Linksys WRT51AB manual WEP Encryption, 802.1x Authentication

Page 49

Instant Wireless® Series

 

 

 

 

 

 

Notebook with

 

 

 

 

 

 

Wireless Adapter

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Cable or DSL Modem

 

 

 

 

 

 

 

Router

 

 

 

 

 

 

 

 

 

 

 

RADIUS Server

 

 

 

 

 

Figure C-1

 

 

Notebook with

 

 

 

 

Wireless Adapter

Note: 802.1x is an advanced data security measure and not essential for router operation. It will, however, increase network security.

Note: If you are roaming between access points, you will have to go through the 802.1x authentication procedure each time your computer connects to a new access point.

There are two types of WEP encryption for 802.1x, static and dynamic. Static WEP keys are more vulnerable and can only be changed manually on all devices, including the Router. If you are using MD5 authentication, then you can only use static WEP keys. Dynamic WEP keys are keys that are renewed automatically on a periodic basis. This makes the WEP key(s) more difficult to break, so network security is strengthened. To enable dynamic WEP keys, you must use 802.1x certificate-based authentication methods, such as TLS or TTLS.

WEP Encryption

Make sure your wireless network is functioning before attempting to configure WEP encryption.

On a wireless network, a 128-bit WEP encrypted device will NOT communi- cate with a 64-bit WEP encrypted device. Therefore, make sure that all of the wireless devices on each network are using the same encryption level.

Dual-Band Wireless A+B Broadband Router

In addition to enabling WEP, Linksys also recommends the following security implementations:

Change the SSID from the default “linksys”

Change the SSID on a regular basis

Change the WEP key regularly

Enable MAC address filtering (if your wireless products allow it)

For instructions on how to configure the Router’s WEP settings, go to the “Setup” section of “Chapter 6: The Router’s Web-Based Utility.” For instruc- tions on how to configure the WEP settings of your PC’s wireless adapter, refer to your wireless adapter’s documentation.

802.1x Authentication

Many authentication methods, including passwords, certificates, and smart cards (plastic cards that hold data), work within the 802.1x framework. The Router supports two authentication types: MD5 and certificate-based (TLS or TTLS).

MD5 authentication is a type of one-way authentication method that employs user names and passwords. TLS and TTLS authentication are two-way authen- tication methods that employ digital certificates to verify the identity of a client. TLS, or EAP-TLS, exclusively uses digital certificates, while TTLS, or EAP-TTLS, uses a combination of certificates and another method, such as passwords, for authentication. MD5 authentication is not as secure as either certificate-based authentication method, and TLS is more secure than TTLS authentication.

To use 802.1x authentication, you have to enable the 802.1x feature on the Router as well as your wireless-equipped PCs. For instructions on how to con- figure the Router’s 802.1x settings, go to the “Advanced Wireless” section of “Chapter 6: The Router’s Web-Based Utility.”

Important: The Router’s 802.1x feature works with Windows XP. It may also work with other Windows operating systems, depend- ing on the specifics of your PC’s operating system and the 802.1x client software being used.

Important: The Router’s 802.1x feature works with a RADIUS server. It may also work with other types of authentication servers, depending on the specifics of each authentication server.

90

91

Page 48 Page 50
Image 49
Page 48 Page 50
Contents Dual-Band Wireless A+B Broadband Router Copyright & Trademarks Table of Contents Introduction Common Problems and Solutions Frequently Asked QuestionsEnvironmental 127 Router’s Functions FeaturesIP Addresses What’s an IP Address?Router Setup Overview Dhcp Dynamic Host Configuration Protocol ServersDynamic IP Addresses Router’s Back Panel Getting to Know the Dual-Band Wireless A+B Broadband RouterRouter’s Front Panel LEDs Internet Indicators LAN IndicatorsProceed to Connect the Router Connect the Router Wired Connection to a PCOverview Wireless Connection to a PC Configure the PCsGo to Configure the Router’s Basic Settings Configuring Windows 98 and Millennium PCsConfiguring Windows 2000 PCs Configuring Windows XP PCs Configure the Router’s Basic Settings Enter the Default Gateway Automatic Configuration DhcpStatic or Fixed IP Address Enter the Internet IP AddressRouter’s Web-based Utility How to Access the Web-based UtilitySetup Automatic Configuration DhcpStatic IP Pptp 5GHz, 802.11a 5GHz, 802.11a WEP 4GHz, 802.11b WEP Status PasswordLAN Dhcp Help LogAdvanced Tabs 5GHz, 802.11a Advanced Wireless802.1x Configuration Radius Server Filters Private IP Filter Private MAC Filter To set up a filter11-20 , 21-30 , 31-40 , or 41-50 from Port Forwarding Applications External Port TCP Protocol UDP ProtocolClick the Delete This Entry button RoutingDMZ Host MAC Address Clone Common Problems and Solutions Appendix a TroubleshootingNeed to set a static IP address on a PC For Windows NTWant to test my Internet connection For Windows XPFor Windows 98, Me, 2000, and XP TCP UDP Need to set up a server behind my RouterCan’t get the Internet game, server, or application to work Need to upgrade the firmware To start over, I need to set the Router to factory defaultFirmware upgrade failed, and/or the Diag LED is flashing My DSL service’s PPPoE is always disconnectingClick the Advanced = Filters tab Frequently Asked QuestionsHow can I block corrupted FTP downloads? Does the Router support ICQ send file?What are the advanced features of the Router? What is DMZ Hosting?What is the Ieee 802.11a standard? What is the Ieee 802.11b standard?What is ad-hoc mode? What Ieee 802.11b features are supported?What is infrastructure mode? What is roaming? What is a MAC Address? What is WEP? How do I reset the Router? How do I resolve issues with signal loss?Step One Pinging an IP Address Appendix B How to Ping Your ISP’s E-mail & Web AddressesStep Two Pinging for a Web Address Appendix C Configuring Wireless SecurityBackground WEP Encryption 802.1x AuthenticationFigure C-2 MD5 Authentication for Windows XPFigure C-5 Figure C-9 Digital Certificate InstallationFigure C-13 Click Install this certificateFigure C-18 TLS Authentication for Windows XPFigure C-21 For Windows 95, 98, and Me Figure C-25For Windows NT, 2000, and XP Figure D-3Appendix E Glossary 111 113 115 117 119 121 123 125 One 10/100 RJ-45 Port for Cable/DSL Modem Appendix F SpecificationsCategory 5 Ethernet Network Cable or better EnvironmentalSales Information Technical Support RMA Issues Fax Appendix G Warranty InformationAppendix H Contact Information Web site FTP siteCopyright 2002 Linksys, All Rights Reserved
Top Page Image Contents