Home » ZyXEL Manuals » Networking » ZyXEL NBG-417N » Manual Viewer

ZyXEL NBG-417N User Guide - Page 65

User Authentication, Encryption, Static WEP, WPA-PSK

Get ZyXEL NBG-417N PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 65 highlights

Chapter 6 Wireless LAN You can use the MAC address filter to tell the AP which wireless clients are allowed or not allowed to use the wireless network. If a wireless client is allowed to use the wireless network, it still has to have the correct settings (SSID, channel, and security). If a wireless client is not allowed to use the wireless network, it does not matter if it has the correct settings. This type of security does not protect the information that is sent in the wireless network. Furthermore, there are ways for unauthorized devices to get the MAC address of an authorized wireless client. Then, they can use that MAC address to use the wireless network. 6.3.1.3 User Authentication You can make every user log in to the wireless network before they can use it. This is called user authentication. However, every wireless client in the wireless network has to support IEEE 802.1x to do this. For wireless networks, there are two typical places to store the user names and passwords for each user. • In the AP: this feature is called a local user database or a local database. • In a RADIUS server: this is a server used in businesses more than in homes. If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network. Local user databases also have an additional limitation that is explained in the next section. 6.3.1.4 Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message. The types of encryption you can choose depend on the type of user authentication. (See Section 6.3.1.3 on page 65 for information about this.) Table 24 Types of Encryption for Each Type of Authentication NO AUTHENTICATION RADIUS SERVER Weakest No Security WPA Static WEP WPA-PSK Strongest WPA2-PSK WPA2 For example if the wireless network has a RADIUS server, you can choose WPA or WPA2. If users do not log in to the wireless network, you can choose no encryption, Static WEP, WPA-PSK, or WPA2-PSK. Usually, you should set up the strongest encryption that every wireless client in the wireless network supports. For example, suppose the AP does not have a local user database, and you do NBG-417N User's Guide 65

Section	Page
NBG-417N	1
Table of Contents	5
User’s Guide	13
Getting to Know Your NBG-417N	15
1.1 Overview	15
1.2 Applications	15
1.3 Ways to Manage the NBG-417N	16
1.4 Good Habits for Managing the NBG-417N	16
1.5 LEDs	16
1.6 The WPS Button	17
1.7 Wall Mounting	18
Introducing the Web Configurator	19
2.1 Overview	19
2.2 Accessing the Web Configurator	19
2.3 Resetting the NBG-417N	21
2.3.1 Procedure to Use the Reset Button	21
2.4 Navigating the Web Configurator	21
2.5 Status Screen (Router Mode)	21
2.5.1 Navigation Panel	24
2.5.2 Summary: DHCP Table	25
2.5.3 Summary: Packet Statistics	26
2.5.4 Summary: WLAN Station Status	27
Connection Wizard	29
3.1 Wizard Setup	29
3.2 Connection Wizard: STEP 1: System Information	30
3.2.1 System Name	30
3.2.2 Domain Name	30
3.3 Connection Wizard: STEP 2: Wireless LAN	31
3.3.1 Extend (WPA-PSK or WPA2-PSK) Security	32
3.4 Connection Wizard: STEP 3: Internet Configuration	33
3.4.1 Ethernet Connection	34
3.4.2 PPPoE Connection	34
3.4.3 PPTP Connection	35
3.4.4 Your IP Address	36
3.4.5 WAN IP Address Assignment	37
3.4.6 IP Address and Subnet Mask	37
3.4.7 DNS Server Address Assignment	38
3.4.8 WAN IP and DNS Server Address Assignment	38
3.4.9 WAN MAC Address	39
3.5 Connection Wizard Complete	41
AP Mode	43
4.1 Overview	43
4.2 Setting your NBG-417N to AP Mode	43
4.3 Status Screen (AP Mode)	44
4.3.1 Navigation Panel	46
4.4 Configuring Your Settings	47
4.4.1 LAN Settings	47
4.4.2 WLAN and Maintenance Settings	48
4.5 Logging in to the Web Configurator in AP Mode	48
Tutorials	49
5.1 Overview	49
5.2 How to Connect to the Internet from an AP	49
5.2.1 Configure Wireless Security Using WPS on both your NBG-417N and Wireless Client	49
5.2.2 Enable and Configure Wireless Security without WPS on your NBG- 417N	53
5.3 Bandwidth Management for your Network	56
5.3.1 Configuring Bandwidth Management by Application	56
5.3.2 Configuring Bandwidth Management by Custom Application	57
5.3.3 Configuring Bandwidth Allocation by IP or IP Range	58
Technical Reference	61
Wireless LAN	63
6.1 Overview	63
6.2 What You Can Do	63
6.3 What You Should Know	64
6.3.1 Wireless Security Overview	64
6.4 General Wireless LAN Screen	66
6.4.1 No Security	68
6.4.2 WEP Encryption	68
6.4.3 WPA-PSK/WPA2-PSK	70
6.5 MAC Filter	71
6.6 Wireless LAN Advanced Screen	72
6.7 Quality of Service (QoS) Screen	73
6.7.1 Application Priority Configuration	75
6.8 WPS Screen	77
6.9 WPS Station Screen	77
6.10 Scheduling Screen	79
6.11 WDS Screen	79
6.11.1 Security Mode: Static WEP	81
6.11.2 Security Mode: WPA-PSK/WPA2-PSK	82
WAN	85
7.1 Overview	85
7.2 What You Can Do	85
7.3 What You Need To Know	85
7.3.1 Configuring Your Internet Connection	86
7.3.2 Multicast	87
7.3.3 NetBIOS over TCP/IP	87
7.3.4 Auto-Bridge	88
7.4 Internet Connection	88
7.4.1 Ethernet Encapsulation	88
7.4.2 PPPoE Encapsulation	90
7.4.3 PPTP Encapsulation	92
7.5 Advanced WAN Screen	94
LAN	97
8.1 Overview	97
8.2 What You Can Do	97
8.3 What You Need To Know	98
8.3.1 IP Pool Setup	98
8.3.2 LAN TCP/IP	98
8.4 LAN IP Screen	99
DHCP Server	101
9.1 Overview	101
9.2 What You Can Do	101
9.3 What You Need To Know	101
9.4 General Screen	102
9.5 Advanced Screen	102
9.6 Client List Screen	104
Network Address Translation (NAT)	107
10.1 Overview	107
10.2 What You Can Do	107
10.3 General NAT Screen	108
10.4 NAT Application Screen	108
10.5 NAT Advanced Screen	111
10.5.1 Trigger Port Forwarding Example	112
10.5.2 Two Points To Remember About Trigger Ports	112
Dynamic DNS	115
11.1 Overview	115
11.2 Dynamic DNS Screen	115
Firewall	117
12.1 Overview	117
12.2 What You Can Do	117
12.3 What You Need To Know	118
12.3.1 About the NBG-417N Firewall	118
12.4 General Firewall Screen	118
12.5 Services Screen	119
Content Filtering	121
13.1 Overview	121
13.2 What You Can Do	121
13.3 What You Need To Know	121
13.3.1 Content Filtering Profiles	121
13.4 Filter Screen	122
13.5 Technical Reference	123
13.5.1 Customizing Keyword Blocking URL Checking	123
Static Route	125
14.1 Overview	125
14.2 What You Can Do	125
14.3 IP Static Route Screen	126
14.3.1 Static Route Setup Screen	127
Bandwidth Management	128
15.1 Overview	128
15.2 What You Can Do	128
15.3 What You Need To Know	129
15.4 General Configuration	129
15.5 Advanced Configuration	130
15.5.1 Priority Levels	132
15.5.2 User Defined Service Rule Configuration	133
15.5.3 Predefined Bandwidth Management Services	134
15.5.4 Services and Port Numbers	134
Remote Management	135
16.1 Overview	135
16.2 What You Can Do	135
16.3 What You Need To Know	135
16.3.1 Remote Management Limitations	136
16.3.2 Remote Management and NAT	136
16.3.3 System Timeout	136
16.4 WWW Screen	136
Universal Plug-and-Play (UPnP)	138
17.1 Overview	138
17.2 What You Can Do	138
17.3 What You Need to Know	138
17.4 UPnP Screen	139
17.5 Technical Reference	140
17.5.1 Using UPnP in Windows XP Example	140
17.5.2 Web Configurator Easy Access	142
System	145
18.1 Overview	145
18.2 What You Can Do	145
18.3 System General Screen	145
18.4 Time Setting Screen	147
Logs	149
19.1 Overview	149
19.2 What You Can Do	149
19.3 What You Need to Know	149
19.4 View Log Screen	149
Tools	151
20.1 Overview	151
20.2 What You Can Do	151
20.3 Firmware Upload Screen	151
20.4 Configuration Screen	153
20.4.1 Backup Configuration	153
20.4.2 Restore Configuration	153
20.4.3 Back to Factory Defaults	154
20.5 Restart Screen	155
Sys OP Mode	156
21.1 Overview	156
21.2 What You Can Do	156
21.3 What You Need to Know	156
21.4 General Screen	157
Language	159
22.1 Language Screen	159
Troubleshooting	161
23.1 Power, Hardware Connections, and LEDs	161
23.2 NBG-417N Access and Login	162
23.3 Internet Access	163
23.4 Resetting the NBG-417N to Its Factory Defaults	165
23.5 Wireless Router/AP Troubleshooting	165
Product Specifications	167
IP Addresses and Subnetting	171
Pop-up Windows, JavaScripts and Java Permissions	181
Setting Up Your Computer’s IP Address	193
Wireless LANs	221
Services	235
Legal Information	239

Match case Limit results 1 per page

Chapter 6 Wireless LAN

NBG-417N User’s Guide

You can use the MAC address filter to tell the AP which wireless clients are allowed or not allowed to

use the wireless network. If a wireless client is allowed to use the wireless network, it still has to

have the correct settings (SSID, channel, and security). If a wireless client is not allowed to use the

wireless network, it does not matter if it has the correct settings.

This type of security does not protect the information that is sent in the wireless network.

Furthermore, there are ways for unauthorized devices to get the MAC address of an authorized

wireless client. Then, they can use that MAC address to use the wireless network.

6.3.1.3

User Authentication

You can make every user log in to the wireless network before they can use it. This is called user

authentication. However, every wireless client in the wireless network has to support IEEE 802.1x

to do this.

For wireless networks, there are two typical places to store the user names and passwords for each

user.

•

In the AP: this feature is called a local user database or a local database.

•

In a RADIUS server: this is a server used in businesses more than in homes.

If your AP does not provide a local user database and if you do not have a RADIUS server, you

cannot set up user names and passwords for your users.

Unauthorized devices can still see the information that is sent in the wireless network, even if they

cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to

get a valid user name and password. Then, they can use that user name and password to use the

wireless network.

Local user databases also have an additional limitation that is explained in the next section.

6.3.1.4

Encryption

Wireless networks can use encryption to protect the information that is sent in the wireless

network. Encryption is like a secret code. If you do not know the secret code, you cannot

understand the message.

The types of encryption you can choose depend on the type of user authentication. (See

Section

6.3.1.3 on page 65

for information about this.)

For example if the wireless network has a RADIUS server, you can choose

WPA

WPA2

. If users

do not log in to the wireless network, you can choose no encryption,

Static WEP

WPA-PSK

, or

WPA2-PSK

Usually, you should set up the strongest encryption that every wireless client in the wireless

network supports. For example, suppose the AP does not have a local user database, and you do

Table 24

Types of Encryption for Each Type of Authentication

NO AUTHENTICATION

RADIUS SERVER

Weakest

No Security

WPA

Static WEP

WPA-PSK

Strongest

WPA2-PSK

WPA2