ZyXEL G-270S User Guide - Page 28

ZyXEL G-270S User's Guide 2.2.3.2 User Authentication WPA or WPA2 applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. 2.2.4 WPA(2)-PSK Application Example A WPA(2)s-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols). 2 The AP checks each client's password and (only) allows it to join the network if it matches its password. 3 The AP derives and distributes keys to the wireless clients. 4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them. Figure 8 WPA(2)-PSK Authentication 2.2.5 WPA(2) with RADIUS Application Example You need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA(2)-RADIUS application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system. 1 The AP passes the wireless client's authentication request to the RADIUS server. 2 The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly. 3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. 28 Chapter 2 Wireless LAN Network