ZyXEL Communications NWA3160 User Manual
Chapter 3 Tutorial
ZyXEL NWA-3160 Series User’s Guide
58
• Try to access each network using the correct security settings, and then using incorrect
security settings, such as the WPA-PSK for another active network. If the behavior is
different from expected (for example, if you can access the VoIP wireless network using
the security settings for the Guest_SSID wireless network) check that the SSID profile is
set to use the correct security profile, and that the settings of the security profile are
correct.
different from expected (for example, if you can access the VoIP wireless network using
the security settings for the Guest_SSID wireless network) check that the SSID profile is
set to use the correct security profile, and that the settings of the security profile are
correct.
• Access the Guest_SSID network and try to access other resources than those specified in
the Layer 2 Isolation (l2isolation01) profile screen.
You can use the ping utility to do this. Click Start > Run... and enter “cmd” in the Open:
field. Click OK. At the c:\> prompt, enter “ping 192.168.1.10” (substitute the IP address
of a real device on your network that is not on the layer 2 isolation list). If you receive a
reply, check the settings in the WIRELESS > Layer-2 Isolation > Edit screen, and
ensure that the correct layer 2 isolation profile is enabled in the Guest_SSID profile
screen.
You can use the ping utility to do this. Click Start > Run... and enter “cmd” in the Open:
field. Click OK. At the c:\> prompt, enter “ping 192.168.1.10” (substitute the IP address
of a real device on your network that is not on the layer 2 isolation list). If you receive a
reply, check the settings in the WIRELESS > Layer-2 Isolation > Edit screen, and
ensure that the correct layer 2 isolation profile is enabled in the Guest_SSID profile
screen.
3.3 How to Set Up and Use Rogue AP Detection
This example shows you how to configure the rogue AP detection feature on the ZyXEL
Device.
Device.
"
This feature is available on the NWA-3160 and NWA-3163 only.
A rogue AP is a wireless access point operating in a network’s coverage area that is not a
sanctioned part of that network. The example also shows how to set the ZyXEL Device to send
out e-mail alerts whenever it detects a rogue wireless access point. See
sanctioned part of that network. The example also shows how to set the ZyXEL Device to send
out e-mail alerts whenever it detects a rogue wireless access point. See
for background information on the rogue AP function and security considerations.
In this example, you want to ensure that your company’s data is not accessible to an attacker
gaining entry to your wireless network through a rogue AP.
Your wireless network operates in an office building. It consists of four access points (all
ZyXEL Devices) and a variable number of wireless clients. You also know that the coffee shop
on the ground floor has a wireless network consisting of a single access point, which can be
detected and accessed from your floor of the building. There are no other static wireless
networks in your coverage area.
The following diagram shows the wireless networks in your area. Your access points are
marked A, B, C and D. You also have a network mail/file server, marked E, and a computer,
marked F, connected to the wired network. The coffee shop’s access point is marked 1.
In this example, you want to ensure that your company’s data is not accessible to an attacker
gaining entry to your wireless network through a rogue AP.
Your wireless network operates in an office building. It consists of four access points (all
ZyXEL Devices) and a variable number of wireless clients. You also know that the coffee shop
on the ground floor has a wireless network consisting of a single access point, which can be
detected and accessed from your floor of the building. There are no other static wireless
networks in your coverage area.
The following diagram shows the wireless networks in your area. Your access points are
marked A, B, C and D. You also have a network mail/file server, marked E, and a computer,
marked F, connected to the wired network. The coffee shop’s access point is marked 1.