ZyXEL MAX218M2W User Guide - Page 76
Table 14, Label, Description
View all ZyXEL MAX218M2W manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 76 highlights
Chapter 6 WiMAX This screen contains the following fields: Table 14 Authentication Settings LABEL Authentication Mode DESCRIPTION Select the authentication mode from the list. The WiMAX Device supports the following authentication modes: Data Encryption AES-CCM AES-CBC Key Encryption AES-key wrap AES-ECB EAP Supplicant EAP Mode • No authentication • User authentication • Device authentication • User and device authentication Select this to enable AES-CCM encryption. CCM combines counter-mode encryption with CBC-MAC authentication. Select this to enable AES-CBC encryption. CBC creates message authentication code from a block cipher. Select this encapsulate cryptographic keys in a symmetric encryption algorithm. Select this to divide cryptographic keys into blocks and encrypt them separately. Select an Extensible Authentication Protocol (EAP) mode. The WiMAX Device supports the following: Anonymous ID Server Root CA Cert File Server Root CA Info Device Cert File Device Cert Info Device Private Key Device Private Key Info Device Private Key Password • EAP-TLS - In this protocol, digital certifications are needed by both the server and the wireless clients for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender's identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead. • EAP-TTLS - This protocol is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. Enter the anonymous ID used for EAP supplicant authentication. Browse for and choose a server root certificate file, if required. This field displays information about the assigned server root certificate. Browse for and choose a device certificate file, if required. Before you import certificate from WebGUI, the certificate file must be signed by chipset vendor due to security reason. This field displays information about the assigned device certificate. Browse for and choose a device private key, if required. This field displays information about the assigned device private key. Enter the device private key, if required. 76 WiMAX Device Configuration User's Guide