Home » ZyXEL Manuals » Networking » ZyXEL P-330W » Manual Viewer

ZyXEL P-330W User Guide - Page 63

EAP Authentication Overview, 7.7.6, WPA with RADIUS Application Example

Get ZyXEL P-330W PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 63 highlights

ZyXEL P-330W User's Guide In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the wired network from unauthorized access. 5.7.7.5 EAP Authentication Overview EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, the access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server or the AP. The P-330W supports EAP-TLS, EAP-TTLS and PEAP with RADIUS. Refer to the Types of EAP Authentication appendix for descriptions on the four common types. Your P-330W supports EAP-MD5 (Message-Digest Algorithm 5) with RADIUS. The following figure shows an overview of authentication when you specify a RADIUS server on your access point. Figure 34 EAP Authentication The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix. 1 The wireless station sends a "start" message to the P-330W. 2 The P-330W sends a "request identity" message to the wireless station for identity information. 3 The wireless station replies with identity information, including username and password. 4 The RADIUS server checks the user information against its user profile database and determines whether or not to authenticate the wireless station. 5.7.7.6 WPA with RADIUS Application Example You need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system. 1 The AP passes the wireless client's authentication request to the RADIUS server. 63 Chapter 5 Wireless

Section	Page
User’s Guide	1
Copyright	2
Disclaimer	2
Trademarks	2
Federal Communications Commission (FCC) Interference Statement	3
Notice 1	3
Certifications	3
ZyXEL Limited Warranty	4
Note	4
Safety Warnings	4
Customer Support	5
Table of Contents	6
List of Figures	12
List of Tables	16
Preface	18
About This User's Guide	18
Related Documentation	18
User Guide Feedback	18
Syntax Conventions	18
Graphics Icons Key	19
Getting to Know Your P-330W	20
1.1 P-330W Internet Security Gateway Overview	20
1.2 P-330W Features	20
1.2.1 Physical Features	20
1.2.1.1 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s)	20
1.2.1.2 Auto-crossover 10/100 Mbps Ethernet Interface(s)	20
1.2.1.3 4-Port Switch	20
1.2.1.4 Time and Date	21
1.2.1.5 Reset Button	21
1.2.2 Removable Antenna	21
1.2.3 Non-Physical Features	21
1.2.3.1 Firewall	21
1.2.3.2 802.11b Wireless LAN Standard	21
1.2.3.3 802.11g Wireless LAN Standard	22
1.2.3.4 Packet Filtering	22
1.2.3.5 Universal Plug and Play (UPnP)	22
1.2.3.6 PPPoE	22
1.2.3.7 PPTP Encapsulation	22
1.2.3.8 Dynamic DNS Support	22
1.2.3.9 Network Address Translation (NAT)	23
1.2.3.10 Port Forwarding	23
1.2.3.11 DHCP (Dynamic Host Configuration Protocol)	23
1.2.3.12 Logging and Tracing	23
1.2.3.13 Wireless Association List	23
1.3 Applications for the P-330W	23
1.3.1 Secure Broadband Internet Access via Cable or DSL Modem	23
1.3.2 Internet Access Application	24
Introducing the Web Configurator	26
2.1 Web Configurator Overview	26
2.2 Accessing the P-330W Web Configurator	26
2.2.0.1 Resetting the P-330W	26
2.2.1 Navigating the P-330W Web Configurator	27
2.2.2 Navigation Panel	27
Wizard Setup	30
3.1 Wizard Setup Overview	30
3.2 Wizard Setup: Screen 2	30
3.2.1 DHCP Client	30
3.2.2 Static IP	30
3.2.3 PPPoE Encapsulation	31
3.2.4 PPTP Encapsulation	32
3.2.5 L2TP Encapsulation	33
3.3 Wizard Setup: Screen 3	34
3.4 Wizard Setup: Screen 4	35
3.4.1 No Encryption	36
3.4.2 WEP Encryption	36
3.4.3 WPA	37
3.4.4 WPA2 (AES)	37
3.4.5 WPA2 Mixed	38
3.5 Basic Setup Complete	39
System Screens	40
4.1 Setup Wizard	40
4.2 Operation Mode	40
4.3 LAN Overview	41
4.3.1 DHCP Setup	42
4.3.2 IP Pool Setup	42
4.3.3 System DNS Servers	42
4.3.4 LAN TCP/IP	42
4.3.5 Factory LAN Defaults	42
4.3.6 IP Address and Subnet Mask	42
4.3.7 Configuring IP	42
4.4 Configuring Password	44
4.5 Status Screen	44
Wireless	46
5.1 Wireless LAN Overview	46
5.1.1 IBSS	46
5.1.2 BSS	46
5.1.3 ESS	47
5.1.4 RTS/CTS	48
5.2 Configuring Wireless	49
5.3 Basic Settings	49
5.4 Wireless Advanced Settings	51
5.4.1 Authentication	51
5.4.2 Preamble Type	52
5.5 Site Survey	53
5.6 Wireless Security Overview	53
5.7 Security Parameters Summary	56
5.7.1 WEP Overview	56
5.7.2 Data Encryption	56
5.7.3 Configuring WEP Encryption	56
5.7.4 Introduction to WPA	59
5.7.4.1 User Authentication	59
5.7.4.2 Encryption	59
5.7.4.3 WPA-PSK Application Example	60
5.7.5 Introduction to WPA2	60
5.7.6 Configuring WPA-PSK Authentication	60
5.7.7 Introduction to RADIUS	62
5.7.7.1 Types of RADIUS Messages	62
5.7.7.2 Access-Challenge	62
5.7.7.3 Accounting-Request	62
5.7.7.4 Accounting-Response	62
5.7.7.5 EAP Authentication Overview	63
5.7.7.6 WPA with RADIUS Application Example	63
5.7.8 Configuring WPA Authentication	64
5.8 WDS Settings	66
5.9 Wireless Trusted Stations	67
Advanced Options	70
6.1 Access Control	70
6.2 Dynamic DNS	71
6.3 Configuring Dynamic DNS	72
6.4 DMZ	73
6.5 Virtual Servers (Port Forwarding)	73
6.5.0.1 Configuring Servers Behind SUA (Example)	74
6.5.1 Configuring Virtual Servers	75
6.6 Special Applications	76
6.7 WAN Port	77
6.7.1 Static IP Encapsulation	77
6.7.2 DHCP IP Encapsulation	79
6.7.3 PPPoE Encapsulation	80
6.7.4 PPTP Encapsulation	82
6.7.5 L2TP Encapsulation	84
6.8 Ping	86
6.9 DoS Setting	87
6.10 Diagnostics	88
Administrator Options	90
7.1 Remote Management	90
7.2 Configuration Screen	90
7.2.1 Backup Configuration	91
7.2.2 Restore Configuration	91
7.2.3 Back to Factory Defaults	92
7.3 Logs	92
7.4 IP Filtering	94
7.5 MAC Filtering	95
7.6 URL Filtering	95
7.7 Statistics	96
7.8 Time Zone Setting	96
7.9 Upgrade Firmware	97
Appendix A	100
PPPoE	100
PPPoE in Action	100
Benefits of PPPoE	100
Traditional Dial-up Scenario	100
How PPPoE Works	101
P-330W as a PPPoE Client	101
Appendix B	102
PPTP	102
What is PPTP?	102
How can we transport PPP frames from a computer to a broadband modem over Ethernet?	102
PPTP and the P-330W	102
PPTP Protocol Overview	103
Control & PPP Connections	103
Call Connection	103
PPP Data Connection	104
Appendix C	106
Setting up Your Computer’s IP Address	106
Windows 95/98/Me	106
Installing Components	107
Configuring	108
Verifying Settings	109
Windows 2000/NT/XP	109
Verifying Settings	113
Macintosh OS 8/9	114
Verifying Settings	115
Macintosh OS X	115
Verifying Settings	116
Appendix D	118
Wireless LAN and IEEE 802.11	118
Benefits of a Wireless LAN	118
IEEE 802.11	118
Ad-hoc Wireless LAN Configuration	119
Infrastructure Wireless LAN Configuration	119
Appendix E	122
Wireless LAN With IEEE 802.1x	122
Security Flaws with IEEE 802.11	122
Deployment Issues with IEEE 802.11	122
IEEE 802.1x	122
Advantages of the IEEE 802.1x	122
RADIUS Server Authentication Sequence	123
Appendix F	124
Types of EAP Authentication	124
EAP-MD5 (Message-Digest Algorithm 5)	124
EAP-TLS (Transport Layer Security)	124
EAP-TTLS (Tunneled Transport Layer Service)	124
PEAP (Protected EAP)	125
Appendix G	126
Antenna Selection and Positioning Recommendation	126
Antenna Characteristics	126
Frequency	126
Radiation Pattern	126
Antenna Gain	126
Types of Antennas For WLAN	126
Positioning Antennas	127
Appendix H	128
Open Saftware Announcements	128
This Product includes Zlib under Zlib License	128
Zlib License	128
ZLIB is third party library and has its own license.	128
This product includes pppd(includes radius) under BSD License, RSA Data Security, Inc. License and Roaring Penguin Software under GPL License	129
BSD	129
RSA Data Security, Inc License	130
This product include brctl, shell commands, hwclock, dnrd, gmp, iptables, Awk, MTD, ntpclient, pppd , pptp, udhcpd/ udhcpc, updated, libupnp/pseudo ICS, iwpriv, gcc, linux(kernal) and tiny under GPL License.	130
GNU GENERAL PUBLIC LICENSE	130
End-User License Agreement for “P-330W “	135
Index	140
A	140
B	140
C	140
D	140
E	140
F	140
G	140
H	140
I	140
L	141
M	141
N	141
P	141
R	141
S	141
U	141
V	141

Match case Limit results 1 per page

ZyXEL P-330W User’s Guide

Chapter 5 Wireless

In order to ensure network security, the access point and the RADIUS server use a shared

secret key, which is a password, they both know. The key is not sent over the network. In

addition to the shared key, password information exchanged is also encrypted to protect the

wired network from unauthorized access.

5.7.7.5

EAP Authentication Overview

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the

IEEE802.1x transport mechanism in order to support multiple types of user authentication. By

using EAP to interact with an EAP-compatible RADIUS server, the access point helps a

wireless station and a RADIUS server perform authentication.

The type of authentication you use depends on the RADIUS server or the AP. The P-330W

supports EAP-TLS, EAP-TTLS and PEAP with RADIUS. Refer to the

Types of EAP

Authentication

appendix for descriptions on the four common types.

Your P-330W supports EAP-MD5 (Message-Digest Algorithm 5) with RADIUS.

The following figure shows an overview of authentication when you specify a RADIUS server

on your access point.

Figure 34

EAP Authentication

The details below provide a general description of how IEEE 802.1x EAP authentication

works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix.

The wireless station sends a “start” message to the P-330W.

The P-330W sends a “request identity” message to the wireless station for identity

information.

The wireless station replies with identity information, including username and password.

The RADIUS server checks the user information against its user profile database and

determines whether or not to authenticate the wireless station.

5.7.7.6

WPA with RADIUS Application Example

You need the IP address of the RADIUS server, its port number (default is 1812), and the

RADIUS shared secret. A WPA application example with an external RADIUS server looks

as follows. “A” is the RADIUS server. “DS” is the distribution system.

The AP passes the wireless client’s authentication request to the RADIUS server.