ZyXEL Communications 3.1 User Manual

Chapter 6 Interfaces

ZyWALL (ZLD) CLI Reference Guide

[no] mtu <576..2304>

Specifies the Maximum Transmission Unit, which is the maximum number of bytes 
in each packet moving through this interface. The ZyWALL divides larger packets 
into smaller fragments. The 

no

 command resets the MTU to 1500.

reauth <30..30000>

Sets the WPA2 reauthentication timer. This is at what interval wireless stations 
have to resend usernames and passwords in order to stay connected. If a RADIUS 
server authenticates wireless stations, the reauthentication timer on the RADIUS 
server has priority. 

security mode {none | wep | 

wpa | wpa-wpa2 | wpa2}

Sets what type of security the wireless interface uses.

none

: applies no security. 

wep

: WEP security (extremely weak).

wpa

: WPA security.

wpa-wpa2

: WPA/WPA2-Enterprise or WPA/WPA2-PSK security.

wpa2

: WPA2 security (strongest option).

security wep <64 | 128> 

default-key <1..4>

Sets WEP encryption to use a 64 or 128 bit key and selects the default key.

security wep mode <open | 

share>

Sets the WEP encryption to use open or shared key authentication.

security wpa <tkip | aes> eap 

internal profile-name  tls-

cert certificate name

Configures WPA enterprise security using TKIP or AES and an existing AAA 
authentication method object (profile-name). Set the certificate the ZyWALL 
uses to authenticate itself to the wireless clients. The wireless clients must use 
TTLS authentication protocol and PAP inside the TTLS secure tunnel. 

security wpa <tkip | aes> eap 

external

Configures WPA enterprise security using TKIP or AES and an external server. Use 
the security external command to specify the server’s address.

security wpa <tkip | aes> psk 

key psk-key

Configures WPA security using TKIP or AES and a Pre-Shared Key (PSK).

security wpa-wpa2 <tkip | 

aes> eap internal profile-

name  tls-cert certificate 

This allows users to either use WPA or WPA2 enterprise security to connect to the 
wireless interface. You have to also configure to use either TKIP or AES and an 
existing AAA authentication method object (profile-name). Set the certificate the 
ZyWALL uses to authenticate itself to the wireless clients. The wireless clients 
must use TTLS authentication protocol and PAP inside the TTLS secure tunnel. 

security wpa-wpa2 <tkip | 

aes> eap external

Configures WPA or WPA2 enterprise security using TKIP or AES and an external 
server. Use the security external command to specify the server’s address.

security wpa-wpa2 <tkip | 

aes> psk key psk-key

Configures WPA or WPA2 security using TKIP or AES and a Pre-Shared Key (PSK).

security wpa2 <tkip | aes> 

eap internal profile-name  

tls-cert certificate name

Configures WPA2 enterprise security using TKIP or AES and an existing AAA 
authentication method object (profile-name). Select the certificate the ZyWALL 
uses to authenticate itself to the wireless clients. The wireless clients must use 
TTLS authentication protocol and PAP inside the TTLS secure tunnel. 

security wpa2 <tkip | aes> 

eap external

Configures WPA2 enterprise security using TKIP or AES and an external server. 
Use the security external command to specify the server’s address.

security wpa2 <tkip | aes> 

psk key psk-key

Configures WPA2 security using TKIP or AES and a Pre-Shared Key (PSK).

[no] security dot1x acct ip 

port <1..65535>

Sets the IP address and port number of an external accounting server. 

[no] security dot1x auth ip 

port <1..65535>

Sets the IP address and port number of an external authentication (RADIUS) 
server.

[no] security dot1x activate

Enables IEEE 802.1x accounting and authentication.

[no] security external acct 

ip port <1..65535>

Sets the IP address and port number of an external accounting server.

WLAN Interface Commands (continued)