User Guide
Page 19
... the network and enforce security policies efficiently. It also provides captive portal configuration, NAT, port forwarding, policy routing, DHCP server, extensive wireless AP control options, and many other powerful features. Use zones to apply security settings such as firewall. (LAN) Interfaces (Ethernet, VLAN) Physical Ethernet Ports Interfaces are mapped to ge2 and so on. • The default LAN IP address is 192.168.1.1. • The default administrator login user name and password are "admin" and "1234" respectively. 1.2 Zones, Interfaces, and Physical Ports...
... the network and enforce security policies efficiently. It also provides captive portal configuration, NAT, port forwarding, policy routing, DHCP server, extensive wireless AP control options, and many other powerful features. Use zones to apply security settings such as firewall. (LAN) Interfaces (Ethernet, VLAN) Physical Ethernet Ports Interfaces are mapped to ge2 and so on. • The default LAN IP address is 192.168.1.1. • The default administrator login user name and password are "admin" and "1234" respectively. 1.2 Zones, Interfaces, and Physical Ports...
User Guide
Page 42
...system log, e-mail logs, and remote syslog servers. 3.3.2.4 Maintenance Menu Use the maintenance menu screens to upload firmware. Certificate My Certificates Create and manage the NXC's certificates. Console Speed Console Speed Set the console speed. DNS DNS Configure the DNS server and address records for the NXC. IPv6 IPv6 Enables or disables IPv6 support on the NXC. DHCPv6 Request Configure DHCPv6 request type objects. Language Language Select the Web Configurator language. LDAP Configure the default LDAP settings. Method Authentication...
...system log, e-mail logs, and remote syslog servers. 3.3.2.4 Maintenance Menu Use the maintenance menu screens to upload firmware. Certificate My Certificates Create and manage the NXC's certificates. Console Speed Console Speed Set the console speed. DNS DNS Configure the DNS server and address records for the NXC. IPv6 IPv6 Enables or disables IPv6 support on the NXC. DHCPv6 Request Configure DHCPv6 request type objects. Language Language Select the Web Configurator language. LDAP Configure the default LDAP settings. Method Authentication...
User Guide
Page 47
...; Country code • Time zone • Daylight saving • IP address • VLAN interfaces 2 For managed APs: • Radio settings • SSID profiles 4.2.1 Step 1 Password and Time Settings Use this screen to configure the NXC's system password, time zone and daylight savings time. NXC Series User's Guide 47 For subsequent logins, click the Wizard icon at the top of any Web Configurator screen. 4.2 Using the Wizard This wizard helps you reset the NXC to its default configuration, the wizard screens...
...; Country code • Time zone • Daylight saving • IP address • VLAN interfaces 2 For managed APs: • Radio settings • SSID profiles 4.2.1 Step 1 Password and Time Settings Use this screen to configure the NXC's system password, time zone and daylight savings time. NXC Series User's Guide 47 For subsequent logins, click the Wizard icon at the top of any Web Configurator screen. 4.2 Using the Wizard This wizard helps you reset the NXC to its default configuration, the wizard screens...
User Guide
Page 60
... to which the interface is . The Ethernet interface is enabled and connected. The Ethernet interface is disabled. This field displays what type of users currently logged in to view details about the status of the users who are currently open on what percentage of the NXC's RAM is currently being used . This field displays the number of the interface or slot. Click this link to open appear grayed out...
... to which the interface is . The Ethernet interface is enabled and connected. The Ethernet interface is disabled. This field displays what type of users currently logged in to view details about the status of the users who are currently open on what percentage of the NXC's RAM is currently being used . This field displays the number of the interface or slot. Click this link to open appear grayed out...
User Guide
Page 71
... updated. To access this screen to look at packet statistics for each Gigabit Ethernet port. This field displays the number of packets transmitted from updating automatically. NXC Series User's Guide 71 Chapter 6 Monitor 6.3 Port Statistics Use this screen, click Monitor > System Status > Port Statistics. Down - This field displays the port's number in this window to display the port statistics as a line graph. The physical port is not connected...
... updated. To access this screen to look at packet statistics for each Gigabit Ethernet port. This field displays the number of packets transmitted from updating automatically. NXC Series User's Guide 71 Chapter 6 Monitor 6.3 Port Statistics Use this screen, click Monitor > System Status > Port Statistics. Down - This field displays the port's number in this window to display the port statistics as a line graph. The physical port is not connected...
User Guide
Page 74
... Connect to try to the network. NXC Series User's Guide 74 For Ethernet interfaces: Inactive - Speed / Duplex - This field displays the current IP address (and subnet mask) of its member Ethernet interfaces is disabled or does not have similar fields as described below. Click Renew to send a new DHCP request to the network. See Appendix E on what type of each interface. Static - Services Action Interface Statistics Refresh Name DHCP Client - Use this button to update...
... Connect to try to the network. NXC Series User's Guide 74 For Ethernet interfaces: Inactive - Speed / Duplex - This field displays the current IP address (and subnet mask) of its member Ethernet interfaces is disabled or does not have similar fields as described below. Click Renew to send a new DHCP request to the network. See Appendix E on what type of each interface. Static - Services Action Interface Statistics Refresh Name DHCP Client - Use this button to update...
User Guide
Page 75
... Tx B/s Rx B/s Inactive - NXC Series User's Guide 75 The Ethernet interface is . For example: • Most-visited Web sites and the number of traffic on the interface since it manually in some cases because the NXC counts HTTP GET packets. • Most-used protocols or service ports and the amount of times each one was last connected. You use the Traffic Statistics screen to...
... Tx B/s Rx B/s Inactive - NXC Series User's Guide 75 The Ethernet interface is . For example: • Most-visited Web sites and the number of traffic on the interface since it manually in some cases because the NXC counts HTTP GET packets. • Most-used protocols or service ports and the amount of times each one was last connected. You use the Traffic Statistics screen to...
User Guide
Page 87
... Monitor > Wireless > AP Information > AP List (continued) LABEL DESCRIPTION Keyword Search Enter a keyword to display the APs that include it in their AP information, such as model number, firmware version, MAC address and so on the radio which is working in repeater AP mode. This field is not available if the selected AP doesn't support suppression mode. Upgrade Firmware Now Note: The AP will be set whether the...
... Monitor > Wireless > AP Information > AP List (continued) LABEL DESCRIPTION Keyword Search Enter a keyword to display the APs that include it in their AP information, such as model number, firmware version, MAC address and so on the radio which is working in repeater AP mode. This field is not available if the selected AP doesn't support suppression mode. Upgrade Firmware Now Note: The AP will be set whether the...
User Guide
Page 92
... is connected to access and manage the discovered device using the web configurator. Ethernet Neighbor Local Port(Description) This field displays the port of the discovered device. Model Name This field displays the model name of the AP, on the port. Port(Description) This field displays the discovered device's port which is activated. Click OK to save your changes back to close the window with changes unsaved. 6.11.2 Edit AP List Use...
... is connected to access and manage the discovered device using the web configurator. Ethernet Neighbor Local Port(Description) This field displays the port of the discovered device. Model Name This field displays the model name of the AP, on the port. Port(Description) This field displays the discovered device's port which is activated. Click OK to save your changes back to close the window with changes unsaved. 6.11.2 Edit AP List Use...
User Guide
Page 99
... the window with changes unsaved. 6.11.2.3 VLAN Add/Edit Use this screen, select a port and click the Edit button in the following table. AP List > Edit AP List screen. To access this screen to create a new VLAN or configure an existing VLAN on the managed AP and configure the port's PVID. Table 41 Monitor > Wireless > AP Information > AP List > > Edit AP List > Edit Port LABEL DESCRIPTION General Settings Enable Port Properties...
... the window with changes unsaved. 6.11.2.3 VLAN Add/Edit Use this screen, select a port and click the Edit button in the following table. AP List > Edit AP List screen. To access this screen to create a new VLAN or configure an existing VLAN on the managed AP and configure the port's PVID. Table 41 Monitor > Wireless > AP Information > AP List > > Edit AP List > Edit Port LABEL DESCRIPTION General Settings Enable Port Properties...
User Guide
Page 107
... of wireless clients which are currently connected to the SSID using the 2.4 GHz frequency band, Click the number to go to the associated stations (or "wireless clients"). Click Monitor > Wireless > Station Info > Station List to access this screen to view statistics pertaining to the Station Info > Station List screen. NXC Series User's Guide 107 See Section 6.15 on this page. 6.15 Station List Use this screen. SSID This...
... of wireless clients which are currently connected to the SSID using the 2.4 GHz frequency band, Click the number to go to the associated stations (or "wireless clients"). Click Monitor > Wireless > Station Info > Station List to access this screen to view statistics pertaining to the Station Info > Station List screen. NXC Series User's Guide 107 See Section 6.15 on this page. 6.15 Station List Use this screen. SSID This...
User Guide
Page 149
... example, if you connect your changes back to an IPv6 network. In the IPv4 network, this screen also shows whether the IP address is a static IP address (STATIC) or dynamically assigned (DHCP). To turn on page 502 for IPv4 network settings. Click Reset to return the screen to open a screen that uses the object whenever the interface's IP address settings change LAN's IP address, the NXC automatically updates the corresponding interface-based, LAN subnet address object. See Appendix...
... example, if you connect your changes back to an IPv6 network. In the IPv4 network, this screen also shows whether the IP address is a static IP address (STATIC) or dynamically assigned (DHCP). To turn on page 502 for IPv4 network settings. Click Reset to return the screen to open a screen that uses the object whenever the interface's IP address settings change LAN's IP address, the NXC automatically updates the corresponding interface-based, LAN subnet address object. See Appendix...
User Guide
Page 192
... address - Use the drop-down box lists all the destination ports. The private and public ranges must have the same number of IP addresses. any for Many 1:1 NAT. So for unknown services or when one server supports more than one destination port. Type the translated destination IP address that this NAT rule supports a range of destination ports. Service - this NAT rule supports. Virtual Server - If you could enter a static public IP assigned by the specified service(s). User...
... address - Use the drop-down box lists all the destination ports. The private and public ranges must have the same number of IP addresses. any for Many 1:1 NAT. So for unknown services or when one server supports more than one destination port. Type the translated destination IP address that this NAT rule supports a range of destination ports. Service - this NAT rule supports. Virtual Server - If you could enter a static public IP assigned by the specified service(s). User...
User Guide
Page 230
... of concurrent NAT/firewall sessions a client can use static port numbers. This also includes traffic to or from one zone is not allowed unless it is initiated by screening data packets against defined access rules. CHAPTER 17 Firewall 17.1 Overview Use the firewall to block or allow services that use . 17.1.2 What You Need to Know The following terms and concepts may help as the To...
... of concurrent NAT/firewall sessions a client can use static port numbers. This also includes traffic to or from one zone is not allowed unless it is initiated by screening data packets against defined access rules. CHAPTER 17 Firewall 17.1 Overview Use the firewall to block or allow services that use . 17.1.2 What You Need to Know The following terms and concepts may help as the To...
User Guide
Page 303
RADIUS Server RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol used to authenticate users by the NXC The following lists the types of authentication server the NXC supports. • Local user database The NXC uses the built-in addition to) an internal device user database that is limited to the memory capacity of users from a central location. NXC Series User's Guide 303 Figure 178 RADIUS Server Network Example Authentication Capability List This list displays the NXC's authentication capabilities...
RADIUS Server RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol used to authenticate users by the NXC The following lists the types of authentication server the NXC supports. • Local user database The NXC uses the built-in addition to) an internal device user database that is limited to the memory capacity of users from a central location. NXC Series User's Guide 303 Figure 178 RADIUS Server Network Example Authentication Capability List This list displays the NXC's authentication capabilities...
User Guide
Page 369
... manager. Trap Community Type the trap community, which IP addresses the access can come and configure user profiles that service for a service if needed, however you must use that define allowed SNMPv3 access. Destination Type the IP address of the SNMP manager to access the NXC using this screen. To change the server port number for remote management. The default is the password sent with the IP address that matches the IP address(es) in the Service Control...
... manager. Trap Community Type the trap community, which IP addresses the access can come and configure user profiles that service for a service if needed, however you must use that define allowed SNMPv3 access. Destination Type the IP address of the SNMP manager to access the NXC using this screen. To change the server port number for remote management. The default is the password sent with the IP address that matches the IP address(es) in the Service Control...
User Guide
Page 428
...'s connection to the Ethernet jack with Internet access. I can be broken by the maximum number of each type of interface names other routes that they are vlan0, vlan1, vlan2, ...; Each name consists of 2-4 letters (interface type), followed by a number (x, limited by an attacker, using widely-available software. Its encryption can 't enter the interface name I configured. The NXC checks the policy routes in its default bridge mode, ensure that you use a more effective security mechanism...
...'s connection to the Ethernet jack with Internet access. I can be broken by the maximum number of each type of interface names other routes that they are vlan0, vlan1, vlan2, ...; Each name consists of 2-4 letters (interface type), followed by a number (x, limited by an attacker, using widely-available software. Its encryption can 't enter the interface name I configured. The NXC checks the policy routes in its default bridge mode, ensure that you use a more effective security mechanism...
User Guide
Page 499
... wireless clients. WPA(2) with RADIUS Application Example To set up a key hierarchy and management system, using an external RADIUS database. At the time of the RADIUS server, its port number (default is designed to prevent an attacker from capturing data packets, altering them and resending them. This all wireless devices. If they do not match, it . "DS" is wirelessly communicated between the two is the software that runs on a WiFi network than WEP...
... wireless clients. WPA(2) with RADIUS Application Example To set up a key hierarchy and management system, using an external RADIUS database. At the time of the RADIUS server, its port number (default is designed to prevent an attacker from capturing data packets, altering them and resending them. This all wireless devices. If they do not match, it . "DS" is wirelessly communicated between the two is the software that runs on a WiFi network than WEP...
User Guide
Page 523
... address objects 234 and NAT 232 and schedules 234 and service groups 235 NXC Series User's Guide 523 dynamic WEP key exchange 497 E D date 335 daylight savings 337 DCS 119 default interfaces and zones 20 port mapping 19 device introduction 19 DHCP 175, 334 and DNS servers 175 and domain name 334 and interfaces 175 client list 64 pool 175 static DHCP 175 diagnostics 401, 413 directory 302 directory service 302 file...
... address objects 234 and NAT 232 and schedules 234 and service groups 235 NXC Series User's Guide 523 dynamic WEP key exchange 497 E D date 335 daylight savings 337 DCS 119 default interfaces and zones 20 port mapping 19 device introduction 19 DHCP 175, 334 and DNS servers 175 and domain name 334 and interfaces 175 client list 64 pool 175 static DHCP 175 diagnostics 401, 413 directory 302 directory service 302 file...
User Guide
Page 529
... firewall 234, 237 and LDAP 239 and policy routes 181 and RADIUS 239 and service control 346 attributes for Ext-User 239 currently logged in 60, 66 default lease time 248, 250 default reauthentication time 248, 250 default type for Ext-User 239 ext-group-user (type) 239 Ext-User (type) 239 ext-user (type) 239 groups, see user groups guest (type) 238 guest-manager (type) 239 lease time 244 limited-admin (type) 238 lockout 249 mac-address (type) 239 reauthentication time 244 types...
... firewall 234, 237 and LDAP 239 and policy routes 181 and RADIUS 239 and service control 346 attributes for Ext-User 239 currently logged in 60, 66 default lease time 248, 250 default reauthentication time 248, 250 default type for Ext-User 239 ext-group-user (type) 239 Ext-User (type) 239 ext-user (type) 239 groups, see user groups guest (type) 238 guest-manager (type) 239 lease time 244 limited-admin (type) 238 lockout 249 mac-address (type) 239 reauthentication time 244 types...