Report > Log Settings > Edit (System Log) NXC Series User's Guide 380 - ZyXEL NXC2500 | User Guide - Page 381
e-mail. Select Append system name to add the NXC's system name to the subject. Select Append date time to add the NXC's system date and time if it is necessary to provide a user name and password to the SMTP server. User Name This box is effective when you select the SMTP NXC Series User's Guide 381 - ZyXEL NXC2500 | User Guide - Page 382
Display and Category fields in the View Log tab. The Default category includes debugging messages generated by open source software. Select which is e-mailed (green check mark) and/or in alerts (red exclamation point) for the e-mail settings specified in E-Mail Server 1. The NXC does User's Guide 382 - ZyXEL NXC2500 | User Guide - Page 383
and Report 30.3.3 Editing USB Storage Log Settings The Edit Log on USB Storage Setting screen controls the detailed settings for saving logs to a connected USB storage device. Go to the Log field is a sequential value, and it is not associated with a specific entry. NXC Series User's Guide 383 - ZyXEL NXC2500 | User Guide - Page 384
Selection This field displays each category of messages. The Default category includes debugging messages generated by open source software. without saving your changes. 30.3.4 Editing Remote Server Log Settings This screen controls the settings for each log in the remote server (syslog). Go - ZyXEL NXC2500 | User Guide - Page 385
according to the information in this section. You specify what kinds of messages are included in log information in the Active Log section. NXC Series User's Guide 385 - ZyXEL NXC2500 | User Guide - Page 386
Zyxel's Vantage Report, syslog-compatible format. Server Address Log Facility Active Log Selection CEF/Syslog - Common Event Format, syslog-compatible in the View Log tab. The Default category includes debugging messages generated by open To access this screen, go to the Log Settings Summary - ZyXEL NXC2500 | User Guide - Page 387
Settings > Log Category Settings This screen provides a different view and a different way of indicating which messages are included in each log and each alert. (The Default category includes debugging messages generated by open source software.) NXC Series User's Guide 387 - ZyXEL NXC2500 | User Guide - Page 388
for all categories to e-mail server 1. E-mail Server 2 enable alert logs (red exclamation point) - e-mail alerts for all categories to e-mail server 1. Use the E-Mail Server 2 Log tab. The Default category includes debugging messages generated by open source software. NXC Series User's Guide 388 - ZyXEL NXC2500 | User Guide - Page 389
included in the log messages when it is emailed (green check mark) and/or in alerts (red exclamation point) for the e-mail settings specified in E-Mail Server 1. The NXC does not e-mail debugging information, even if to the previous screen without saving your changes. NXC Series User's Guide 389 - ZyXEL NXC2500 | User Guide - Page 390
Manager configuration files. • The Firmware Package screen (Section 31.3 on page 396) checks your current firmware version and uploads firmware to the NXC. • When you apply a configuration file, the NXC uses the factory default settings for any features that the configuration file does not include - ZyXEL NXC2500 | User Guide - Page 391
the address group in case we want to open up remote management later address-object TW_SUBNET 172.16.37.0/24 object-group address TW_TEAM address-object TW_SUBNET exit # enable Telnet access (not enabled by default, unlike other services) ip telnet server # open WLAN-to-NXC firewall for TW_TEAM for - ZyXEL NXC2500 | User Guide - Page 392
File Flow at Restart • If there is not a startup-config.conf when you restart the NXC (whether through a management interface or by physically turning the power off and back on), the NXC uses the system-default.conf configuration file with the NXC's default settings. NXC Series User's Guide 392 - ZyXEL NXC2500 | User Guide - Page 393
Chapter 31 File Manager • If there file or it also has an error, the NXC applies the system-default.conf configuration file. • You can change the way the startup-config.conf errors. Figure 238 Maintenance > File Manager > Configuration File Do not turn off the NXC while configuration file upload is - ZyXEL NXC2500 | User Guide - Page 394
Manager > Configuration File LABEL DESCRIPTION Rename Use this button to change the label of a configuration file on the NXC. You can only rename manually saved configuration files. You cannot rename the lastgood.conf, system-default of the configuration file. NXC Series User's Guide 394 - ZyXEL NXC2500 | User Guide - Page 395
and click Apply to reset all of the NXC settings to the factory defaults. This configuration file is included when you upload a firmware package. The startup-config.conf file is the configuration file that the NXC is currently using. If you make and save changes during your management session, the - ZyXEL NXC2500 | User Guide - Page 396
system-default.conf firmware package at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "nxc.bin". The firmware update can take up to five minutes. Do not turn off or reset the NXC while the firmware update is in progress! NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 397
Manager > Firmware Package LABEL DESCRIPTION Version Boot Module Current Version This is the version of the boot module that is currently on the NXC. This is the version of the firmware that is currently installed on the NXC. Released Date Firmware Update Schedule Schedule The firmware - ZyXEL NXC2500 | User Guide - Page 398
, the following message appears in the screen. Figure 242 Firmware Upload Error 31.4 Shell Script Use shell script files to have the NXC use commands that you specify. Use a text editor to create the shell script files. They must use a ".zysh" filename extension. NXC Series User's Guide 398 - ZyXEL NXC2500 | User Guide - Page 399
a long script. Figure 243 Maintenance > File Manager > Shell Script Each field is described in the following table. Table 194 Maintenance > File Manager > Shell Script LABEL DESCRIPTION Rename Use this click Download to save the configuration to your computer. NXC Series User's Guide 399 - ZyXEL NXC2500 | User Guide - Page 400
Chapter 31 File Manager Table 194 Maintenance > File Manager > Shell Script (continued) LABEL DESCRIPTION Copy Use this button to save a duplicate of a shell script file on the . Click Upload to begin the upload process. This process may take up to several minutes. NXC Series User's Guide 400 - ZyXEL NXC2500 | User Guide - Page 401
way for you to generate a file containing the NXC's configuration and diagnostic information. You may need to generate this file and send it to customer support during troubleshooting. Click Maintenance > Diagnostics to open the Collect on Controller screen. NXC Series User's Guide 401 - ZyXEL NXC2500 | User Guide - Page 402
Collect on Controller LABEL DESCRIPTION General managed AP's configuration and diagnostic information. You may need to generate this file and send it to customer support during troubleshooting. Click Maintenance > Diagnostics > Collect on AP to open the Diagnostic screen. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 403
file. AP General Setting Available APs This text box lists the managed APs that are connected and available. Select the managed APs that you want the NXC to generate a diagnostic file containing their configuration, and click the right arrow button to add them. NXC Series User's Guide 403 - ZyXEL NXC2500 | User Guide - Page 404
AP LABEL DESCRIPTION Collected APs This text box lists the managed APs that you allow the NXC to generate a diagnostic file containing their configuration. Select any managed APs to customer support for troubleshooting. Figure 246 Maintenance > Diagnostics > Files NXC Series User's Guide 404 - ZyXEL NXC2500 | User Guide - Page 405
network traffic going through the NXC's interfaces. Studying these packet captures may help you identify network problems. Click Maintenance > Diagnostics > Packet Capture to open the Capture on Controller screen. Note: New capture files overwrite existing files of the same name. Change the File - ZyXEL NXC2500 | User Guide - Page 406
in this screen. Table 198 Maintenance > Diagnostics > Packet Capture > Capture on Controller LABEL DESCRIPTION Interfaces Enabled interfaces appear under Available Interfaces. Select interfaces for which to old ones entries when the available storage space runs out. NXC Series User's Guide 406 - ZyXEL NXC2500 | User Guide - Page 407
on Controller (continued device. The available storage capacity also displays. service deactivated - the USB storage feature is disabled file reaches this size, the NXC starts another packet capture file. Set a is no time limit. Specify text to add to the end of the file name (before User's Guide 407 - ZyXEL NXC2500 | User Guide - Page 408
Controller progress. Stop Reset After the problems. Click Maintenance > Diagnostics > Packet Capture > Capture on AP to open the packet capture screen. Note: New capture files overwrite existing files of the same name. Change the File Suffix field's setting to avoid this. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 409
to update and display the interfaces, filter configuration and storage size available for the selected AP in the screen. Note: You need to use the Query button before packet capturing on an AP if the AP has rebooted or the applied AP profile settings have been changed. NXC Series User's Guide 409 - ZyXEL NXC2500 | User Guide - Page 410
AP's interface(s). This shows Capturing when the AP is capturing network traffic going through the selected AP starts to receive capture files from the AP hosts. Select User Defined to be storage device was manually unmounted by using displays. service deactivated - on the AP's available the AP stop - ZyXEL NXC2500 | User Guide - Page 411
Diagnostics Table 199 Maintenance > Diagnostics > Packet Capture > Capture on AP (continued) LABEL DESCRIPTION File Suffix Specify text to add to the end of the file name (before the dot and as Wireshark. Figure 249 Maintenance > Diagnostics > Packet Capture > Files NXC Series User's Guide 411 - ZyXEL NXC2500 | User Guide - Page 412
because the capture screen's Number Of Bytes To Capture (Per Packet) field was set to 1500 bytes. Figure 250 Packet Capture File Example NXC Series User's Guide 412 - ZyXEL NXC2500 | User Guide - Page 413
full, the NXC stops generating the core dump file. Apply Click Apply to save the changes. Reset Click Reset to return the screen to its last-saved settings. 32.4.1 Core Dump Files Click Maintenance > need to send these files to customer support for troubleshooting. NXC Series User's Guide 413 - ZyXEL NXC2500 | User Guide - Page 414
files are in comma separated value (csv) format. You can download them to your computer and open them in a tool like Microsoft's Excel. NXC Series User's Guide 414 - ZyXEL NXC2500 | User Guide - Page 415
Frame Capture Use this screen to capture wireless network traffic going through the AP interfaces connected to your NXC. Studying these frame captures may help you identify network problems. Click Maintenance > Diagnostics > Wireless Frame Capture to display this screen. NXC Series User's Guide 415 - ZyXEL NXC2500 | User Guide - Page 416
Mode APs Configure AP to MON Mode Available MON Mode APs Click this to go the Configuration > Wireless > AP Management screen, where you can set one or more APs to monitor mode. This column displays which APs on your wireless network are currently configured for monitor mode. Capture MON Mode APs - ZyXEL NXC2500 | User Guide - Page 417
is in progress. Stop Reset After the NXC finishes the capture it saves a combined capture file for all APs. The total number of Wireless Frame Capture Files Click Maintenance > Diagnostics > Wireless Frame Capture > Files to open this screen. This screen lists the files of wireless User's Guide 417 - ZyXEL NXC2500 | User Guide - Page 418
and SNAT settings and helps troubleshoot any related problems. 33.1.1 What You the current routing flow and quickly link to specific routing settings. in the Routing Table section. To access this screen, click Maintenance > policy routes to control 1-1 NAT by using the policy control-virtual-server- - ZyXEL NXC2500 | User Guide - Page 419
Chapter 33 Packet Flow Explore Figure 256 Maintenance > Packet Flow Explore > Routing Status (Direct Route) Figure 257 Maintenance > Packet Flow Explore > Routing Status (Policy Route) Figure 258 Maintenance > Packet Flow Explore > Routing Status (1-1 SNAT) NXC Series User's Guide 419 - ZyXEL NXC2500 | User Guide - Page 420
is the interface on which the packets are received. Source This is the source IP address(es) from which the packets are sent. NXC Series User's Guide 420 - ZyXEL NXC2500 | User Guide - Page 421
control-virtual-server-rules activate command. Note: Once a packet matches the criteria of an SNAT rule, the NXC takes the corresponding action and does not perform any further flow checking. Figure 260 Maintenance > Packet Flow Explore > SNAT Status (Policy Route SNAT) NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 422
Chapter 33 Packet Flow Explore Figure 261 Maintenance > Packet Flow Explore > SNAT Status (1-1 SNAT) Figure 262 Maintenance > Packet Flow Explore > SNAT Status (Loopback SNAT) Figure 263 Maintenance > Packet Flow Explore > SNAT Status (Default SNAT) NXC Series User's Guide 422 - ZyXEL NXC2500 | User Guide - Page 423
address for the matched packets it sends out through this rule. The following fields are available if you click Default SNAT in the SNAT Flow section. # This field is a sequential value, and it is not associated for the matched packets it sends out through this rule. NXC Series User's Guide 423 - ZyXEL NXC2500 | User Guide - Page 424
when you reboot. Reboot is different to reset; reset returns the device to its default configuration. 34.2 Reboot This screen allows remote users to restart the device. To access this screen, click Maintenance > Reboot. also use the CLI command reboot to restart the NXC. NXC Series User's Guide 424 - ZyXEL NXC2500 | User Guide - Page 425
so can cause the firmware to become corrupt. 35.1.1 What You Need To Know Shutdown writes all cached data to the local storage and stops the system processes. Shutdown is different to reset; reset returns the device to its default configuration. 35.2 Shutdown To access this screen, click Maintenance - ZyXEL NXC2500 | User Guide - Page 426
PART III Appendices and Troubleshooting 426 - ZyXEL NXC2500 | User Guide - Page 427
you've forgotten the NXC's password, use the RESET button. Press the button in for about 5 seconds (or until the PWR LED starts to blink), then release it. It returns the NXC to the factory defaults (password is 1234, LAN IP address 192.168.1.1 etc.; see your User's Guide for details). • If you've - ZyXEL NXC2500 | User Guide - Page 428
Chapter 36 Troubleshooting I cannot access the Internet. • Check the NXC's connection to the Ethernet jack with Internet access. Make sure the Internet gateway device (such as a DSL modem) is working properly. • If the NXC is operating in its default bridge mode, ensure that the DHCP server to which - ZyXEL NXC2500 | User Guide - Page 429
's IP address settings change. However, you need to manually edit any address objects for your LAN that are not based on the interface. I cannot get the RADIUS server to authenticate the NXC's default admin account. The default admin account is always authenticated locally, regardless of the - ZyXEL NXC2500 | User Guide - Page 430
Chapter 36 Troubleshooting I cannot add the admin users to a user group with access users. You cannot put access users and admin users in the same user group. I cannot add the default admin account to a user group. You cannot put the default admin account into any user group. The schedule I - ZyXEL NXC2500 | User Guide - Page 431
Chapter 36 Troubleshooting Check the service control rules. I uploaded a logo to display on the upper left corner of the Web Configurator login screen and access page but it does not display properly. Make sure the logo file is a GIF, JPG, or PNG of 100 kilobytes or less. I uploaded a logo to - ZyXEL NXC2500 | User Guide - Page 432
the AP. • The wireless client's MAC address may be on the MAC filtering list. See Section 19.3.3 on page 275 for details on managing the NXC MAC Filter. • Your AP needs to support CAPWAP managed AP mode in order to be managed by the NXC. See the NWA/WAC Series User's Guide. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 433
Enable the AP Wireless LAN logs (see Section 30.3.2 on page 380). • Check the AP log Wireless LAN logs (Section 6.18 on page 113) for WTP logs. WTP stands for Wireless Terminal Point and is equivalent to an AP. • If you cannot solve the problem on your own, before contacting Customer Support use the - ZyXEL NXC2500 | User Guide - Page 434
method, try restarting it by turning the power off and then on again. If you still cannot access the NXC by any method or you forget the administrator password(s), you can reset the NXC to its factory-default settings. Any configuration file or shell script that you saved on the NXC should still be - ZyXEL NXC2500 | User Guide - Page 435
Chapter 36 Troubleshooting 36.3 Getting More Troubleshooting Help Search for support information for your model at www.zyxel.com for more troubleshooting suggestions. NXC Series User's Guide 435 - ZyXEL NXC2500 | User Guide - Page 436
Table 208 ZySH Logs LOG MESSAGE DESCRIPTION Invalid message queue. Maybe someone starts another zysh daemon. ZySH daemon is instructed to reset by %d 1st:pid num System integrity error! Group OPS cannot close zysh list name 1st:zysh entry index 1st:zysh list name NXC Series User's Guide 436 - ZyXEL NXC2500 | User Guide - Page 437
:zysh table name 1st:zysh table name 1st:zysh entry num 1st:zysh table name 1st:zysh table name 1st:zysh table name NXC Series User's Guide 437 - ZyXEL NXC2500 | User Guide - Page 438
a login because the maximum login capacity for the particular service has already been reached. %s: service name The NXC blocked a login because the maximum simultaneous login capacity for the administrator or access account has already been reached. %s: service name NXC Series User's Guide 438 - ZyXEL NXC2500 | User Guide - Page 439
access control configuration. %s: service name User %s has been denied The NXC blocked a login attempt by the specified user name because of an access from %s invalid user name or password. 2nd %s: service Trail service was activated successfully for the specified service. %s: service name - ZyXEL NXC2500 | User Guide - Page 440
user name in myZyxel.com's database. Do device register. The device started device registration. Do trial service activation. The device started trail service activation. Do standard service activation. The device started standard service . The update has stopped. NXC Series User's Guide 440 - ZyXEL NXC2500 | User Guide - Page 441
server. server has failed. Build query message has failed. Some information was missing in the packets that the device sent to the server. NXC Series User's Guide 441 - ZyXEL NXC2500 | User Guide - Page 442
daily check for service expiration was successful. System bootup. Do expiration dailycheck. The device processes a service expiration day check immediately after it starts up. After The device verified a server's certificate while processing an HTTPS connection. NXC Series User's Guide 442 - ZyXEL NXC2500 | User Guide - Page 443
to policy routing manager. The policy route %d Allocating policy routing rule fails: insufficient memory. allocates memory fail! %d: the policy route rule number The policy route %d Use an empty object group. uses empty user group! %d: the policy route rule number NXC Series User's Guide 443 - ZyXEL NXC2500 | User Guide - Page 444
has been turned on. The global setting for bandwidth management on the NXC has been turned off. Table 213 Built-in Services Logs LOG MESSAGE DESCRIPTION User on %u.%u.%u.%u has been denied access from %s HTTP/HTTPS/TELNET/SSH/FTP/SNMP access to the device was denied. %u.%u.%u.%u is IP address - ZyXEL NXC2500 | User Guide - Page 445
Otherwise it has conflict with the interface in master mode. %s is interface name DHCP Server on Interface %s will be reapplied due to Device HA status is Active When an interface has become the HA master, the DHCP server needs to start operating. %s is interface name NXC Series User's Guide 445 - ZyXEL NXC2500 | User Guide - Page 446
time zone back to the default (0). Enable daylight saving. An administrator turned on daylight saving. Disable daylight saving. An administrator turned off daylight saving. DNS access control rules have been reached the maximum number. An administrator tried to add more than the maximum number - ZyXEL NXC2500 | User Guide - Page 447
access control rule was moved successfully. of %s was moved to %d. 1st %d is the previous index . %s is HTTP/HTTPS/SSH/SNMP/FTP/TELNET. SNMP trap can not be sent successfully 2nd %d is current previous index. Cannot send a SNMP trap to a remote host due to network error NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 448
DHCP Server executed with cautious mode enabled DHCP Server executed with cautious mode enabled. DHCP Server executed with cautious mode disabled DHCP Server executed with cautious mode disabled. Received packet is ARP response packets for the requested IP address. NXC Series User's Guide 448 - ZyXEL NXC2500 | User Guide - Page 449
DHCP-NAK. Clear ARP cache done Clear ARP cache done. Set manual time has succeeded. Current time is %s The device date and time was changed manually. %s is the date and time. NTP update successful, The up. Port %d is down!! The specified port has it's link down. NXC Series User's Guide 449 - ZyXEL NXC2500 | User Guide - Page 450
process can't get MAC address of interface. %s: interface name To send ARP REQUEST error! The connectivity check process can't send ARP request packet. NXC Series User's Guide 450 - ZyXEL NXC2500 | User Guide - Page 451
port of FTP ALG has been modified. Extra FTP ALG port has been changed. Signal port of FTP ALG Default FTP ALG port has been changed. has been modified. %s H.323 ALG has succeeded. The H.323 ALG has apply signal port failed. signal port=%d failed. %d: Port number NXC Series User's Guide 451 - ZyXEL NXC2500 | User Guide - Page 452
not available. 25 Database method failed due to timeout. 26 Database method failed. 27 Path was not verified. 28 Maximum path length reached. NXC Series User's Guide 452 - ZyXEL NXC2500 | User Guide - Page 453
links down. Default route will not server must support mS-CHAPv2 and support MS-CHAPv2). %s: interface name. Interface %s connect failed: MS-CHAP authentication failed. MS-CHAP authentication failed (the server must support server does not support CHAP). CHAP: the server must support PAP and verify - ZyXEL NXC2500 | User Guide - Page 454
listed (second %s). A wireless client used an incorrect WPA or WPA2 user password and failed authentication by the NXC's local user database while trying to connect to the specified WLAN interface (first %s). The MAC address of the wireless client is listed (second %s). NXC Series User's Guide 454 - ZyXEL NXC2500 | User Guide - Page 455
or WPA2 user name or user password and failed authentication by the NXC's local user database while trying to connect to the specified WLAN interface (first %s). The MAC address of the wireless client is listed (second %s). System internal error. %s: STA %s could not extract EAP-Message from RADIUS - ZyXEL NXC2500 | User Guide - Page 456
A Log Descriptions Table 222 File Manager Logs LOG MESSAGE DESCRIPTION ERROR:#%s, when apply CLI command. Before apply configuration file. After the system reset, it started to apply the configuration file. %s is configuration file name. An administrator are listed. NXC Series User's Guide 456 - ZyXEL NXC2500 | User Guide - Page 457
address %s1 is inconsistent with SMTP account %s2. The user name and password configured for authenticating with the e-mail server are correct, configured for the server may be incorrect or there may be a problem with the NXC's or the server's network connection. Table 225 IP Series User's Guide 457 - ZyXEL NXC2500 | User Guide - Page 458
:%s WLAN Controller Reset. Registration Type:%s WLAN Controller End. DESCRIPTION Start the AP management service. 1st %s: Registration Type. {Always Accept | Manual} Reset the AP management service. 1st %s: Registration Type. {Always Accept | Manual} Stop/End the AP management service. AP Connect - ZyXEL NXC2500 | User Guide - Page 459
specified AP in the managed list. 1st %02x ~ 6th %02x: Managed AP MAC Address. 7th %s: Managed AP Description. 8th %s: Managed AP Model Name. Update AP Firmware in the managed list. 1st %02x ~ 6th %02x: Managed AP MAC Address. 7th %s: Managed AP Description. 8th %s: Managed AP Model Name. Start Send - ZyXEL NXC2500 | User Guide - Page 460
:%02x:%02x:%0 2x,AP:%s An AP doesn't support a feature. 1st %s: feature name 2st %02x~7th%02x: Managed AP MAC Address. 8th %s: Managed AP Description. Table 227 CAPWAP Client Logs LOG MESSAGE AP Start. Discovery Type:%s AP Reset. Discovery Type:%s Connect to WLAN Controller. IP:%s Disconnect from - ZyXEL NXC2500 | User Guide - Page 461
when the wireless frame capture has been completed. 1st %d: total files size of directory. 2nd %d: max files size. Can not initial monitor mode signal handler.\n While an AP is in Monitor mode, the handler daemon. Indicates that the NXC failed to initialize zylog. NXC Series User's Guide 461 - ZyXEL NXC2500 | User Guide - Page 462
. AP Radio MAC=%02x:%02x:%02x:%02 x:%02x:%02x, Reject Station MAC%02x:%02x:%02x:%02x :%02x:%02x, RSSI=%d dBm An AP rejected a wireless client's association request. 1st %02x~6th%02x: AP's MAC Address. 7th %02x~12th%02x: Wireless client's MAC Address. 13th %d: RSSI value NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 463
a service that matches web names (for example www.zyxel.com) to IP numbers. ESP (IPSEC_TUNNEL) User-Defined 50 The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service. FINGER HTTPS is a secured http session often used in e- commerce. NXC Series User's Guide 463 - ZyXEL NXC2500 | User Guide - Page 464
control channel. PPTP (Point-to-Point Tunneling Protocol) enables secure transfer of data over public networks. This is the data channel. Remote Command Service. A streaming audio service Management Program. Traps for use with the SNMP (RFC:1215). Structured Query Language is an interface to access - ZyXEL NXC2500 | User Guide - Page 465
function is to allow users to log into remote host systems. Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). Another videoconferencing solution. NXC Series User's Guide 465 - ZyXEL NXC2500 | User Guide - Page 466
let them know that the site is legitimate. Many Zyxel products, such as the NXC, issue their own public key certificates. These can be used by web browsers on a LAN or WAN to verify that they are in fact as a Trusted Root CA, as shown in the following tutorials. NXC Series User's Guide 466 - ZyXEL NXC2500 | User Guide - Page 467
Appendix C Importing Certificates Export a Certificate 1 If your device's Web Configurator is set to use SSL certification, then upon browsing with it for the first time, you are presented with a certification error. NXC Series User's Guide 467 - ZyXEL NXC2500 | User Guide - Page 468
Appendix C Importing Certificates 2 Click Advanced > Proceed to x.x.x.x (unsafe). 3 In the Address Bar, click Not Secure > Certificate (Invalid). NXC Series User's Guide 468 - ZyXEL NXC2500 | User Guide - Page 469
Appendix C Importing Certificates 4 In the Certificate dialog box, click Details > Copy to File. 5 In the Certificate Export Wizard, click Next. NXC Series User's Guide 469 - ZyXEL NXC2500 | User Guide - Page 470
Appendix C Importing Certificates 6 Select the format and settings you want to use and then click Next. 7 Type a filename and specify a folder to save the certificate in. Click Next. NXC Series User's Guide 470 - ZyXEL NXC2500 | User Guide - Page 471
storing the certificate in your computer (see Export a Certificate), you need to install it as a trusted root certification authority using the following steps: NXC Series User's Guide 471 - ZyXEL NXC2500 | User Guide - Page 472
Appendix C Importing Certificates 1 Open your web browser, click the menu icon, and click Settings. NXC Series User's Guide 472 - ZyXEL NXC2500 | User Guide - Page 473
Appendix C Importing Certificates 2 Scroll down and click Advanced to expand the menu. Under Privacy and security, click Manage certificates. NXC Series User's Guide 473 - ZyXEL NXC2500 | User Guide - Page 474
Appendix C Importing Certificates 3 In the Certificates pop-up screen, click Trusted Root Certification Authorities. Click Import to start the Certificate Import Wizard. 4 Click Next when the wizard pops up, and then on the following screen click Browse. NXC Series User's Guide 474 - ZyXEL NXC2500 | User Guide - Page 475
Appendix C Importing Certificates 5 Select the certificate file you want to import and click Open. 6 Click Next. NXC Series User's Guide 475 - ZyXEL NXC2500 | User Guide - Page 476
Appendix C Importing Certificates 7 Confirm the settings displayed and click Finish. 8 If presented with a security warning, click Yes. NXC Series User's Guide 476 - ZyXEL NXC2500 | User Guide - Page 477
can install a stand-alone certificate file if one has been issued to you. 1 Double-click the public key certificate file. 2 Click Install Certificate. NXC Series User's Guide 477 - ZyXEL NXC2500 | User Guide - Page 478
Appendix C Importing Certificates 3 Click Next on the first wizard screen, click Place all certificates in the following store, and click Browse. 4 Select Trusted Root Certificate Authorities > OK, and then click Next. NXC Series User's Guide 478 - ZyXEL NXC2500 | User Guide - Page 479
Appendix C Importing Certificates 5 Confirm the information shown on the final wizard screen and click Finish. 6 If presented with a security warning, click Yes. NXC Series User's Guide 479 - ZyXEL NXC2500 | User Guide - Page 480
you how to remove a public key certificate in Google Chrome on Windows 7. 1 Open your web browser, click the menu icon, and click Settings. NXC Series User's Guide 480 - ZyXEL NXC2500 | User Guide - Page 481
Appendix C Importing Certificates 2 Scroll down and click Advanced to expand the menu. Under Privacy and security, click Manage certificates. 3 In the Certificates pop-up screen, click Trusted Root Certification Authorities. NXC Series User's Guide 481 - ZyXEL NXC2500 | User Guide - Page 482
first have to store the certificate in your computer and then install it as a Trusted Root CA, as shown in the following tutorials. NXC Series User's Guide 482 - ZyXEL NXC2500 | User Guide - Page 483
Appendix C Importing Certificates Export a Certificate 1 If your device's Web Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. Click Advanced. 2 Click View Certificate. NXC Series User's Guide 483 - ZyXEL NXC2500 | User Guide - Page 484
3 Click Details > Export. Appendix C Importing Certificates 4 Type a filename and click Save. Import a Certificate After storing the certificate in your computer, you need to import it in trusted root certification authorities using the following steps: NXC Series User's Guide 484 - ZyXEL NXC2500 | User Guide - Page 485
Appendix C Importing Certificates 1 Open Firefox and click Tools > Options. NXC Series User's Guide 485 - ZyXEL NXC2500 | User Guide - Page 486
Appendix C Importing Certificates 2 In the Options page, click Privacy & Security, scroll to the bottom of the page, and then click View Certificates. 3 In the Certificate Manager, click Authorities > Import. NXC Series User's Guide 486 - ZyXEL NXC2500 | User Guide - Page 487
CA to identify websites and click OK. Removing a Certificate in Firefox This section shows you how to remove a public key certificate in Firefox. NXC Series User's Guide 487 - ZyXEL NXC2500 | User Guide - Page 488
Appendix C Importing Certificates 1 Open Firefox and click Tools > Options. 2 In the Options page, click Privacy & Security, scroll to the bottom of the page, and then click View Certificates. NXC Series User's Guide 488 - ZyXEL NXC2500 | User Guide - Page 489
Manager, click Authorities and select the certificate you want to remove, Click Delete or Distrust. . 4 In the following dialog box, click OK. 5 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 490
to form an ad-hoc wireless LAN. Figure 266 Peer-to-Peer Communication in an Ad-hoc Network A B C BSS A Basic Service Set (BSS) exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point (AP). Intra-BSS traffic is - ZyXEL NXC2500 | User Guide - Page 491
Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an - ZyXEL NXC2500 | User Guide - Page 492
radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference. Interference occurs - ZyXEL NXC2500 | User Guide - Page 493
Wireless LANs RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or wireless size. NXC Series User's Guide 493 - ZyXEL NXC2500 | User Guide - Page 494
mode in order to communicate. IEEE 802.11g Wireless LAN IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point Keying) OFDM (Orthogonal Frequency Division Multiplexing) NXC Series User's Guide 494 - ZyXEL NXC2500 | User Guide - Page 495
User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients - ZyXEL NXC2500 | User Guide - Page 496
multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802 - ZyXEL NXC2500 | User Guide - Page 497
Appendix D Wireless LANs EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client. The wireless client 'proves' that it knows the password by encrypting the password with the challenge - ZyXEL NXC2500 | User Guide - Page 498
entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not - ZyXEL NXC2500 | User Guide - Page 499
(default is 1812), and the RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system. 1 The AP passes the wireless client's authentication request to the RADIUS server. NXC Series User's Guide 499 - ZyXEL NXC2500 | User Guide - Page 500
Appendix D Wireless LANs 2 The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly. 3 A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS server and the client. 4 The RADIUS server - ZyXEL NXC2500 | User Guide - Page 501
Wireless LANs Figure 271 WPA(2)-PSK Authentication Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management Dynamic WEP Key Disable Enable Disable Enable Disable NXC Series User's Guide 501 - ZyXEL NXC2500 | User Guide - Page 502
prefix. Link-local Address A link-local address uniquely identifies a device on the local network (the LAN). It is similar to a "private IP address" in IPv4. You can have the same link-local a "public IP address" in IPv4. A global unicast address starts with a 2 or 3. NXC Series User's Guide 502 - ZyXEL NXC2500 | User Guide - Page 503
In IPv6, multicast addresses provide the same functionality as IPv4 broadcast addresses. Broadcasting is not supported in IPv6. A multicast address allows a host to send packets to all hosts in a FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 NXC Series User's Guide 503 - ZyXEL NXC2500 | User Guide - Page 504
identifies a physical interface (for example, an Ethernet port) or a virtual interface (for example, the management IP address for a VLAN). One interface should have a unique interface ID. EUI-64 The EUI-64 all network interfaces can be associated with several addresses. NXC Series User's Guide 504 - ZyXEL NXC2500 | User Guide - Page 505
can manage a set to control the add the remote identification a user-defined LAN. The NXC uses the received IPv6 prefix (for example, 2001:db2::/48) to generate its LAN IP address. Through sending Router Advertisements (RAs) regularly by multicast, the NXC passes the IPv6 prefix information to its LAN - ZyXEL NXC2500 | User Guide - Page 506
Control adds the router's information to the neighbor cache, prefix list and destination cache. The NXC creates an entry in the default router list cache if the router can be used as a default not reachable, it starts the address resolution 's Internet Group Management Protocol version User's Guide 506 - ZyXEL NXC2500 | User Guide - Page 507
to IGMP snooping and IGMP proxy in IPv4. MLD filtering controls which multicast groups a port can join. MLD Messages A multicast Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 Series User's Guide 507 - ZyXEL NXC2500 | User Guide - Page 508
as service. 3 Select Start > Control Panel > Administrative Tools > Services. 4 Double click Dibbler - a DHCPv6 client. 5 Click Start and then OK. 6 Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 - ZyXEL NXC2500 | User Guide - Page 509
to save the change. 4 Click Close to exit the Local Area Connection Status screen. 5 Select Start > All Programs > Accessories > Command Prompt. 6 Use the ipconfig command to check your dynamic Mask 255.255.255.0 Default Gateway fe80::213:49ff:feaa:7125%11 172.16.100.254 NXC Series User's Guide 509 - ZyXEL NXC2500 | User Guide - Page 510
Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a Zyxel office for the region in which you bought the device. See https://www.zyxel.com/homepage.shtml and also https://www.zyxel.com - ZyXEL NXC2500 | User Guide - Page 511
/ Thailand • Zyxel Thailand Co., Ltd • https://www.zyxel.com/th/th/ Vietnam • Zyxel Communications Corporation-Vietnam Office • https://www.zyxel.com/vn/vi Europe Belarus • Zyxel BY • https://www.zyxel.by Belgium • Zyxel Communications B.V. • https://www.zyxel.com/be/nl/ NXC Series User's Guide 511 - ZyXEL NXC2500 | User Guide - Page 512
• https://www.zyxel.fr Germany • Zyxel Deutschland GmbH • https://www.zyxel.com/de/de/ Hungary • Zyxel Hungary & SEE • https://www.zyxel.com/hu/hu/ Italy • Zyxel Communications Italy • https://www.zyxel.com/it/it/ Latvia • Zyxel Latvia • https://www.zyxel.com/lv/lv/ NXC Series User's Guide 512 - ZyXEL NXC2500 | User Guide - Page 513
Czech s.r.o. organizacna zlozka • https://www.zyxel.com/sk/sk/ Spain • Zyxel Communications ES Ltd • https://www.zyxel.com/es/es/ Sweden • Zyxel Communications • https://www.zyxel.com/se/sv/ Switzerland • Studerus AG • https://www.zyxel.ch/de • https://www.zyxel.ch/fr NXC Series User's Guide 513 - ZyXEL NXC2500 | User Guide - Page 514
• https://www.zyxel.com/co/es/ Ecuador • Zyxel Communications Corporation • https://www.zyxel.com/co/es/ South America • Zyxel Communications Corporation • https://www.zyxel.com/co/es/ Middle East Israel • Zyxel Communications Corporation • http://il.zyxel.com/ NXC Series User's Guide 514 - ZyXEL NXC2500 | User Guide - Page 515
com/me/en/ North America USA • Zyxel Communications, Inc. - North America Headquarters • https://www.zyxel.com/us/en/ Oceania Australia • Zyxel Communications Corporation • https://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • https://www.zyxel.com/za/en/ NXC Series User's Guide 515 - ZyXEL NXC2500 | User Guide - Page 516
manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. Class B Products (NXC2500 for example): • This product - ZyXEL NXC2500 | User Guide - Page 517
B Products (NXC2500 for example): stumble over them. • Always disconnect all cables from this device before servicing or disassembling. • Do not remove the plug and connect it batteries according to the instruction. Dispose them at the applicable collection point for the recycling User's Guide 517 - ZyXEL NXC2500 | User Guide - Page 518
accessible. Class A Products Only (NXC5500 for example): • This device must be grounded by qualified service . Important Safety Instructions (Class A Products dangerous high voltage points or other risks NXC2500 for example) Zyxel mode power consumption < 0.5W, and/or Standby mode User's Guide 518 - ZyXEL NXC2500 | User Guide - Page 519
NXC5500 安全警告 110V AC 230V AC About the Symbols Various symbols are used in this product to ensure correct usage, to prevent danger to the user and others, and to prevent property damage. The meaning of these symbols are described below. It is important that you read these descriptions - ZyXEL NXC2500 | User Guide - Page 520
latest firmware at www.zyxel.com. If you cannot find it there, contact your vendor or Zyxel Technical Support at [email protected]. To obtain the source code covered under those Licenses, please contact your vendor or Zyxel Technical Support at [email protected]. NXC Series User's Guide 520 - ZyXEL NXC2500 | User Guide - Page 521
, see DN DN 304, 306, 307 password 308 port 307, 310, 311 search time limit 308 SSL 307 AAA server 302 AD 304 and users 239 directory service 302 LDAP 302, 304 local user database 303 RADIUS 303, 304 RADIUS default 309 RADIUS group 309 see also RADIUS access 33 access users 238, 240 idle timeout 248 - ZyXEL NXC2500 | User Guide - Page 522
expired 317 factory-default 317 file formats Guide 2 cold start 24 commands 23 sent by Web Configurator 38 Common Event Format (CEF) 379, 386 common services managing 392 startup-config.conf 395 startup-config-bad.conf 393 syntax 391 system-default.conf 395 uploading 396 NXC Series User's Guide 522 - ZyXEL NXC2500 | User Guide - Page 523
Service Set, See ESS 491 F FCC interference statement 516 file extensions configuration files 390 shell scripts 390 file manager 390 Firefox 33 firewall 230 actions 235 and address groups 234 and address objects 234 and NAT 232 and schedules 234 and service groups 235 NXC Series User's Guide - ZyXEL NXC2500 | User Guide - Page 524
services 235 and user groups 234, 237 and users 234, 237 and zones 230, 233 asymmetrical routes 231, 232 global rules 231 priority 233 rule criteria 231 session limits 231, 235 stateful inspection 230 triangle routes 231, 232 firmware 19 ports 19 Guide CLI Reference 2 management 174 default - ZyXEL NXC2500 | User Guide - Page 525
VLAN, see also VLAN interfaces. Internet Control Message Protocol, see ICMP Internet Explorer password 308 port 307, 310, 311 search time limit 308 SSL 307 LED suppression mode 87, 97, 122, 129 licensing 116 Lightweight Directory Access Protocol, see LDAP load balancing 137 local user User's Guide 525 - ZyXEL NXC2500 | User Guide - Page 526
275 mac role 255 Management Information Base (MIB) services and service groups 293 users, user groups 238 Online Certificate Status Protocol (OCSP) 330 vs CRL 330 operating mode 182 and interfaces 182 and schedules 182 and user groups 181 and users 181 benefits 177 criteria 178 pop-up windows - ZyXEL NXC2500 | User Guide - Page 527
types 496 messages 496 shared secret key 496 RADIUS server 371 reboot 24, 424 vs reset 424 Reference Guide, CLI 2 registration 116 product 520 Relative Distinguished Name (RDN) 304, 306, 307 Remote Authentication Dial-In User Service, see RADIUS remote management FTP, see FTP Telnet 364 WWW, see WWW - ZyXEL NXC2500 | User Guide - Page 528
time servers (default) 338 trademarks 516 traffic statistics 75 Transmission Control Protocol, see TCP Transport Layer Security (TLS) 366 triangle routes 231 allowing through the firewall 232 troubleshooting 401, 413, 427 Trusted Certificates, see also certificates 325 NXC Series User's Guide 528 - ZyXEL NXC2500 | User Guide - Page 529
, see also access users admin (type) 238 admin, see also admin users and AAA servers 239 and authentication method objects 239 and firewall 234, 237 and LDAP 239 and policy routes 181 and RADIUS 239 and service control 346 attributes for Ext-User 239 currently logged in 60, 66 default lease time 248 - ZyXEL NXC2500 | User Guide - Page 530
wireless client WPA supplicants 499 Wireless load balancing 119 wireless security 495 Wizard Setup 47 WLAN interference 492 security parameters 501 WPA 258, 498 key caching 499 pre-authentication 499 user authentication 499 vs WPA-PSK 499 wireless client supplicant 499 with RADIUS Index default 20
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
-
503
-
504
-
505
-
506
-
507
-
508
-
509
-
510
-
511
-
512
-
513
-
514
-
515
-
516
-
517
-
518
-
519
-
520
-
521
-
522
-
523
-
524
-
525
-
526
-
527
-
528
-
529
-
530
 |
 |
Default Login Details
User’s Guide
NXC Series
Wireless LAN Controller
Copyright © 2019 Zyxel Communications Corporation
LAN IP Address
User Name
admin
Password
1234
Version 6.0 Edition 1, 10/2019