Home » ZyXEL Manuals » Networking » ZyXEL NBG334S » Manual Viewer

ZyXEL NBG334S User Guide - Page 254

PEAP Protected EAP, Dynamic WEP Key Exchange

Get ZyXEL NBG334S PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 254 highlights

Appendix E Wireless LANs PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled. " EAP-MD5 cannot be used with dynamic WEP key exchange For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types. Table 111 Comparison of EAP Authentication Types EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP Mutual Authentication No Yes Yes Yes Yes Certificate - Client No Yes Optional Optional No Certificate - Server No Yes Yes Yes No Dynamic Key Exchange No Yes Yes Yes Yes Credential Integrity None Strong Strong Strong Moderate Deployment Difficulty Easy Hard Moderate Moderate Moderate Client Identity Protection No No Yes Yes No WPA(2) Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. 254 NBG334W User's Guide

Section	Page
User’s Guide	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
List of Figures	19
List of Tables	23
Introduction	27
Getting to Know Your NBG334W	29
1.1 Overview	29
1.2 AP Mode	29
1.3 Router Mode	30
1.4 Router Features vs. AP Features	30
1.5 Ways to Manage the NBG334W	31
1.6 Good Habits for Managing the NBG334W	31
1.7 LEDs	31
Introducing the Web Configurator	33
2.1 Web Configurator Overview	33
2.2 Accessing the Web Configurator	33
2.3 Resetting the NBG334W	35
2.3.1 Procedure to Use the Reset Button	35
2.4 Navigating the Web Configurator	35
2.5 The Status Screen in Router Mode	35
2.5.1 Navigation Panel	38
2.5.2 Summary: Any IP Table	40
2.5.3 Summary: Bandwidth Management Monitor	40
2.5.4 Summary: DHCP Table	41
2.5.5 Summary: Packet Statistics	41
2.5.6 Summary: Wireless Station Status	42
Connection Wizard	45
3.1 Wizard Setup	45
3.2 Connection Wizard: STEP 1: System Information	46
3.2.1 System Name	46
3.2.2 Domain Name	47
3.3 Connection Wizard: STEP 2: Wireless LAN	47
3.3.1 Basic (WEP) Security	49
3.3.2 Extend (WPA-PSK or WPA2-PSK) Security	50
3.4 Connection Wizard: STEP 3: Internet Configuration	50
3.4.1 Ethernet Connection	51
3.4.2 PPPoE Connection	51
3.4.3 PPTP Connection	52
3.4.4 Your IP Address	54
3.4.5 WAN IP Address Assignment	54
3.4.6 IP Address and Subnet Mask	55
3.4.7 DNS Server Address Assignment	55
3.4.8 WAN IP and DNS Server Address Assignment	56
3.4.9 WAN MAC Address	57
3.5 Connection Wizard: STEP 4: Bandwidth management	58
3.6 Connection Wizard Complete	58
AP Mode	61
4.1 AP Mode Overview	61
4.2 Setting your NBG334W to AP Mode	61
4.3 The Status Screen in AP Mode	62
4.3.1 Navigation Panel	64
4.4 Configuring Your Settings	65
4.4.1 LAN Settings	65
4.4.2 WLAN and Maintenance Settings	66
4.5 Logging in to the Web Configurator in AP Mode	66
Network	67
Wireless LAN	69
5.1 Wireless Network Overview	69
5.2 Wireless Security Overview	71
5.2.1 SSID	71
5.2.2 MAC Address Filter	71
5.2.3 User Authentication	72
5.2.4 Encryption	72
5.3 Roaming	73
5.3.1 Requirements for Roaming	74
5.4 Quality of Service	74
5.4.1 WMM QoS	75
5.5 General Wireless LAN Screen	75
5.5.1 No Security	76
5.5.2 WEP Encryption	77
5.5.3 WPA-PSK/WPA2-PSK	79
5.5.4 WPA/WPA2	80
5.6 MAC Filter	82
5.7 Wireless LAN Advanced Screen	83
5.8 Quality of Service (QoS) Screen	84
5.8.1 Application Priority Configuration	86
Wireless Tutorial	89
6.1 How to Connect to the Internet from a Notebook	89
6.1.1 Example Parameters	89
6.2 Enable and Configure Wireless Security on your NBG334W	89
6.3 Configure Your Notebook	91
WAN	93
7.1 WAN Overview	93
7.2 WAN MAC Address	93
7.3 Multicast	93
7.4 Internet Connection	94
7.4.1 Ethernet Encapsulation	94
7.4.2 PPPoE Encapsulation	95
7.4.3 PPTP Encapsulation	98
7.5 Advanced WAN Screen	101
LAN	103
8.1 LAN Overview	103
8.1.1 IP Pool Setup	103
8.1.2 System DNS Servers	103
8.2 LAN TCP/IP	103
8.2.1 Factory LAN Defaults	103
8.2.2 IP Address and Subnet Mask	104
8.2.3 Multicast	104
8.2.4 Any IP	104
8.3 LAN IP Screen	106
8.4 LAN IP Alias	106
8.5 Advanced LAN Screen	107
DHCP	109
9.1 DHCP	109
9.2 DHCP Server General Screen	109
9.3 DHCP Server Advanced Screen	110
9.4 Client List Screen	111
Network Address Translation (NAT)	113
10.1 NAT Overview	113
10.2 Using NAT	113
10.2.1 Port Forwarding: Services and Port Numbers	113
10.2.2 Configuring Servers Behind Port Forwarding Example	114
10.3 General NAT Screen	114
10.4 NAT Application Screen	115
10.4.1 Game List Example	117
10.5 Trigger Port Forwarding	118
10.5.1 Trigger Port Forwarding Example	118
10.5.2 Two Points To Remember About Trigger Ports	119
10.6 NAT Advanced Screen	119
Dynamic DNS	123
11.1 Dynamic DNS Introduction	123
11.1.1 DynDNS Wildcard	123
11.2 Dynamic DNS Screen	123
Security	125
Firewall	127
12.1 Introduction to ZyXEL’s Firewall	127
12.1.1 What is a Firewall?	127
12.1.2 Stateful Inspection Firewall	127
12.1.3 About the NBG334W Firewall	127
12.1.4 Guidelines For Enhancing Security With Your Firewall	128
12.2 Triangle Routes	128
12.2.1 Triangle Routes and IP Alias	128
12.3 General Firewall Screen	129
12.4 Services Screen	130
Content Filtering	133
13.1 Introduction to Content Filtering	133
13.2 Restrict Web Features	133
13.3 Days and Times	133
13.4 Filter Screen	133
13.5 Schedule	135
13.6 Customizing Keyword Blocking URL Checking	136
13.6.1 Domain Name or IP Address URL Checking	136
13.6.2 Full Path URL Checking	136
13.6.3 File Name URL Checking	136
Management	137
Static Route Screens	139
14.1 Static Route Overview	139
14.2 IP Static Route Screen	139
14.2.1 Static Route Setup Screen	140
Bandwidth Management	143
15.1 Bandwidth Management Overview	143
15.2 Application-based Bandwidth Management	143
15.3 Subnet-based Bandwidth Management	143
15.4 Application and Subnet-based Bandwidth Management	144
15.5 Bandwidth Management Priorities	144
15.6 Predefined Bandwidth Management Services	145
15.6.1 Services and Port Numbers	146
15.7 Default Bandwidth Management Classes and Priorities	148
15.8 Bandwidth Management General Configuration	149
15.9 Bandwidth Management Advanced Configuration	149
15.9.1 Rule Configuration	151
15.10 Bandwidth Management Monitor	152
Remote Management	153
16.1 Remote Management Overview	153
16.1.1 Remote Management Limitations	153
16.1.2 Remote Management and NAT	154
16.1.3 System Timeout	154
16.2 WWW Screen	154
16.3 Telnet	155
16.4 Telnet Screen	155
16.5 FTP Screen	156
16.6 DNS Screen	157
Universal Plug-and-Play (UPnP)	159
17.1 Introducing Universal Plug and Play	159
17.1.1 How do I know if I'm using UPnP?	159
17.1.2 NAT Traversal	159
17.1.3 Cautions with UPnP	159
17.2 UPnP and ZyXEL	160
17.3 UPnP Screen	160
17.4 Installing UPnP in Windows Example	161
Maintenance and Troubleshooting	171
System	173
18.1 System Overview	173
18.2 System General Screen	173
18.3 Time Setting Screen	174
Logs	177
19.1 View Log	177
19.2 Log Settings	178
19.3 Log Descriptions	181
Tools	191
20.1 Firmware Upload Screen	191
20.2 Configuration Screen	192
20.2.1 Backup Configuration	193
20.2.2 Restore Configuration	193
20.2.3 Back to Factory Defaults	194
20.3 Restart Screen	194
Configuration Mode	197
Sys Op Mode	199
22.1 Overview	199
22.1.1 Router	199
22.1.2 AP	199
22.2 Selecting System Operation Mode	200
Troubleshooting	203
23.1 Power, Hardware Connections, and LEDs	203
23.2 NBG334W Access and Login	204
23.3 Internet Access	206
23.4 Resetting the NBG334W to Its Factory Defaults	207
23.5 Wireless Router/AP Troubleshooting	207
23.6 Advanced Features	208
Appendices and Index	209
Product Specifications and Wall- Mounting Instructions	211
Pop-up Windows, JavaScripts and Java Permissions	217
IP Addresses and Subnetting	223
Setting up Your Computer’s IP Address	231
23.6.1 Verifying Settings	246
Wireless LANs	247
23.6.2 WPA(2)-PSK Application Example	256
23.6.3 WPA(2) with RADIUS Application Example	256
Services	259
Legal Information	263

Match case Limit results 1 per page

Appendix E Wireless LANs

NBG334W User’s Guide

254

PEAP (Protected EAP)

Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection,

then use simple username and password methods through the secured connection to

authenticate the clients, thus hiding client identity. However, PEAP only supports EAP

methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card),

for client authentication. EAP-GTC is implemented only by Cisco.

LEAP

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE

802.1x.

Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key expires when

the wireless connection times out, disconnects or reauthentication times out. A new WEP key

is generated each time reauthentication is performed.

If this feature is enabled, it is not necessary to configure a default encryption key in the

Wireless screen. You may still configure and store keys here, but they will not be used while

Dynamic WEP is enabled.

EAP-MD5 cannot be used with dynamic WEP key exchange

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use

dynamic keys for data encryption. They are often deployed in corporate environments, but for

public deployment, a simple user name and password pair is more practical. The following

table is a comparison of the features of authentication types.

WPA(2)

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE

802.11i) is a wireless security standard that defines stronger encryption, authentication and

key management than WPA.

Table 111

Comparison of EAP Authentication Types

EAP-MD5

EAP-TLS

EAP-TTLS

PEAP

LEAP

Mutual Authentication

Yes

Certificate – Client

Yes

Optional

Certificate – Server

Yes

Dynamic Key Exchange

Yes

Credential Integrity

None

Strong

Moderate

Deployment Difficulty

Easy

Hard

Moderate

Client Identity Protection

Yes