ZyXEL G-300 User Guide - Page 22

Data Encryption with WEP, Authentication Mode, IEEE 802.1x, EAP Authentication, WPA

Get ZyXEL G-300 PDF manuals and user guides View all ZyXEL G-300 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 22 highlights

ZyAIR G-300 User's Guide Data Encryption with WEP WEP (Wired Equivalent Privacy) encryption scrambles all data packets transmitted between the ZyAIR and the AP or other wireless stations to keep network communications private. Both the wireless stations and the access points must use the same WEP key for data encryption and decryption. Your ZyAIR allows you to configure up to four 64-bit or 128-bit WEP keys and only one key is used as the default key at any one time. 2.2.1 Authentication Mode The IEEE 802.11b standard describes a simple authentication method between the wireless stations and AP. Three authentication modes are defined: Open and Shared. Open mode is implemented for ease-of-use and when security is not an issue. The wireless station and the AP do not share a secret key. Thus the wireless stations can associate with any AP and listen to any data transmitted plaintext. Shared mode involves a shared secret key to authenticate the wireless station to the AP. This requires you to enable the WEP encryption and specify a WEP key on both the wireless station and the AP. 2.2.2 IEEE 802.1x The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management. Authentication can be done using an external RADIUS server. EAP Authentication EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE802.1x. The ZyAIR supports EAP-TLS, EAP-PEAP and LEAP. Refer to the Types of EAP Authentication appendix for descriptions. For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. 2.2.3 WPA Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption. User Authentication WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. 2-6 Using the ZyAIR Utility

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
ZyAIR G-300 User’s Guide
2-6
Using the ZyAIR Utility
Data Encryption with WEP
WEP (Wired Equivalent Privacy) encryption scrambles all data packets transmitted between the ZyAIR and
the AP or other wireless stations to keep network communications private. Both the wireless stations and
the access points must use the same WEP key for data encryption and decryption.
Your ZyAIR allows you to configure up to four 64-bit or 128-bit WEP keys and only one key is used as the
default key at any one time.
2.2.1 Authentication Mode
The IEEE 802.11b standard describes a simple authentication method between the wireless stations and
AP. Three authentication modes are defined:
Open
and
Shared
.
Open
mode is implemented for ease-of-use and when security is not an issue. The wireless station and the
AP do
not
share a secret key. Thus the wireless stations can associate with any AP and listen to any data
transmitted plaintext.
Shared
mode involves a shared secret key to authenticate the wireless station to the AP. This requires you
to enable the WEP encryption and specify a WEP key on both the wireless station and the AP.
2.2.2 IEEE 802.1x
The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless
stations and encryption key management. Authentication can be done using an external RADIUS server.
EAP Authentication
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x
transport mechanism in order to support multiple types of user authentication. By using EAP to interact
with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server
perform authentication.
The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports
IEEE802.1x. The ZyAIR supports EAP-TLS, EAP-PEAP and LEAP. Refer to the
Types of EAP
Authentication
appendix for descriptions.
For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the
certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to
authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.
2.2.3 WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences
between WPA and WEP are user authentication and improved data encryption.
User Authentication
WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients
using an external RADIUS database.