Home » ZyXEL Manuals » Networking » ZyXEL P-2812HNU-F1 » Manual Viewer

ZyXEL P-2812HNU-F1 User Guide - Page 347

WPA and WPA2, Encryption

Get ZyXEL P-2812HNU-F1 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 347 highlights

Appendix D Wireless LANs If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen. You may still configure and store keys, but they will not be used while dynamic WEP is enabled. Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types. Table 107 Comparison of EAP Authentication Types EAP-MD5 EAP-TLS Mutual Authentication No Yes Certificate - Client No Yes Certificate - Server No Yes Dynamic Key Exchange No Yes Credential Integrity None Strong Deployment Difficulty Easy Hard Client Identity Protection No No EAP-TTLS Yes Optional Yes Yes Strong Moderate Yes PEAP Yes Optional Yes Yes Strong Moderate Yes LEAP Yes No No Yes Moderate Moderate No WPA and WPA2 Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication. If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption than TKIP. TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server. AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm P-2812HNU(L)-Fx Series User's Guide 347

Section	Page
P-2812HNU(L)-Fx Series	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
User’s Guide	19
Introduction	21
1.1 Overview	21
1.2 Applications for the Device	21
1.2.1 Internet Access	21
1.2.2 VoIP Features	22
1.2.3 Wireless Connection	22
1.3 The WLAN Button	23
1.4 Ways to Manage the Device	24
1.5 Good Habits for Managing the Device	24
1.6 LEDs (Lights)	24
1.7 The RESET Button	26
Introducing the Web Configurator	27
2.1 Overview	27
2.1.1 Accessing the Web Configurator	27
2.2 The Web Configurator Layout	29
2.2.1 Title Bar	29
2.2.2 Main Window	29
2.2.3 Navigation Panel	30
Tutorials	33
3.1 Overview	33
3.2 Setting Up Your DSL Connection	33
3.3 How to Set up a Wireless Network	36
3.3.1 Example Parameters	36
3.3.2 Configuring the AP	36
3.3.3 Configuring the Wireless Client	38
3.4 Setting Up NAT Port Forwarding	43
3.5 How to Make a VoIP Call	44
3.5.1 VoIP Calls With a Registered SIP Account	45
3.6 Using the File Sharing Feature	47
3.6.1 Set Up File Sharing	48
3.6.2 Access Your Shared Files From a Computer	49
3.7 Using the Media Server Feature	49
3.7.1 Configuring the Device	50
3.7.2 Using Windows Media Player	50
3.7.3 Using a Digital Media Adapter	53
3.8 Using the Print Server Feature	55
3.9 Configuring the MAC Address Filter	70
3.10 Configuring Static Route for Routing to Another Network	71
3.11 Configuring QoS Queue and Class Setup	73
3.12 Access the Device Using DDNS	76
3.12.1 Registering a DDNS Account on www.dyndns.org	77
3.12.2 Configuring DDNS on Your Device	77
3.12.3 Testing the DDNS Setting	77
Technical Reference	79
Connection Status and System Info	81
4.1 Overview	81
4.2 The Connection Status Screen	81
4.3 The System Info Screen	83
Broadband	87
5.1 Overview	87
5.1.1 What You Can Do in this Chapter	88
5.1.2 What You Need to Know	88
5.1.3 Before You Begin	91
5.2 The Broadband Screen	91
5.2.1 Add/Edit Internet Connection	93
5.3 The 3G Backup Screen	115
5.4 Technical Reference	117
Wireless	123
6.1 Overview	123
6.1.1 What You Can Do in this Chapter	123
6.1.2 Wireless Network Overview	123
6.1.3 Before You Begin	125
6.2 The Wireless General Screen	125
6.2.1 No Security	127
6.2.2 Basic (Static WEP/Shared WEP Encryption)	127
6.2.3 More Secure (WPA(2)-PSK)	129
6.2.4 WPA(2) Authentication	130
6.3 The More AP Screen	131
6.3.1 Edit More AP	132
6.4 The WPS Screen	133
6.5 The WMM Screen	135
6.6 Scheduling Screen	137
6.7 Technical Reference	137
6.7.1 Additional Wireless Terms	138
6.7.2 Wireless Security Overview	138
6.7.3 Signal Problems	140
6.7.4 BSS	141
6.7.5 MBSSID	141
6.7.6 WiFi Protected Setup (WPS)	142
Home Networking	149
7.1 Overview	149
7.1.1 What You Can Do in this Chapter	149
7.1.2 What You Need To Know	149
7.2 The LAN Setup Screen	152
7.3 The Static DHCP Screen	153
7.3.1 Before You Begin	153
7.4 The UPnP Screen	155
7.5 The File Sharing Screen	155
7.5.1 Before You Begin	156
7.5.2 Add/Edit File Sharing	157
7.6 The Media Server Screen	158
7.7 The Printer Server Screen	159
7.7.1 Before You Begin	159
7.8 Technical Reference	160
7.9 Installing UPnP in Windows Example	164
7.10 Using UPnP in Windows XP Example	167
Routing	173
8.1 Overview	173
8.2 Configuring Static Route	174
8.2.1 Add/Edit Static Route	175
Quality of Service (QoS)	177
9.1 Overview	177
9.1.1 What You Can Do in this Chapter	177
9.1.2 What You Need to Know	177
9.2 The QoS General Screen	178
9.3 The Queue Setup Screen	180
9.3.1 Add/Edit a QoS Queue	181
9.4 The Class Setup Screen	181
9.4.1 Add/Edit QoS Class	183
9.5 The QoS Monitor Screen	186
9.6 QoS Technical Reference	187
9.6.1 IEEE 802.1Q Tag	187
9.6.2 IP Precedence	187
9.6.3 DiffServ	187
Network Address Translation (NAT)	189
10.1 Overview	189
10.1.1 What You Can Do in this Chapter	189
10.1.2 What You Need To Know	189
10.2 The Port Forwarding Screen	190
10.2.1 The Port Forwarding Screen	190
10.2.2 The Port Forwarding Edit Screen	192
10.3 The Sessions Screen	193
10.4 Technical Reference	193
10.4.1 NAT Definitions	193
10.4.2 What NAT Does	194
10.4.3 How NAT Works	194
Dynamic DNS	197
11.1 Overview	197
11.1.1 What You Need To Know	197
11.2 The Dynamic DNS Screen	197
Firewall	199
12.1 Overview	199
12.1.1 What You Can Do in this Chapter	199
12.1.2 What You Need to Know	199
12.2 The General Screen	200
12.3 The Services Screen	201
12.4 Firewall Technical Reference	202
12.4.1 Guidelines For Enhancing Security With Your Firewall	202
12.4.2 Security Considerations	202
MAC Filter	205
13.1 Overview	205
13.1.1 What You Need to Know	205
13.2 The MAC Filter Screen	205
Parental Control	207
14.1 Overview	207
14.2 The Parental Control Screen	207
14.2.1 Add/Edit a Parental Control Rule	208
Certificates	211
15.1 Overview	211
15.1.1 What You Can Do in this Chapter	211
15.1.2 What You Need to Know	211
15.1.3 Verifying a Certificate	212
15.2 Local Certificates	213
15.3 Trusted CA	215
15.4 Trusted CA Import	215
15.5 View Certificate	216
VoIP	219
16.1 Overview	219
16.1.1 What You Can Do in this Chapter	219
16.1.2 What You Need to Know	219
16.1.3 Before You Begin	221
16.2 The SIP Service Provider Screen	221
16.3 The SIP Account Screen	224
16.3.1 Add/Edit SIP Account	226
16.4 Multiple SIP Accounts	228
16.5 The Common Screen	228
16.6 Phone Screen	229
16.6.1 Edit Phone Device	230
16.7 The Phone Region Screen	231
16.8 The Call Rule Screen	231
16.9 The FXO Screen (“L” Models Only)	233
16.10 Technical Reference	233
16.10.1 VoIP	234
16.10.2 SIP	234
16.10.3 Quality of Service (QoS)	238
16.10.4 Phone Services Overview	239
Logs	243
17.1 Overview	243
17.1.1 What You Can Do in this Chapter	243
17.1.2 What You Need To Know	243
17.2 The System Log Screen	244
17.3 The Phone Log Screen	245
17.4 The VoIP Call History Screen	245
Traffic Status	247
18.1 Overview	247
18.1.1 What You Can Do in this Chapter	247
18.2 The WAN Status Screen	247
18.3 The LAN Status Screen	248
18.4 The NAT Status Screen	249
18.5 The 3G Backup Status Screen	250
18.6 The VoIP Status Screen	251
User Account	253
19.1 Overview	253
19.2 The User Account Screen	253
Remote MGMT	255
20.1 Overview	255
20.1.1 What You Need to Know	255
20.2 The Remote MGMT Screen	256
System	257
21.1 Overview	257
21.1.1 What You Need to Know	257
21.2 The System Screen	257
Time Setting	259
22.1 Overview	259
22.2 The Time Setting Screen	259
Log Setting	261
23.1 Overview	261
23.2 The Log Setting Screen	261
Firmware Upgrade	263
24.1 Overview	263
24.2 The Firmware Upgrade Screen	263
Backup/Restore	265
25.1 Overview	265
25.2 The Backup/Restore Screen	265
25.3 The Reboot Screen	267
Diagnostic	269
26.1 Overview	269
26.2 The Ping/TraceRoute Screen	269
26.3 The DSL Line Screen	270
Troubleshooting	273
27.1 Overview	273
27.2 Power, Hardware Connections, and LEDs	273
27.3 Device Access and Login	274
27.4 Internet Access	276
27.5 Wireless Internet Access	278
27.6 Phone Calls and VoIP	279
27.7 USB Device Connection	279
27.8 UPnP	279
Product Specifications	281
IP Addresses and Subnetting	289
Setting Up Your Computer’s IP Address	299
Pop-up Windows, JavaScript and Java Permissions	329
Wireless LANs	339
Common Services	359
IPv6	363
Open Software Announcements	375
Legal Information	411

Match case Limit results 1 per page

Appendix D Wireless LANs

P-2812HNU(L)-Fx Series User’s Guide

347

If this feature is enabled, it is not necessary to configure a default encryption key in the wireless

security configuration screen. You may still configure and store keys, but they will not be used while

dynamic WEP is enabled.

Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic

keys for data encryption. They are often deployed in corporate environments, but for public

deployment, a simple user name and password pair is more practical. The following table is a

comparison of the features of authentication types.

WPA and WPA2

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a

wireless security standard that defines stronger encryption, authentication and key management

than WPA.

Key differences between WPA or WPA2 and WEP are improved data encryption and user

authentication.

If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use

WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use

WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into

each access point, wireless gateway and wireless client. As long as the passwords match, a wireless

client will be granted access to a WLAN.

If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on

whether you have an external RADIUS server or not.

Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less

secure than WPA or WPA2.

Encryption

Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP),

Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption

Standard (AES) in the Counter mode with Cipher block chaining Message authentication code

Protocol (CCMP) to offer stronger encryption than TKIP.

TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server.

AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm

Table 107

Comparison of EAP Authentication Types

EAP-MD5

EAP-TLS

EAP-TTLS

PEAP

LEAP

Mutual Authentication

Yes

Certificate – Client

Yes

Optional

Certificate – Server

Yes

Dynamic Key Exchange

Yes

Credential Integrity

None

Strong

Moderate

Deployment Difficulty

Easy

Hard

Moderate

Client Identity Protection

Yes