Home » ZyXEL Manuals » Networking » ZyXEL P-330W » Manual Viewer

ZyXEL P-330W User Guide - Page 122

Appendix E

Get ZyXEL P-330W PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 122 highlights

ZyXEL P-330W User's Guide Appendix E Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC address. As the MAC address is sent across the wireless link in clear text, it is easy to spoof and fake. Even the WEP (Wire Equivalent Privacy) data encryption is unreliable as it can be easily decrypted with current computer speed Deployment Issues with IEEE 802.11 User account management has become a network administrator's nightmare in a corporate environment, as the IEEE 802.11b standard does not provide any central user account management. User access control is done through manual modification of the MAC address table on the access point. Although WEP data encryption offers a form of data security, you have to reset the WEP key on the clients each time you change your WEP key on the access point. IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Advantages of the IEEE 802.1x • User based identification that allows for roaming. • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients. Appendix E Wireless LAN With IEEE 802.1x 122

Section	Page
User’s Guide	1
Copyright	2
Disclaimer	2
Trademarks	2
Federal Communications Commission (FCC) Interference Statement	3
Notice 1	3
Certifications	3
ZyXEL Limited Warranty	4
Note	4
Safety Warnings	4
Customer Support	5
Table of Contents	6
List of Figures	12
List of Tables	16
Preface	18
About This User's Guide	18
Related Documentation	18
User Guide Feedback	18
Syntax Conventions	18
Graphics Icons Key	19
Getting to Know Your P-330W	20
1.1 P-330W Internet Security Gateway Overview	20
1.2 P-330W Features	20
1.2.1 Physical Features	20
1.2.1.1 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s)	20
1.2.1.2 Auto-crossover 10/100 Mbps Ethernet Interface(s)	20
1.2.1.3 4-Port Switch	20
1.2.1.4 Time and Date	21
1.2.1.5 Reset Button	21
1.2.2 Removable Antenna	21
1.2.3 Non-Physical Features	21
1.2.3.1 Firewall	21
1.2.3.2 802.11b Wireless LAN Standard	21
1.2.3.3 802.11g Wireless LAN Standard	22
1.2.3.4 Packet Filtering	22
1.2.3.5 Universal Plug and Play (UPnP)	22
1.2.3.6 PPPoE	22
1.2.3.7 PPTP Encapsulation	22
1.2.3.8 Dynamic DNS Support	22
1.2.3.9 Network Address Translation (NAT)	23
1.2.3.10 Port Forwarding	23
1.2.3.11 DHCP (Dynamic Host Configuration Protocol)	23
1.2.3.12 Logging and Tracing	23
1.2.3.13 Wireless Association List	23
1.3 Applications for the P-330W	23
1.3.1 Secure Broadband Internet Access via Cable or DSL Modem	23
1.3.2 Internet Access Application	24
Introducing the Web Configurator	26
2.1 Web Configurator Overview	26
2.2 Accessing the P-330W Web Configurator	26
2.2.0.1 Resetting the P-330W	26
2.2.1 Navigating the P-330W Web Configurator	27
2.2.2 Navigation Panel	27
Wizard Setup	30
3.1 Wizard Setup Overview	30
3.2 Wizard Setup: Screen 2	30
3.2.1 DHCP Client	30
3.2.2 Static IP	30
3.2.3 PPPoE Encapsulation	31
3.2.4 PPTP Encapsulation	32
3.2.5 L2TP Encapsulation	33
3.3 Wizard Setup: Screen 3	34
3.4 Wizard Setup: Screen 4	35
3.4.1 No Encryption	36
3.4.2 WEP Encryption	36
3.4.3 WPA	37
3.4.4 WPA2 (AES)	37
3.4.5 WPA2 Mixed	38
3.5 Basic Setup Complete	39
System Screens	40
4.1 Setup Wizard	40
4.2 Operation Mode	40
4.3 LAN Overview	41
4.3.1 DHCP Setup	42
4.3.2 IP Pool Setup	42
4.3.3 System DNS Servers	42
4.3.4 LAN TCP/IP	42
4.3.5 Factory LAN Defaults	42
4.3.6 IP Address and Subnet Mask	42
4.3.7 Configuring IP	42
4.4 Configuring Password	44
4.5 Status Screen	44
Wireless	46
5.1 Wireless LAN Overview	46
5.1.1 IBSS	46
5.1.2 BSS	46
5.1.3 ESS	47
5.1.4 RTS/CTS	48
5.2 Configuring Wireless	49
5.3 Basic Settings	49
5.4 Wireless Advanced Settings	51
5.4.1 Authentication	51
5.4.2 Preamble Type	52
5.5 Site Survey	53
5.6 Wireless Security Overview	53
5.7 Security Parameters Summary	56
5.7.1 WEP Overview	56
5.7.2 Data Encryption	56
5.7.3 Configuring WEP Encryption	56
5.7.4 Introduction to WPA	59
5.7.4.1 User Authentication	59
5.7.4.2 Encryption	59
5.7.4.3 WPA-PSK Application Example	60
5.7.5 Introduction to WPA2	60
5.7.6 Configuring WPA-PSK Authentication	60
5.7.7 Introduction to RADIUS	62
5.7.7.1 Types of RADIUS Messages	62
5.7.7.2 Access-Challenge	62
5.7.7.3 Accounting-Request	62
5.7.7.4 Accounting-Response	62
5.7.7.5 EAP Authentication Overview	63
5.7.7.6 WPA with RADIUS Application Example	63
5.7.8 Configuring WPA Authentication	64
5.8 WDS Settings	66
5.9 Wireless Trusted Stations	67
Advanced Options	70
6.1 Access Control	70
6.2 Dynamic DNS	71
6.3 Configuring Dynamic DNS	72
6.4 DMZ	73
6.5 Virtual Servers (Port Forwarding)	73
6.5.0.1 Configuring Servers Behind SUA (Example)	74
6.5.1 Configuring Virtual Servers	75
6.6 Special Applications	76
6.7 WAN Port	77
6.7.1 Static IP Encapsulation	77
6.7.2 DHCP IP Encapsulation	79
6.7.3 PPPoE Encapsulation	80
6.7.4 PPTP Encapsulation	82
6.7.5 L2TP Encapsulation	84
6.8 Ping	86
6.9 DoS Setting	87
6.10 Diagnostics	88
Administrator Options	90
7.1 Remote Management	90
7.2 Configuration Screen	90
7.2.1 Backup Configuration	91
7.2.2 Restore Configuration	91
7.2.3 Back to Factory Defaults	92
7.3 Logs	92
7.4 IP Filtering	94
7.5 MAC Filtering	95
7.6 URL Filtering	95
7.7 Statistics	96
7.8 Time Zone Setting	96
7.9 Upgrade Firmware	97
Appendix A	100
PPPoE	100
PPPoE in Action	100
Benefits of PPPoE	100
Traditional Dial-up Scenario	100
How PPPoE Works	101
P-330W as a PPPoE Client	101
Appendix B	102
PPTP	102
What is PPTP?	102
How can we transport PPP frames from a computer to a broadband modem over Ethernet?	102
PPTP and the P-330W	102
PPTP Protocol Overview	103
Control & PPP Connections	103
Call Connection	103
PPP Data Connection	104
Appendix C	106
Setting up Your Computer’s IP Address	106
Windows 95/98/Me	106
Installing Components	107
Configuring	108
Verifying Settings	109
Windows 2000/NT/XP	109
Verifying Settings	113
Macintosh OS 8/9	114
Verifying Settings	115
Macintosh OS X	115
Verifying Settings	116
Appendix D	118
Wireless LAN and IEEE 802.11	118
Benefits of a Wireless LAN	118
IEEE 802.11	118
Ad-hoc Wireless LAN Configuration	119
Infrastructure Wireless LAN Configuration	119
Appendix E	122
Wireless LAN With IEEE 802.1x	122
Security Flaws with IEEE 802.11	122
Deployment Issues with IEEE 802.11	122
IEEE 802.1x	122
Advantages of the IEEE 802.1x	122
RADIUS Server Authentication Sequence	123
Appendix F	124
Types of EAP Authentication	124
EAP-MD5 (Message-Digest Algorithm 5)	124
EAP-TLS (Transport Layer Security)	124
EAP-TTLS (Tunneled Transport Layer Service)	124
PEAP (Protected EAP)	125
Appendix G	126
Antenna Selection and Positioning Recommendation	126
Antenna Characteristics	126
Frequency	126
Radiation Pattern	126
Antenna Gain	126
Types of Antennas For WLAN	126
Positioning Antennas	127
Appendix H	128
Open Saftware Announcements	128
This Product includes Zlib under Zlib License	128
Zlib License	128
ZLIB is third party library and has its own license.	128
This product includes pppd(includes radius) under BSD License, RSA Data Security, Inc. License and Roaring Penguin Software under GPL License	129
BSD	129
RSA Data Security, Inc License	130
This product include brctl, shell commands, hwclock, dnrd, gmp, iptables, Awk, MTD, ntpclient, pppd , pptp, udhcpd/ udhcpc, updated, libupnp/pseudo ICS, iwpriv, gcc, linux(kernal) and tiny under GPL License.	130
GNU GENERAL PUBLIC LICENSE	130
End-User License Agreement for “P-330W “	135
Index	140
A	140
B	140
C	140
D	140
E	140
F	140
G	140
H	140
I	140
L	141
M	141
N	141
P	141
R	141
S	141
U	141
V	141

Match case Limit results 1 per page

ZyXEL P-330W User’s Guide

Appendix E Wireless LAN With IEEE 802.1x

122

Appendix E

Wireless LAN With IEEE 802.1x

As wireless networks become popular for both portable computing and corporate networks,

security is now a priority.

Security Flaws with IEEE 802.11

Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The

IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC

address. As the MAC address is sent across the wireless link in clear text, it is easy to spoof

and fake. Even the WEP (Wire Equivalent Privacy) data encryption is unreliable as it can be

easily decrypted with current computer speed

Deployment Issues with IEEE 802.11

User account management has become a network administrator’s nightmare in a corporate

environment, as the IEEE 802.11b standard does not provide any central user account

management. User access control is done through manual modification of the MAC address

table on the access point. Although WEP data encryption offers a form of data security, you

have to reset the WEP key on the clients each time you change your WEP key on the access

point.

IEEE 802.1x

In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to

support extended authentication as well as providing additional accounting and control

features. It is supported by Windows XP and a number of network devices.

Advantages of the IEEE 802.1x

•

User based identification that allows for roaming.

•

Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for

centralized user profile and accounting management on a network RADIUS server.

•

Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional

authentication methods to be deployed with no changes to the access point or the wireless

clients.