Home » ZyXEL Manuals » Networking » ZyXEL VMG1312-B10A » Manual Viewer

ZyXEL VMG1312-B10A User Guide - Page 300

PEAP Protected EAP, Dynamic WEP Key Exchange, WPA and WPA2

Get ZyXEL VMG1312-B10A PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 300 highlights

Appendix B Wireless LANs PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen. You may still configure and store keys, but they will not be used while dynamic WEP is enabled. Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types. Table 129 Comparison of EAP Authentication Types EAP-MD5 EAP-TLS Mutual Authentication No Yes Certificate - Client No Yes Certificate - Server No Yes Dynamic Key Exchange No Yes Credential Integrity None Strong Deployment Difficulty Easy Hard Client Identity Protection No No EAP-TTLS Yes Optional Yes Yes Strong Moderate Yes PEAP Yes Optional Yes Yes Strong Moderate Yes LEAP Yes No No Yes Moderate Moderate No WPA and WPA2 Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication. If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use VMG1312-B Series User's Guide 300

Section	Page
VMG1312-B Series	1
Contents Overview	3
Table of Contents	5
User’s Guide	15
Introducing the Device	17
1.1 Overview	17
1.2 Ways to Manage the Device	17
1.3 Good Habits for Managing the Device	17
1.4 Applications for the Device	18
1.4.1 Internet Access	18
1.4.2 Device’s USB Support	18
1.5 LEDs (Lights)	20
1.6 The RESET Button	21
1.7 Wireless Access	21
1.7.1 Using the WLAN/WPS Button	22
The Web Configurator	23
2.1 Overview	23
2.1.1 Accessing the Web Configurator	23
2.2 Web Configurator Layout	25
2.2.1 Title Bar	25
2.2.2 Main Window	26
2.2.3 Navigation Panel	26
Quick Start	31
3.1 Overview	31
3.2 Quick Start Setup	31
Tutorials	33
4.1 Overview	33
4.2 Setting Up an ADSL PPPoE Connection	33
4.3 Setting Up a Secure Wireless Network	36
4.3.1 Configuring the Wireless Network Settings	36
4.3.2 Using WPS	37
4.3.3 Without WPS	41
4.4 Setting Up Multiple Wireless Groups	42
4.5 Configuring Static Route for Routing to Another Network	45
4.6 Configuring QoS Queue and Class Setup	47
4.7 Access the Device Using DDNS	51
4.7.1 Registering a DDNS Account on www.dyndns.org	51
4.7.2 Configuring DDNS on Your Device	52
4.7.3 Testing the DDNS Setting	52
4.8 Configuring the MAC Address Filter	52
4.9 Access Your Shared Files From a Computer	53
4.10 Using the Print Server Feature	54
Technical Reference	60
Network Map and Status Screens	62
5.1 Overview	62
5.2 The Network Map Screen	62
5.3 The Status Screen	63
Broadband	66
6.1 Overview	66
6.1.1 What You Can Do in this Chapter	66
6.1.2 What You Need to Know	67
6.1.3 Before You Begin	70
6.2 The Broadband Screen	70
6.2.1 Add/Edit Internet Connection	72
6.3 The 3G Backup Screen	79
6.4 The Advanced Screen	83
6.5 The 802.1x Screen	86
6.5.1 Modify 802.1X Settings	87
6.6 The Ethernet WAN Screen	87
6.7 Technical Reference	88
Wireless	94
7.1 Overview	94
7.1.1 What You Can Do in this Chapter	94
7.1.2 What You Need to Know	94
7.2 The General Screen	95
7.2.1 No Security	97
7.2.2 Basic (WEP Encryption)	97
7.2.3 More Secure (WPA(2)-PSK)	98
7.3 The Guest / More AP Screen	99
7.3.1 Edit Guest / More AP	100
7.4 MAC Authentication	102
7.5 The WPS Screen	103
7.6 The WMM Screen	105
7.7 The WDS Screen	106
7.7.1 WDS Scan	108
7.8 The Others Screen	108
7.9 The Channel Status Screen	110
7.10 Technical Reference	111
7.10.1 Wireless Network Overview	111
7.10.2 Additional Wireless Terms	113
7.10.3 Wireless Security Overview	113
7.10.4 Signal Problems	115
7.10.5 BSS	116
7.10.6 MBSSID	116
7.10.7 Preamble Type	117
7.10.8 Wireless Distribution System (WDS)	117
7.10.9 WiFi Protected Setup (WPS)	117
Home Networking	125
8.1 Overview	125
8.1.1 What You Can Do in this Chapter	125
8.1.2 What You Need To Know	126
8.1.3 Before You Begin	127
8.2 The LAN Setup Screen	127
8.3 The Static DHCP Screen	131
8.4 The UPnP Screen	132
8.4.1 Turning On UPnP in Windows 7 Example	133
8.5 The Additional Subnet Screen	135
8.6 The STB Vendor ID Screen	136
8.6.1 The Add/Edit STB Vendor ID Screen	136
8.7 The TFTP Server Name Screen	137
8.8 Technical Reference	138
8.8.1 LANs, WANs and the Device	138
8.8.2 DHCP Setup	138
8.8.3 DNS Server Addresses	138
8.8.4 LAN TCP/IP	139
Routing	141
9.1 Overview	141
9.2 The Routing Screen	141
9.2.1 Add/Edit Static Route	142
9.3 The DNS Route Screen	143
9.3.1 The DNS Route Add Screen	144
9.4 The Policy Forwarding Screen	144
9.4.1 Add/Edit Policy Forwarding	146
9.5 RIP	146
9.5.1 The RIP Screen	147
Quality of Service (QoS)	148
10.1 Overview	148
10.1.1 What You Can Do in this Chapter	148
10.2 What You Need to Know	148
10.3 The Quality of Service General Screen	150
10.4 The Queue Setup Screen	151
10.4.1 Adding a QoS Queue	152
10.5 The Class Setup Screen	153
10.5.1 Add/Edit QoS Class	154
10.6 The QoS Policer Setup Screen	158
10.6.1 Add/Edit a QoS Policer	159
10.7 Technical Reference	160
Network Address Translation (NAT)	165
11.1 Overview	165
11.1.1 What You Can Do in this Chapter	165
11.1.2 What You Need To Know	165
11.2 The Port Forwarding Screen	166
11.2.1 Add/Edit Port Forwarding	168
11.3 The Applications Screen	169
11.3.1 Add New Application	170
11.4 The Port Triggering Screen	171
11.4.1 Add/Edit Port Triggering Rule	172
11.5 The DMZ Screen	173
11.6 The ALG Screen	174
11.7 The Address Mapping Screen	175
11.7.1 Add/Edit Address Mapping Rule	176
11.8 The Sessions Screen	177
11.9 Technical Reference	177
11.9.1 NAT Definitions	178
11.9.2 What NAT Does	178
11.9.3 How NAT Works	179
11.9.4 NAT Application	179
Dynamic DNS Setup	182
12.1 Overview	182
12.1.1 What You Can Do in this Chapter	182
12.1.2 What You Need To Know	182
12.2 The DNS Entry Screen	183
12.2.1 Add/Edit DNS Entry	183
12.3 The Dynamic DNS Screen	184
IGMP/MLD	186
13.1 Overview	186
13.1.1 What You Need To Know	186
13.2 The IGMP/MLD Screen	186
Vlan Group	189
14.1 Overview	189
14.1.1 What You Can Do in this Chapter	189
14.2 The Vlan Group Screen	189
14.2.1 Add/Edit a VLAN Group	190
Interface Group	191
15.1 Overview	191
15.1.1 What You Can Do in this Chapter	191
15.2 The Interface Group Screen	191
15.2.1 Interface Group Configuration	192
15.2.2 Interface Grouping Criteria	194
USB Service	196
16.1 Overview	196
16.1.1 What You Can Do in this Chapter	196
16.1.2 What You Need To Know	196
16.1.3 Before You Begin	198
16.2 The File Sharing Screen	198
16.2.1 The Add New User Screen	199
16.3 The Media Server Screen	200
16.4 Print Server	201
16.4.1 Before You Begin	201
16.4.2 The Print Server Screen	202
Power Management	203
17.1 Overview	203
17.1.1 What You Can Do in this Chapter	203
17.1.2 What You Need To Know	203
17.2 The Power Management Screen	203
17.3 The Auto Switch Off Screen	204
17.3.1 The Auto Switch Off Add or Modify Screen	205
17.3.2 The Add/Edit Rule Screen	206
Firewall	207
18.1 Overview	207
18.1.1 What You Can Do in this Chapter	207
18.1.2 What You Need to Know	208
18.2 The Firewall Screen	208
18.3 The Protocol Screen	209
18.3.1 Add/Edit a Service	210
18.4 The Access Control Screen	212
18.4.1 Add/Edit an ACL Rule	212
18.5 The DoS Screen	214
MAC Filter	216
19.1 Overview	216
19.2 The MAC Filter Screen	216
Parental Control	218
20.1 Overview	218
20.2 The Parental Control Screen	218
20.2.1 Add/Edit a Parental Control Profile	219
Scheduler Rule	223
21.1 Overview	223
21.2 The Scheduler Rule Screen	223
21.2.1 Add/Edit a Schedule	224
Certificates	225
22.1 Overview	225
22.1.1 What You Can Do in this Chapter	225
22.2 What You Need to Know	225
22.3 The Local Certificates Screen	225
22.3.1 Create Certificate Request	226
22.3.2 Load Signed Certificate	228
22.4 The Trusted CA Screen	228
22.4.1 View Trusted CA Certificate	229
22.4.2 Import Trusted CA Certificate	230
Log	232
23.1 Overview	232
23.1.1 What You Can Do in this Chapter	232
23.1.2 What You Need To Know	232
23.2 The System Log Screen	233
23.3 The Security Log Screen	234
Traffic Status	235
24.1 Overview	235
24.1.1 What You Can Do in this Chapter	235
24.2 The WAN Status Screen	235
24.3 The LAN Status Screen	236
24.4 The NAT Status Screen	237
ARP Table	239
25.1 Overview	239
25.1.1 How ARP Works	239
25.2 ARP Table Screen	240
Routing Table	241
26.1 Overview	241
26.2 The Routing Table Screen	241
IGMP/MLD Status	243
27.1 Overview	243
27.2 The IGMP/MLD Group Status Screen	243
xDSL Statistics	245
28.1 The xDSL Statistics Screen	245
3G Statistics	249
29.1 Overview	249
29.2 The 3G Statistics Screen	249
User Account	251
30.1 Overview	251
30.2 The User Account Screen	251
30.2.1 The User Account Add/Edit Screen	252
Remote Management	253
31.1 Overview	253
31.2 The Remote MGMT Screen	253
TR-069 Client	255
32.1 Overview	255
32.2 The TR-069 Client Screen	255
TR-064	257
33.1 Overview	257
33.2 The TR-064 Screen	257
SNMP	258
34.1 Overview	258
34.2 The SNMP Screen	258
Time Settings	260
35.1 Overview	260
35.2 The Time Screen	260
E-mail Notification	262
36.1 Overview	262
36.2 The Email Notification Screen	262
36.2.1 Email Notification Edit	263
Log Setting	264
37.1 Overview	264
37.2 The Log Settings Screen	264
37.2.1 Example E-mail Log	265
Firmware Upgrade	267
38.1 Overview	267
38.2 The Firmware Screen	267
Configuration	270
39.1 Overview	270
39.2 The Configuration Screen	270
39.3 The Reboot Screen	272
Diagnostic	273
40.1 Overview	273
40.1.1 What You Can Do in this Chapter	273
40.2 What You Need to Know	273
40.3 Ping & TraceRoute & NsLookup	274
40.4 802.1ag	274
40.5 OAM Ping	275
Troubleshooting	278
41.1 Power, Hardware Connections, and LEDs	278
41.2 Device Access and Login	279
41.3 Internet Access	281
41.4 Wireless Internet Access	282
41.5 USB Device Connection	283
41.6 UPnP	283
Appendices	285
Customer Support	287
Wireless LANs	293
IPv6	306
Services	314
Legal Information	318

Match case Limit results 1 per page

Appendix B Wireless LANs

VMG1312-B Series User’s Guide

300

PEAP (Protected EAP)

Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then

use simple username and password methods through the secured connection to authenticate the

clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5,

EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is

implemented only by Cisco.

LEAP

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x.

Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key expires when the

wireless connection times out, disconnects or reauthentication times out. A new WEP key is

generated each time reauthentication is performed.

If this feature is enabled, it is not necessary to configure a default encryption key in the wireless

security configuration screen. You may still configure and store keys, but they will not be used while

dynamic WEP is enabled.

Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic

keys for data encryption. They are often deployed in corporate environments, but for public

deployment, a simple user name and password pair is more practical. The following table is a

comparison of the features of authentication types.

WPA and WPA2

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a

wireless security standard that defines stronger encryption, authentication and key management

than WPA.

Key differences between WPA or WPA2 and WEP are improved data encryption and user

authentication.

If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use

WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use

Table 129

Comparison of EAP Authentication Types

EAP-MD5

EAP-TLS

EAP-TTLS

PEAP

LEAP

Mutual Authentication

Yes

Certificate – Client

Yes

Optional

Certificate – Server

Yes

Dynamic Key Exchange

Yes

Credential Integrity

None

Strong

Moderate

Deployment Difficulty

Easy

Hard

Moderate

Client Identity Protection

Yes