Instant Wireless® Series

 

 

 

 

 

 

Notebook with

 

 

 

 

 

 

Wireless Adapter

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Cable or DSL Modem

 

 

 

 

 

 

 

Router

 

 

 

 

 

 

 

 

 

 

 

RADIUS Server

 

 

 

 

 

Figure C-1

 

 

Notebook with

 

 

 

 

Wireless Adapter

Note: 802.1x is an advanced data security measure and not essential for router operation. It will, however, increase network security.

Note: If you are roaming between access points, you will have to go through the 802.1x authentication procedure each time your computer connects to a new access point.

There are two types of WEP encryption for 802.1x, static and dynamic. Static WEP keys are more vulnerable and can only be changed manually on all devices, including the Router. If you are using MD5 authentication, then you can only use static WEP keys. Dynamic WEP keys are keys that are renewed automatically on a periodic basis. This makes the WEP key(s) more difficult to break, so network security is strengthened. To enable dynamic WEP keys, you must use 802.1x certificate-based authentication methods, such as TLS or TTLS.

WEP Encryption

Make sure your wireless network is functioning before attempting to configure WEP encryption.

On a wireless network, a 128-bit WEP encrypted device will NOT communi- cate with a 64-bit WEP encrypted device. Therefore, make sure that all of the wireless devices on each network are using the same encryption level.

Dual-Band Wireless A+B Broadband Router

In addition to enabling WEP, Linksys also recommends the following security implementations:

Change the SSID from the default “linksys”

Change the SSID on a regular basis

Change the WEP key regularly

Enable MAC address filtering (if your wireless products allow it)

For instructions on how to configure the Router’s WEP settings, go to the “Setup” section of “Chapter 6: The Router’s Web-Based Utility.” For instruc- tions on how to configure the WEP settings of your PC’s wireless adapter, refer to your wireless adapter’s documentation.

802.1x Authentication

Many authentication methods, including passwords, certificates, and smart cards (plastic cards that hold data), work within the 802.1x framework. The Router supports two authentication types: MD5 and certificate-based (TLS or TTLS).

MD5 authentication is a type of one-way authentication method that employs user names and passwords. TLS and TTLS authentication are two-way authen- tication methods that employ digital certificates to verify the identity of a client. TLS, or EAP-TLS, exclusively uses digital certificates, while TTLS, or EAP-TTLS, uses a combination of certificates and another method, such as passwords, for authentication. MD5 authentication is not as secure as either certificate-based authentication method, and TLS is more secure than TTLS authentication.

To use 802.1x authentication, you have to enable the 802.1x feature on the Router as well as your wireless-equipped PCs. For instructions on how to con- figure the Router’s 802.1x settings, go to the “Advanced Wireless” section of “Chapter 6: The Router’s Web-Based Utility.”

Important: The Router’s 802.1x feature works with Windows XP. It may also work with other Windows operating systems, depend- ing on the specifics of your PC’s operating system and the 802.1x client software being used.

Important: The Router’s 802.1x feature works with a RADIUS server. It may also work with other types of authentication servers, depending on the specifics of each authentication server.

90

91

Page 49
Image 49
Linksys WRT51AB manual WEP Encryption, 802.1x Authentication