Home » ZyXEL Manuals » Networking » ZyXEL P-660HW-T1 v2 » Manual Viewer

ZyXEL P-660HW-T1 v2 User Guide - Page 95

User Authentication, Encryption

Get ZyXEL P-660HW-T1 v2 PDF manuals and user guides

View all ZyXEL P-660HW-T1 v2 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 95 highlights

P-660HW-T v2 User's Guide 6.2.3 User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network. You can make every user log in to the wireless network before they can use it. This is called user authentication. However, every wireless client in the wireless network has to support IEEE 802.1x to do this. For wireless networks, there are two typical places to store the user names and passwords for each user. • In the AP: this feature is called a local user database or a local database. • In a RADIUS server: this is a server used in businesses more than in homes. If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network. Local user databases also have an additional limitation that is explained in the next section. 6.2.4 Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message. The types of encryption you can choose depend on the type of user authentication. (See Section 6.2.3 on page 95 for information about this.) Table 26 Types of Encryption for Each Type of Authentication Weakest Strongest No Authentication No Security Static WEP WPA-PSK WPA2-PSK RADIUS Server WPA WPA2 For example, if the wireless network has a RADIUS server, you can choose WPA or WPA2. If users do not log in to the wireless network, you can choose no encryption, Static WEP, WPA-PSK, or WPA2-PSK. Chapter 6 Wireless LAN 95

Section	Page
P-660HW-T v2	1
User’s Guide	1
Copyright	3
Certifications	4
Safety Warnings	6
ZyXEL Limited Warranty	8
Customer Support	9
Table of Contents	11
List of Figures	21
List of Tables	27
Preface	31
Getting To Know Your ZyXEL Device	33
1.1 Introducing the ZyXEL Device	33
1.2 Features	33
1.2.1 Wireless Features	36
1.3 Applications for the ZyXEL Device	37
1.3.1 Protected Internet Access	37
1.3.2 LAN to LAN Application	38
1.4 Front Panel LEDs	38
1.5 Hardware Connection	39
Introducing the Web Configurator	41
2.1 Web Configurator Overview	41
2.2 Accessing the Web Configurator	41
2.3 Resetting the ZyXEL Device	43
2.3.1 Using the Reset Button	43
2.4 Navigating the Web Configurator	43
2.4.1 Navigation Panel	43
2.4.2 Status Screen	46
2.4.3 Status: Any IP Table	49
2.4.4 Status: WLAN Status	49
2.4.5 Status: Bandwidth Status	50
2.4.6 Status: Packet Statistics	51
2.4.7 Changing Login Password	52
Wizard Setup for Internet Access	55
3.1 Introduction	55
3.2 Internet Access Wizard Setup	55
3.2.1 Automatic Detection	57
3.2.2 Manual Configuration	57
3.3 Wireless Connection Wizard Setup	62
3.3.1 Manually assign a WPA-PSK key	65
3.3.2 Manually assign a WEP key	66
Bandwidth Management Wizard	69
4.1 Introduction	69
4.2 Predefined Media Bandwidth Management Services	69
4.3 Bandwidth Management Wizard Setup	70
WAN Setup	75
5.1 WAN Overview	75
5.1.1 Encapsulation	75
5.1.2 Multiplexing	76
5.1.3 Encapsulation and Multiplexing Scenarios	76
5.1.4 VPI and VCI	77
5.1.5 IP Address Assignment	77
5.1.6 Nailed-Up Connection (PPP)	78
5.1.7 NAT	78
5.2 Metric	78
5.3 Traffic Shaping	79
5.3.1 ATM Traffic Classes	80
5.4 Zero Configuration Internet Access	80
5.5 Internet Connection	81
5.5.1 Configuring Advanced Internet Connection Setup	83
5.6 Configuring More Connections	84
5.6.1 More Connections Edit	85
5.6.2 Configuring More Connections Advanced Setup	88
5.7 Traffic Redirect	89
5.8 Configuring WAN Backup	90
Wireless LAN	93
6.1 Wireless Network Overview	93
6.2 Wireless Security Overview	94
6.2.1 SSID	94
6.2.2 MAC Address Filter	94
6.2.3 User Authentication	95
6.2.4 Encryption	95
6.2.5 One-Touch Intelligent Security Technology (OTIST)	96
6.3 Wireless Performance Overview	96
6.4 General Wireless LAN Screen	96
6.4.1 No Security	98
6.4.2 WEP Encryption	98
6.4.3 WPA-PSK/WPA2-PSK	99
6.4.4 WPA/WPA2	101
6.4.5 Wireless LAN Advanced Setup	103
6.5 OTIST	105
6.5.1 Enabling OTIST	105
6.5.2 Starting OTIST	107
6.5.3 Notes on OTIST	108
6.6 MAC Filter	108
LAN Setup	111
7.1 LAN Overview	111
7.1.1 LANs, WANs and the ZyXEL Device	111
7.1.2 DHCP Setup	112
7.1.3 DNS Server Address	112
7.1.4 DNS Server Address Assignment	113
7.2 LAN TCP/IP	113
7.2.1 IP Address and Subnet Mask	113
7.2.2 RIP Setup	114
7.2.3 Multicast	115
7.2.4 Any IP	115
7.3 Configuring LAN IP	117
7.3.1 Configuring Advanced LAN Setup	117
7.4 DHCP Setup	119
7.5 LAN Client List	120
7.6 LAN IP Alias	121
Network Address Translation (NAT) Screens	125
8.1 NAT Overview	125
8.1.1 NAT Definitions	125
8.1.2 What NAT Does	126
8.1.3 How NAT Works	126
8.1.4 NAT Application	127
8.1.5 NAT Mapping Types	127
8.2 SUA (Single User Account) Versus NAT	128
8.3 NAT General Setup	128
8.4 Port Forwarding	129
8.4.1 Default Server IP Address	130
8.4.2 Port Forwarding: Services and Port Numbers	130
8.4.3 Configuring Servers Behind Port Forwarding (Example)	131
8.5 Configuring Port Forwarding	131
8.5.1 Port Forwarding Rule Edit	132
8.6 Address Mapping	133
8.6.1 Address Mapping Rule Edit	135
Firewalls	137
9.1 Firewall Overview	137
9.2 Types of Firewalls	137
9.2.1 Packet Filtering Firewalls	137
9.2.2 Application-level Firewalls	138
9.2.3 Stateful Inspection Firewalls	138
9.3 Introduction to ZyXEL’s Firewall	138
9.3.1 Denial of Service Attacks	139
9.4 Denial of Service	139
9.4.1 Basics	139
9.4.2 Types of DoS Attacks	140
9.5 Stateful Inspection	143
9.5.1 Stateful Inspection Process	144
9.5.2 Stateful Inspection and the ZyXEL Device	144
9.5.3 TCP Security	145
9.5.4 UDP/ICMP Security	145
9.5.5 Upper Layer Protocols	146
9.6 Guidelines for Enhancing Security with Your Firewall	146
9.6.1 Security In General	146
9.7 Packet Filtering Vs Firewall	147
9.7.1 Packet Filtering:	147
9.7.2 Firewall	148
Firewall Configuration	149
10.1 Access Methods	149
10.2 Firewall Policies Overview	149
10.3 Rule Logic Overview	150
10.3.1 Rule Checklist	150
10.3.2 Security Ramifications	150
10.3.3 Key Fields For Configuring Rules	151
10.4 Connection Direction	151
10.4.1 LAN to WAN Rules	152
10.4.2 Alerts	152
10.5 General Firewall Policy	152
10.6 Firewall Rules Summary	153
10.6.1 Configuring Firewall Rules	155
10.6.2 Customized Services	158
10.6.3 Configuring a Customized Service	159
10.7 Example Firewall Rule	159
10.8 Predefined Services	163
10.9 Anti-Probing	165
10.10 DoS Thresholds	166
10.10.1 Threshold Values	166
10.10.2 Half-Open Sessions	167
10.10.3 Configuring Firewall Thresholds	168
Content Filtering	171
11.1 Content Filtering Overview	171
11.2 Configuring Keyword Blocking	171
11.3 Configuring the Schedule	172
11.4 Configuring Trusted Computers	173
Static Route	175
12.1 Static Route	175
12.2 Configuring Static Route	175
12.2.1 Static Route Edit	176
Bandwidth Management	179
13.1 Bandwidth Management Overview	179
13.2 Application-based Bandwidth Management	179
13.3 Subnet-based Bandwidth Management	179
13.4 Application and Subnet-based Bandwidth Management	180
13.5 Scheduler	180
13.5.1 Priority-based Scheduler	180
13.5.2 Fairness-based Scheduler	181
13.6 Maximize Bandwidth Usage	181
13.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic	181
13.6.2 Maximize Bandwidth Usage Example	182
13.6.3 Bandwidth Management Priorities	183
13.7 Over Allotment of Bandwidth	184
13.8 Configuring Summary	184
13.9 Bandwidth Management Rule Setup	185
13.9.1 Rule Configuration	187
13.10 Bandwidth Monitor	189
Dynamic DNS Setup	191
14.1 Dynamic DNS Overview	191
14.1.1 DYNDNS Wildcard	191
14.2 Configuring Dynamic DNS	191
Remote Management Configuration	195
15.1 Remote Management Overview	195
15.1.1 Remote Management Limitations	195
15.1.2 Remote Management and NAT	196
15.1.3 System Timeout	196
15.2 WWW	196
15.3 Telnet	197
15.4 Configuring Telnet	197
15.5 Configuring FTP	198
15.6 SNMP	199
15.6.1 Supported MIBs	200
15.6.2 SNMP Traps	201
15.6.3 Configuring SNMP	201
15.7 Configuring DNS	202
15.8 Configuring ICMP	203
15.9 TR-069	204
Universal Plug-and-Play (UPnP)	207
16.1 Introducing Universal Plug and Play	207
16.1.1 How do I know if I'm using UPnP?	207
16.1.2 NAT Traversal	207
16.1.3 Cautions with UPnP	208
16.2 UPnP and ZyXEL	208
16.2.1 Configuring UPnP	208
16.3 Installing UPnP in Windows Example	209
16.3.1 Installing UPnP in Windows Me	209
16.3.2 Installing UPnP in Windows XP	211
16.4 Using UPnP in Windows XP Example	212
16.4.1 Auto-discover Your UPnP-enabled Network Device	212
16.4.2 Web Configurator Easy Access	215
System	219
17.1 General Setup	219
17.1.1 General Setup and System Name	219
17.1.2 General Setup	219
17.2 Time Setting	221
Logs	225
18.1 Logs Overview	225
18.1.1 Alerts and Logs	225
18.2 Viewing the Logs	225
18.3 Configuring Log Settings	226
18.3.1 Example E-mail Log	228
18.4 Log Descriptions	229
Tools	245
19.1 Firmware Upgrade	245
19.2 Configuration Screen	247
19.2.1 Backup Configuration	247
19.2.2 Restore Configuration	248
19.2.3 Back to Factory Defaults	249
19.3 Restart	249
Diagnostic	251
20.1 General Diagnostic	251
20.2 DSL Line Diagnostic	252
Troubleshooting	253
21.1 Problems Starting Up the ZyXEL Device	253
21.2 Problems with the LAN	253
21.3 Problems with the WAN	254
21.4 Problems Accessing the ZyXEL Device	255
Product Specifications	257
About ADSL	261
Internal SPTGEN	263
Wall-mounting Instructions	279
Setting up Your Computer’s IP Address	281
IP Subnetting	297
Command Interpreter	305
Firewall Commands	309
NetBIOS Filter Commands	315
Splitters and Microfilters	317
Wireless LANs	321
Pop-up Windows, JavaScripts and Java Permissions	335
Triangle Route	343
Index	345
Numerics	345
A	345
B	345
C	345
D	346
E	346
F	347
G	347
H	347
I	347
L	348
M	348
N	348
O	348
P	348
Q	349
R	349
S	349
T	350
U	350
V	351
W	351

Match case Limit results 1 per page

P-660HW-T v2 User’s Guide

Chapter 6 Wireless LAN

6.2.3

User Authentication

Authentication is the process of verifying whether a wireless device is allowed to use the

wireless network. You can make every user log in to the wireless network before they can use

it. This is called user authentication. However, every wireless client in the wireless network

has to support IEEE 802.1x to do this.

For wireless networks, there are two typical places to store the user names and passwords for

each user.

•

In the AP: this feature is called a local user database or a local database.

•

In a RADIUS server: this is a server used in businesses more than in homes.

If your AP does not provide a local user database and if you do not have a RADIUS server,

you cannot set up user names and passwords for your users.

Unauthorized devices can still see the information that is sent in the wireless network, even if

they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless

users to get a valid user name and password. Then, they can use that user name and password

to use the wireless network.

Local user databases also have an additional limitation that is explained in the next section.

6.2.4

Encryption

Wireless networks can use encryption to protect the information that is sent in the wireless

network. Encryption is like a secret code. If you do not know the secret code, you cannot

understand the message.

The types of encryption you can choose depend on the type of user authentication. (See

Section 6.2.3 on page 95

for information about this.)

For example, if the wireless network has a RADIUS server, you can choose

WPA

WPA2

If users do not log in to the wireless network, you can choose no encryption,

Static WEP

WPA-PSK

, or

WPA2-PSK

Table 26

Types of Encryption for Each Type of Authentication

No Authentication

RADIUS Server

Weakest

No Security

WPA

Static WEP

WPA-PSK

Strongest

WPA2-PSK

WPA2