Home » ZyXEL Manuals » Networking » ZyXEL P-2812HNU-F1 » Manual Viewer

ZyXEL P-2812HNU-F1 User Guide - Page 346

EAP-MD5 Message-Digest Algorithm 5, EAP-TLS Transport Layer Security, EAP-TTLS Tunneled Transport

Get ZyXEL P-2812HNU-F1 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 346 highlights

Appendix D Wireless LANs EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client. The wireless client 'proves' that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key. You must configure WEP encryption keys for data encryption. EAP-TLS (Transport Layer Security) With EAP-TLS, digital certifications are needed by both the server and the wireless clients for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender's identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead. EAP-TTLS (Tunneled Transport Layer Service) EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the serverside authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. 346 P-2812HNU(L)-Fx Series User's Guide

Section	Page
P-2812HNU(L)-Fx Series	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
User’s Guide	19
Introduction	21
1.1 Overview	21
1.2 Applications for the Device	21
1.2.1 Internet Access	21
1.2.2 VoIP Features	22
1.2.3 Wireless Connection	22
1.3 The WLAN Button	23
1.4 Ways to Manage the Device	24
1.5 Good Habits for Managing the Device	24
1.6 LEDs (Lights)	24
1.7 The RESET Button	26
Introducing the Web Configurator	27
2.1 Overview	27
2.1.1 Accessing the Web Configurator	27
2.2 The Web Configurator Layout	29
2.2.1 Title Bar	29
2.2.2 Main Window	29
2.2.3 Navigation Panel	30
Tutorials	33
3.1 Overview	33
3.2 Setting Up Your DSL Connection	33
3.3 How to Set up a Wireless Network	36
3.3.1 Example Parameters	36
3.3.2 Configuring the AP	36
3.3.3 Configuring the Wireless Client	38
3.4 Setting Up NAT Port Forwarding	43
3.5 How to Make a VoIP Call	44
3.5.1 VoIP Calls With a Registered SIP Account	45
3.6 Using the File Sharing Feature	47
3.6.1 Set Up File Sharing	48
3.6.2 Access Your Shared Files From a Computer	49
3.7 Using the Media Server Feature	49
3.7.1 Configuring the Device	50
3.7.2 Using Windows Media Player	50
3.7.3 Using a Digital Media Adapter	53
3.8 Using the Print Server Feature	55
3.9 Configuring the MAC Address Filter	70
3.10 Configuring Static Route for Routing to Another Network	71
3.11 Configuring QoS Queue and Class Setup	73
3.12 Access the Device Using DDNS	76
3.12.1 Registering a DDNS Account on www.dyndns.org	77
3.12.2 Configuring DDNS on Your Device	77
3.12.3 Testing the DDNS Setting	77
Technical Reference	79
Connection Status and System Info	81
4.1 Overview	81
4.2 The Connection Status Screen	81
4.3 The System Info Screen	83
Broadband	87
5.1 Overview	87
5.1.1 What You Can Do in this Chapter	88
5.1.2 What You Need to Know	88
5.1.3 Before You Begin	91
5.2 The Broadband Screen	91
5.2.1 Add/Edit Internet Connection	93
5.3 The 3G Backup Screen	115
5.4 Technical Reference	117
Wireless	123
6.1 Overview	123
6.1.1 What You Can Do in this Chapter	123
6.1.2 Wireless Network Overview	123
6.1.3 Before You Begin	125
6.2 The Wireless General Screen	125
6.2.1 No Security	127
6.2.2 Basic (Static WEP/Shared WEP Encryption)	127
6.2.3 More Secure (WPA(2)-PSK)	129
6.2.4 WPA(2) Authentication	130
6.3 The More AP Screen	131
6.3.1 Edit More AP	132
6.4 The WPS Screen	133
6.5 The WMM Screen	135
6.6 Scheduling Screen	137
6.7 Technical Reference	137
6.7.1 Additional Wireless Terms	138
6.7.2 Wireless Security Overview	138
6.7.3 Signal Problems	140
6.7.4 BSS	141
6.7.5 MBSSID	141
6.7.6 WiFi Protected Setup (WPS)	142
Home Networking	149
7.1 Overview	149
7.1.1 What You Can Do in this Chapter	149
7.1.2 What You Need To Know	149
7.2 The LAN Setup Screen	152
7.3 The Static DHCP Screen	153
7.3.1 Before You Begin	153
7.4 The UPnP Screen	155
7.5 The File Sharing Screen	155
7.5.1 Before You Begin	156
7.5.2 Add/Edit File Sharing	157
7.6 The Media Server Screen	158
7.7 The Printer Server Screen	159
7.7.1 Before You Begin	159
7.8 Technical Reference	160
7.9 Installing UPnP in Windows Example	164
7.10 Using UPnP in Windows XP Example	167
Routing	173
8.1 Overview	173
8.2 Configuring Static Route	174
8.2.1 Add/Edit Static Route	175
Quality of Service (QoS)	177
9.1 Overview	177
9.1.1 What You Can Do in this Chapter	177
9.1.2 What You Need to Know	177
9.2 The QoS General Screen	178
9.3 The Queue Setup Screen	180
9.3.1 Add/Edit a QoS Queue	181
9.4 The Class Setup Screen	181
9.4.1 Add/Edit QoS Class	183
9.5 The QoS Monitor Screen	186
9.6 QoS Technical Reference	187
9.6.1 IEEE 802.1Q Tag	187
9.6.2 IP Precedence	187
9.6.3 DiffServ	187
Network Address Translation (NAT)	189
10.1 Overview	189
10.1.1 What You Can Do in this Chapter	189
10.1.2 What You Need To Know	189
10.2 The Port Forwarding Screen	190
10.2.1 The Port Forwarding Screen	190
10.2.2 The Port Forwarding Edit Screen	192
10.3 The Sessions Screen	193
10.4 Technical Reference	193
10.4.1 NAT Definitions	193
10.4.2 What NAT Does	194
10.4.3 How NAT Works	194
Dynamic DNS	197
11.1 Overview	197
11.1.1 What You Need To Know	197
11.2 The Dynamic DNS Screen	197
Firewall	199
12.1 Overview	199
12.1.1 What You Can Do in this Chapter	199
12.1.2 What You Need to Know	199
12.2 The General Screen	200
12.3 The Services Screen	201
12.4 Firewall Technical Reference	202
12.4.1 Guidelines For Enhancing Security With Your Firewall	202
12.4.2 Security Considerations	202
MAC Filter	205
13.1 Overview	205
13.1.1 What You Need to Know	205
13.2 The MAC Filter Screen	205
Parental Control	207
14.1 Overview	207
14.2 The Parental Control Screen	207
14.2.1 Add/Edit a Parental Control Rule	208
Certificates	211
15.1 Overview	211
15.1.1 What You Can Do in this Chapter	211
15.1.2 What You Need to Know	211
15.1.3 Verifying a Certificate	212
15.2 Local Certificates	213
15.3 Trusted CA	215
15.4 Trusted CA Import	215
15.5 View Certificate	216
VoIP	219
16.1 Overview	219
16.1.1 What You Can Do in this Chapter	219
16.1.2 What You Need to Know	219
16.1.3 Before You Begin	221
16.2 The SIP Service Provider Screen	221
16.3 The SIP Account Screen	224
16.3.1 Add/Edit SIP Account	226
16.4 Multiple SIP Accounts	228
16.5 The Common Screen	228
16.6 Phone Screen	229
16.6.1 Edit Phone Device	230
16.7 The Phone Region Screen	231
16.8 The Call Rule Screen	231
16.9 The FXO Screen (“L” Models Only)	233
16.10 Technical Reference	233
16.10.1 VoIP	234
16.10.2 SIP	234
16.10.3 Quality of Service (QoS)	238
16.10.4 Phone Services Overview	239
Logs	243
17.1 Overview	243
17.1.1 What You Can Do in this Chapter	243
17.1.2 What You Need To Know	243
17.2 The System Log Screen	244
17.3 The Phone Log Screen	245
17.4 The VoIP Call History Screen	245
Traffic Status	247
18.1 Overview	247
18.1.1 What You Can Do in this Chapter	247
18.2 The WAN Status Screen	247
18.3 The LAN Status Screen	248
18.4 The NAT Status Screen	249
18.5 The 3G Backup Status Screen	250
18.6 The VoIP Status Screen	251
User Account	253
19.1 Overview	253
19.2 The User Account Screen	253
Remote MGMT	255
20.1 Overview	255
20.1.1 What You Need to Know	255
20.2 The Remote MGMT Screen	256
System	257
21.1 Overview	257
21.1.1 What You Need to Know	257
21.2 The System Screen	257
Time Setting	259
22.1 Overview	259
22.2 The Time Setting Screen	259
Log Setting	261
23.1 Overview	261
23.2 The Log Setting Screen	261
Firmware Upgrade	263
24.1 Overview	263
24.2 The Firmware Upgrade Screen	263
Backup/Restore	265
25.1 Overview	265
25.2 The Backup/Restore Screen	265
25.3 The Reboot Screen	267
Diagnostic	269
26.1 Overview	269
26.2 The Ping/TraceRoute Screen	269
26.3 The DSL Line Screen	270
Troubleshooting	273
27.1 Overview	273
27.2 Power, Hardware Connections, and LEDs	273
27.3 Device Access and Login	274
27.4 Internet Access	276
27.5 Wireless Internet Access	278
27.6 Phone Calls and VoIP	279
27.7 USB Device Connection	279
27.8 UPnP	279
Product Specifications	281
IP Addresses and Subnetting	289
Setting Up Your Computer’s IP Address	299
Pop-up Windows, JavaScript and Java Permissions	329
Wireless LANs	339
Common Services	359
IPv6	363
Open Software Announcements	375
Legal Information	411

Match case Limit results 1 per page

Appendix D Wireless LANs

P-2812HNU(L)-Fx Series User’s Guide

346

EAP-MD5 (Message-Digest Algorithm 5)

MD5 authentication is the simplest one-way authentication method. The authentication server

sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by

encrypting the password with the challenge and sends back the information. Password is not sent in

plain text.

However, MD5 authentication has some weaknesses. Since the authentication server needs to get

the plaintext passwords, the passwords must be stored. Thus someone other than the

authentication server may access the password file. In addition, it is possible to impersonate an

authentication server as MD5 authentication method does not perform mutual authentication.

Finally, MD5 authentication method does not support data encryption with dynamic session key. You

must configure WEP encryption keys for data encryption.

EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the wireless clients for

mutual authentication. The server presents a certificate to the client. After validating the identity of

the server, the client sends a different certificate to the server. The exchange of certificates is done

in the open before a secured tunnel is created. This makes user identity vulnerable to passive

attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity.

However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which

imposes a management overhead.

EAP-TTLS (Tunneled Transport Layer Service)

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-

side authentications to establish a secure connection. Client authentication is then done by sending

username and password through the secure connection, thus client identity is protected. For client

authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP,

CHAP, MS-CHAP and MS-CHAP v2.

PEAP (Protected EAP)

Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then

use simple username and password methods through the secured connection to authenticate the

clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5,

EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is

implemented only by Cisco.

LEAP

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x.

Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key expires when the

wireless connection times out, disconnects or reauthentication times out. A new WEP key is

generated each time reauthentication is performed.