ZyXEL Communications 662HW 6.3 802.1x and WPA Overview, 6.4 Network Address Translation Overview

6.3 802.1x and WPA Overview

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption. WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. You can’t use the Prestige’s local user database for WPA authentication purposes since the local user database uses MD5 EAP which cannot be used to generate keys.

WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.

To change your Prestige’s authentication settings, click the Wireless LAN link under Advanced Setup and then the 802.1x/WPA tab. The screen varies by the wireless port control and key management protocol you select.

6.4 Network Address Translation Overview

NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network.

If you have a single public IP address then select SUA Only in the NAT-Modescreen (see Figure 16). If you have multiple public IP addresses then you may use full feature mapping types (see the User’s Guide for more details).

NAT supports five types of IP/port mapping. They are:

1.One-to-One: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for One-to-one NAT mapping type.

26