Home » ZyXEL Manuals » Networking » ZyXEL NWA1123-NI » Manual Viewer

ZyXEL NWA1123-NI User Guide - Page 193

RADIUS, Types of RADIUS Messages, Types of EAP Authentication

Get ZyXEL NWA1123-NI PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 193 highlights

Appendix E Wireless LANs RADIUS RADIUS is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks: • Authentication Determines the identity of the users. • Authorization Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client's network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server. Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: • Accounting-Request Sent by the access point requesting accounting. • Accounting-Response Sent by the RADIUS server to indicate that it has started or stopped accounting. In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access. Types of EAP Authentication This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. Your wireless LAN device may not support all authentication types. NWA1120 Series User's Guide 193

Section	Page
NWA1120 Series	1
Contents Overview	3
Table of Contents	5
User’s Guide	9
Introducing the NWA	11
1.1 Introducing the NWA	11
1.1.1 Dual-Band	12
1.2 Wireless Modes	12
1.2.1 MBSSID	12
1.2.2 Wireless Client	13
1.2.3 Root AP	15
1.2.4 Repeater	15
1.3 Ways to Manage the NWA	16
1.4 Configuring Your NWA’s Security Features	17
1.4.1 Control Access to Your Device	17
1.4.2 Wireless Security	17
1.5 Good Habits for Managing the NWA	17
1.6 Hardware Connections	18
1.7 LED	18
Introducing the Web Configurator	19
2.1 Accessing the Web Configurator	19
2.2 Resetting the NWA	20
2.2.1 Methods of Restoring Factory-Defaults	21
2.3 Navigating the Web Configurator	22
2.3.1 Title Bar	22
2.3.2 Navigation Panel	23
2.3.3 Main Window	24
Dashboard	25
3.1 The Dashboard Screen	25
Tutorial	29
4.1 How to Configure the Wireless LAN	29
4.1.1 Choosing the Wireless Mode	29
4.1.2 Further Reading	29
4.2 How to Configure Multiple Wireless Networks	29
4.2.1 Configure the SSID Profiles	31
4.2.2 Configure the Standard Network	33
4.2.3 Configure the VoIP Network	34
4.2.4 Configure the Guest Network	36
4.2.5 Testing the Wireless Networks	38
4.3 NWA Setup in AP and Wireless Client Modes	38
4.3.1 Scenario	38
4.3.2 Configuring the NWA in MBSSID or Root AP Mode	39
4.3.3 Configuring the NWA in Wireless Client Mode	42
4.3.4 MAC Filter Setup	44
4.3.5 Testing the Connection and Troubleshooting	45
Technical Reference	47
Monitor	49
5.1 Overview	49
5.2 What You Can Do	49
5.3 View Logs	49
5.4 Statistics	50
5.5 Association List	51
5.6 Channel Usage	52
Wireless LAN	55
6.1 Overview	55
6.2 What You Can Do in this Chapter	55
6.3 What You Need To Know	56
6.4 Wireless Settings Screen	60
6.4.1 Root AP Mode	61
6.4.2 Repeater Mode	65
6.4.3 Wireless Client Mode	68
6.4.4 MBSSID Mode	71
6.5 SSID Screen	74
6.5.1 Configuring SSID	75
6.6 Wireless Security Screen	76
6.6.1 Security: WEP	78
6.6.2 Security: WPA, WPA2, WPA2-MIX	79
6.6.3 Security: WPA-PSK, WPA2-PSK, WPA2-PSK-MIX	81
6.7 RADIUS Screen	82
6.8 Layer-2 Isolation	84
6.8.1 Layer-2 Isolation Screen	85
6.9 MAC Filter Screen	86
6.10 Technical Reference	88
6.10.1 Additional Wireless Terms	89
6.10.2 WMM QoS	89
6.10.3 Security Mode Guideline	90
LAN	91
7.1 Overview	91
7.2 What You Can Do in this Chapter	91
7.3 What You Need to Know	91
7.4 LAN IP Screen	93
VLAN	95
8.1 Overview	95
8.1.1 What You Can Do in This Chapter	95
8.2 What You Need to Know	95
8.3 VLAN Screen	96
System	97
9.1 Overview	97
9.2 What You Can Do in this Chapter	97
9.3 What You Need To Know	98
9.4 WWW Screen	100
9.5 Certificates Screen	101
9.6 Telnet Screen	102
9.7 SNMP Screen	104
9.8 FTP Screen	106
9.9 Technical Reference	107
9.9.1 MIB	107
9.9.2 Supported MIBs	108
9.9.3 Private-Public Certificates	108
9.9.4 Certification Authorities	108
9.9.5 Checking the Fingerprint of a Certificate on Your Computer	109
Log Settings	111
10.1 Overview	111
10.2 What You Can Do in this Chapter	111
10.3 What You Need To Know	112
10.4 Log Settings Screen	112
Maintenance	115
11.1 Overview	115
11.2 What You Can Do in this Chapter	115
11.3 What You Need To Know	116
11.4 General Screen	116
11.5 Password Screen	117
11.6 Time Screen	118
11.7 Firmware Upgrade Screen	119
11.8 Configuration File Screen	120
11.8.1 Backup Configuration	120
11.8.2 Restore Configuration	120
11.8.3 Back to Factory Defaults	121
11.9 Restart Screen	121
Troubleshooting	123
12.1 Power, Hardware Connections, and LEDs	123
12.2 NWA Access and Login	124
12.3 Internet Access	125
12.4 Wireless LAN	126
Setting Up Your Computer’s IP Address	129
Pop-up Windows, JavaScript and Java Permissions	157
IP Addresses and Subnetting	169
IPv6	177
Wireless LANs	187
Legal Information	201

Match case Limit results 1 per page

Appendix E Wireless LANs

NWA1120 Series User’s Guide

193

RADIUS

RADIUS is based on a client-server model that supports authentication, authorization and

accounting. The access point is the client and the server is the RADIUS server. The RADIUS server

handles the following tasks:

• Authentication

Determines the identity of the users.

• Authorization

Determines the network services available to authenticated users once they are connected to the

network.

• Accounting

Keeps track of the client’s network activity.

RADIUS is a simple package exchange in which your AP acts as a message relay between the

wireless client and the network RADIUS server.

Types of RADIUS Messages

The following types of RADIUS messages are exchanged between the access point and the RADIUS

server for user authentication:

• Access-Request

Sent by an access point requesting authentication.

• Access-Reject

Sent by a RADIUS server rejecting access.

• Access-Accept

Sent by a RADIUS server allowing access.

• Access-Challenge

Sent by a RADIUS server requesting more information in order to allow access. The access point

sends a proper response from the user and then sends another Access-Request message.

The following types of RADIUS messages are exchanged between the access point and the RADIUS

server for user accounting:

• Accounting-Request

Sent by the access point requesting accounting.

• Accounting-Response

Sent by the RADIUS server to indicate that it has started or stopped accounting.

In order to ensure network security, the access point and the RADIUS server use a shared secret

key, which is a password, they both know. The key is not sent over the network. In addition to the

shared key, password information exchanged is also encrypted to protect the network from

unauthorized access.

Types of EAP Authentication

This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and

LEAP. Your wireless LAN device may not support all authentication types.