Home » ZyXEL Manuals » Bridges & Routers » ZyXEL NBG-418N » Manual Viewer

ZyXEL NBG-418N User Guide - Page 201

Types of RADIUS Messages, Types of EAP Authentication

Add to My Manuals
Save this manual to your list of manuals

Page 201 highlights

Appendix D Wireless LANs RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server. Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: • Accounting-Request Sent by the access point requesting accounting. • Accounting-Response Sent by the RADIUS server to indicate that it has started or stopped accounting. In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access. Types of EAP Authentication This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. Your wireless LAN device may not support all authentication types. EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. . For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. NBG-418N User's Guide 201

Section	Page
NBG-418N	1
Contents Overview	3
Table of Contents	5
User’s Guide	11
Introduction	13
1.1 Overview	13
1.2 Securing the NBG-418N	14
1.3 LEDs	15
1.4 The WPS Button	15
1.5 Wall Mounting	16
The Web Configurator	17
2.1 Overview	17
2.2 Accessing the Web Configurator	17
2.3 Resetting the NBG-418N	19
2.3.1 Using the RESET Button	19
Connection Wizard	21
3.1 Wizard Setup	21
3.2 Connection Wizard: STEP 1: System Information	22
3.2.1 System Name	22
3.2.2 Domain Name	23
3.3 Connection Wizard: STEP 2: Wireless LAN	23
3.3.1 WPA-PSK or WPA2-PSK Security	24
3.4 Connection Wizard: STEP 3: Internet Configuration	25
3.4.1 Ethernet Connection	26
3.4.2 PPPoE Connection	26
3.4.3 PPTP Connection	27
3.4.4 Your IP Address	28
3.4.5 WAN IP Address Assignment	29
3.4.6 IP Address and Subnet Mask	30
3.4.7 DNS Server Address Assignment	30
3.4.8 WAN IP and DNS Server Address Assignment	30
3.4.9 WAN MAC Address	31
3.5 Connection Wizard Complete	32
Modes	35
4.1 Overview	35
4.2 Setting your NBG-418N to Router Mode	36
4.2.1 Status Screen (Router Mode)	37
4.2.2 Router Mode Navigation Panel	42
4.3 Setting your NBG-418N to AP Mode	44
4.3.1 Status Screen (AP Mode)	45
4.3.2 AP Navigation Panel	47
4.4 Setting your NBG-418N to Universal Repeater Mode	48
4.4.1 Status Screen (Universal Repeater Mode)	49
4.4.2 Universal Repeater Navigation Panel	51
4.5 Setting your NBG-418N to Client Bridge Mode	52
4.5.1 Status Screen (Client Bridge Mode)	53
4.5.2 Client Bridge Navigation Panel	54
Tutorials	57
5.1 Overview	57
5.2 How to Connect to the Internet from an AP	57
5.2.1 Configure Wireless Security Using WPS on both your NBG-418N and Wireless Client	57
5.3 Enable and Configure Wireless Security without WPS on your NBG-418N	61
Technical Reference	65
Wireless LAN	67
6.1 Overview	67
6.2 What You Can Do	68
6.3 What You Should Know	69
6.3.1 Wireless Security Overview	69
6.4 General Wireless LAN Screen	70
6.4.1 No Security	72
6.4.2 WEP Encryption	73
6.4.3 WPA-PSK/WPA2-PSK	74
6.5 MAC Filter	75
6.6 Wireless LAN Advanced Screen	76
6.7 Quality of Service (QoS) Screen	78
6.8 WPS Screen	79
6.9 WPS Station Screen	80
6.10 Scheduling Screen	81
6.11 AP Select Screen	82
6.12 WLAN Info Screen	83
WAN	85
7.1 Overview	85
7.2 What You Need To Know	85
7.2.1 Configuring Your Internet Connection	85
7.3 Internet Connection	86
7.3.1 Ethernet Encapsulation	86
7.3.2 PPPoE Encapsulation	88
7.3.3 PPTP Encapsulation	90
LAN	93
8.1 Overview	93
8.2 What You Need To Know	93
8.2.1 IP Pool Setup	94
8.2.2 LAN TCP/IP	94
8.3 LAN IP Screen	94
DHCP Server	97
9.1 Overview	97
9.2 What You Can Do	97
9.3 What You Need To Know	97
9.4 General Screen	97
9.5 Advanced Screen	98
9.6 Client List Screen	100
Network Address Translation	101
10.1 Overview	101
10.2 What You Can Do	102
10.2.1 What You Need To Know	102
10.3 General NAT Screen	103
10.4 NAT Application Screen	104
10.5 Technical Reference	106
10.5.1 NAT Port Forwarding: Services and Port Numbers	106
10.5.2 NAT Port Forwarding Example	107
Dynamic DNS	109
11.1 Overview	109
11.2 Dynamic DNS Screen	109
Firewall	111
12.1 Overview	111
12.2 What You Can Do	111
12.3 What You Need To Know	112
12.3.1 About the NBG-418N Firewall	112
12.3.2 VPN Pass Through Features	112
12.4 General Firewall Screen	112
12.5 Services Screen	113
Remote Management	115
13.1 Overview	115
13.1.1 Remote Management Limitations	116
13.1.2 Remote Management and NAT	116
13.1.3 System Timeout	116
13.2 WWW Screen	116
Universal Plug-and-Play (UPnP)	119
14.1 Overview	119
14.2 What You Need to Know	119
14.3 Configuring UPnP	120
14.3.1 Using UPnP in Windows XP Example	120
14.3.2 Web Configurator Easy Access	122
System	125
15.1 Overview	125
15.2 What You Can Do	125
15.3 System General Screen	125
15.4 Time Setting Screen	126
Logs	129
16.1 Overview	129
16.2 What You Need to Know	129
16.3 View Log Screen	129
Tools	131
17.1 Overview	131
17.2 What You Can Do	131
17.3 Firmware Upload Screen	131
17.4 Configuration Screen	133
17.4.1 Backup Configuration	133
17.4.2 Restore Configuration	133
17.4.3 Back to Factory Defaults	134
17.5 Restart Screen	134
Sys OP Mode	137
18.1 Overview	137
18.2 General Screen	137
Language	139
19.1 Language Screen	139
Troubleshooting	141
20.1 Power, Hardware Connections, and LEDs	141
20.2 NBG-418N Access and Login	142
20.3 Internet Access	143
20.4 Resetting the NBG-418N to Its Factory Defaults	144
20.5 Wireless Problems	145
IP Addresses and Subnetting	147
Pop-up Windows, JavaScripts and Java Permissions	157
Setting Up Your Computer’s IP Address	167
Wireless LANs	195
Common Services	209
Legal Information	213

Match case Limit results 1 per page

Appendix D Wireless LANs

NBG-418N User’s Guide

201

RADIUS is a simple package exchange in which your AP acts as a message relay between the

wireless client and the network RADIUS server.

Types of RADIUS Messages

The following types of RADIUS messages are exchanged between the access point and the RADIUS

server for user authentication:

• Access-Request

Sent by an access point requesting authentication.

• Access-Reject

Sent by a RADIUS server rejecting access.

• Access-Accept

Sent by a RADIUS server allowing access.

• Access-Challenge

Sent by a RADIUS server requesting more information in order to allow access. The access point

sends a proper response from the user and then sends another Access-Request message.

The following types of RADIUS messages are exchanged between the access point and the RADIUS

server for user accounting:

• Accounting-Request

Sent by the access point requesting accounting.

• Accounting-Response

Sent by the RADIUS server to indicate that it has started or stopped accounting.

In order to ensure network security, the access point and the RADIUS server use a shared secret

key, which is a password, they both know. The key is not sent over the network. In addition to the

shared key, password information exchanged is also encrypted to protect the network from

unauthorized access.

Types of EAP Authentication

This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and

LEAP. Your wireless LAN device may not support all authentication types.

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE

802.1x transport mechanism in order to support multiple types of user authentication. By using EAP

to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a

RADIUS server perform authentication.

The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that

supports IEEE 802.1x. .

For EAP-TLS authentication type, you must first have a wired connection to the network and obtain

the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used

to authenticate users and a CA issues certificates and guarantees the identity of each certificate

owner.