ZyXEL P-336M User Guide - Page 36

ZyXEL P-336M User’s Guide

Chapter 3 Basic

36

•

Open

mode is implemented for ease-of-use and when security is not an issue. The

wireless station and the AP do

not

share a secret key. Thus the wireless stations can

associate with any AP and listen to any data transmitted plaintext.

•

Shared Key

mode involves a shared secret key to authenticate the wireless station to the

AP. This requires you to enable the WEP encryption and specify a WEP key on both the

wireless station and the AP.

3.7.2

IEEE 802.1x

The IEEE 802.1x standard outlines enhanced security methods for both the authentication of

wireless stations and encryption key management. Authentication can be done using an

external RADIUS server.

3.7.2.1

EAP Authentication

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the

IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By

using EAP to interact with an EAP-compatible RADIUS server, an access point helps a

wireless station and a RADIUS server perform authentication.

The type of authentication you use depends on the RADIUS server and an intermediary AP(s)

that supports IEEE 802.1x.

3.7.3

WPA(2)

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. Key differences

between WPA(2) and WEP are user authentication and improved data encryption.

3.7.3.1

User Authentication

WPA(2) applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate

wireless clients using an external RADIUS database.

Therefore, if you don't have an external RADIUS server, you should use WPA(2)-PSK (WPA -

Pre-Shared Key) that only requires a single (identical) password entered into each access

point, wireless gateway and wireless client. As long as the passwords match, a client will be

granted access to a WLAN.

3.7.3.2

Encryption

WPA(2) improves data encryption by using Temporal Key Integrity Protocol (TKIP) or

Advanced Encryption Standard (AES), Message Integrity Check (MIC) and IEEE 802.1x.

Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and

distributed by the authentication server. It includes a per-packet key mixing function, a

Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with

sequencing rules, and a re-keying mechanism.

Section	Page
User’s Guide	1
Copyright	2
Federal Communications Commission (FCC) Interference Statement	3
ZyXEL Limited Warranty	5
Customer Support	6
Table of Contents	8
List of Figures	12
List of Tables	14
Preface	16
Getting Started	18
1.2 Features	18
1.3 Hardware Connection and Wizard Setup	19
1.3.1 Front Panel LEDs	19
The Web Configurator	20
2.1 Introduction	20
2.2 Login	20
2.3 The DEVICE INFO Screen	21
2.4 Web Configurator Screen Buttons	22
2.5 Saving Configuration Changes	22
2.6 Changing Your Password	23
Basic	24
3.1 Setup Wizards	24
3.2 WAN Overview	25
3.2.1 WAN IP Address Assignment	25
3.2.2 DNS Server Address Assignment	25
3.2.3 WAN Configuration	26
3.2.4 WAN Configuration: Static IP	27
3.2.5 WAN Configuration: PPPoE	28
3.3 LAN Setup	30
3.4 DHCP Overview	30
3.4.1 IP Pool Setup	31
3.4.2 DHCP Setup	31
3.5 Wireless LAN Overview	33
3.5.1 SSID	33
3.5.2 Channel	33
3.5.3 Transmission Rate (Tx Rate)	33
3.5.3.1 SuperGTM	33
3.6 Basic Wireless LAN Setup	33
3.7 Wireless LAN Security Overview	35
3.7.1 WEP	35
3.7.1.1 Authentication Type	35
3.7.2 IEEE 802.1x	36
3.7.2.1 EAP Authentication	36
3.7.3 WPA(2)	36
3.7.3.1 User Authentication	36
3.7.3.2 Encryption	36
3.8 WLAN Security Setup	37
3.8.1 WLAN Security Setup: WEP	37
3.8.2 WLAN Security Setup: WPA-Personal	39
3.8.3 WLAN Security Setup: WPA-Enterprise	39
Advanced	42
4.1 Game Hosting	42
4.2 Virtual Server	43
4.2.1 Common Services and Port Numbers	44
4.2.2 Configuring Virtual Server	44
4.3 Applications	46
4.3.1 ALG	46
4.3.2 Port Triggering	46
4.3.3 Configuring Special Applications	47
4.4 StreamEngine	49
4.5 Routing	52
4.6 Access Control	53
4.7 Web Filter	55
4.8 MAC Filter	56
4.9 Firewall	58
4.9.1 DMZ	58
4.9.2 Configuring Firewall	58
4.10 Inbound Filter	59
4.11 Wireless	61
4.11.1 RTS/CTS	61
4.11.2 Fragmentation Threshold	62
4.11.3 Configuring Advanced Wireless Settings	62
4.12 Schedule	64
Tools	66
5.1 Administrator Settings	66
5.1.1 Login Accounts	66
5.1.2 UPnP	66
5.1.3 The Admin Screen	66
5.1.4 Configuration Backup	68
5.1.5 Configuration Restore	69
5.2 System Time and Date	70
5.3 Syslog	72
5.4 E-mail	73
5.5 System	75
5.5.1 Rebooting Your P-336M	75
5.5.2 Device Reset	75
5.6 Firmware	76
5.7 DDNS	77
Status	80
6.1 Device Info	80
6.2 Wireless	82
6.3 Logs	82
6.4 Statistics	83
Types of EAP Authentication	86
EAP-MD5 (Message-Digest Algorithm 5)	86
EAP-TLS (Transport Layer Security)	86
EAP-TTLS (Tunneled Transport Layer Service)	86
PEAP (Protected EAP)	87
LEAP	87
Dynamic WEP Key Exchange	87
WPA	88
User Authentication	88
Encryption	88
Security Parameters Summary	89
Setting up Your Computer’s IP Address	90
Windows 95/98/Me	90
Installing Components	91
Configuring	92
Verifying Settings	93
Windows 2000/NT/XP	93
Verifying Settings	97
Macintosh OS 8/9	97
Verifying Settings	99
Macintosh OS X	99
Verifying Settings	100
Index	102
A	102
C	102
D	102
E	102
F	102
G	102
H	102
I	102
M	102
N	102
P	103
Q	103
R	103
S	103
T	103
U	103
W	103

ZyXEL P-336M User Guide - Page 36

Ieee 802.1x

Page 36 highlights