Home » ZyXEL Manuals » Wireless » ZyXEL WAP3205 v2 » Manual Viewer

ZyXEL WAP3205 v2 User Guide - Page 176

User Authentication, WPA or WPA2 applies IEEE 802.1x and Extensible Authentication Protocol EAP

Add to My Manuals
Save this manual to your list of manuals

Page 176 highlights

Appendix D Wireless LANs TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. This all happens in the background automatically. WPA2 AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm called Rijndael. The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped. By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi network than WEP, making it difficult for an intruder to break into the network. The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials. The common-password approach makes WPAPSK susceptible to brute-force password-guessing attacks but it's still an improvement over WEP as it employs an easier-to-use, consistent, single, alphanumeric password. User Authentication WPA or WPA2 applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use WPA2 -PSK (WPA2 -Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. 176 WAP3205 User's Guide

Section	Page
WAP3205	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
Introduction	17
Getting to Know Your WAP3205	19
1.1 Overview	19
1.2 Applications	19
1.3 Ways to Manage the WAP3205	19
1.4 Good Habits for Managing the WAP3205	20
1.5 LEDs	20
Introducing the Web Configurator	23
2.1 Overview	23
2.2 Accessing the Web Configurator	23
2.2.1 Login Screen	24
2.2.2 Password Screen	25
2.2.3 Home Screen	25
2.3 Resetting the WAP3205	27
2.3.1 Procedure to Use the Reset Button	28
Monitor	29
3.1 Overview	29
3.2 What You Can Do	29
3.3 Log	29
3.4 Packet Statistics	30
3.5 WLAN Station Status	32
WAP3205 Modes	33
4.1 Overview	33
4.1.1 Web Configurator Modes	33
4.1.2 Device Modes	33
Easy Mode	35
5.1 Overview	35
5.2 What You Can Do	36
5.3 What You Need to Know	36
5.4 Navigation Panel	37
5.5 Network Map	37
5.6 Control Panel	38
5.6.1 Wireless Security	39
5.6.2 WPS	41
5.7 Status Screen in Easy Mode	42
Access Point Mode	45
6.1 Overview	45
6.2 What You Can Do	45
6.3 What You Need to Know	45
6.3.1 Setting your WAP3205 to AP Mode	46
6.3.2 Accessing the Web Configurator in Access Point Mode	46
6.3.3 Configuring your WLAN, LAN and Maintenance Settings	47
6.4 AP Mode Status Screen	47
Client Mode	53
7.1 Overview	53
7.2 What You Can Do	53
7.3 What You Need to Know	54
7.3.1 Setting your WAP3205 to Client Mode	54
7.3.2 Accessing the Web Configurator in Client Mode	54
7.4 Client Mode Status Screen	55
7.5 Wireless LAN Profile Screen	57
7.5.1 Adding a New WLAN Profile	58
7.5.2 Site Survey Screen	62
7.5.3 WPS Screen	63
Universal Repeater Mode	65
8.1 Overview	65
8.2 What You Can Do	65
8.3 What You Need to Know	66
8.3.1 Setting your WAP3205 to Universal Repeater Mode	66
8.3.2 Accessing the Web Configurator in Universal Repeater Mode	66
8.4 Universal Repeater Mode Status Screen	67
8.5 Universal Repeater Screen	69
8.5.1 No Security	70
8.5.2 Static WEP	70
8.5.3 WPA(2)-PSK	72
Tutorials	73
9.1 Overview	73
9.2 Connecting to the Internet from an Access Point	73
9.3 Configuring Wireless Security Using WPS	73
9.3.1 Push Button Configuration (PBC)	74
9.3.2 PIN Configuration	75
9.4 Enabling and Configuring Wireless Security (No WPS)	77
9.4.1 Configure Your Notebook	79
Configuration	81
Wireless LAN	83
10.1 Overview	83
10.2 What You Can Do	84
10.3 What You Should Know	84
10.3.1 Wireless Security Overview	84
10.4 General Wireless LAN Screen	87
10.5 Wireless Security Screen	88
10.5.1 No Security	88
10.5.2 WEP Encryption	89
10.5.3 WPA-PSK/WPA2-PSK	91
10.6 MAC Filter	92
10.7 Wireless LAN Advanced Screen	93
10.8 Quality of Service (QoS) Screen	95
10.9 WPS Screen	95
10.10 WPS Station Screen	97
10.11 Scheduling Screen	97
10.12 WDS Screen	99
LAN	101
11.1 Overview	101
11.2 What You Can Do	101
11.3 What You Need To Know	102
11.3.1 LAN TCP/IP	102
11.3.2 IP Alias	102
11.4 LAN IP Screen	103
11.5 IP Alias Screen	104
Maintenance and Troubleshooting	105
Maintenance	107
12.1 Overview	107
12.2 What You Can Do	107
12.3 General Screen	108
12.4 Password Screen	108
12.5 Time Setting Screen	109
12.6 Firmware Upgrade Screen	111
12.7 Configuration Backup/Restore Screen	113
12.8 Reset/Restart Screen	114
12.9 System Operation Mode Overview	115
12.10 Sys Op Mode Screen	116
Troubleshooting	119
13.1 Power, Hardware Connections, and LEDs	119
13.2 WAP3205 Access and Login	120
13.3 Internet Access	122
13.4 Resetting the WAP3205 to Its Factory Defaults	123
13.5 Wireless Router/AP Troubleshooting	124
Product Specifications	125
14.1 Wall-mounting Instructions	126
Appendices and Index	129
Pop-up Windows, JavaScripts and Java Permissions	131
IP Addresses and Subnetting	139
Setting up Your Computer’s IP Address	149
Wireless LANs	167
Common Services	179
Legal Information	183

Match case Limit results 1 per page

Appendix D Wireless LANs

WAP3205 User’s Guide

176

TKIP regularly changes and rotates the encryption keys so that the same

encryption key is never used twice. The RADIUS server distributes a Pairwise

Master Key (PMK) key to the AP that then sets up a key hierarchy and

management system, using the pair-wise key to dynamically generate unique data

encryption keys to encrypt every data packet that is wirelessly communicated

between the AP and the wireless clients. This all happens in the background

automatically.

WPA2 AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit

mathematical algorithm called Rijndael.

The Message Integrity Check (MIC) is designed to prevent an attacker from

capturing data packets, altering them and resending them. The MIC provides a

strong mathematical function in which the receiver and the transmitter each

compute and then compare the MIC. If they do not match, it is assumed that the

data has been tampered with and the packet is dropped.

By generating unique data encryption keys for every data packet and by creating

an integrity checking mechanism (MIC), TKIP makes it much more difficult to

decode data on a Wi-Fi network than WEP, making it difficult for an intruder to

break into the network.

The encryption mechanisms used for WPA and WPA-PSK are the same. The only

difference between the two is that WPA-PSK uses a simple common password,

instead of user-specific credentials. The common-password approach makes WPA-

PSK susceptible to brute-force password-guessing attacks but it's still an

improvement over WEP as it employs an easier-to-use, consistent, single,

alphanumeric password.

User Authentication

WPA or WPA2 applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to

authenticate wireless clients using an external RADIUS database.

If both an AP and the wireless clients support WPA2 and you have an external

RADIUS server, use WPA2 for stronger data encryption. If you don't have an

external RADIUS server, you should use WPA2 -PSK (WPA2 -Pre-Shared Key) that

only requires a single (identical) password entered into each access point, wireless

gateway and wireless client. As long as the passwords match, a wireless client will

be granted access to a WLAN.

If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK

depending on whether you have an external RADIUS server or not.

Select WEP only when the AP and/or wireless clients do not support WPA or WPA2.

WEP is less secure than WPA or WPA2.