Manuals / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications 2602HWL-D3A manual Eapol Exchange between 802.1x Authenticator and Supplicant

Models: 2602HWL-D3A

1 237

Download 237 pages 58.1 Kb

Page 112

Prestige 2602HWL-D3A Support Notes

The EAP protocol can support multiple authentication mechanisms, such as MD5-challenge, One-Time Passwords, Generic Token Card, TLS and TTLS etc. Typically, the authenticator will send an initial Identity Request followed by one or more Requests for authentication information. When supplicant receive the EAP request, it will reply associated EAP response. So far, ZyXEL Wireless AP only supports MD-5 challenge authentication mechanism, but will support TLS and TTLS in the future.

EAPOL Exchange between 802.1x Authenticator and Supplicant

The authenticator or the supplicant can initiate authentication. If you enable 802.1x authentication on the Wireless AP, the authenticator must initiate authentication when it determines that the Wireless link state transitions from down to up. It then sends an EAP-request/identity frame to the 802.1x client to request its identity (typically, the authenticator sends an initial identity/request frame followed by one or more requests for authentication information). Upon receipt of the frame, the supplicant responds with an EAP-response/identity frame.

However, if during bootup, the supplicant does not receive an EAP-request/identity frame from the Wireless AP, the client can initiate authentication by sending an EAPOL-Startframe, which prompts the switch to request the supplicant’s identity. In above case, authenticator co-locate with authentication server. When the supplicant supplies its identity, the authenticator directly exchanges EAPOL to the supplicant until authentication succeeds or fails. If the authentication succeeds, the port becomes authorized. If the authentication fails, the port becomes unauthorized. When the supplicant does not need Wireless access any more, it sends EAPOL-Logoffpacket to terminate its 802.1x session, the port state will become unauthorized. The following figure shows the EAPOL exchange ping-pong chart.

112

All contents copyright (c) 2007 ZyXEL Communications Corporation.

Image 112

ZyXEL Communications 2602HWL-D3A manual Eapol Exchange between 802.1x Authenticator and Supplicant

Contents

Prestige 2602HWL-D3A Prestige 2602HWL-D3A Support Notes FAQ Pstn L Ifeline FAQ IP FAQ Ontent F Ilter FAQ Ireless FAQ Application Notes Ethernet connection ∙ In the Control Panel/Network window, click Add buttonTCP/IP Configuration ∙ Setting up the Prestige routerPrestige 2602HWL-D3A Support Notes Setup the Prestige as a Dhcp Relay ∙ What is Dhcp Relay?∙ Setup the Prestige as a Dhcp Client ∙ Configuration Configure an Internal Server Behind SUA∙ Introduction Service Port Number ∙ Port numbers for some servicesTelnet Configure a Pptp server Behind SUA DNS Domain Name Server Www-http Web∙ Example 1723 192.168.1.10 Prestige 2602HWL-D3A Support Notes ∙ What is Multi-NAT? Using NAT / Multi-NAT∙ How NAT works One to One Many to OneMany to Many Overload Many to Many No OverloadNAT Type IP Mapping Direction ∙ SMT MenusFull Feature Field Options DescriptionNone SUA OnlyConfiguring NAT Prestige 2602HWL-D3A Support Notes Field Description Option/Example SUASet Name Action Select Rule FieldDescription Option Following table describes the fields in this screen Enter 2 to go to Menu 15.2.1-NAT Server Setup Internet Access Only Prestige 2602HWL-D3A Support Notes Internet Access with an Internal Server Prestige 2602HWL-D3A Support Notes Type One-to-One Start= Prestige 2602HWL-D3A Support Notes Support Non NAT Friendly Applications Type Many-to-Many No Overload Start= NAT Type IP Mapping Prestige supports multiple type of NAT mapping rulesOne-to-One ILA1---IGA1 Many-to-One ILA2---IGA1 Server SUA Server 1 IP---IGA1 Server 2 IP---IGA1About Filter & Filter Examples ∙ Filter Structure∙ Filter Types and SUA Prestige 2602HWL-D3A Support Notes Menu Protocol and device rule cannot be active together Filter for blocking the web service Create a filter set in Menu Rule one for a. http packet, TCP06/Port number Rule 3 for c. DNS packet UDP17/Port number Filter for blocking a specific client Filter for blocking a specific MAC address Before you Begin Configurations Action Matched= Drop Action Not Matched= Forward Value= 0080c810234a Filter for blocking the NetBIOS packets Action Not Matched= Check Next Rule IP Source Route= No Port # Comp= None TCP Estab= N/A More= No Log= None Menu 21.1.6 TCP/IP Filter Rule Filter # 1,6 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= Prestige 2602HWL-D3A Support Notes Menu 21.2 Filter Rules Summary Using the Dynamic DNS Ddns What is DDNS?Key Settings for using Ddns function Enter the password that the Ddns server gives to you Password Enable WildcardNetwork Management Using Snmp Reads WritesTraversal operations Traps∙ Get ∙ GetNext∙ Set ∙ TrapZyXEL Snmp Implementation ∙ coldStart defined in RFC-1215∙ authenticationFailure defined in RFC-1215 WhyReboot defined in ZYXEL-MIB∙ warmStart defined in RFC-1215 ∙ linkDown defined in RFC-1215Configure the Prestige for Snmp Using syslog ∙ Unix Setup ∙ CDR logcall messages∙ Packet triggered log ∙ Filter log∙ PPP Log Using IP Alias ∙ What is IP Alias ?∙ IP Alias Setup Dhcp Setup TCP/IP SetupWhat is Call Scheduling ? Using Call SchedulingIP Alias ∙ SMT Menu for Call Scheduling Edit the Schedule sets in menuMenu 26.1 Schedule Set Setup is as follows Start Date How Often Forced On Forced Down Enable∙ Apply the schedule to the Remote node ∙ Time Service in Prestige Using IP Multicast ∙ IP Multicast Setup Enable Igmp in Prestiges LAN in menuMulticast IGMP-v1 for Igmp version 1, IGMP-v2 for Igmp versionUsing Prestige traffic redirect ∙ What is Traffic Redirect ?∙ How to deploy backup gateway? ∙ Traffic Redirect SetupWAN IP Using Universal Plug n Play UPnP ∙ 1. What is UPnPUPnP Operations ∙ 2. Using UPnP in ZyXEL devices Prestige 2602HWL-D3A Support Notes Prestige 2602HWL-D3A Support Notes Finally, your video conversation is achieved Wireless Application Notes Infrastructure modeConfiguration Prestige Wireless using SMT Prestige 2602HWL-D3A Support Notes ∙ Configuration Wireless Station to Infrastructure mode Double click on the AP you want to associated with Wireless MAC address filtering MAC Filter OverviewFilter Action Prestige 2602HWL-D3A Support Notes WEP configuration Wired Equivalent Privacy IntroductionSetting up the Access Point Key settings ∙ Setting up the Access Point with Web configurator Setting up the Station Prestige 2602HWL-D3A Support Notes Prestige 2602HWL-D3A Support Notes Configuring Ieee 802.1x IntroductionAuthentication Server ∙ Authentication Port State and Authentication Control ∙ Re-Authentication Eapol Exchange between 802.1x Authenticator and Supplicant Prestige 2602HWL-D3A Support Notes Prestige 2602HWL-D3A Support Notes If you use WEB Configuration ∙ Using Internal Authentication Server Menu 14 Dial-in User Setup ZyXELPassword Enter a password up to 31 characters longEnter Menu Selection Number User Name∙ Using External Radius Authentication Server Prestige 2602HWL-D3A Support Notes Authentication using ZyXEL AP internal authentication server Server Address Port Shared SecretSite Survey PreparationSurvey on Site Prestige 2602HWL-D3A Support Notes Pstn Lifeline Application Notes Usage of Pstn LifelineLifeline configuration How to connect Lifeline and DSL connection Relay to PstnVoIP Application Notes Setup SIP Account Account NumberLocal PortPassword SetupReset Address SIP ServerPhone port settings Volume Advanced voice settings configurationSpeaking ListeningSIP Account Timer Dtmf ModeURL Type ExpirationMessage WaitingIndication TimeEach fields detail description of the page is listed below Speed Dial SIP NumberName TypeVoice Common Settings SettingsRegion ImmediateServices from your voice service provider Call Service ModeVoice QoS setup Priority Call Forwarding setupVoice Vlan Busy Forward to Number Unconditional Forward to NumberNo Answer Forward to Number Table Number Forward toUnconditional Busy ForwardNumber Setup section Call Hold setupCall Waiting setup ConditionScenario Prestige 2602HWL-D3A Support Notes Three Way Conference setup Call Transfer setup Prestige 2602HWL-D3A Support Notes Application scenario 3 Attendant Transfer Call Fallback Prestige 2602HWL-D3A Support Notes Call Park Call Flow Call Pickup Call Flow Call ReturnDistinctive Ringing Each filed is described in the following table Do Not Disturb DND Hot Line Auto Dial Setting Advanced Music on holdTrunking Trunking Peer to Peer Configuration details Prestige 2602HWL-D3A Support Notes Prestige 2602HWL-D3A Support Notes Trunking SIP to FXO VoIP Trunking GeneralTrunking FXO to SIP Prestige 2602HWL-D3A Support Notes Trunking FXO to FXO Prestige 2602HWL-D3A Support Notes Prestige 2602HWL-D3A Support Notes What is ZyNOS? How do I access the embedded web configurator?Prestige 2602HWL-D3A Support Notes How do I upload or backup Romfile via web configurator? Why cant I make Telnet to Prestige from WAN?What is SUA? When should I use SUA? What should I do if I forget the system password?What is the difference between NAT and SUA? Why cant I configure device filters or protocol filters? What is the Prestige Integrated Access Device?How many network users can the SUA/NAT support? What are Device filters and Protocol filters?What is PPPoE? How do I know I am using PPPoE?Will the Prestige work with my Internet connection? What do I need to use the Prestige?Why does my provider use PPPoE? How can I configure the Prestige?Which Internet Applications can I use with the Prestige? What network interface does the Prestige support?How does e-mail work through the Prestige? What Dhcp capability does the Prestige support?Can the Prestige support Tftp over WAN? How does the Prestige support TFTP?How fast can the data go? What is Multi-NAT? When do I need Multi-NAT?Make local server accessible from outside Internet Support Non-NAT Friendly ApplicationsServer What IP/Port mapping does Multi-NAT support?Many-to-Many ILA1---IGA1 What is BOOTP/DHCP? What is the difference between SUA and Multi-NAT?What is DDNS? When do I need Ddns service? What does Lifeline mean? Do I need Lifeline?Can I connect more than one phone on the phone port? Can I receive incoming Pstn call through P2602HWL- 6xC?What is Voice over IP? Why use VoIP?What is the relationship between codec and VoIP? Can I make an outgoing Pstn call through P2602HWL 6xC?What is the difference between H.323 and SIP? What is voice quality?What is codec? What advantage does Voice over IP can provide?What is the relation of codec and VoIP? What codec does Prestige support?Which codec should I choose? What do I need in order to use SIP?Unable to register with the SIP server? Can register but can not establish a call?What makes Prestige firewall secure? What is a network firewall?What are the basic types of firewalls? What kind of firewall is the Prestige? What is Denials of Service DoSattack? What is Ping of Death attack?What is Teardrop attack? What is SYN Flood attack?What is Land attack? What is Brute-force attack?What is IP Spoofing attack? What are the default ACL firewall rules in Prestige?How can I protect against IP spoofing attacks? What is VPN? Why do I need VPN?Can I override block or allow certain URLs by wording? Yes, you can use key word blocking to achieve thisWhat is PPTP? What is L2TP?What is IPSec? CostWhat is IKE? What is SA?What secure protocols does IPSec support? What is Pre-Shared Key? What is Phase 1 ID for?What are the differences between IKE and manual key VPN? What are Local ID and Peer ID?When should I use FQDN? How do I configure Prestige VPN?Is my Prestige ready for IPSec VPN? How many VPN connections does Prestige support?What types of authentication does Prestige VPN support? What VPN protocols are supported by Prestige?What types of encryption does Prestige VPN support? Prestige supports 56-bit DES and 168-bit 3DES and AESDoes Prestige support dynamic secure gateway IP? Does Prestige VPN support NetBIOS broadcast? Where can I configure Phase 1 ID in Prestige?Will ZyXEL support Secure Remote Management? Is the host behind NAT allowed to use IPSec?We presume your environment may look like this How can I keep a tunnel alive? Can Prestige support IPSec passthrough?What is a Wireless LAN ? What are the advantages of Wireless LANs ?What are the disadvantages of Wireless LANs ? Where can you find wireless 802.11 networks ?What is an Access Point ? What is Ieee 802.11 ?What is 802.11b ? What is 802.11a ?What is 802.11g ? How fast is 802.11b ?What is Wi-Fi ? Does the 802.11 interfere with Bluetooth devices ?Can radio signals pass through walls ? What types of devices use the 2.4GHz Band ?What is Ad Hoc mode ? What is Infrastructure mode ?How many Access Points are required in a given area ? What is Direct-Sequence Spread Spectrum Technology Dsss ?What is Frequency-hopping Spread Spectrum Technology Fhss ? Why the 2.4 Ghz Frequency range ?What is Server Set ID Ssid ? What is an Essid ?What is WEP ? What is the difference between 40-bit and 64-bit WEP ?What is a WEP key ? Can the Ssid be encrypted ?What is 802.1x ? What is Wireless Sniffer?What are Insertion Attacks? What is Radius ? What is AAA ?What is WPA ? Trouble Shooting What is WPA-PSK?Online Trace TCP/IP \.P........p 0010 Urgent = 00A0C5921312 Source MAC Addr = 00A0C5012345 Network Type Be 2F FE EF D0 Window Size = 0x1DD5 7637 Checksum = 0x7A12 31250 Offline Trace TCP 0000 80 C8 A0-C5 0010 00 ED 0020 1B-18 FA F0 04-05 Prestige 224 Wed, 07 J Debug PPPoE Connection Example- a trace with system crashes Prestige 2602HWL-D3A Support Notes Prestige 2602HWL-D3A Support Notes LAN/WAN Packet Trace Ras sys trcl sw on ras sys trcd brief 0000 00 A0 C5 92 13 11 00 80-C8 4C EA 63 08 00 45 233 C0 A8 01 02 C0 1F @...y 0030 22 38 E8 ED 00 00 20 20-20 20 20 FB be 2F FE EF D0 CLI Command List