Page 131 / 300
Scroll up to view Page 126 - 130
Chapter 16 Interface Group
P-663HN-51 User’s Guide
131
16.3
Adding an Interface Group
Click
Advanced Setup
> Interface Groups > Add
to open the following
screen. Use this screen to map ports to PVCs and create bridging groups.
Figure 63
Advanced Setup > Interface Groups > Add
The following table describes the labels in this screen.
Table 49
Advanced Setup > Interface Groups > Add
LABEL
DESCRIPTION
Group Name
Configure a name to identify the group.
Grouped
Interfaces
Available
Interfaces
Select interfaces to add to the group.
Page 132 / 300
Chapter 16 Interface Group
P-663HN-51 User’s Guide
132
Automatically Add
Clients With the
following DHCP
Vendor IDs
If you want LAN clients to get public IP addresses, you can list their
DHCP vendor IDs here.
Save/Apply
Click this button to save the changes and have the ZyXEL Device start
using them.
Table 49
Advanced Setup > Interface Groups > Add (continued)
LABEL
DESCRIPTION
Page 133 / 300
P-663HN-51 User’s Guide
133
C
HAPTER
17
Certificates
17.1
Overview
This chapter describes how your ZyXEL Device can use certificates as a means of
authenticating wireless clients. It gives background information about public-key
certificates and explains how to use them.
A certificate contains the certificate owner’s identity and public key. Certificates
provide a way to exchange public keys for use in authentication.
Figure 64
Certificates Example
In the figure above, the ZyXEL Device (Z) checks the identity of the notebook (A)
using a certificate before granting it access to the network.
17.1.1
What You Can Do in the Certificates Screens
•
Use the
Trusted CAs
screens (
Section 17.2 on page 134
) to save CA
certificates to the ZyXEL Device.
17.1.2
What You Need to Know About Certificates
Certification Authority
A Certification Authority (CA) issues certificates and guarantees the identity of
each certificate owner. There are commercial certification authorities like
CyberTrust or VeriSign and government certification authorities. You can use the
ZyXEL Device to generate certification requests that contain identifying
information and public keys and then send the certification requests to a
certification authority.
Page 134 / 300
Chapter 17 Certificates
P-663HN-51 User’s Guide
134
Certificate File Formats
The certification authority certificate that you want to import has to be in one of
these file formats:
•
Binary X.509: This is an ITU-T recommendation that defines the formats for
X.509 certificates.
•
PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses
lowercase letters, uppercase letters and numerals to convert a binary X.509
certificate into a printable form.
•
Binary PKCS#7: This is a standard that defines the general syntax for data
(including digital signatures) that may be encrypted. The ZyXEL Device
currently allows the importation of a PKS#7 file that contains a single
certificate.
•
PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses
64 ASCII characters to convert a binary PKCS#7 certificate into a printable
form.
Finding Out More
See
Section 17.3 on page 137
for technical background information on
certificates.
17.2
Trusted CA Certificates Screen
This screen displays a summary list of certificates of the certification authorities
that you have set the ZyXEL Device to accept as trusted. The ZyXEL Device
accepts any valid certificate signed by a certification authority on this list as being
trustworthy; thus you do not need to import any certificate that is signed by one
of these certification authorities. Click
Advanced Setup > Certificate
to open
the following screen.
Figure 65
Trusted CAs
Page 135 / 300
Chapter 17 Certificates
P-663HN-51 User’s Guide
135
The following table describes the labels in this screen.
Table 50
Trusted CAs
LABEL
DESCRIPTION
Name
This field displays the name used to identify this certificate.
Subject
This field displays identifying information about the certificate’s owner,
such as CN (Common Name), OU (Organizational Unit or department),
O (Organization or company) and C (Country). It is recommended that
each certificate have unique subject information.
Type
This field displays general information about the certificate. CA-signed
means that a Certification Authority signed the certificate. Self-signed
means that the certificate’s owner signed the certificate (not a
certification authority).
“X.509” means that this certificate was created
and signed according to the ITU-T X.509 recommendation that defines
the formats for public-key certificates.
Action
Click
View
to see an imported CA certificate’s details.
Click
Remove
to delete the imported CA certificate from the ZyXEL
Device.
Import
Certificate
Click this to open a screen where you can save the certificate of a
certification authority that you trust, from your computer to the ZyXEL
Device.