Home » ZyXEL Manuals » Networking » ZyXEL P-660HN-51 » Manual Viewer

ZyXEL P-660HN-51 User Guide - Page 298

Types of EAP Authentication

Add to My Manuals
Save this manual to your list of manuals

Page 298 highlights

Appendix D Wireless LANs • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: • Accounting-Request Sent by the access point requesting accounting. • Accounting-Response Sent by the RADIUS server to indicate that it has started or stopped accounting. In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access. Types of EAP Authentication This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. Your wireless LAN device may not support all authentication types. EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. . For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client. The wireless client 'proves' that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. 298 P-660HN-TxA User's Guide

Section	Page
P-660HN-TxA	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
User’s Guide	19
Introduction	21
1.1 Overview	21
1.2 Ways to Manage the ZyXEL Device	21
1.3 Good Habits for Managing the ZyXEL Device	22
1.4 Applications for the ZyXEL Device	22
1.4.1 Internet Access	22
1.5 Wireless Access	23
1.5.1 Using the WPS/WLAN Button	23
1.6 LEDs (Lights)	25
1.7 The RESET Button	26
1.7.1 Using the Reset Button	27
The Web Configurator	29
2.1 Overview	29
2.1.1 Accessing the Web Configurator	29
2.2 The Main Screen	31
2.2.1 Title Bar	32
2.2.2 Navigation Panel	32
2.2.3 Main Window	34
2.2.4 Status Bar	34
Status Screens	35
3.1 Overview	35
3.2 The Status Screen	35
Tutorials	39
4.1 Overview	39
4.2 Setting Up a Secure Wireless Network	39
4.2.1 Configuring the Wireless Network Settings	40
4.2.2 Using WPS	41
4.2.3 Without WPS	46
4.2.4 Setting Up Wireless Network Scheduling	46
4.3 Configuring the MAC Address Filter	47
4.4 Configuring Static Route for Routing to Another Network	49
4.5 Multiple Public and Private IP Address Mappings	52
4.5.1 Full Feature NAT + Many-to-Many No Overload Mapping	53
4.5.2 Full Feature NAT + One-to-One Mapping	54
4.6 Multiple WAN Connections Example	55
Technical Reference	57
Internet and Wireless Setup Wizard	59
5.1 Overview	59
5.2 Internet Access Wizard Setup	59
5.2.1 Manual Configuration	62
5.3 Wireless Connection Wizard Setup	68
5.3.1 Manually Assign a WPA-PSK key	70
5.3.2 Manually Assign a WEP Key	71
WAN Setup	73
6.1 Overview	73
6.1.1 What You Can Do in the WAN Screens	73
6.1.2 What You Need to Know About WAN	73
6.1.3 Before You Begin	74
6.2 The Internet Access Setup Screen	75
6.2.1 Advanced Internet Access Setup	77
6.3 The More Connections Screen	79
6.3.1 More Connections Edit	80
6.3.2 Configuring More Connections Advanced Setup	82
6.4 WAN Technical Reference	83
6.4.1 Encapsulation	83
6.4.2 Multiplexing	85
6.4.3 VPI and VCI	85
6.4.4 IP Address Assignment	85
6.4.5 Nailed-Up Connection (PPP)	86
6.4.6 NAT	86
6.5 Traffic Shaping	86
6.5.1 ATM Traffic Classes	87
LAN Setup	89
7.1 Overview	89
7.1.1 What You Can Do in the LAN Screens	89
7.1.2 What You Need To Know About LAN	90
7.1.3 Before You Begin	91
7.2 The LAN IP Screen	91
7.2.1 The Advanced LAN IP Setup Screen	92
7.3 The DHCP Setup Screen	93
7.4 The Client List Screen	94
7.5 The IP Alias Screen	95
7.5.1 Configuring the LAN IP Alias Screen	96
7.6 LAN Technical Reference	97
7.6.1 LANs, WANs and the ZyXEL Device	98
7.6.2 DHCP Setup	98
7.6.3 DNS Server Addresses	98
7.6.4 LAN TCP/IP	99
7.6.5 RIP Setup	100
7.6.6 Multicast	101
Wireless LAN	103
8.1 Overview	103
8.1.1 What You Can Do in the Wireless LAN Screens	103
8.1.2 What You Need to Know About Wireless	104
8.1.3 Before You Start	104
8.2 The AP Screen	105
8.2.1 No Security	106
8.2.2 WEP Encryption	107
8.2.3 WPA(2)-PSK	108
8.2.4 WPA(2) Authentication	109
8.2.5 Wireless LAN Advanced Setup	110
8.2.6 MAC Filter	112
8.3 The More AP Screen	113
8.3.1 More AP Edit	114
8.4 The WPS Screen	115
8.5 The WPS Station Screen	116
8.6 The WDS Screen	117
8.7 The Scheduling Screen	119
8.8 Wireless LAN Technical Reference	120
8.8.1 Wireless Network Overview	120
8.8.2 Additional Wireless Terms	122
8.8.3 Wireless Security Overview	122
8.8.4 Signal Problems	125
8.8.5 BSS	125
8.8.6 MBSSID	126
8.8.7 Wireless Distribution System (WDS)	127
8.8.8 WiFi Protected Setup (WPS)	127
Network Address Translation (NAT)	135
9.1 Overview	135
9.1.1 What You Can Do in the NAT Screens	135
9.1.2 What You Need To Know About NAT	135
9.2 The NAT General Setup Screen	137
9.3 The Port Forwarding Screen	138
9.3.1 Configuring the Port Forwarding Screen	139
9.3.2 The Port Forwarding Rule Edit Screen	141
9.4 The Address Mapping Screen	142
9.4.1 The Address Mapping Rule Edit Screen	144
9.5 The ALG Screen	145
9.6 NAT Technical Reference	146
9.6.1 NAT Definitions	146
9.6.2 What NAT Does	146
9.6.3 How NAT Works	147
9.6.4 NAT Application	148
9.6.5 NAT Mapping Types	148
Firewall	151
10.1 Overview	151
10.1.1 What You Can Do in the Firewall Screens	151
10.1.2 What You Need to Know About Firewall	151
10.2 The Firewall Screen	153
Filters	155
11.1 Overview	155
11.1.1 What You Can Do in the Filter Screens	155
11.1.2 What You Need to Know About Filtering	155
11.2 The URL Filter Screen	156
11.3 The Application Filter Screen	157
11.4 The IP/MAC Filter Screen	158
Static Route	161
12.1 Overview	161
12.1.1 What You Can Do in the Static Route Screens	162
12.2 The Static Route Screen	162
12.2.1 Static Route Edit	163
802.1Q/1P	165
13.1 Overview	165
13.1.1 What You Can Do in the 802.1Q/1P Screens	165
13.1.2 What You Need to Know About 802.1Q/1P	165
13.2 The 802.1Q/1P Group Setting Screen	166
13.2.1 Editing 802.1Q/1P Group Setting	168
13.3 The 802.1Q/1P Port Setting Screen	169
Quality of Service (QoS)	171
14.1 Overview	171
14.1.1 What You Can Do in the QoS Screens	172
14.1.2 What You Need to Know About QoS	172
14.2 The QoS Screen	173
14.2.1 The QoS Settings Summary Screen	175
14.3 QoS Technical Reference	176
14.3.1 IEEE 802.1p	176
14.3.2 IP Precedence	177
14.3.3 Automatic Priority Queue Assignment	177
Dynamic DNS Setup	179
15.1 Overview	179
15.1.1 What You Can Do in the DDNS Screen	179
15.1.2 What You Need To Know About DDNS	179
15.2 The Dynamic DNS Screen	180
Remote Management	181
16.1 Overview	181
16.1.1 What You Can Do in the Remote Management Screens	182
16.1.2 What You Need to Know About Remote Management	182
16.2 The WWW Screen	183
16.2.1 Configuring the WWW Screen	183
16.3 The Telnet Screen	184
16.4 The FTP Screen	185
16.5 The SNMP Screen	186
16.5.1 Configuring SNMP	187
16.6 The DNS Screen	188
16.7 The ICMP Screen	189
Universal Plug-and-Play (UPnP)	191
17.1 Overview	191
17.1.1 What You Can Do in the UPnP Screen	191
17.1.2 What You Need to Know About UPnP	191
17.2 The UPnP Screen	193
17.3 Installing UPnP in Windows Example	194
17.4 Using UPnP in Windows XP Example	197
CWMP	203
18.1 Overview	203
18.2 The CWMP Setup Screen	204
System Settings	207
19.1 Overview	207
19.1.1 What You Can Do in the System Settings Screens	207
19.2 The General Screen	207
19.3 The Time and Date Screen	208
Logs	211
20.1 Overview	211
20.1.1 What You Need To Know About Logs	211
20.2 The System Log Screen	211
20.3 Log Descriptions	213
Tools	221
21.1 Overview	221
21.1.1 What You Can Do in the Tool Screens	221
21.2 The Firmware Screen	221
21.3 The Configuration Screen	224
21.4 The Restart Screen	227
Diagnostic	229
22.1 Overview	229
22.1.1 What You Can Do in the Diagnostic Screens	229
22.2 The General Screen	229
22.3 The DSL Line Screen	230
Troubleshooting	233
23.1 Power, Hardware Connections, and LEDs	233
23.2 ZyXEL Device Access and Login	234
23.3 Internet Access	236
Product Specifications	239
24.1 Hardware Specifications	239
24.2 Firmware Specifications	239
24.3 Wireless Features	243
24.4 Power Adaptor Specifications	246
Setting up Your Computer’s IP Address	247
IP Addresses and Subnetting	271
Pop-up Windows, JavaScripts and Java Permissions	281
Wireless LANs	291
Services	307
Legal Information	311

Match case Limit results 1 per page

Appendix D Wireless LANs

P-660HN-TxA User’s Guide

298

• Access-Challenge

Sent by a RADIUS server requesting more information in order to allow access.

The access point sends a proper response from the user and then sends another

Access-Request message.

The following types of RADIUS messages are exchanged between the access point

and the RADIUS server for user accounting:

• Accounting-Request

Sent by the access point requesting accounting.

• Accounting-Response

Sent by the RADIUS server to indicate that it has started or stopped accounting.

In order to ensure network security, the access point and the RADIUS server use a

shared secret key, which is a password, they both know. The key is not sent over

the network. In addition to the shared key, password information exchanged is

also encrypted to protect the network from unauthorized access.

Types of EAP Authentication

This section discusses some popular authentication types: EAP-MD5, EAP-TLS,

EAP-TTLS, PEAP and LEAP. Your wireless LAN device may not support all

authentication types.

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on

top of the IEEE 802.1x transport mechanism in order to support multiple types of

user authentication. By using EAP to interact with an EAP-compatible RADIUS

server, an access point helps a wireless station and a RADIUS server perform

authentication.

The type of authentication you use depends on the RADIUS server and an

intermediary AP(s) that supports IEEE 802.1x. .

For EAP-TLS authentication type, you must first have a wired connection to the

network and obtain the certificate(s) from a certificate authority (CA). A certificate

(also called digital IDs) can be used to authenticate users and a CA issues

certificates and guarantees the identity of each certificate owner.

EAP-MD5 (Message-Digest Algorithm 5)

MD5 authentication is the simplest one-way authentication method. The

authentication server sends a challenge to the wireless client. The wireless client

‘proves’ that it knows the password by encrypting the password with the challenge

and sends back the information. Password is not sent in plain text.