ZyXEL G-220F User Guide - Page 28

ZyXEL G-220F User’s Guide

Chapter 2 Wireless LAN Network

28

2.2.3

WPA(2)

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. Key differences

between WPA(2) and WEP are user authentication and improved data encryption.

2.2.3.1

User Authentication

WPA(2) applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate

wireless clients using an external RADIUS database.

Therefore, if you don't have an external RADIUS server, you should use WPA(2)-PSK (WPA -

Pre-Shared Key)

that only requires a single (identical) password entered into each access

point, wireless gateway and wireless client. As long as the passwords match, a client will be

granted access to a WLAN.

2.2.3.2

Encryption

WPA(2) improves data encryption by using Temporal Key Integrity Protocol (TKIP) or

Advanced Encryption Standard (AES), Message Integrity Check (MIC) and IEEE 802.1x.

Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and

distributed by the authentication server. It includes a per-packet key mixing function, a

Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with

sequencing rules, and a re-keying mechanism.

TKIP regularly changes and rotates the encryption keys so that the same encryption key is

never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP

that then sets up a key hierarchy and management system, using the pair-wise key to

dynamically generate unique data encryption keys to encrypt every data packet that is

wirelessly communicated between the AP and the wireless clients. This all happens in the

background automatically.

AES (Advanced Encryption Standard) is a newer method of data encryption that also uses a

secret key. This implementation of AES applies a 128-bit key to 128-bit blocks of data.

The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data

packets, altering them and resending them. The MIC provides a strong mathematical function

in which the receiver and the transmitter each compute and then compare the MIC. If they do

not match, it is assumed that the data has been tampered with and the packet is dropped.

By generating unique data encryption keys for every data packet and by creating an integrity

checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi

network than WEP, making it difficult for an intruder to break into the network.

The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only

difference between the two is that WPA(2)-PSK uses a simple common password, instead of

user-specific credentials. The common-password approach makes WPA(2)-PSK susceptible to

brute-force password-guessing attacks but it's still an improvement over WEP as it employs an

easier-to-use, consistent, single, alphanumeric password.

Section	Page
G-220F User’s Guide	1
Copyright	2
Federal Communications Commission (FCC) Interference Statement	3
ZyXEL Limited Warranty	5
Customer Support	6
Table of Contents	8
List of Figures	12
List of Tables	14
Preface	16
Getting Started	18
1.1.1 Application Overview	18
1.1.1.1 Infrastructure	18
1.1.1.2 Ad-Hoc	19
1.1.1.3 Access Point Mode	19
1.2 ZyXEL G-220F Hardware and Utility Installation	20
1.4 Windows XP Users Only	20
1.6.1 Site Survey	21
1.7.1 Change ZyXEL G-220F Mode	23
Wireless LAN Network	26
2.1.1 SSID	26
2.1.2 Channel	26
2.1.3 Transmission Rate (Tx Rate)	26
2.2.1 Data Encryption with WEP	27
2.2.2 IEEE 802.1x	27
2.2.2.1 EAP Authentication	27
2.2.3 WPA(2)	28
2.2.3.1 User Authentication	28
2.2.3.2 Encryption	28
2.2.4 WPA(2)-PSK Application Example	29
2.2.5 WPA with RADIUS Application Example	29
2.3 Authentication Type	30
2.4 Preamble Type	30
2.5.1 Enabling OTIST	31
2.5.1.1 AP	31
2.5.1.2 Wireless Client	32
2.5.2 Starting OTIST	32
2.5.3 Notes on OTIST	33
Wireless Station Mode Configuration	34
3.2 The Link Info Screen	34
3.2.1 Trend Chart	35
3.3 The Site Survey Screen	36
3.3.1 Connecting to a WLAN Network	37
3.3.2 Security Settings	38
3.3.2.1 WEP Encryption	38
3.3.2.2 WPA-PSK	39
3.3.2.3 WPA-RADIUS	40
3.3.2.4 RADIUS	42
3.4 The Profile Screen	43
3.4.1 Adding a New Profile	44
3.5 The Adapter Screen	48
Access Point Mode Configuration	50
4.1.1 Additional Setup Requirements	50
4.2 The Link Info Screen	50
4.3 The Configuration Screen	51
4.4 The MAC Filter Screen	53
Maintenance	56
Troubleshooting	60
6.1 Problems Starting the ZyXEL Utility Program	60
6.2 Problem Connecting to an Access Point	60
6.3 Problem with the Link Status	61
6.4 Problems Communicating With Other Computers	61
Product Specifications	62
Access Point Mode Setup Example	64
Configuring the Computer on Which You Install the ZyXEL G- 220F	64
Configuring the Wireless Station Computer	66
Appendix C	68
Disable Windows XP Wireless LAN Configuration Tool	68
Via the Wireless Network System Tray Icon	68
Via the Control Panel	71
Appendix D	74
Management with Wireless Zero Configuration	74
Activating Wireless Zero Configuration	74
Connecting to a Wireless Network	75
Security Settings	78
Association	79
Authentication	80
Ordering the Preferred Networks	83
Types of EAP Authentication	86
Setting up Your Computer’s IP Address	90
Windows 95/98/Me	90
Installing Components	91
Configuring	92
Verifying Settings	93
Windows 2000/NT/XP	93
Verifying Settings	97
Macintosh OS 8/9	97
Verifying Settings	99
Macintosh OS X	99
Verifying Settings	100
Index	102
A	102
C	102
D	102
E	102
F	102
G	102
H	102
I	102
L	103
M	103
N	103
O	103
P	103
Q	103
R	103
S	103
T	103
U	104
V	104
W	104

ZyXEL G-220F User Guide - Page 28

WPA(2), 2.2.3.1 User Authentication, 2.2.3.2 Encryption, Advanced Encryption Standard AES

Page 28 highlights