Home » ZyXEL Manuals » Networking » ZyXEL VMG4927-B50A » Manual Viewer

ZyXEL VMG4927-B50A User Guide - Page 298

Types of RADIUS Messages, Types of EAP Authentication

Add to My Manuals
Save this manual to your list of manuals

Page 298 highlights

Appendix B Wireless LANs • Authorization Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client's network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server. Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: • Accounting-Request Sent by the access point requesting accounting. • Accounting-Response Sent by the RADIUS server to indicate that it has started or stopped accounting. In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access. Types of EAP Authentication This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. Your wireless LAN device may not support all authentication types. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. VMG4927-B50A / VMG9827-B50A User's Guide 298

Section	Page
VMG4927-B50A / VMG9827-B50A	1
Document Conventions	3
Contents Overview	4
Table of Contents	6
User’s Guide	15
VMG Introduction	16
1.1 Overview	16
1.1.1 Internet Access	16
1.1.2 Wireless Access	20
1.1.3 VoIP Features	20
1.2 Ways to Manage the VMG	21
1.3 Good Habits for Managing the VMG	21
1.4 Hardware	21
1.4.1 Front Panels	21
1.4.2 WPS Button	23
1.4.3 LEDs (Lights)	24
1.4.4 Rear Panel	26
1.4.5 RESET Button	27
1.4.6 Wall Mounting	27
The Web Configurator	29
2.1 Overview	29
2.1.1 Access the Web Configurator	29
2.2 Web Configurator Layout	31
2.2.1 Title Bar	31
2.2.2 Navigation Panel	32
Quick Start	36
3.1 Overview	36
3.2 Quick Start Setup	36
Tutorials	39
4.1 Overview	39
4.2 Set Up an ADSL PPPoE Connection	39
4.3 Set Up a Secure WiFi Network	42
4.3.1 Configure the WiFi Network Settings	42
4.3.2 Use WPS	44
4.3.3 Connect to the VMG’s WiFi Network Manually (No WPS)	46
4.3.4 Configure Wireless Security on the VMG	46
4.3.5 Configure Your Laptop	48
4.4 Set Up Multiple Wireless Groups	50
4.5 Configure Static Route for Routing to Another Network	53
4.6 Configure QoS Queue and Class Setup	55
4.7 Access the VMG Using DDNS	59
4.7.1 Register a DDNS Account on www.dyndns.org	59
4.7.2 Configure DDNS on Your VMG	60
4.7.3 Test the DDNS Setting	60
4.8 Configure the MAC Address Filter	60
Technical Reference	62
Network Map and Status Screens	63
5.1 Overview	63
5.2 Network Map	63
5.3 Status	65
Broadband	68
6.1 Overview	68
6.1.1 What You Can Do in this Chapter	68
6.1.2 What You Need to Know	69
6.1.3 Before You Begin	71
6.2 Broadband	72
6.2.1 Add/Edit Internet Connection	73
6.3 Advanced Settings	81
6.4 Ethernet WAN	84
6.5 Technical Reference	84
Wireless	90
7.1 Overview	90
7.1.1 What You Can Do in this Chapter	90
7.1.2 What You Need to Know	90
7.2 WiFi	91
7.2.1 WiFi Edit	91
7.3 Guest WiFi	93
7.3.1 Edit Guest WiFi	93
7.4 WPS	94
7.5 Advanced Settings	95
7.6 Channel Status	98
7.7 MESH	100
7.8 Technical Reference	102
7.8.1 Wireless Network Overview	102
7.8.2 Additional Wireless Terms	104
7.8.3 Wireless Security Overview	104
7.8.4 Signal Problems	106
7.8.5 BSS	106
7.8.6 MBSSID	107
7.8.7 Preamble Type	107
7.8.8 WiFi Protected Setup (WPS)	107
Home Networking	113
8.1 Overview	113
8.1.1 What You Can Do in this Chapter	113
8.1.2 What You Need To Know	114
8.1.3 Before You Begin	115
8.2 LAN Setup	115
8.3 Static DHCP	119
8.4 UPnP	120
8.4.1 Turn On UPnP in Windows 7 Example	121
8.5 Additional Subnet	123
8.6 STB Vendor ID	124
8.7 Wake on LAN	125
8.8 TFTP Server Name	125
8.9 Technical Reference	126
8.9.1 LANs, WANs and the VMG	126
8.9.2 DHCP Setup	127
8.9.3 DNS Server Addresses	127
8.9.4 LAN TCP/IP	127
Routing	129
9.1 Overview	129
9.2 Routing	129
9.2.1 Add/Edit Static Route	130
9.3 DNS Route	131
9.3.1 DNS Route Add	132
9.4 Policy Route	133
9.4.1 Add/Edit Policy Route	134
9.5 RIP Overview	135
9.5.1 RIP	135
Quality of Service (QoS)	137
10.1 Overview	137
10.1.1 What You Can Do in this Chapter	137
10.2 What You Need to Know	138
10.3 Quality of Service General Settings	139
10.4 Queue Setup	140
10.4.1 Adding a QoS Queue	142
10.5 Classification Setup	143
10.5.1 Add/Edit QoS Class	143
10.6 QoS Shaper Setup	147
10.6.1 Add/Edit a QoS Shaper	148
10.7 QoS Policer Setup	148
10.7.1 Add/Edit a QoS Policer	149
10.8 QoS Monitor	150
10.9 Technical Reference	151
Network Address Translation (NAT)	156
11.1 Overview	156
11.1.1 What You Can Do in this Chapter	156
11.1.2 What You Need To Know	156
11.2 Port Forwarding	157
11.2.1 Add/Edit Port Forwarding	159
11.3 Applications Settings	160
11.3.1 Add New Application	161
11.4 Port Triggering	162
11.4.1 Add/Edit Port Triggering Rule	163
11.5 DMZ	164
11.6 ALG	165
11.7 Address Mapping	166
11.7.1 Add/Edit Address Mapping Rule	167
11.8 Sessions	168
11.9 Technical Reference	169
11.9.1 NAT Definitions	169
11.9.2 What NAT Does	169
11.9.3 How NAT Works	170
11.9.4 NAT Application	170
Dynamic DNS Setup	173
12.1 Overview	173
12.1.1 What You Can Do in this Chapter	173
12.1.2 What You Need To Know	173
12.2 DNS Entry	174
12.2.1 Add/Edit DNS Entry	174
12.3 Dynamic DNS	175
IGMP/MLD	177
13.1 Overview	177
13.1.1 What You Need To Know	177
13.2 IGMP/MLD	177
VLAN Group	180
14.1 Overview	180
14.1.1 What You Can Do in this Chapter	180
14.2 VLAN Group	180
14.2.1 Add/Edit a VLAN Group	181
Interface Grouping	182
15.1 Overview	182
15.1.1 What You Can Do in this Chapter	182
15.2 Interface Grouping Overview	182
15.2.1 Interface Grouping Configuration	183
15.2.2 Interface Grouping Criteria	185
Firewall	187
16.1 Overview	187
16.1.1 What You Can Do in this Chapter	187
16.1.2 What You Need to Know	188
16.2 Firewall	188
16.3 Protocol	189
16.3.1 Add/Edit a Service	190
16.4 Access Control	191
16.4.1 Add/Edit an ACL Rule	192
16.5 DoS	193
MAC Filter	195
17.1 Overview	195
17.2 MAC Filter	195
Parental Control	197
18.1 Overview	197
18.2 Parental Control	197
18.2.1 Add/Edit a Parental Control Profile	198
Scheduler Rule	201
19.1 Overview	201
19.2 Scheduler Rule	201
19.2.1 Add/Edit a Schedule	201
Certificates	203
20.1 Overview	203
20.1.1 What You Can Do in this Chapter	203
20.2 What You Need to Know	203
20.3 Local Certificates	203
20.3.1 Create Certificate Request	204
20.3.2 View Certificate Request	205
20.4 Trusted CA	206
20.4.1 View Trusted CA Certificate	207
20.4.2 Import Trusted CA Certificate	208
Voice	210
21.1 Overview	210
21.1.1 What You Can Do in this Chapter	210
21.1.2 What You Need to Know About VoIP	210
21.2 Before You Begin	211
21.3 SIP Account	211
21.3.1 SIP Account Add/Edit	212
21.4 SIP Service Provider	216
21.4.1 SIP Service Provider Add/Edit	217
21.5 Phone Device	221
21.5.1 Phone Device Edit	222
21.6 Region	223
21.7 Call Rule	223
21.8 Technical Reference	224
21.8.1 Quality of Service (QoS)	232
21.8.2 Phone Services Overview	232
Log	237
22.1 Overview	237
22.1.1 What You Can Do in this Chapter	237
22.1.2 What You Need To Know	237
22.2 System Log	238
22.3 Security Log	239
Traffic Status	240
23.1 Overview	240
23.1.1 What You Can Do in this Chapter	240
23.2 WAN Status	240
23.3 LAN Status	241
23.4 NAT Status	242
ARP Table	244
24.1 Overview	244
24.1.1 How ARP Works	244
24.2 ARP Table	244
Routing Table	246
25.1 Overview	246
25.2 Routing Table	246
Multicast Status	248
26.1 Overview	248
26.2 IGMP Status	248
26.3 MLD Status	248
xDSL Statistics	250
27.1 xDSL Statistics	250
System	253
28.1 Overview	253
28.2 System	253
User Account	254
29.1 Overview	254
29.2 User Account	254
29.2.1 User Account Add/Edit	255
Remote Management	256
30.1 Overview	256
30.2 MGMT Services	256
30.3 Trust Domain	257
30.3.1 Add Trust Domain	258
SNMP	259
31.1 Overview	259
31.2 SNMP	259
Time Settings	261
32.1 Overview	261
32.2 Time	261
Email Notification	263
33.1 Overview	263
33.2 Email Notification	263
33.2.1 Email Notification Edit	264
Log Setting	265
34.1 Overview	265
34.2 Log Settings	265
34.2.1 Example Email Log	266
Firmware Upgrade	268
35.1 Overview	268
35.2 Firmware	268
Backup/Restore	270
36.1 Overview	270
36.2 Backup/Restore	270
36.3 Reboot	272
Diagnostic	273
37.1 Overview	273
37.1.1 What You Can Do in this Chapter	273
37.2 What You Need to Know	273
37.3 Ping & TraceRoute & NsLookup	274
37.4 802.1ag	274
37.5 802.3ah	276
37.6 OAM Ping	277
Troubleshooting	279
38.1 Power, Hardware Connections, and LEDs	279
38.2 VMG Access and Login	280
38.3 Internet Access	281
38.4 Wireless Internet Access	283
38.5 UPnP	284
38.6 VoIP Call Quality	284
Appendices	286
Customer Support	287
Wireless LANs	293
IPv6	303
Services	311
Legal Information	315

Match case Limit results 1 per page

Appendix B Wireless LANs

VMG4927-B50A / VMG9827-B50A User’s Guide

298

• Authorization

Determines the network services available to authenticated users once they are connected to the

network.

• Accounting

Keeps track of the client’s network activity.

RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless

client and the network RADIUS server.

Types of RADIUS Messages

The following types of RADIUS messages are exchanged between the access point and the RADIUS

server for user authentication:

• Access-Request

Sent by an access point requesting authentication.

• Access-Reject

Sent by a RADIUS server rejecting access.

• Access-Accept

Sent by a RADIUS server allowing access.

• Access-Challenge

Sent by a RADIUS server requesting more information in order to allow access. The access point sends

a proper response from the user and then sends another Access-Request message.

The following types of RADIUS messages are exchanged between the access point and the RADIUS

server for user accounting:

• Accounting-Request

Sent by the access point requesting accounting.

• Accounting-Response

Sent by the RADIUS server to indicate that it has started or stopped accounting.

In order to ensure network security, the access point and the RADIUS server use a shared secret key,

which is a password, they both know. The key is not sent over the network. In addition to the shared key,

password information exchanged is also encrypted to protect the network from unauthorized access.

Types of EAP Authentication

This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP.

Your wireless LAN device may not support all authentication types.

By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station

and a RADIUS server perform authentication.

For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the

certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to

authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.