ZyXEL NBG-418N User Guide - Page 204

Appendix D Wireless LANs

NBG-418N User’s Guide

204

called Rijndael. They both include a per-packet key mixing function, a Message Integrity Check

(MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying

mechanism.

WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is

never used twice.

The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key

hierarchy and management system, using the PMK to dynamically generate unique data encryption

keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless

clients. This all happens in the background automatically.

The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets,

altering them and resending them. The MIC provides a strong mathematical function in which the

receiver and the transmitter each compute and then compare the MIC. If they do not match, it is

assumed that the data has been tampered with and the packet is dropped.

By generating unique data encryption keys for every data packet and by creating an integrity

checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a Wi-Fi

network than WEP and difficult for an intruder to break into the network.

The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference

between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific

credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force

password-guessing attacks but it’s still an improvement over WEP as it employs a consistent,

single, alphanumeric password to derive a PMK which is used to generate unique temporal

encryption keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of

WEP)

User Authentication

WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate

wireless clients using an external RADIUS database. WPA2 reduces the number of key exchange

messages from six to four (CCMP 4-way handshake) and shortens the time required to connect to a

network. Other WPA2 authentication features that are different from WPA include key caching and

pre-authentication. These two features are optional and may not be supported in all wireless

devices.

Key caching allows a wireless client to store the PMK it derived through a successful authentication

with an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not

need to go with the authentication process again.

Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an

AP) to perform IEEE 802.1x authentication with another AP before connecting to it.

Wireless Client WPA Supplicants

A wireless client supplicant is the software that runs on an operating system instructing the wireless

client how to use WPA. At the time of writing, the most widely available supplicant is the

WPA patch

for Windows XP, Funk Software's Odyssey client.

The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero

Configuration" wireless client. However, you must run Windows XP to use it.

Section	Page
NBG-418N	1
Contents Overview	3
Table of Contents	5
User’s Guide	11
Introduction	13
1.1 Overview	13
1.2 Securing the NBG-418N	14
1.3 LEDs	15
1.4 The WPS Button	15
1.5 Wall Mounting	16
The Web Configurator	17
2.1 Overview	17
2.2 Accessing the Web Configurator	17
2.3 Resetting the NBG-418N	19
2.3.1 Using the RESET Button	19
Connection Wizard	21
3.1 Wizard Setup	21
3.2 Connection Wizard: STEP 1: System Information	22
3.2.1 System Name	22
3.2.2 Domain Name	23
3.3 Connection Wizard: STEP 2: Wireless LAN	23
3.3.1 WPA-PSK or WPA2-PSK Security	24
3.4 Connection Wizard: STEP 3: Internet Configuration	25
3.4.1 Ethernet Connection	26
3.4.2 PPPoE Connection	26
3.4.3 PPTP Connection	27
3.4.4 Your IP Address	28
3.4.5 WAN IP Address Assignment	29
3.4.6 IP Address and Subnet Mask	30
3.4.7 DNS Server Address Assignment	30
3.4.8 WAN IP and DNS Server Address Assignment	30
3.4.9 WAN MAC Address	31
3.5 Connection Wizard Complete	32
Modes	35
4.1 Overview	35
4.2 Setting your NBG-418N to Router Mode	36
4.2.1 Status Screen (Router Mode)	37
4.2.2 Router Mode Navigation Panel	42
4.3 Setting your NBG-418N to AP Mode	44
4.3.1 Status Screen (AP Mode)	45
4.3.2 AP Navigation Panel	47
4.4 Setting your NBG-418N to Universal Repeater Mode	48
4.4.1 Status Screen (Universal Repeater Mode)	49
4.4.2 Universal Repeater Navigation Panel	51
4.5 Setting your NBG-418N to Client Bridge Mode	52
4.5.1 Status Screen (Client Bridge Mode)	53
4.5.2 Client Bridge Navigation Panel	54
Tutorials	57
5.1 Overview	57
5.2 How to Connect to the Internet from an AP	57
5.2.1 Configure Wireless Security Using WPS on both your NBG-418N and Wireless Client	57
5.3 Enable and Configure Wireless Security without WPS on your NBG-418N	61
Technical Reference	65
Wireless LAN	67
6.1 Overview	67
6.2 What You Can Do	68
6.3 What You Should Know	69
6.3.1 Wireless Security Overview	69
6.4 General Wireless LAN Screen	70
6.4.1 No Security	72
6.4.2 WEP Encryption	73
6.4.3 WPA-PSK/WPA2-PSK	74
6.5 MAC Filter	75
6.6 Wireless LAN Advanced Screen	76
6.7 Quality of Service (QoS) Screen	78
6.8 WPS Screen	79
6.9 WPS Station Screen	80
6.10 Scheduling Screen	81
6.11 AP Select Screen	82
6.12 WLAN Info Screen	83
WAN	85
7.1 Overview	85
7.2 What You Need To Know	85
7.2.1 Configuring Your Internet Connection	85
7.3 Internet Connection	86
7.3.1 Ethernet Encapsulation	86
7.3.2 PPPoE Encapsulation	88
7.3.3 PPTP Encapsulation	90
LAN	93
8.1 Overview	93
8.2 What You Need To Know	93
8.2.1 IP Pool Setup	94
8.2.2 LAN TCP/IP	94
8.3 LAN IP Screen	94
DHCP Server	97
9.1 Overview	97
9.2 What You Can Do	97
9.3 What You Need To Know	97
9.4 General Screen	97
9.5 Advanced Screen	98
9.6 Client List Screen	100
Network Address Translation	101
10.1 Overview	101
10.2 What You Can Do	102
10.2.1 What You Need To Know	102
10.3 General NAT Screen	103
10.4 NAT Application Screen	104
10.5 Technical Reference	106
10.5.1 NAT Port Forwarding: Services and Port Numbers	106
10.5.2 NAT Port Forwarding Example	107
Dynamic DNS	109
11.1 Overview	109
11.2 Dynamic DNS Screen	109
Firewall	111
12.1 Overview	111
12.2 What You Can Do	111
12.3 What You Need To Know	112
12.3.1 About the NBG-418N Firewall	112
12.3.2 VPN Pass Through Features	112
12.4 General Firewall Screen	112
12.5 Services Screen	113
Remote Management	115
13.1 Overview	115
13.1.1 Remote Management Limitations	116
13.1.2 Remote Management and NAT	116
13.1.3 System Timeout	116
13.2 WWW Screen	116
Universal Plug-and-Play (UPnP)	119
14.1 Overview	119
14.2 What You Need to Know	119
14.3 Configuring UPnP	120
14.3.1 Using UPnP in Windows XP Example	120
14.3.2 Web Configurator Easy Access	122
System	125
15.1 Overview	125
15.2 What You Can Do	125
15.3 System General Screen	125
15.4 Time Setting Screen	126
Logs	129
16.1 Overview	129
16.2 What You Need to Know	129
16.3 View Log Screen	129
Tools	131
17.1 Overview	131
17.2 What You Can Do	131
17.3 Firmware Upload Screen	131
17.4 Configuration Screen	133
17.4.1 Backup Configuration	133
17.4.2 Restore Configuration	133
17.4.3 Back to Factory Defaults	134
17.5 Restart Screen	134
Sys OP Mode	137
18.1 Overview	137
18.2 General Screen	137
Language	139
19.1 Language Screen	139
Troubleshooting	141
20.1 Power, Hardware Connections, and LEDs	141
20.2 NBG-418N Access and Login	142
20.3 Internet Access	143
20.4 Resetting the NBG-418N to Its Factory Defaults	144
20.5 Wireless Problems	145
IP Addresses and Subnetting	147
Pop-up Windows, JavaScripts and Java Permissions	157
Setting Up Your Computer’s IP Address	167
Wireless LANs	195
Common Services	209
Legal Information	213

ZyXEL NBG-418N User Guide - Page 204

User Authentication, Wireless Client WPA Supplicants

Page 204 highlights