Home » ZyXEL Manuals » Networking » ZyXEL VMG4927-B50A » Manual Viewer

ZyXEL VMG4927-B50A User Guide - Page 300

User Authentication, Wireless Client WPA Supplicants, WPA2-PSK Application Example

Add to My Manuals
Save this manual to your list of manuals

Page 300 highlights

Appendix B Wireless LANs receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped. By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), with AES it is more difficult to decrypt data on a WiFi network and difficult for an intruder to break into the network. WPA2-PSK uses a simple common password, instead of user-specific credentials. The common-password approach makes WPA2-PSK susceptible to brute-force password-guessing attacks but it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption keys. This prevent all wireless devices sharing the same encryption keys. User Authentication Key caching allows a wireless client to store the PMK it derived through a successful authentication with an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not need to go with the authentication process again. Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform another AP before connecting to it. Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client. The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it. WPA2-PSK Application Example A WPA2-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols). 2 The AP checks each wireless client's password and allows it to join the network only if the password matches. 3 The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. 4 The AP and wireless clients use the AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them. VMG4927-B50A / VMG9827-B50A User's Guide 300

Section	Page
VMG4927-B50A / VMG9827-B50A	1
Document Conventions	3
Contents Overview	4
Table of Contents	6
User’s Guide	15
VMG Introduction	16
1.1 Overview	16
1.1.1 Internet Access	16
1.1.2 Wireless Access	20
1.1.3 VoIP Features	20
1.2 Ways to Manage the VMG	21
1.3 Good Habits for Managing the VMG	21
1.4 Hardware	21
1.4.1 Front Panels	21
1.4.2 WPS Button	23
1.4.3 LEDs (Lights)	24
1.4.4 Rear Panel	26
1.4.5 RESET Button	27
1.4.6 Wall Mounting	27
The Web Configurator	29
2.1 Overview	29
2.1.1 Access the Web Configurator	29
2.2 Web Configurator Layout	31
2.2.1 Title Bar	31
2.2.2 Navigation Panel	32
Quick Start	36
3.1 Overview	36
3.2 Quick Start Setup	36
Tutorials	39
4.1 Overview	39
4.2 Set Up an ADSL PPPoE Connection	39
4.3 Set Up a Secure WiFi Network	42
4.3.1 Configure the WiFi Network Settings	42
4.3.2 Use WPS	44
4.3.3 Connect to the VMG’s WiFi Network Manually (No WPS)	46
4.3.4 Configure Wireless Security on the VMG	46
4.3.5 Configure Your Laptop	48
4.4 Set Up Multiple Wireless Groups	50
4.5 Configure Static Route for Routing to Another Network	53
4.6 Configure QoS Queue and Class Setup	55
4.7 Access the VMG Using DDNS	59
4.7.1 Register a DDNS Account on www.dyndns.org	59
4.7.2 Configure DDNS on Your VMG	60
4.7.3 Test the DDNS Setting	60
4.8 Configure the MAC Address Filter	60
Technical Reference	62
Network Map and Status Screens	63
5.1 Overview	63
5.2 Network Map	63
5.3 Status	65
Broadband	68
6.1 Overview	68
6.1.1 What You Can Do in this Chapter	68
6.1.2 What You Need to Know	69
6.1.3 Before You Begin	71
6.2 Broadband	72
6.2.1 Add/Edit Internet Connection	73
6.3 Advanced Settings	81
6.4 Ethernet WAN	84
6.5 Technical Reference	84
Wireless	90
7.1 Overview	90
7.1.1 What You Can Do in this Chapter	90
7.1.2 What You Need to Know	90
7.2 WiFi	91
7.2.1 WiFi Edit	91
7.3 Guest WiFi	93
7.3.1 Edit Guest WiFi	93
7.4 WPS	94
7.5 Advanced Settings	95
7.6 Channel Status	98
7.7 MESH	100
7.8 Technical Reference	102
7.8.1 Wireless Network Overview	102
7.8.2 Additional Wireless Terms	104
7.8.3 Wireless Security Overview	104
7.8.4 Signal Problems	106
7.8.5 BSS	106
7.8.6 MBSSID	107
7.8.7 Preamble Type	107
7.8.8 WiFi Protected Setup (WPS)	107
Home Networking	113
8.1 Overview	113
8.1.1 What You Can Do in this Chapter	113
8.1.2 What You Need To Know	114
8.1.3 Before You Begin	115
8.2 LAN Setup	115
8.3 Static DHCP	119
8.4 UPnP	120
8.4.1 Turn On UPnP in Windows 7 Example	121
8.5 Additional Subnet	123
8.6 STB Vendor ID	124
8.7 Wake on LAN	125
8.8 TFTP Server Name	125
8.9 Technical Reference	126
8.9.1 LANs, WANs and the VMG	126
8.9.2 DHCP Setup	127
8.9.3 DNS Server Addresses	127
8.9.4 LAN TCP/IP	127
Routing	129
9.1 Overview	129
9.2 Routing	129
9.2.1 Add/Edit Static Route	130
9.3 DNS Route	131
9.3.1 DNS Route Add	132
9.4 Policy Route	133
9.4.1 Add/Edit Policy Route	134
9.5 RIP Overview	135
9.5.1 RIP	135
Quality of Service (QoS)	137
10.1 Overview	137
10.1.1 What You Can Do in this Chapter	137
10.2 What You Need to Know	138
10.3 Quality of Service General Settings	139
10.4 Queue Setup	140
10.4.1 Adding a QoS Queue	142
10.5 Classification Setup	143
10.5.1 Add/Edit QoS Class	143
10.6 QoS Shaper Setup	147
10.6.1 Add/Edit a QoS Shaper	148
10.7 QoS Policer Setup	148
10.7.1 Add/Edit a QoS Policer	149
10.8 QoS Monitor	150
10.9 Technical Reference	151
Network Address Translation (NAT)	156
11.1 Overview	156
11.1.1 What You Can Do in this Chapter	156
11.1.2 What You Need To Know	156
11.2 Port Forwarding	157
11.2.1 Add/Edit Port Forwarding	159
11.3 Applications Settings	160
11.3.1 Add New Application	161
11.4 Port Triggering	162
11.4.1 Add/Edit Port Triggering Rule	163
11.5 DMZ	164
11.6 ALG	165
11.7 Address Mapping	166
11.7.1 Add/Edit Address Mapping Rule	167
11.8 Sessions	168
11.9 Technical Reference	169
11.9.1 NAT Definitions	169
11.9.2 What NAT Does	169
11.9.3 How NAT Works	170
11.9.4 NAT Application	170
Dynamic DNS Setup	173
12.1 Overview	173
12.1.1 What You Can Do in this Chapter	173
12.1.2 What You Need To Know	173
12.2 DNS Entry	174
12.2.1 Add/Edit DNS Entry	174
12.3 Dynamic DNS	175
IGMP/MLD	177
13.1 Overview	177
13.1.1 What You Need To Know	177
13.2 IGMP/MLD	177
VLAN Group	180
14.1 Overview	180
14.1.1 What You Can Do in this Chapter	180
14.2 VLAN Group	180
14.2.1 Add/Edit a VLAN Group	181
Interface Grouping	182
15.1 Overview	182
15.1.1 What You Can Do in this Chapter	182
15.2 Interface Grouping Overview	182
15.2.1 Interface Grouping Configuration	183
15.2.2 Interface Grouping Criteria	185
Firewall	187
16.1 Overview	187
16.1.1 What You Can Do in this Chapter	187
16.1.2 What You Need to Know	188
16.2 Firewall	188
16.3 Protocol	189
16.3.1 Add/Edit a Service	190
16.4 Access Control	191
16.4.1 Add/Edit an ACL Rule	192
16.5 DoS	193
MAC Filter	195
17.1 Overview	195
17.2 MAC Filter	195
Parental Control	197
18.1 Overview	197
18.2 Parental Control	197
18.2.1 Add/Edit a Parental Control Profile	198
Scheduler Rule	201
19.1 Overview	201
19.2 Scheduler Rule	201
19.2.1 Add/Edit a Schedule	201
Certificates	203
20.1 Overview	203
20.1.1 What You Can Do in this Chapter	203
20.2 What You Need to Know	203
20.3 Local Certificates	203
20.3.1 Create Certificate Request	204
20.3.2 View Certificate Request	205
20.4 Trusted CA	206
20.4.1 View Trusted CA Certificate	207
20.4.2 Import Trusted CA Certificate	208
Voice	210
21.1 Overview	210
21.1.1 What You Can Do in this Chapter	210
21.1.2 What You Need to Know About VoIP	210
21.2 Before You Begin	211
21.3 SIP Account	211
21.3.1 SIP Account Add/Edit	212
21.4 SIP Service Provider	216
21.4.1 SIP Service Provider Add/Edit	217
21.5 Phone Device	221
21.5.1 Phone Device Edit	222
21.6 Region	223
21.7 Call Rule	223
21.8 Technical Reference	224
21.8.1 Quality of Service (QoS)	232
21.8.2 Phone Services Overview	232
Log	237
22.1 Overview	237
22.1.1 What You Can Do in this Chapter	237
22.1.2 What You Need To Know	237
22.2 System Log	238
22.3 Security Log	239
Traffic Status	240
23.1 Overview	240
23.1.1 What You Can Do in this Chapter	240
23.2 WAN Status	240
23.3 LAN Status	241
23.4 NAT Status	242
ARP Table	244
24.1 Overview	244
24.1.1 How ARP Works	244
24.2 ARP Table	244
Routing Table	246
25.1 Overview	246
25.2 Routing Table	246
Multicast Status	248
26.1 Overview	248
26.2 IGMP Status	248
26.3 MLD Status	248
xDSL Statistics	250
27.1 xDSL Statistics	250
System	253
28.1 Overview	253
28.2 System	253
User Account	254
29.1 Overview	254
29.2 User Account	254
29.2.1 User Account Add/Edit	255
Remote Management	256
30.1 Overview	256
30.2 MGMT Services	256
30.3 Trust Domain	257
30.3.1 Add Trust Domain	258
SNMP	259
31.1 Overview	259
31.2 SNMP	259
Time Settings	261
32.1 Overview	261
32.2 Time	261
Email Notification	263
33.1 Overview	263
33.2 Email Notification	263
33.2.1 Email Notification Edit	264
Log Setting	265
34.1 Overview	265
34.2 Log Settings	265
34.2.1 Example Email Log	266
Firmware Upgrade	268
35.1 Overview	268
35.2 Firmware	268
Backup/Restore	270
36.1 Overview	270
36.2 Backup/Restore	270
36.3 Reboot	272
Diagnostic	273
37.1 Overview	273
37.1.1 What You Can Do in this Chapter	273
37.2 What You Need to Know	273
37.3 Ping & TraceRoute & NsLookup	274
37.4 802.1ag	274
37.5 802.3ah	276
37.6 OAM Ping	277
Troubleshooting	279
38.1 Power, Hardware Connections, and LEDs	279
38.2 VMG Access and Login	280
38.3 Internet Access	281
38.4 Wireless Internet Access	283
38.5 UPnP	284
38.6 VoIP Call Quality	284
Appendices	286
Customer Support	287
Wireless LANs	293
IPv6	303
Services	311
Legal Information	315

Match case Limit results 1 per page

Appendix B Wireless LANs

VMG4927-B50A / VMG9827-B50A User’s Guide

300

receiver and the transmitter each compute and then compare the MIC. If they do not match, it is

assumed that the data has been tampered with and the packet is dropped.

By generating unique data encryption keys for every data packet and by creating an integrity

checking mechanism (MIC), with AES it is more difficult to decrypt data on a WiFi network and difficult

for an intruder to break into the network.

WPA2-PSK uses a simple common password, instead of user-specific credentials. The common-password

approach makes WPA2-PSK susceptible to brute-force password-guessing attacks but it employs a

consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal

encryption keys. This prevent all wireless devices sharing the same encryption keys.

User Authentication

Key caching allows a wireless client to store the PMK it derived through a successful authentication with

an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not need to go

with the authentication process again.

Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to

perform another AP before connecting to it.

Wireless Client WPA Supplicants

A wireless client supplicant is the software that runs on an operating system instructing the wireless client

how to use WPA. At the time of writing, the most widely available supplicant is the

WPA patch for

Windows XP, Funk Software's Odyssey client.

The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero

Configuration" wireless client. However, you must run Windows XP to use it.

WPA2-PSK Application Example

A WPA2-PSK application looks as follows.

First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist

of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols).

The AP checks each wireless client's password and allows it to join the network only if the password

matches.

The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over

the network, but is derived from the PSK and the SSID.

The AP and wireless clients use the AES encryption process, the PMK and information exchanged in a

handshake to create temporal encryption keys. They use these keys to encrypt data exchanged

between them.