NWA50AX-Pro Access Point Issues

Options
GeekDad
GeekDad Posts: 10  Freshman Member
First Comment Friend Collector
edited July 19 in Wireless

I've encountered several issues while configuring the Zyxel NWA50AX-Pro access point via Local Web Interface (browser - Chrome). I don't know if this relates to the browser and/or Nebula (which I don't use) as well.

1 - In an earlier post I noted the NWA50AX-Pro won't connect via https without browser warnings. I've been a long time user of routers from a brand name source (with HQ in San Jose, CA – name withheld) and NEVER had warnings trying to access the router out of the box. I am (still) addressing that issue separately.

2 - DHCP vs. Static IP address. Assigning a static IP works fine. Selecting DHCP works BUT DOES NOT occupy the IP address assigned in the router for the MAC address (BASE MAC) of the access point. Note the access point utilizes a range (three) MAC addresses - the 'MAC BASE' (lowest and the one on the package box, "MAC BASE + 1' for the 2.4GHZ radio and "MAC BASE + 2' for the 5GHZ radio. EVERY other device (printer, NAS, PCs, TVs, Amazon devices, VOIP adapter, various IoT devices, etc.) ALWAYS occupies the IP address assigned in the router LAN table. The Zyxel NWA50AX-Pro access point DOES NOT.

3 - I left the default 2.4 GHz and 5 GHz channels (6 and 44 respectively) when I first brought the access point online. When I tried to change these default channels, the Zyxel NWA50AX-Pro access point was stubborn to change - I could edit/update the channel but wouldn't actually change after the edit. I had to reboot the unit before it would accept any change to the 5 GHz channel (first listed). When I tried on the 2.4 GHz channel (second listed), I experienced the same issue. I had to reboot the unit before it would accept any change to the 2.4 GHz channel. WHY?

4 - There are names for the radios 'Wiz_Radio_xG'. There are means for editing these names but the edits never seem to apply and remain at the default names for the radio. Why allow edits if they are NOT USED?

All Replies

  • PeterUK
    PeterUK Posts: 3,893  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited July 19

    I have no problems here with DHCP and the NWA50AX-PRO get the IP I set on USG60W

    You may find it best not to use the wizard and skip on default setup note the AP will be set to open under default

  • GeekDad
    GeekDad Posts: 10  Freshman Member
    First Comment Friend Collector

    @PeterUK thanks for the direction on the first item. I finally got the https working by entering the IP address. But that raises other questions.

    -1a Why does the certificate validity time go from 10 years (default using MAC address) to 3 years (using IP address)?

    -1b I created a second certificate. The first certificate had object references to Auth.Server, FTP, HTTPS and SSH. I was able to migrate the FTP, HTTPS and SSH object references to the new (second) certificate. I am unable to delete the first certificate as the Auth.Server object reference is still tied to 'something'. Where can I change that 'something'?

    I maintain that the IP address reserved for the NWA50AX-Pro access point MAC address in my router will NOT utilize that IP address if I select Auto (DHCP) in the wizard. Where I can I manually set the uplink connection it in the standalone management mode (i.e. browser)?

  • PeterUK
    PeterUK Posts: 3,893  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited July 20

    3 years is just the default when making certificate on the AP to make a 10 year on you can get

    blank.gif

    Win32/Win64 OpenSSL

  • PeterUK
    PeterUK Posts: 3,893  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited July 20

    3 years is just the default when making certificate on the AP to make a 10 year one you can get Win32/Win64 OpenSSL

    https://slproweb.com/products/Win32OpenSSL.html

    then do
    
openssl genrsa -des3 -out domain.key 2048
    
openssl req -key domain.key -new -out domain.csr
    
openssl x509 -signkey domain.key -in domain.csr -req -days 3650 -out domain.crt
    
openssl pkcs12 -export -out domain.pfx -inkey domain.key -in domain.crt

    or

    then do
openssl req -new -nodes -keyout domain.key -out domain.csr
openssl x509 -signkey domain.key -in domain.csr -req -days 3650 -out domain.crt
certutil –MergePFX domain.crt domain.pfx

    Then import the domain.pfx to the AP with password

    not sure you can change Auth.Server to another certificate…

    Edit

    run SSH

    configure terminal

    auth-server cert "name of cert"

    write

    What IP is the AP getting and what IP have you set the router to give the AP?

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,529  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @GeekDad

    1. Just a reminder that @Zyxel_Judy has provided the answer.
      https://community.zyxel.com/en/discussion/comment/78333#Comment_78333
    2. If you mean the NWA50AX-PRO can get the DHCP IP from your router, this could be because some option causes the AP discard the offer packet. Please help to:
      1. Connect the AP to your router directly.
      2. Do not change the management VLAN from 1 to other VLANs if your router doesn't support VLAN function.
    3. I didn't encounter this issue with the latest firmware version V7.10(2).
      1. My change steps:
        1. Go to Menu > Configuration > Wireless > AP management > WLAN setting > Radio Profile > edit > Channel Selection.
        2. Click OK and then go to Menu > Monitor > Wireless > AP Information > Radio list and found the channel is changed.
      2. Could you share how did you set and how did you check?
    4. I also didn't encounter this issue with the latest firmware version V7.10(2). Could you share how did you set and how did you check? If you create a new SSID, you need to change the SSID profile in the MBSSID settings and click the apply button. image.png
    Zyxel Melen


  • GeekDad
    GeekDad Posts: 10  Freshman Member
    First Comment Friend Collector

    @Zyxel_Melen

    The original @Zyxel_Judy post points me to installing the certificate to Windows.

    The certificate MUST use the user's intended IP address and NOT the MAC address the default certificate in the access point is setup for. The certificate generated from the access point MUST ALSO be added in the access point's 'Trusted Certificate'. This also reduced the certificate from 10 years to 3 years by changing to an IP address. Additional steps of contortion is needed to change the certificate range validity. WHY??? FYI - @PeterUK was extremely helpful with all of this.

    It is also IMPOSSIBLE to delete the original default certificate because it remains tied to 'Auth.Server' object.

    Using the standalone (local web Interface) management mode, I suspect most of my issues stem from using the wizard which are populated with settings that are difficult to modify. For instance, if I click on:

    RadioEdit.jpg

    there is nothing I can modify except channel which required multiple reboots.

    'Hiding' near the top of the screen just under 'WLAN Setting' is 'Create new Object':

    Object.jpg

    as the 'Edit' icon does nothing. One can actually add a name there:

    RadioProfile.jpg

    The next is:

    MBSSIDEdit.jpg

    which near the top of the pop-up window has 'Create New Object' which all but hides its function.

    Giving a wizard that cripples the device setup in the long run is a problem.

    I still haven't gotten to utilize the MAC address entered in my router. The designer's that wrote the wizard should be forced to use it and/or via standalone (local web Interface) management mode ONLY.

    This is maddening and I'm an engineer (not in IT). I seriously regret going with this access point.

Categories

Wireless Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)