Home » ZyXEL Manuals » Networking » ZyXEL VMG3927-B50B » Manual Viewer

ZyXEL VMG3927-B50B User Guide - Page 304

Types of RADIUS Messages, Types of EAP Authentication, EAP-MD5 Message-Digest Algorithm 5

Add to My Manuals
Save this manual to your list of manuals

Page 304 highlights

Appendix B Wireless LANs RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server. Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: • Accounting-Request Sent by the access point requesting accounting. • Accounting-Response Sent by the RADIUS server to indicate that it has started or stopped accounting. In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access. Types of EAP Authentication This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. Your wireless LAN device may not support all authentication types. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client. The wireless client 'proves' that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plain text passwords, the passwords must be stored. Thus someone other than the authentication server VMG4927-B50A / VMG9827-B50A / VMG3927-B50B User's Guide 304

Section	Page
VMG4927-B50A / VMG9827-B50A/ VMG3927-B50B	1
Document Conventions	3
Contents Overview	4
Table of Contents	6
User’s Guide	15
VMG Introduction	16
1.1 Overview	16
1.1.1 Internet Access	16
1.1.2 Wireless Access	20
1.1.3 VoIP Features	20
1.2 Ways to Manage the VMG	21
1.3 Good Habits for Managing the VMG	21
1.4 Hardware	21
1.4.1 Front Panels	21
1.4.2 WPS Button	24
1.4.3 LEDs (Lights)	25
1.4.4 Rear Panel	28
1.4.5 RESET Button	29
1.4.6 Wall Mounting	29
The Web Configurator	32
2.1 Overview	32
2.1.1 Access the Web Configurator	32
2.2 Web Configurator Layout	34
2.2.1 Title Bar	34
2.2.2 Navigation Panel	35
Quick Start	39
3.1 Overview	39
3.2 Quick Start Setup	39
Tutorials	42
4.1 Overview	42
4.2 Set Up an ADSL PPPoE Connection	42
4.3 Set Up a Secure WiFi Network	45
4.3.1 Configure the WiFi Network Settings	45
4.3.2 Use WPS	47
4.3.3 Connect to the VMG’s WiFi Network Manually (No WPS)	49
4.3.4 Configure Wireless Security on the VMG	49
4.3.5 Configure Your Laptop	51
4.4 Set Up Multiple Wireless Groups	53
4.5 Configure Static Route for Routing to Another Network	56
4.6 Configure QoS Queue and Class Setup	58
4.7 Access the VMG Using DDNS	62
4.7.1 Register a DDNS Account on www.dyndns.org	62
4.7.2 Configure DDNS on Your VMG	63
4.7.3 Test the DDNS Setting	63
4.8 Configure the MAC Address Filter	63
Technical Reference	65
Network Map and Status Screens	66
5.1 Overview	66
5.2 Network Map	66
5.3 Status	68
Broadband	71
6.1 Overview	71
6.1.1 What You Can Do in this Chapter	71
6.1.2 What You Need to Know	72
6.1.3 Before You Begin	74
6.2 Broadband	75
6.2.1 Add/Edit Internet Connection	76
6.3 Advanced Settings	84
6.4 Ethernet WAN	87
6.5 Technical Reference	87
Wireless	93
7.1 Overview	93
7.1.1 What You Can Do in this Chapter	93
7.1.2 What You Need to Know	93
7.2 WiFi	94
7.2.1 WiFi Edit	94
7.3 Guest WiFi	96
7.3.1 Edit Guest WiFi	97
7.4 WPS	98
7.5 Advanced Settings	98
7.6 Channel Status	101
7.7 MESH	103
7.8 Technical Reference	105
7.8.1 Wireless Network Overview	105
7.8.2 Additional Wireless Terms	107
7.8.3 Wireless Security Overview	107
7.8.4 Signal Problems	109
7.8.5 BSS	109
7.8.6 MBSSID	110
7.8.7 Preamble Type	110
7.8.8 WiFi Protected Setup (WPS)	110
Home Networking	116
8.1 Overview	116
8.1.1 What You Can Do in this Chapter	116
8.1.2 What You Need To Know	117
8.1.3 Before You Begin	118
8.2 LAN Setup	118
8.3 Static DHCP	122
8.4 UPnP	123
8.4.1 Turn On UPnP in Windows 7 Example	125
8.5 Additional Subnet	126
8.6 STB Vendor ID	128
8.7 Wake on LAN	128
8.8 TFTP Server Name	129
8.9 Technical Reference	130
8.9.1 LANs, WANs and the VMG	130
8.9.2 DHCP Setup	130
8.9.3 DNS Server Addresses	130
8.9.4 LAN TCP/IP	131
Routing	133
9.1 Overview	133
9.2 Routing	133
9.2.1 Add/Edit Static Route	134
9.3 DNS Route	135
9.3.1 DNS Route Add	136
9.4 Policy Route	137
9.4.1 Add/Edit Policy Route	138
9.5 RIP Overview	139
9.5.1 RIP	139
Quality of Service (QoS)	140
10.1 Overview	140
10.1.1 What You Can Do in this Chapter	140
10.2 What You Need to Know	141
10.3 Quality of Service General Settings	142
10.4 Queue Setup	143
10.4.1 Adding a QoS Queue	145
10.5 Classification Setup	145
10.5.1 Add/Edit QoS Class	146
10.6 QoS Shaper Setup	150
10.6.1 Add/Edit a QoS Shaper	151
10.7 QoS Policer Setup	151
10.7.1 Add/Edit a QoS Policer	152
10.8 QoS Monitor	153
10.9 Technical Reference	154
Network Address Translation (NAT)	159
11.1 Overview	159
11.1.1 What You Can Do in this Chapter	159
11.1.2 What You Need To Know	159
11.2 Port Forwarding	160
11.2.1 Add/Edit Port Forwarding	162
11.3 Applications Settings	163
11.3.1 Add New Application	164
11.4 Port Triggering	165
11.4.1 Add/Edit Port Triggering Rule	166
11.5 DMZ	167
11.6 ALG	168
11.7 Address Mapping	169
11.7.1 Add/Edit Address Mapping Rule	170
11.8 Sessions	171
11.9 Technical Reference	171
11.9.1 NAT Definitions	172
11.9.2 What NAT Does	172
11.9.3 How NAT Works	173
11.9.4 NAT Application	173
Dynamic DNS Setup	176
12.1 Overview	176
12.1.1 What You Can Do in this Chapter	176
12.1.2 What You Need To Know	176
12.2 DNS Entry	177
12.2.1 Add/Edit DNS Entry	177
12.3 Dynamic DNS	178
IGMP/MLD	180
13.1 Overview	180
13.1.1 What You Need To Know	180
13.2 IGMP/MLD	180
VLAN Group	183
14.1 Overview	183
14.1.1 What You Can Do in this Chapter	183
14.2 VLAN Group	183
14.2.1 Add/Edit a VLAN Group	184
Interface Grouping	185
15.1 Overview	185
15.1.1 What You Can Do in this Chapter	185
15.2 Interface Grouping Overview	185
15.2.1 Interface Grouping Configuration	186
15.2.2 Interface Grouping Criteria	188
Firewall	190
16.1 Overview	190
16.1.1 What You Can Do in this Chapter	190
16.1.2 What You Need to Know	191
16.2 Firewall	191
16.3 Protocol	192
16.3.1 Add/Edit a Service	193
16.4 Access Control	194
16.4.1 Add/Edit an ACL Rule	195
16.5 DoS	196
MAC Filter	198
17.1 Overview	198
17.2 MAC Filter	198
Parental Control	200
18.1 Overview	200
18.2 Parental Control	200
18.2.1 Add/Edit a Parental Control Profile	201
Scheduler Rule	204
19.1 Overview	204
19.2 Scheduler Rule	204
19.2.1 Add/Edit a Schedule	204
Certificates	206
20.1 Overview	206
20.1.1 What You Can Do in this Chapter	206
20.2 What You Need to Know	206
20.3 Local Certificates	206
20.3.1 Create Certificate Request	207
20.3.2 View Certificate Request	208
20.4 Trusted CA	209
20.4.1 View Trusted CA Certificate	210
20.4.2 Import Trusted CA Certificate	211
Voice	213
21.1 Overview	213
21.1.1 What You Can Do in this Chapter	213
21.1.2 What You Need to Know About VoIP	213
21.2 Before You Begin	214
21.3 SIP Account	214
21.3.1 SIP Account Add/Edit	215
21.4 SIP Service Provider	219
21.4.1 SIP Service Provider Add/Edit	220
21.5 Phone Device	224
21.5.1 Phone Device Edit	225
21.6 Region	226
21.7 Call Rule	226
21.8 Technical Reference	227
21.8.1 Quality of Service (QoS)	235
21.8.2 Phone Services Overview	235
Log	240
22.1 Overview	240
22.1.1 What You Can Do in this Chapter	240
22.1.2 What You Need To Know	240
22.2 System Log	241
22.3 Security Log	242
Traffic Status	243
23.1 Overview	243
23.1.1 What You Can Do in this Chapter	243
23.2 WAN Status	243
23.3 LAN Status	244
23.4 NAT Status	245
ARP Table	247
24.1 Overview	247
24.1.1 How ARP Works	247
24.2 ARP Table	248
Routing Table	249
25.1 Overview	249
25.2 Routing Table	249
Multicast Status	251
26.1 Overview	251
26.2 IGMP Status	251
26.3 MLD Status	251
xDSL Statistics	253
27.1 xDSL Statistics	253
System	256
28.1 Overview	256
28.2 System	256
User Account	257
29.1 Overview	257
29.2 User Account	257
29.2.1 User Account Add/Edit	258
Remote Management	260
30.1 Overview	260
30.2 MGMT Services	260
30.3 Trust Domain	261
30.3.1 Add Trust Domain	262
SNMP	263
31.1 Overview	263
31.2 SNMP	263
Time Settings	265
32.1 Overview	265
32.2 Time	265
Email Notification	268
33.1 Overview	268
33.2 Email Notification	268
33.2.1 Email Notification Edit	269
Log Setting	270
34.1 Overview	270
34.2 Log Settings	270
34.2.1 Example Email Log	271
Firmware Upgrade	273
35.1 Overview	273
35.2 Firmware	273
Backup/Restore	275
36.1 Overview	275
36.2 Backup/Restore	275
36.3 Reboot	277
Diagnostic	278
37.1 Overview	278
37.1.1 What You Can Do in this Chapter	278
37.2 What You Need to Know	278
37.3 Ping & TraceRoute & NsLookup	279
37.4 802.1ag	279
37.5 802.3ah	281
37.6 OAM Ping	282
Troubleshooting	285
38.1 Power, Hardware Connections, and LEDs	285
38.2 VMG Access and Login	286
38.3 Internet Access	287
38.4 Wireless Internet Access	289
38.5 UPnP	290
38.6 VoIP Call Quality	290
Appendices	292
Customer Support	293
Wireless LANs	299
IPv6	309
Services	317
Legal Information	321

Match case Limit results 1 per page

Appendix B Wireless LANs

VMG4927-B50A / VMG9827-B50A / VMG3927-B50B User’s Guide

304

RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless

client and the network RADIUS server.

Types of RADIUS Messages

The following types of RADIUS messages are exchanged between the access point and the RADIUS

server for user authentication:

• Access-Request

Sent by an access point requesting authentication.

• Access-Reject

Sent by a RADIUS server rejecting access.

• Access-Accept

Sent by a RADIUS server allowing access.

• Access-Challenge

Sent by a RADIUS server requesting more information in order to allow access. The access point sends

a proper response from the user and then sends another Access-Request message.

The following types of RADIUS messages are exchanged between the access point and the RADIUS

server for user accounting:

• Accounting-Request

Sent by the access point requesting accounting.

• Accounting-Response

Sent by the RADIUS server to indicate that it has started or stopped accounting.

In order to ensure network security, the access point and the RADIUS server use a shared secret key,

which is a password, they both know. The key is not sent over the network. In addition to the shared key,

password information exchanged is also encrypted to protect the network from unauthorized access.

Types of EAP Authentication

This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP.

Your wireless LAN device may not support all authentication types.

By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station

and a RADIUS server perform authentication.

For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the

certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to

authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.

EAP-MD5 (Message-Digest Algorithm 5)

MD5 authentication is the simplest one-way authentication method. The authentication server sends a

challenge to the wireless client. The wireless client ‘proves’ that it knows the password by encrypting the

password with the challenge and sends back the information. Password is not sent in plain text.

However, MD5 authentication has some weaknesses. Since the authentication server needs to get the

plain text passwords, the passwords must be stored. Thus someone other than the authentication server