ZyXEL G-405 User Guide - Page 46

Data Encryption with WEP, IEEE 802.1x, EAP Authentication, Dynamic WEP Key Exchange

Get ZyXEL G-405 PDF manuals and user guides View all ZyXEL G-405 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 46 highlights

ZyAIR G-405 User's Guide 6.1.1 Data Encryption with WEP WEP (Wired Equivalent Privacy) encryption scrambles all data packets transmitted between the ZyAIR and the AP or other wireless stations to keep network communications private. Both the wireless clients and the access points must use the same WEP key for data encryption and decryption. There are two ways to create WEP keys in your ZyAIR. • Automatic WEP key generation based on a "password phrase" called a passphrase. The passphrase is case sensitive. You must use the same passphrase for all WLAN adapters with this feature in the same WLAN. For WLAN adapters without the passphrase feature, you can still take advantage of this feature by writing down the four automatically generated WEP keys from the Security screen of the ZyAIR Navigator and entering them manually as the WEP keys in the other WLAN adapter(s). • Enter the WEP keys manually. Your ZyAIR allows you to configure up to four 64-bit or 128-bit WEP keys but only one key can be enabled at any one time. 6.1.2 IEEE 802.1x The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management. Authentication can be done using an external RADIUS server. EAP Authentication EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE802.1x. The ZyAIR supports EAP-TLS, EAP-TTLS and EAP-MD5. Refer to the Types of EAP Authentication appendix for descriptions. For EAP-TLS and EAP-TTLS authentication types, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. Dynamic WEP Key Exchange An AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default WEP encryption key in the Security configuration screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled. 6-2 Wireless LAN Security Setup

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
ZyAIR G-405 User’s Guide
6-2
Wireless LAN Security Setup
6.1.1 Data Encryption with WEP
WEP (Wired Equivalent Privacy) encryption scrambles all data packets transmitted between the ZyAIR and
the AP or other wireless stations to keep network communications private. Both the wireless clients and the
access points must use the same WEP key for data encryption and decryption.
There are two ways to create WEP keys in your ZyAIR.
Automatic WEP key generation based on a “password phrase” called a passphrase. The passphrase
is case sensitive. You must use the same passphrase for all WLAN adapters with this feature in the
same WLAN.
For WLAN adapters without the passphrase feature, you can still take advantage of this feature by
writing down the four automatically generated WEP keys from the
Security
screen of the ZyAIR
Navigator and entering them manually as the WEP keys in the other WLAN adapter(s).
Enter the WEP keys manually.
Your ZyAIR allows you to configure up to four 64-bit or 128-bit WEP keys but only one key can be
enabled at any one time.
6.1.2 IEEE 802.1x
The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless
stations and encryption key management. Authentication can be done using an external RADIUS server.
EAP Authentication
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE802.1x
transport mechanism in order to support multiple types of user authentication. By using EAP to interact
with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server
perform authentication.
The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports
IEEE802.1x. The ZyAIR supports EAP-TLS, EAP-TTLS and EAP-MD5. Refer to the
Types of EAP
Authentication
appendix for descriptions.
For EAP-TLS and EAP-TTLS authentication types, you must first have a wired connection to the network
and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be
used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.
Dynamic WEP Key Exchange
An AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless
connection times out, disconnects or reauthentication times out. A new WEP key is generated each time
reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default WEP encryption key in the
Security
configuration screen. You may still configure and store keys here, but they will not be used while Dynamic
WEP is enabled.