Home » ZyXEL Manuals » Networking » ZyXEL P-660HN-51 » Manual Viewer

ZyXEL P-660HN-51 User Guide - Page 302

User Authentication, Wireless Client WPA Supplicants, WPA2 with RADIUS Application Example

Add to My Manuals
Save this manual to your list of manuals

Page 302 highlights

Appendix D Wireless LANs keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of WEP) User Authentication WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. WPA2 reduces the number of key exchange messages from six to four (CCMP 4-way handshake) and shortens the time required to connect to a network. Other WPA2 authentication features that are different from WPA include key caching and preauthentication. These two features are optional and may not be supported in all wireless devices. Key caching allows a wireless client to store the PMK it derived through a successful authentication with an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not need to go with the authentication process again. Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform IEEE 802.1x authentication with another AP before connecting to it. Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client. The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it. WPA(2) with RADIUS Application Example To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system. 1 The AP passes the wireless client's authentication request to the RADIUS server. 2 The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly. 3 A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS server and the client. 302 P-660HN-TxA User's Guide

Section	Page
P-660HN-TxA	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
User’s Guide	19
Introduction	21
1.1 Overview	21
1.2 Ways to Manage the ZyXEL Device	21
1.3 Good Habits for Managing the ZyXEL Device	22
1.4 Applications for the ZyXEL Device	22
1.4.1 Internet Access	22
1.5 Wireless Access	23
1.5.1 Using the WPS/WLAN Button	23
1.6 LEDs (Lights)	25
1.7 The RESET Button	26
1.7.1 Using the Reset Button	27
The Web Configurator	29
2.1 Overview	29
2.1.1 Accessing the Web Configurator	29
2.2 The Main Screen	31
2.2.1 Title Bar	32
2.2.2 Navigation Panel	32
2.2.3 Main Window	34
2.2.4 Status Bar	34
Status Screens	35
3.1 Overview	35
3.2 The Status Screen	35
Tutorials	39
4.1 Overview	39
4.2 Setting Up a Secure Wireless Network	39
4.2.1 Configuring the Wireless Network Settings	40
4.2.2 Using WPS	41
4.2.3 Without WPS	46
4.2.4 Setting Up Wireless Network Scheduling	46
4.3 Configuring the MAC Address Filter	47
4.4 Configuring Static Route for Routing to Another Network	49
4.5 Multiple Public and Private IP Address Mappings	52
4.5.1 Full Feature NAT + Many-to-Many No Overload Mapping	53
4.5.2 Full Feature NAT + One-to-One Mapping	54
4.6 Multiple WAN Connections Example	55
Technical Reference	57
Internet and Wireless Setup Wizard	59
5.1 Overview	59
5.2 Internet Access Wizard Setup	59
5.2.1 Manual Configuration	62
5.3 Wireless Connection Wizard Setup	68
5.3.1 Manually Assign a WPA-PSK key	70
5.3.2 Manually Assign a WEP Key	71
WAN Setup	73
6.1 Overview	73
6.1.1 What You Can Do in the WAN Screens	73
6.1.2 What You Need to Know About WAN	73
6.1.3 Before You Begin	74
6.2 The Internet Access Setup Screen	75
6.2.1 Advanced Internet Access Setup	77
6.3 The More Connections Screen	79
6.3.1 More Connections Edit	80
6.3.2 Configuring More Connections Advanced Setup	82
6.4 WAN Technical Reference	83
6.4.1 Encapsulation	83
6.4.2 Multiplexing	85
6.4.3 VPI and VCI	85
6.4.4 IP Address Assignment	85
6.4.5 Nailed-Up Connection (PPP)	86
6.4.6 NAT	86
6.5 Traffic Shaping	86
6.5.1 ATM Traffic Classes	87
LAN Setup	89
7.1 Overview	89
7.1.1 What You Can Do in the LAN Screens	89
7.1.2 What You Need To Know About LAN	90
7.1.3 Before You Begin	91
7.2 The LAN IP Screen	91
7.2.1 The Advanced LAN IP Setup Screen	92
7.3 The DHCP Setup Screen	93
7.4 The Client List Screen	94
7.5 The IP Alias Screen	95
7.5.1 Configuring the LAN IP Alias Screen	96
7.6 LAN Technical Reference	97
7.6.1 LANs, WANs and the ZyXEL Device	98
7.6.2 DHCP Setup	98
7.6.3 DNS Server Addresses	98
7.6.4 LAN TCP/IP	99
7.6.5 RIP Setup	100
7.6.6 Multicast	101
Wireless LAN	103
8.1 Overview	103
8.1.1 What You Can Do in the Wireless LAN Screens	103
8.1.2 What You Need to Know About Wireless	104
8.1.3 Before You Start	104
8.2 The AP Screen	105
8.2.1 No Security	106
8.2.2 WEP Encryption	107
8.2.3 WPA(2)-PSK	108
8.2.4 WPA(2) Authentication	109
8.2.5 Wireless LAN Advanced Setup	110
8.2.6 MAC Filter	112
8.3 The More AP Screen	113
8.3.1 More AP Edit	114
8.4 The WPS Screen	115
8.5 The WPS Station Screen	116
8.6 The WDS Screen	117
8.7 The Scheduling Screen	119
8.8 Wireless LAN Technical Reference	120
8.8.1 Wireless Network Overview	120
8.8.2 Additional Wireless Terms	122
8.8.3 Wireless Security Overview	122
8.8.4 Signal Problems	125
8.8.5 BSS	125
8.8.6 MBSSID	126
8.8.7 Wireless Distribution System (WDS)	127
8.8.8 WiFi Protected Setup (WPS)	127
Network Address Translation (NAT)	135
9.1 Overview	135
9.1.1 What You Can Do in the NAT Screens	135
9.1.2 What You Need To Know About NAT	135
9.2 The NAT General Setup Screen	137
9.3 The Port Forwarding Screen	138
9.3.1 Configuring the Port Forwarding Screen	139
9.3.2 The Port Forwarding Rule Edit Screen	141
9.4 The Address Mapping Screen	142
9.4.1 The Address Mapping Rule Edit Screen	144
9.5 The ALG Screen	145
9.6 NAT Technical Reference	146
9.6.1 NAT Definitions	146
9.6.2 What NAT Does	146
9.6.3 How NAT Works	147
9.6.4 NAT Application	148
9.6.5 NAT Mapping Types	148
Firewall	151
10.1 Overview	151
10.1.1 What You Can Do in the Firewall Screens	151
10.1.2 What You Need to Know About Firewall	151
10.2 The Firewall Screen	153
Filters	155
11.1 Overview	155
11.1.1 What You Can Do in the Filter Screens	155
11.1.2 What You Need to Know About Filtering	155
11.2 The URL Filter Screen	156
11.3 The Application Filter Screen	157
11.4 The IP/MAC Filter Screen	158
Static Route	161
12.1 Overview	161
12.1.1 What You Can Do in the Static Route Screens	162
12.2 The Static Route Screen	162
12.2.1 Static Route Edit	163
802.1Q/1P	165
13.1 Overview	165
13.1.1 What You Can Do in the 802.1Q/1P Screens	165
13.1.2 What You Need to Know About 802.1Q/1P	165
13.2 The 802.1Q/1P Group Setting Screen	166
13.2.1 Editing 802.1Q/1P Group Setting	168
13.3 The 802.1Q/1P Port Setting Screen	169
Quality of Service (QoS)	171
14.1 Overview	171
14.1.1 What You Can Do in the QoS Screens	172
14.1.2 What You Need to Know About QoS	172
14.2 The QoS Screen	173
14.2.1 The QoS Settings Summary Screen	175
14.3 QoS Technical Reference	176
14.3.1 IEEE 802.1p	176
14.3.2 IP Precedence	177
14.3.3 Automatic Priority Queue Assignment	177
Dynamic DNS Setup	179
15.1 Overview	179
15.1.1 What You Can Do in the DDNS Screen	179
15.1.2 What You Need To Know About DDNS	179
15.2 The Dynamic DNS Screen	180
Remote Management	181
16.1 Overview	181
16.1.1 What You Can Do in the Remote Management Screens	182
16.1.2 What You Need to Know About Remote Management	182
16.2 The WWW Screen	183
16.2.1 Configuring the WWW Screen	183
16.3 The Telnet Screen	184
16.4 The FTP Screen	185
16.5 The SNMP Screen	186
16.5.1 Configuring SNMP	187
16.6 The DNS Screen	188
16.7 The ICMP Screen	189
Universal Plug-and-Play (UPnP)	191
17.1 Overview	191
17.1.1 What You Can Do in the UPnP Screen	191
17.1.2 What You Need to Know About UPnP	191
17.2 The UPnP Screen	193
17.3 Installing UPnP in Windows Example	194
17.4 Using UPnP in Windows XP Example	197
CWMP	203
18.1 Overview	203
18.2 The CWMP Setup Screen	204
System Settings	207
19.1 Overview	207
19.1.1 What You Can Do in the System Settings Screens	207
19.2 The General Screen	207
19.3 The Time and Date Screen	208
Logs	211
20.1 Overview	211
20.1.1 What You Need To Know About Logs	211
20.2 The System Log Screen	211
20.3 Log Descriptions	213
Tools	221
21.1 Overview	221
21.1.1 What You Can Do in the Tool Screens	221
21.2 The Firmware Screen	221
21.3 The Configuration Screen	224
21.4 The Restart Screen	227
Diagnostic	229
22.1 Overview	229
22.1.1 What You Can Do in the Diagnostic Screens	229
22.2 The General Screen	229
22.3 The DSL Line Screen	230
Troubleshooting	233
23.1 Power, Hardware Connections, and LEDs	233
23.2 ZyXEL Device Access and Login	234
23.3 Internet Access	236
Product Specifications	239
24.1 Hardware Specifications	239
24.2 Firmware Specifications	239
24.3 Wireless Features	243
24.4 Power Adaptor Specifications	246
Setting up Your Computer’s IP Address	247
IP Addresses and Subnetting	271
Pop-up Windows, JavaScripts and Java Permissions	281
Wireless LANs	291
Services	307
Legal Information	311

Match case Limit results 1 per page

Appendix D Wireless LANs

P-660HN-TxA User’s Guide

302

keys. This prevent all wireless devices sharing the same encryption keys. (a

weakness of WEP)

User Authentication

WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to

authenticate wireless clients using an external RADIUS database. WPA2 reduces

the number of key exchange messages from six to four (CCMP 4-way handshake)

and shortens the time required to connect to a network. Other WPA2

authentication features that are different from WPA include key caching and pre-

authentication. These two features are optional and may not be supported in all

wireless devices.

Key caching allows a wireless client to store the PMK it derived through a

successful authentication with an AP. The wireless client uses the PMK when it tries

to connect to the same AP and does not need to go with the authentication

process again.

Pre-authentication enables fast roaming by allowing the wireless client (already

connecting to an AP) to perform IEEE 802.1x authentication with another AP

before connecting to it.

Wireless Client WPA Supplicants

A wireless client supplicant is the software that runs on an operating system

instructing the wireless client how to use WPA. At the time of writing, the most

widely available supplicant is the

WPA patch for Windows XP, Funk Software's

Odyssey client.

The Windows XP patch is a free download that adds WPA capability to Windows

XP's built-in "Zero Configuration" wireless client. However, you must run Windows

XP to use it.

WPA(2) with RADIUS Application Example

To set up WPA(2), you need the IP address of the RADIUS server, its port number

(default is 1812), and the RADIUS shared secret. A WPA(2) application example

with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is

the distribution system.

The AP passes the wireless client's authentication request to the RADIUS server.

The RADIUS server then checks the user's identification against its database and

grants or denies network access accordingly.

A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by

the RADIUS server and the client.