Home » ZyXEL Manuals » Networking » ZyXEL G-220 » Manual Viewer

ZyXEL G-220 User Guide - Page 103

Wireless Security, Types of EAP Authentication, EAP-MD5 (Message-Digest Algorithm 5)

Get ZyXEL G-220 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 103 highlights

ZyXEL G-220 v2 User's Guide APPENDIX D Wireless Security Types of EAP Authentication This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. Your wireless LAN device may not support all authentication types. EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. . For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless station. The wireless station 'proves' that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key. You must configure WEP encryption keys for data encryption. Appendix D Wireless Security 103

Section	Page
User’s Guide	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Copyright	7
Certifications	8
ZyXEL Limited Warranty	10
Table of Contents	11
List of Figures	15
List of Tables	19
Getting Started	21
1.1 About Your G-220 v2	21
1.2 Application Overview	21
1.2.1 Windows Vista Users	21
1.2.2 Station Mode	21
1.2.2.1 Infrastructure	21
1.2.2.2 Ad-Hoc	22
1.2.3 Access Point Mode	23
1.2.4 Changing G-220 v2 Mode	23
1.3 G-220 v2 Hardware and Utility Installation	24
1.3.1 ZyXEL Utility Icon	24
1.4 Configuration Methods	24
1.4.1 Enabling WZC	24
1.4.2 Accessing the ZyXEL Utility	25
Tutorial	27
2.1 Connecting to a Wireless LAN	27
2.2 Creating and Using a Profile	29
2.3 Configuring the G-220 v2 as an AP	32
Wireless LAN Network	35
3.1 Wireless LAN Overview	35
3.2 Wireless LAN Security	36
3.2.1 Hide SSID	36
3.2.2 MAC Address Filter	36
3.2.3 User Authentication and Encryption	37
3.2.3.1 WEP	37
3.2.3.2 IEEE 802.1x	38
3.2.3.3 WPA and WPA2	38
3.3 WiFi Protected Setup	39
3.3.1 Push Button Configuration	39
3.3.2 PIN Configuration	39
3.3.3 How WPS Works	41
3.3.3.1 Example WPS Network Setup	42
3.3.4 Limitations of WPS	44
3.4 Introduction to OTIST	45
3.4.1 Enabling OTIST	45
3.4.1.1 AP	45
3.4.1.2 Wireless Client	46
3.4.2 Starting OTIST	47
3.4.3 Notes on OTIST	47
Wireless Station Mode Configuration	49
4.1 Wireless Station Mode Overview	49
4.1.1 ZyXEL Utility Screen Summary	49
4.2 The Link Info Screen	50
4.2.1 Trend Chart	51
4.3 The Site Survey Screen	52
4.3.1 Security Settings	53
4.3.1.1 WEP Encryption	54
4.3.1.2 WPA-PSK/WPA2-PSK	55
4.3.1.3 WPA/WPA2	56
4.3.1.4 IEEE 802.1x	57
4.3.2 Confirm Save Screen	59
4.4 The Profile Screen	60
4.4.1 Adding a New Profile	62
4.5 The Adapter Screen	66
4.6 Security Settings in Windows Vista	69
4.6.1 Using PEAP in Vista	69
4.6.2 Using TLS in Vista	70
Access Point Mode Configuration	73
5.1 Access Point Mode Introduction	73
5.1.1 ZyXEL Utility Screen Summary	73
5.1.2 Additional Setup Requirements	74
5.2 The Link Info Screen	74
5.3 The Configuration Screen	75
5.4 The MAC Filter Screen	77
Maintenance	79
6.1 The About Screen	79
6.2 Uninstalling the ZyXEL Utility	79
6.3 Upgrading the ZyXEL Utility	80
Troubleshooting	83
7.1 Problems Starting the ZyXEL Utility	83
7.2 Problem Connecting to an Access Point	83
7.3 Problem with the Link Quality	84
7.4 Problems Communicating With Other Computers	84
Product Specifications	85
Access Point Mode Setup Example	87
Configuring the Computer on Which You Install the G-220 v2	87
Configuring the Wireless Station Computer	89
Management with Wireless Zero Configuration	91
Activating Wireless Zero Configuration	91
Connecting to a Wireless Network	92
Security Settings	95
Association	96
Authentication	97
Ordering the Preferred Networks	100
Wireless Security	103
Types of EAP Authentication	103
EAP-MD5 (Message-Digest Algorithm 5)	103
EAP-TLS (Transport Layer Security)	104
EAP-TTLS (Tunneled Transport Layer Service)	104
PEAP (Protected EAP)	104
LEAP	104
Dynamic WEP Key Exchange	104
WPA and WPA2	105
Encryption	105
User Authentication	106
WPA(2)-PSK Application Example	107
WPA(2) with RADIUS Application Example	107
Security Parameters Summary	108
Setting up Your Computer’s IP Address	109
Windows 95/98/Me	109
Installing Components	110
Configuring	111
Verifying Settings	112
Windows 2000/NT/XP	112
Verifying Settings	116
Macintosh OS 8/9	116
Verifying Settings	118
Macintosh OS X	118
Verifying Settings	119
Customer Support	121

Match case Limit results 1 per page

ZyXEL G-220 v2 User’s Guide

Appendix D Wireless Security

103

PPENDIX

Wireless Security

Types of EAP Authentication

This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS,

PEAP and LEAP. Your wireless LAN device may not support all authentication types.

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the

IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By

using EAP to interact with an EAP-compatible RADIUS server, an access point helps a

wireless station and a RADIUS server perform authentication.

The type of authentication you use depends on the RADIUS server and an intermediary AP(s)

that supports IEEE 802.1x. .

For EAP-TLS authentication type, you must first have a wired connection to the network and

obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs)

can be used to authenticate users and a CA issues certificates and guarantees the identity of

each certificate owner.

EAP-MD5 (Message-Digest Algorithm 5)

MD5 authentication is the simplest one-way authentication method. The authentication server

sends a challenge to the wireless station. The wireless station ‘proves’ that it knows the

password by encrypting the password with the challenge and sends back the information.

Password is not sent in plain text.

However, MD5 authentication has some weaknesses. Since the authentication server needs to

get the plaintext passwords, the passwords must be stored. Thus someone other than the

authentication server may access the password file. In addition, it is possible to impersonate an

authentication server as MD5 authentication method does not perform mutual authentication.

Finally, MD5 authentication method does not support data encryption with dynamic session

key. You must configure WEP encryption keys for data encryption.