Home » ZyXEL Manuals » Bridges & Routers » ZyXEL NBG6615 » Manual Viewer

ZyXEL NBG6615 User Guide - Page 190

Types of RADIUS Messages, Types of EAP Authentication, EAP-MD5 Message-Digest Algorithm 5

Add to My Manuals
Save this manual to your list of manuals

Page 190 highlights

Appendix D Wireless LANs Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: • Accounting-Request Sent by the access point requesting accounting. • Accounting-Response Sent by the RADIUS server to indicate that it has started or stopped accounting. In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access. Types of EAP Authentication This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. Your wireless LAN device may not support all authentication types. EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client. The wireless client 'proves' that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. NBG6615's User's Guide 190

Section	Page
NBG6615	1
Contents Overview	3
Table of Contents	4
User’s Guide	10
Introduction	11
1.1 Overview	11
1.2 Securing the NBG6615	12
1.3 LEDs	13
1.4 The WPS Button	13
1.4.1 Using the WPS Button	14
1.5 Reboot/Reset Button	14
1.6 Wall Mounting	14
The Web Configurator	16
2.1 Overview	16
2.2 Accessing the Web Configurator	16
2.3 Resetting the NBG6615	18
Connection Wizard	20
3.1 Wizard Setup	20
3.1.1 Static IP Connection	22
3.1.2 DHCP Client	22
3.1.3 PPPoE Connection	23
3.1.4 PPTP Connection	24
Modes	28
4.1 Overview	28
4.2 Setting your NBG6615 to Router Mode	29
4.2.1 Status Screen (Router Mode)	29
4.2.2 Router Mode Navigation Panel	33
4.3 Setting your NBG6615 to AP Mode	34
4.3.1 Status Screen (AP Mode)	35
4.3.2 AP Navigation Panel	37
Tutorials	39
5.1 Overview	39
5.2 How to Connect to the Internet from an AP	39
5.3 Configure Wireless Security Using WPS on both your NBG6615 and Wireless Client	39
5.3.1 Push Button Configuration	40
5.3.2 PIN Configuration	41
5.4 Enable and Configure Wireless Security without WPS on your NBG6615	43
5.4.1 Configure Your Wireless Client	44
5.5 Using Multiple SSIDs on the NBG6615	46
5.5.1 Configuring Security Settings of Multiple SSIDs	47
5.6 Installing UPnP in Windows 7 Example	50
5.7 Using Bandwidth Management on the NBG6615	50
Technical Reference	53
Wireless LAN	54
6.1 Overview	54
6.2 What You Can Do	54
6.3 What You Should Know	55
6.3.1 Wireless Security Overview	55
6.3.2 MBSSID	55
6.3.3 MAC Address Filter	56
6.3.4 Encryption	56
6.3.5 WPS	56
6.4 General Wireless LAN Screen	57
6.4.1 No Security	58
6.4.2 WPA2-PSK or WPA-PSK/WPA2-PSK	58
6.5 MAC Filter	59
6.6 Wireless LAN Advanced Screen	60
6.7 WPS Screen	61
6.8 WPS Station Screen	63
6.9 Scheduling Screen	63
6.10 MBSSID Screen	64
WAN	67
7.1 Overview	67
7.2 What You Need To Know	67
7.2.1 Configuring Your Internet Connection	67
7.3 Internet Connection Screen	68
7.3.1 Static IP	68
7.3.2 DHCP Client	70
7.3.3 PPPoE Connection	71
7.3.4 PPTP Connection	73
7.4 Advanced Screen	75
LAN	77
8.1 Overview	77
8.2 What You Need To Know	77
8.2.1 IP Address and Subnet Mask	78
8.2.2 DNS Server Address Assignment	78
8.2.3 IP Pool Setup	79
8.2.4 LAN TCP/IP	79
8.3 LAN IP Screen	79
DHCP Server	81
9.1 Overview	81
9.2 What You Can Do	81
9.3 What You Need To Know	81
9.4 General Screen	81
9.5 Static DHCP Screen	82
9.6 Client List Screen	83
Network Address Translation	85
10.1 Overview	85
10.2 What You Can Do	85
10.2.1 What You Need To Know	86
10.3 General NAT Screen	87
10.4 NAT Application Screen	88
10.5 Port Triggering Screen	90
10.6 Technical Reference	91
10.6.1 NAT Port Forwarding: Services and Port Numbers	92
10.6.2 NAT Port Forwarding Example	92
10.6.3 Trigger Port Forwarding	92
10.6.4 Trigger Port Forwarding Example	93
10.6.5 Two Points To Remember About Trigger Ports	93
Dynamic DNS	94
11.1 Overview	94
11.2 Dynamic DNS Screen	94
Static Route	96
12.1 Overview	96
12.2 IP Static Route Screen	96
Firewall	99
13.1 Overview	99
13.2 What You Can Do	99
13.3 What You Need To Know	100
13.3.1 About the NBG6615 Firewall	100
13.3.2 VPN Pass Through Features	100
13.4 General Firewall Screen	100
13.5 Services Screen	101
13.6 MAC Filter Screen	102
Content Filter	104
14.1 Overview	104
14.2 What You Can Do	104
14.3 Filter Screen	104
Remote Management	106
15.1 Overview	106
15.1.1 Remote Management Limitations	107
15.1.2 Remote Management and NAT	107
15.1.3 System Timeout	107
15.2 WWW Screen	107
Universal Plug-and-Play (UPnP)	109
16.1 Overview	109
16.2 What You Need to Know	109
16.3 Configuring UPnP	110
16.4 Installing UPnP in Windows 7 Example	110
16.4.1 Using UPnP in Windows XP Example	112
16.4.2 Web Configurator Easy Access	114
Bandwidth MGMT	117
17.1 Overview	117
17.2 What You Can Do	117
17.3 What You Need To Know	117
17.4 Bandwidth MGMT Screen	117
17.5 Advanced Screen	118
System	120
18.1 Overview	120
18.2 What You Can Do	120
18.3 System General Screen	120
18.4 Time Setting Screen	121
Logs	123
19.1 Overview	123
19.2 What You Need to Know	123
19.3 View Log Screen	123
Tools	125
20.1 Overview	125
20.2 What You Can Do	125
20.3 Firmware Upload Screen	125
20.4 Configuration Screen	127
20.4.1 Backup Configuration	127
20.4.2 Restore Configuration	127
20.4.3 Back to Factory Defaults	128
20.5 Restart Screen	128
Sys OP Mode	130
21.1 Overview	130
21.2 General Screen	130
Language	132
22.1 Language Screen	132
Troubleshooting and Appendices	133
Troubleshooting	134
23.1 Power, Hardware Connections, and LEDs	134
23.2 NBG6615 Access and Login	135
23.3 Internet Access	136
23.4 Resetting the NBG6615 to Its Factory Defaults	137
23.5 Wireless Problems	138
IP Addresses and Subnetting	139
Pop-up Windows, JavaScripts and Java Permissions	148
Setting Up Your Computer’s IP Address	157
Wireless LANs	184
Common Services	197
Legal Information	200
Customer Support	207

Match case Limit results 1 per page

Appendix D Wireless LANs

NBG6615’s User’s Guide

190

Types of RADIUS Messages

The following types of RADIUS messages are exchanged between the access point and the RADIUS

server for user authentication:

• Access-Request

Sent by an access point requesting authentication.

• Access-Reject

Sent by a RADIUS server rejecting access.

• Access-Accept

Sent by a RADIUS server allowing access.

• Access-Challenge

Sent by a RADIUS server requesting more information in order to allow access. The access point sends

a proper response from the user and then sends another Access-Request message.

The following types of RADIUS messages are exchanged between the access point and the RADIUS

server for user accounting:

• Accounting-Request

Sent by the access point requesting accounting.

• Accounting-Response

Sent by the RADIUS server to indicate that it has started or stopped accounting.

In order to ensure network security, the access point and the RADIUS server use a shared secret key,

which is a password, they both know. The key is not sent over the network. In addition to the shared key,

password information exchanged is also encrypted to protect the network from unauthorized access.

Types of EAP Authentication

This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP.

Your wireless LAN device may not support all authentication types.

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x

transport mechanism in order to support multiple types of user authentication. By using EAP to interact

with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server

perform authentication.

The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that

supports IEEE 802.1x.

For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the

certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to

authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.

EAP-MD5 (Message-Digest Algorithm 5)

MD5 authentication is the simplest one-way authentication method. The authentication server sends a

challenge to the wireless client. The wireless client ‘proves’ that it knows the password by encrypting the

password with the challenge and sends back the information. Password is not sent in plain text.