Home » ZyXEL Manuals » Networking » ZyXEL P-330W » Manual Viewer

ZyXEL P-330W User Guide - Page 124

Appendix F - v2

Get ZyXEL P-330W PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 124 highlights

ZyXEL P-330W User's Guide Appendix F Types of EAP Authentication This appendix discusses the five popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless station. The wireless station 'proves' that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key. You must configure WEP encryption keys for data encryption. EAP-TLS (Transport Layer Security) With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender's identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead. EAP-TTLS (Tunneled Transport Layer Service) EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. Appendix F Types of EAP Authentication 124

Section	Page
User’s Guide	1
Copyright	2
Disclaimer	2
Trademarks	2
Federal Communications Commission (FCC) Interference Statement	3
Notice 1	3
Certifications	3
ZyXEL Limited Warranty	4
Note	4
Safety Warnings	4
Customer Support	5
Table of Contents	6
List of Figures	12
List of Tables	16
Preface	18
About This User's Guide	18
Related Documentation	18
User Guide Feedback	18
Syntax Conventions	18
Graphics Icons Key	19
Getting to Know Your P-330W	20
1.1 P-330W Internet Security Gateway Overview	20
1.2 P-330W Features	20
1.2.1 Physical Features	20
1.2.1.1 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s)	20
1.2.1.2 Auto-crossover 10/100 Mbps Ethernet Interface(s)	20
1.2.1.3 4-Port Switch	20
1.2.1.4 Time and Date	21
1.2.1.5 Reset Button	21
1.2.2 Removable Antenna	21
1.2.3 Non-Physical Features	21
1.2.3.1 Firewall	21
1.2.3.2 802.11b Wireless LAN Standard	21
1.2.3.3 802.11g Wireless LAN Standard	22
1.2.3.4 Packet Filtering	22
1.2.3.5 Universal Plug and Play (UPnP)	22
1.2.3.6 PPPoE	22
1.2.3.7 PPTP Encapsulation	22
1.2.3.8 Dynamic DNS Support	22
1.2.3.9 Network Address Translation (NAT)	23
1.2.3.10 Port Forwarding	23
1.2.3.11 DHCP (Dynamic Host Configuration Protocol)	23
1.2.3.12 Logging and Tracing	23
1.2.3.13 Wireless Association List	23
1.3 Applications for the P-330W	23
1.3.1 Secure Broadband Internet Access via Cable or DSL Modem	23
1.3.2 Internet Access Application	24
Introducing the Web Configurator	26
2.1 Web Configurator Overview	26
2.2 Accessing the P-330W Web Configurator	26
2.2.0.1 Resetting the P-330W	26
2.2.1 Navigating the P-330W Web Configurator	27
2.2.2 Navigation Panel	27
Wizard Setup	30
3.1 Wizard Setup Overview	30
3.2 Wizard Setup: Screen 2	30
3.2.1 DHCP Client	30
3.2.2 Static IP	30
3.2.3 PPPoE Encapsulation	31
3.2.4 PPTP Encapsulation	32
3.2.5 L2TP Encapsulation	33
3.3 Wizard Setup: Screen 3	34
3.4 Wizard Setup: Screen 4	35
3.4.1 No Encryption	36
3.4.2 WEP Encryption	36
3.4.3 WPA	37
3.4.4 WPA2 (AES)	37
3.4.5 WPA2 Mixed	38
3.5 Basic Setup Complete	39
System Screens	40
4.1 Setup Wizard	40
4.2 Operation Mode	40
4.3 LAN Overview	41
4.3.1 DHCP Setup	42
4.3.2 IP Pool Setup	42
4.3.3 System DNS Servers	42
4.3.4 LAN TCP/IP	42
4.3.5 Factory LAN Defaults	42
4.3.6 IP Address and Subnet Mask	42
4.3.7 Configuring IP	42
4.4 Configuring Password	44
4.5 Status Screen	44
Wireless	46
5.1 Wireless LAN Overview	46
5.1.1 IBSS	46
5.1.2 BSS	46
5.1.3 ESS	47
5.1.4 RTS/CTS	48
5.2 Configuring Wireless	49
5.3 Basic Settings	49
5.4 Wireless Advanced Settings	51
5.4.1 Authentication	51
5.4.2 Preamble Type	52
5.5 Site Survey	53
5.6 Wireless Security Overview	53
5.7 Security Parameters Summary	56
5.7.1 WEP Overview	56
5.7.2 Data Encryption	56
5.7.3 Configuring WEP Encryption	56
5.7.4 Introduction to WPA	59
5.7.4.1 User Authentication	59
5.7.4.2 Encryption	59
5.7.4.3 WPA-PSK Application Example	60
5.7.5 Introduction to WPA2	60
5.7.6 Configuring WPA-PSK Authentication	60
5.7.7 Introduction to RADIUS	62
5.7.7.1 Types of RADIUS Messages	62
5.7.7.2 Access-Challenge	62
5.7.7.3 Accounting-Request	62
5.7.7.4 Accounting-Response	62
5.7.7.5 EAP Authentication Overview	63
5.7.7.6 WPA with RADIUS Application Example	63
5.7.8 Configuring WPA Authentication	64
5.8 WDS Settings	66
5.9 Wireless Trusted Stations	67
Advanced Options	70
6.1 Access Control	70
6.2 Dynamic DNS	71
6.3 Configuring Dynamic DNS	72
6.4 DMZ	73
6.5 Virtual Servers (Port Forwarding)	73
6.5.0.1 Configuring Servers Behind SUA (Example)	74
6.5.1 Configuring Virtual Servers	75
6.6 Special Applications	76
6.7 WAN Port	77
6.7.1 Static IP Encapsulation	77
6.7.2 DHCP IP Encapsulation	79
6.7.3 PPPoE Encapsulation	80
6.7.4 PPTP Encapsulation	82
6.7.5 L2TP Encapsulation	84
6.8 Ping	86
6.9 DoS Setting	87
6.10 Diagnostics	88
Administrator Options	90
7.1 Remote Management	90
7.2 Configuration Screen	90
7.2.1 Backup Configuration	91
7.2.2 Restore Configuration	91
7.2.3 Back to Factory Defaults	92
7.3 Logs	92
7.4 IP Filtering	94
7.5 MAC Filtering	95
7.6 URL Filtering	95
7.7 Statistics	96
7.8 Time Zone Setting	96
7.9 Upgrade Firmware	97
Appendix A	100
PPPoE	100
PPPoE in Action	100
Benefits of PPPoE	100
Traditional Dial-up Scenario	100
How PPPoE Works	101
P-330W as a PPPoE Client	101
Appendix B	102
PPTP	102
What is PPTP?	102
How can we transport PPP frames from a computer to a broadband modem over Ethernet?	102
PPTP and the P-330W	102
PPTP Protocol Overview	103
Control & PPP Connections	103
Call Connection	103
PPP Data Connection	104
Appendix C	106
Setting up Your Computer’s IP Address	106
Windows 95/98/Me	106
Installing Components	107
Configuring	108
Verifying Settings	109
Windows 2000/NT/XP	109
Verifying Settings	113
Macintosh OS 8/9	114
Verifying Settings	115
Macintosh OS X	115
Verifying Settings	116
Appendix D	118
Wireless LAN and IEEE 802.11	118
Benefits of a Wireless LAN	118
IEEE 802.11	118
Ad-hoc Wireless LAN Configuration	119
Infrastructure Wireless LAN Configuration	119
Appendix E	122
Wireless LAN With IEEE 802.1x	122
Security Flaws with IEEE 802.11	122
Deployment Issues with IEEE 802.11	122
IEEE 802.1x	122
Advantages of the IEEE 802.1x	122
RADIUS Server Authentication Sequence	123
Appendix F	124
Types of EAP Authentication	124
EAP-MD5 (Message-Digest Algorithm 5)	124
EAP-TLS (Transport Layer Security)	124
EAP-TTLS (Tunneled Transport Layer Service)	124
PEAP (Protected EAP)	125
Appendix G	126
Antenna Selection and Positioning Recommendation	126
Antenna Characteristics	126
Frequency	126
Radiation Pattern	126
Antenna Gain	126
Types of Antennas For WLAN	126
Positioning Antennas	127
Appendix H	128
Open Saftware Announcements	128
This Product includes Zlib under Zlib License	128
Zlib License	128
ZLIB is third party library and has its own license.	128
This product includes pppd(includes radius) under BSD License, RSA Data Security, Inc. License and Roaring Penguin Software under GPL License	129
BSD	129
RSA Data Security, Inc License	130
This product include brctl, shell commands, hwclock, dnrd, gmp, iptables, Awk, MTD, ntpclient, pppd , pptp, udhcpd/ udhcpc, updated, libupnp/pseudo ICS, iwpriv, gcc, linux(kernal) and tiny under GPL License.	130
GNU GENERAL PUBLIC LICENSE	130
End-User License Agreement for “P-330W “	135
Index	140
A	140
B	140
C	140
D	140
E	140
F	140
G	140
H	140
I	140
L	141
M	141
N	141
P	141
R	141
S	141
U	141
V	141

Match case Limit results 1 per page

ZyXEL P-330W User’s Guide

Appendix F Types of EAP Authentication

124

Appendix F

Types of EAP Authentication

This appendix discusses the five popular EAP authentication types:

EAP-MD5

EAP-TLS

EAP-TTLS

PEAP

and

LEAP

The type of authentication you use depends on the RADIUS server or the AP. Consult your

network administrator for more information.

EAP-MD5 (Message-Digest Algorithm 5)

MD5 authentication is the simplest one-way authentication method. The authentication server

sends a challenge to the wireless station. The wireless station ‘proves’ that it knows the

password by encrypting the password with the challenge and sends back the information.

Password is not sent in plain text.

However, MD5 authentication has some weaknesses. Since the authentication server needs to

get the plaintext passwords, the passwords must be stored. Thus someone other than the

authentication server may access the password file. In addition, it is possible to impersonate an

authentication server as MD5 authentication method does not perform mutual authentication.

Finally, MD5 authentication method does not support data encryption with dynamic session

key. You must configure WEP encryption keys for data encryption.

EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the wireless stations

for mutual authentication. The server presents a certificate to the client. After validating the

identity of the server, the client sends a different certificate to the server. The exchange of

certificates is done in the open before a secured tunnel is created. This makes user identity

vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the

sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to

handle certificates, which imposes a management overhead.

EAP-TTLS (Tunneled Transport Layer Service)

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the

server-side authentications to establish a secure connection. Client authentication is then done

by sending username and password through the secure connection, thus client identity is

protected. For client authentication, EAP-TTLS supports EAP methods and legacy

authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.