ZyXEL Communications 100-NH, 1121-NI, 1123-AC, 1123-NI 55

Chapter 6 Wireless LAN

Passphrase

A passphrase functions like a password. In WEP security mode, it is further converted by the NWA into a complicated string that is referred to as the “key”. This key is requested from all devices wishing to connect to a wireless network.

PSK

The Pre-Shared Key (PSK) is a password shared by a wireless access point and a client during a previous secure connection. The key can then be used to establish a connection between the two parties.

Encryption

Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message. Encryption is the process of converting data into unreadable text. This secures information in network communications. The intended recipient of the data can “unlock” it with a pre-assigned key, making the information readable only to him. The NWA when used as a wireless client employs Temporal Key Integrity Protocol (TKIP) data encryption.

EAP

Extensible Authentication Protocol (EAP) is a protocol used by a wireless client, an access point and an authentication server to negotiate a connection.

The EAP methods employed by the NWA when in Wireless Client operating mode are Transport Layer Security (TLS), Protected Extensible Authentication Protocol (PEAP), Lightweight Extensible Authentication Protocol (LEAP) and Tunneled Transport Layer Security (TTLS). The authentication protocol may either be Microsoft Challenge Handshake Authentication Protocol Version 2 (MSCHAPv2) or Generic Token Card (GTC).

Further information on these terms can be found in Appendix E on page 178.

RADIUS

Remote Authentication Dial In User Service (RADIUS) is a protocol that can be used to manage user access to large networks. It is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server.

Figure 21 RADIUS Server Setup

	55
NWA1000 Series User’s Guide	55

Contents

NWA1000 Series Quick Start Guide User’s Guide Page Contents Overview Table of Contents Part I: User’s Guide Chapter Page LAN and VLAN System Log Settings Maintenance Page Introducing the NWA 1.1 Introducing the NWA 1.2 Wireless Modes VoIP_SSID SSID01 Guest_SSID Page Page 1.3 Ways to Manage the NWA 1.4 Configuring Your NWA’s Security Features 1.5Good Habits for Managing the NWA 1.6Hardware Connections 1.7 LED Page Introducing the Web Configurator 2.1 Overview 2.2Accessing the Web Configurator Login Ignore Dashboard 2.3 Resetting the NWA 2.4 Navigating the Web Configurator LINK TAB FUNCTION Page Dashboard 3.1 The Dashboard Screen Page Maintenance > General System Name Repeater Client MBSSID the Maintenance > Time screen Down N/A Tutorial 4.1 How to Configure the Wireless LAN 4.2How to Configure Multiple Wireless Networks Page Wireless LAN > SSID Edit Profile1 3Rename the Profile Name and SSID as SSID01. Click Apply Profile2 Active SecProfile1 Hidden SSID Intra-BSS Traffic blocking 3Next, click Wireless LAN > Security. Click the Edit icon next to SecProfile1 Pre-Shared Key ThisisSSID01PreSharedKey SecProfile2 WMM_VOICE 4Next, click Wireless LAN > Security. Click the Edit icon next to SecProfile2 ThisisVoIPPreSharedKey SecProfile3 WMM_BESTEFFORT 4Select the check-boxof Intra-BSSTraffic blocking Enabled. Click Apply 5Next, click Wireless LAN > Security. Click the Edit icon next to SecProfile3 4.3NWA Setup in AP and Wireless Client Modes Page Wireless LAN > Wireless Settings 1Set the Operation Mode to Root AP Wireless Mode 802.11b/g/n 3Select Profile1 as the SSID Profile AP-A 8Select SecProfile1 in the Security field Traffic blocking Enabled 11Go to Wireless LAN > Security. Click the Edit icon next to SecProfile1 Site Survey Wireless LAN > Security WPA2-PSK/ThisisMyPreSharedKey 1Go to Wireless LAN > MAC Filter. Click the Edit icon next to MacProfile1 Allow Access Control Mode W, Y Page Monitor 5.1 Overview 5.2What You Can Do 5.3View Logs 5.4 Statistics 5.5 Association List 5.6 Channel Usage Page Wireless LAN 6.1 Overview 6.2What You Can Do in this Chapter 6.3What You Need To Know Page SECURITY SECURITY TYPE LEVEL None WEP Page 6.4 Wireless Settings Screen Page Settings- 2.4G 802.11a 802.11a/n/ac in the Wireless Mode field SSID Profile Local MAC Address Page 802.11a/n/ac is selected in the Wireless Mode field Page Page Page Client Operation Mode Basic Settings Site Survey Apply Dynamic Page Page Page Page 6.5 SSID Screen Figure 27 SSID: Edit Disabled Disabled 6.6 Wireless Security Screen Security Settings WEP Open Shared 64-bit 128-bit WPA2 WPA2-MIX WPA2-MIX time Page 6.7 RADIUS Screen Page 6.8 Layer-2Isolation Intra-BSS Traffic Blocking Wireless LAN 6.9 MAC Filter Screen Wireless LAN > MAC Filter 6.10 Technical Reference Page Page LAN and VLAN 7.1 LAN Overview 7.2 What You Can Do in the LAN IP Screen 7.3 What You Need to Know Page 7.4 VLAN Overview 7.5 What You Need to Know 7.6 LAN IP Screen Page System 8.1 Overview 8.2What You Can Do in this Chapter 8.3What You Need To Know Secured Client IP Address 8.4 WWW Screen 8.5 Certificates Screen 8.6 Telnet Screen Page 8.7 SNMP Screen Read/Write 8.8 FTP Screen 8.9 Technical Reference Page Certificate Details Thumbprint Algorithm Thumbprint Log Settings 9.1 Overview 9.2 What You Can Do in this Chapter 9.3 What You Need To Know 9.4 Log Settings Screen Configuration Page Maintenance 10.1 Overview 10.2What You Can Do in this Chapter 10.3 What You Need To Know 10.4 General Screen 10.5 Password Screen 10.6 Time Screen 10.7 Firmware Upgrade Screen 10.8 Configuration File Screen Backup Upload 10.9 Restart Screen Troubleshooting 11.1Power, Hardware Connections, and LEDs 11.2 NWA Access and Login 11.3 Internet Access 11.4Wireless LAN Page Setting Up Your Computer’s IP Address Page Page 5The Internet Protocol TCP/IP Properties window opens Obtain an IP address automatically 7Click OK to close the Internet Protocol (TCP/IP) Properties window 8Click OK to close the Local Area Connection Properties window 1Click Start > All Programs > Accessories > Command Prompt Page Continue Page 7The Internet Protocol Version 4 (TCP/IPv4) Properties window opens 9Click OK to close the Internet Protocol (TCP/IP) Properties window 10Click OK to close the Local Area Connection Properties window Page Page Page 6The Internet Protocol Version 4 (TCP/IPv4) Properties window opens 8Click OK to close the Internet Protocol (TCP/IP) Properties window 9Click OK to close the Local Area Connection Properties window 1Click Apple > System Preferences System Preferences Network Built-in Ethernet Configure Using DHCP Configure IPv4 TCP/IP Manually Router Applications > Utilities > Network Utilities Network Interface Info 2In System Preferences, click the Network icon Configure Page Network interface 1Click System > Administration > Network Network Settings Unlock Authenticate Properties Static IP address IP address Subnet mask Gateway address DNS Close System > Administration > Network Tools Network device Devices Interface Statistics 1Click K Menu > Computer > Administrator Settings (YaST) Run as Root - KDE su YaST Control Center Network Devices Network Card Overview Name Network Card Setup Address Dynamic Address (DHCP) Statically assigned IP Address Hostname Hostname/DNS Finish KNetwork Manager Task bar Options Page Pop-upWindows, JavaScript and Java Permissions Block pop-ups 2Select Settings…to open the Pop-upBlocker Settings screen Add Allowed sites Custom Level Scripting Active scripting Enable Scripting of Java applets Microsoft VM Java permissions Advanced 2Make sure that Use Java 2 for <applet> under Java (Sun) is selected Tools Content Preferences Choose how you prefer to handle Open all JavaScript Options IP Addresses and Subnetting 1ST OCTET: 2ND 3RD 4TH OCTET OCTET: BINARY 1ST DECIMAL OCTET SUBNET MASK ALTERNATIVE LAST OCTET NOTATION (BINARY) (DECIMAL) Table 43 Subnet IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE Table 44 Subnet Table 45 Subnet Table 46 Subnet SUBNET FIRST ADDRESS LAST BROADCAST ADDRESS Page IPv6 MULTICAST ADDRESS MAC EUI-64 Page Page Page Start All Programs Dibbler-DHCPv6 Client Install as service 3Select Start > Control Panel > Administrative Tools > Services 1Select Control Panel > Network and Sharing Center > Local Area Connection 2Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it 4Click Close to exit the Local Area Connection Status screen 5Select Start > All Programs > Accessories > Command Prompt Wireless LANs Page Page Figure 92 RTS/CTS WIRELESS LAN MAXIMUM NET FREQUENCY COMPATIBILITY STANDARD Page Page Page EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP Page Page AUTHENTICATION ENCRYPTIO ENTER METHOD/ KEY IEEE Page Page Customer Support Page Page Page Page Page Legal Information Copyright Certifications ZyXEL Limited Warranty Open Source Licenses Regulatory Information National Restrictions Safety Warnings Environmental Product Declaration DNS 91 59, 62 BSS 10, 52 16 MSDU 59, 63 59, 63, 65 SMTP 106