Home » ZyXEL Manuals » Networking » ZyXEL NBG334W » Manual Viewer

ZyXEL NBG334W User Guide - Page 72

User Authentication, Encryption

Get ZyXEL NBG334W PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 72 highlights

Chapter 5 Wireless LAN 5.2.3 User Authentication You can make every user log in to the wireless network before they can use it. This is called user authentication. However, every wireless client in the wireless network has to support IEEE 802.1x to do this. For wireless networks, there are two typical places to store the user names and passwords for each user. • In the AP: this feature is called a local user database or a local database. • In a RADIUS server: this is a server used in businesses more than in homes. If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network. Local user databases also have an additional limitation that is explained in the next section. 5.2.4 Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message. The types of encryption you can choose depend on the type of user authentication. (See Section 5.2.3 on page 72 for information about this.) Table 25 Types of Encryption for Each Type of Authentication NO AUTHENTICATION RADIUS SERVER Weakest No Security WPA Static WEP WPA-PSK Strongest WPA2-PSK WPA2 For example, if the wireless network has a RADIUS server, you can choose WPA or WPA2. If users do not log in to the wireless network, you can choose no encryption, Static WEP, WPA-PSK, or WPA2-PSK. Usually, you should set up the strongest encryption that every wireless client in the wireless network supports. For example, suppose the AP does not have a local user database, and you do not have a RADIUS server. Therefore, there is no user authentication. Suppose the wireless network has two wireless clients. Device A only supports WEP, and device B supports WEP and WPA. Therefore, you should set up Static WEP in the wireless network. 72 NBG334W User's Guide

Section	Page
User’s Guide	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
List of Figures	19
List of Tables	23
Introduction	27
Getting to Know Your NBG334W	29
1.1 Overview	29
1.2 AP Mode	29
1.3 Router Mode	30
1.4 Router Features vs. AP Features	30
1.5 Ways to Manage the NBG334W	31
1.6 Good Habits for Managing the NBG334W	31
1.7 LEDs	31
Introducing the Web Configurator	33
2.1 Web Configurator Overview	33
2.2 Accessing the Web Configurator	33
2.3 Resetting the NBG334W	35
2.3.1 Procedure to Use the Reset Button	35
2.4 Navigating the Web Configurator	35
2.5 The Status Screen in Router Mode	35
2.5.1 Navigation Panel	38
2.5.2 Summary: Any IP Table	40
2.5.3 Summary: Bandwidth Management Monitor	40
2.5.4 Summary: DHCP Table	41
2.5.5 Summary: Packet Statistics	41
2.5.6 Summary: Wireless Station Status	42
Connection Wizard	45
3.1 Wizard Setup	45
3.2 Connection Wizard: STEP 1: System Information	46
3.2.1 System Name	46
3.2.2 Domain Name	47
3.3 Connection Wizard: STEP 2: Wireless LAN	47
3.3.1 Basic (WEP) Security	49
3.3.2 Extend (WPA-PSK or WPA2-PSK) Security	50
3.4 Connection Wizard: STEP 3: Internet Configuration	50
3.4.1 Ethernet Connection	51
3.4.2 PPPoE Connection	51
3.4.3 PPTP Connection	52
3.4.4 Your IP Address	54
3.4.5 WAN IP Address Assignment	54
3.4.6 IP Address and Subnet Mask	55
3.4.7 DNS Server Address Assignment	55
3.4.8 WAN IP and DNS Server Address Assignment	56
3.4.9 WAN MAC Address	57
3.5 Connection Wizard: STEP 4: Bandwidth management	58
3.6 Connection Wizard Complete	58
AP Mode	61
4.1 AP Mode Overview	61
4.2 Setting your NBG334W to AP Mode	61
4.3 The Status Screen in AP Mode	62
4.3.1 Navigation Panel	64
4.4 Configuring Your Settings	65
4.4.1 LAN Settings	65
4.4.2 WLAN and Maintenance Settings	66
4.5 Logging in to the Web Configurator in AP Mode	66
Network	67
Wireless LAN	69
5.1 Wireless Network Overview	69
5.2 Wireless Security Overview	71
5.2.1 SSID	71
5.2.2 MAC Address Filter	71
5.2.3 User Authentication	72
5.2.4 Encryption	72
5.3 Roaming	73
5.3.1 Requirements for Roaming	74
5.4 Quality of Service	74
5.4.1 WMM QoS	75
5.5 General Wireless LAN Screen	75
5.5.1 No Security	76
5.5.2 WEP Encryption	77
5.5.3 WPA-PSK/WPA2-PSK	79
5.5.4 WPA/WPA2	80
5.6 MAC Filter	82
5.7 Wireless LAN Advanced Screen	83
5.8 Quality of Service (QoS) Screen	84
5.8.1 Application Priority Configuration	86
Wireless Tutorial	89
6.1 How to Connect to the Internet from a Notebook	89
6.1.1 Example Parameters	89
6.2 Enable and Configure Wireless Security on your NBG334W	89
6.3 Configure Your Notebook	91
WAN	93
7.1 WAN Overview	93
7.2 WAN MAC Address	93
7.3 Multicast	93
7.4 Internet Connection	94
7.4.1 Ethernet Encapsulation	94
7.4.2 PPPoE Encapsulation	95
7.4.3 PPTP Encapsulation	98
7.5 Advanced WAN Screen	101
LAN	103
8.1 LAN Overview	103
8.1.1 IP Pool Setup	103
8.1.2 System DNS Servers	103
8.2 LAN TCP/IP	103
8.2.1 Factory LAN Defaults	103
8.2.2 IP Address and Subnet Mask	104
8.2.3 Multicast	104
8.2.4 Any IP	104
8.3 LAN IP Screen	106
8.4 LAN IP Alias	106
8.5 Advanced LAN Screen	107
DHCP	109
9.1 DHCP	109
9.2 DHCP Server General Screen	109
9.3 DHCP Server Advanced Screen	110
9.4 Client List Screen	111
Network Address Translation (NAT)	113
10.1 NAT Overview	113
10.2 Using NAT	113
10.2.1 Port Forwarding: Services and Port Numbers	113
10.2.2 Configuring Servers Behind Port Forwarding Example	114
10.3 General NAT Screen	114
10.4 NAT Application Screen	115
10.4.1 Game List Example	117
10.5 Trigger Port Forwarding	118
10.5.1 Trigger Port Forwarding Example	118
10.5.2 Two Points To Remember About Trigger Ports	119
10.6 NAT Advanced Screen	119
Dynamic DNS	123
11.1 Dynamic DNS Introduction	123
11.1.1 DynDNS Wildcard	123
11.2 Dynamic DNS Screen	123
Security	125
Firewall	127
12.1 Introduction to ZyXEL’s Firewall	127
12.1.1 What is a Firewall?	127
12.1.2 Stateful Inspection Firewall	127
12.1.3 About the NBG334W Firewall	127
12.1.4 Guidelines For Enhancing Security With Your Firewall	128
12.2 Triangle Routes	128
12.2.1 Triangle Routes and IP Alias	128
12.3 General Firewall Screen	129
12.4 Services Screen	130
Content Filtering	133
13.1 Introduction to Content Filtering	133
13.2 Restrict Web Features	133
13.3 Days and Times	133
13.4 Filter Screen	133
13.5 Schedule	135
13.6 Customizing Keyword Blocking URL Checking	136
13.6.1 Domain Name or IP Address URL Checking	136
13.6.2 Full Path URL Checking	136
13.6.3 File Name URL Checking	136
Management	137
Static Route Screens	139
14.1 Static Route Overview	139
14.2 IP Static Route Screen	139
14.2.1 Static Route Setup Screen	140
Bandwidth Management	143
15.1 Bandwidth Management Overview	143
15.2 Application-based Bandwidth Management	143
15.3 Subnet-based Bandwidth Management	143
15.4 Application and Subnet-based Bandwidth Management	144
15.5 Bandwidth Management Priorities	144
15.6 Predefined Bandwidth Management Services	145
15.6.1 Services and Port Numbers	146
15.7 Default Bandwidth Management Classes and Priorities	148
15.8 Bandwidth Management General Configuration	149
15.9 Bandwidth Management Advanced Configuration	149
15.9.1 Rule Configuration	151
15.10 Bandwidth Management Monitor	152
Remote Management	153
16.1 Remote Management Overview	153
16.1.1 Remote Management Limitations	153
16.1.2 Remote Management and NAT	154
16.1.3 System Timeout	154
16.2 WWW Screen	154
16.3 Telnet	155
16.4 Telnet Screen	155
16.5 FTP Screen	156
16.6 DNS Screen	157
Universal Plug-and-Play (UPnP)	159
17.1 Introducing Universal Plug and Play	159
17.1.1 How do I know if I'm using UPnP?	159
17.1.2 NAT Traversal	159
17.1.3 Cautions with UPnP	159
17.2 UPnP and ZyXEL	160
17.3 UPnP Screen	160
17.4 Installing UPnP in Windows Example	161
Maintenance and Troubleshooting	171
System	173
18.1 System Overview	173
18.2 System General Screen	173
18.3 Time Setting Screen	174
Logs	177
19.1 View Log	177
19.2 Log Settings	178
19.3 Log Descriptions	181
Tools	191
20.1 Firmware Upload Screen	191
20.2 Configuration Screen	192
20.2.1 Backup Configuration	193
20.2.2 Restore Configuration	193
20.2.3 Back to Factory Defaults	194
20.3 Restart Screen	194
Configuration Mode	197
Sys Op Mode	199
22.1 Overview	199
22.1.1 Router	199
22.1.2 AP	199
22.2 Selecting System Operation Mode	200
Troubleshooting	203
23.1 Power, Hardware Connections, and LEDs	203
23.2 NBG334W Access and Login	204
23.3 Internet Access	206
23.4 Resetting the NBG334W to Its Factory Defaults	207
23.5 Wireless Router/AP Troubleshooting	207
23.6 Advanced Features	208
Appendices and Index	209
Product Specifications and Wall- Mounting Instructions	211
Pop-up Windows, JavaScripts and Java Permissions	217
IP Addresses and Subnetting	223
Setting up Your Computer’s IP Address	231
23.6.1 Verifying Settings	246
Wireless LANs	247
23.6.2 WPA(2)-PSK Application Example	256
23.6.3 WPA(2) with RADIUS Application Example	256
Services	259
Legal Information	263

Match case Limit results 1 per page

Chapter 5 Wireless LAN

NBG334W User’s Guide

5.2.3

User Authentication

You can make every user log in to the wireless network before they can use it. This is called

user authentication. However, every wireless client in the wireless network has to support

IEEE 802.1x to do this.

For wireless networks, there are two typical places to store the user names and passwords for

each user.

•

In the AP: this feature is called a local user database or a local database.

•

In a RADIUS server: this is a server used in businesses more than in homes.

If your AP does not provide a local user database and if you do not have a RADIUS server,

you cannot set up user names and passwords for your users.

Unauthorized devices can still see the information that is sent in the wireless network, even if

they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless

users to get a valid user name and password. Then, they can use that user name and password

to use the wireless network.

Local user databases also have an additional limitation that is explained in the next section.

5.2.4

Encryption

Wireless networks can use encryption to protect the information that is sent in the wireless

network. Encryption is like a secret code. If you do not know the secret code, you cannot

understand the message.

The types of encryption you can choose depend on the type of user authentication. (See

Section 5.2.3 on page 72

for information about this.)

For example, if the wireless network has a RADIUS server, you can choose

WPA

WPA2

If users do not log in to the wireless network, you can choose no encryption,

Static WEP

WPA-PSK

, or

WPA2-PSK

Usually, you should set up the strongest encryption that every wireless client in the wireless

network supports. For example, suppose the AP does not have a local user database, and you

do not have a RADIUS server. Therefore, there is no user authentication. Suppose the wireless

network has two wireless clients. Device A only supports WEP, and device B supports WEP

and WPA. Therefore, you should set up

Static WEP

in the wireless network.

Table 25

Types of Encryption for Each Type of Authentication

NO AUTHENTICATION

RADIUS SERVER

Weakest

No Security

WPA

Static WEP

WPA-PSK

Strongest

WPA2-PSK

WPA2