Manuals / Brands / Computer Equipment / Network Card / ZyXEL Communications / Computer Equipment / Network Card

ZyXEL Communications B-1000 6.1Wireless Security Overview, 6.2WEP Overview, 6.2.1 Data Encryption, Wireless Security, Figure 6-1ZyAIR Wireless Security Levels

1 231

Download 231 pages, 5.86 Mb

ZyAIR Access Point Series User’s Guide

Chapter 6

Wireless Security

This chapter describes how to use the MAC Filter, 802.1x, Local User Database and RADIUS to configure wireless security on your ZyAIR.

6.1Wireless Security Overview

Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.

The figure below shows the possible wireless security levels on your ZyAIR. The highest security level relies on EAP (Extensible Authentication Protocol) for authentication and utilizes dynamic WEP key exchange. It requires interaction with a RADIUS (Remote Authentication Dial-In User Service) server either on the WAN or your LAN to provide authentication service for wireless stations.

Figure 6-1 ZyAIR Wireless Security Levels

If you do not enable any wireless security on your ZyAIR, your network is accessible to any wireless networking device that is within range.

6.2WEP Overview

WEP (Wired Equivalent Privacy) as specified in the IEEE 802.11 standard provides methods for both data encryption and wireless station authentication.

6.2.1 Data Encryption

WEP provides a mechanism for encrypting data using encryption keys. Both the AP and the wireless stations must use the same WEP key to encrypt and decrypt data. Your ZyAIR allows you to configure up to four 64- bit or 128-bit WEP keys, but only one key can be enabled at any one time.

Wireless Security

6-1

Contents

User's Guide Copyright Federal Communications Commission (FCC) Interference Statement ZyXEL Limited Warranty Customer Support Table of Contents Page Chapter 10 Maintenance SMT CONFIGURATION Chapter 11 Introducing the SMT Chapter 15 VLAN Setup Chapter 16 SNMP Configuration Chapter 17 System Security Chapter 20 System Maintenance and Information APPENDICES A-1 Appendix B Brute-ForcePassword Guessing Protection Page List of Figures Page Page Page List of Tables Page Preface Control Panels Modem User Guide Feedback Part I: OVERVIEW Page 1.1Introducing the ZyAIR Access Point Series 1.2ZyAIR Features 10/100M Auto-negotiatingEthernet/Fast Ethernet Interface 10/100M Auto-crossoverEthernet/Fast Ethernet Interface Reset Button Brute-ForcePassword Guessing Protection ZyAIR LED Bridge/Repeater Power over Ethernet (PoE) Figure 1-1PoE Installation Example 802.11b Wireless LAN Standard Output Power Management Multiple ESS VLAN Limit the number of Client Connections SSL Passthrough Wireless LAN MAC Address Filtering IEEE 802.1x Network Security WDS Functionality Figure 1-2WDS Functionality Example SNMP 1.3Applications for the ZyAIR 1.3.1 Internet Access Application 1.3.2 Corporation Network Application Page 2.1Accessing the ZyAIR Web Configurator 2.2Resetting the ZyAIR 2.2.1 Method of Restoring Factory-Defaults 2.3Navigating the ZyAIR Web Configurator Page 3.1Wizard Setup Overview 3.1.1 Channel 3.1.2 ESS ID 3.1.3 WEP Encryption 3.2Wizard Setup: General Setup 3.3Wizard Setup: Wireless LAN Figure 3-2Wizard 2 : Wireless LAN Setup Table 3-2Wizard 2 : Wireless LAN Setup 3.4Wizard Setup: IP Address 3.4.1 IP Address Assignment 3.4.2 IP Address and Subnet Mask Figure 3-3Wizard 3 : IP Address Assignment Table 3-4Wizard 3 : IP Address Assignment You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again If you changed the ZyAIR's IP address, you must use the 3.5Basic Setup Complete Page Page Part II: SYSTEM, WIRELESS, VLAN AND IP Page 4.1System Overview 4.2Configuring General Setup 4.3Configuring Password 4.4Configuring Time Setting Figure 4-3Time Setting Table 4-3Time Setting Page Page 5.1Wireless LAN Overview 5.1.1 IBSS 5.1.2 BSS 5.1.3 ESS 5.2Wireless LAN Basics 5.2.1 RTS/CTS 5.2.2 Fragmentation Threshold 5.3Configuring Wireless Table 5-1Wireless If you are configuring the ZyAIR from a computer connected to the wireless LAN and you change the ZyAIR’s ESSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless 5.4Configuring Bridge Figure 5-8Bridge Loop: Bridge Connected to Wired LAN Bridge Figure 5-9Wireless : Bridge Table 5-2Wireless : Bridge 5.5Configuring Roaming 5.5.1 Requirements for Roaming Table 5-3Roaming All APs on the same subnet and the wireless stations must have the 6.1Wireless Security Overview 6.2WEP Overview 6.2.1 Data Encryption 6.2.2 Authentication 6.3Configuring WEP Encryption Table 6-1Wireless 6.4MAC Filter Figure 6-4MAC Address Filter Table 6-2MAC Address Filter 6.5802.1x Overview 6.6Introduction to RADIUS 6.6.1 EAP Authentication Overview 6.7Dynamic WEP Key Exchange 6.8Introduction to Local User Database 6.9Configuring Table 6-3802.1x Authentication If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has Page 6.10 Configuring Local User Database 6.11 Configuring RADIUS Table 6-5RADIUS Page 7.1Wireless LAN Infrastructures 7.1.1 Multiple ESS 7.1.2 Notes on Multiple-ESS 7.1.3 Multiple ESS Example 7.2VLAN 7.2.1 Management VLAN ID 7.2.2 Multi-ESSwith VLAN Example 7.3Configuring Multiple ESS Figure 7-3Wireless : Multiple ESS 7.3.1 Edit ESS Figure 7-4Wireless : Edit ESS Table 7-2Wireless : Edit ESS 7.3.2 MAC Filter Summary 7.4Configuring VLAN Figure 7-6VLAN Table 7-4VLAN Page 8.1Factory Ethernet Defaults 8.2TCP/IP Parameters 8.2.1 IP Address and Subnet Mask 8.2.2 WAN IP Address Assignment 8.3Configuring IP If you change the ZyAIR's IP address, you must use the Page Part III: LOGS 9.1Configuring View Log 9.2Configuring Log Settings Figure 9-2Log Settings Table 9-2Log Settings Page Page Part IV: MAINTENANCE Page 10.1 Maintenance Overview 10.2 System Status Screen 10.2.1 System Statistics 10.3 Wireless Screen 10.3.1 Association List 10.3.2 Channel Usage Figure 10-4Channel Usage (ZyAIR B-1000) Table 10-4Channel Usage (ZyAIR B-1000) Figure 10-5Channel Usage Table 10-5Channel Usage 10.4 F/W Upload Screen Table 10-6Firmware Upload Do not turn off the device while firmware upload is in progress Firmware Upload in Process Figure 10-7Firmware Upload In Process Figure 10-8Network Temporarily Disconnected 10.5 Configuration Screen 10.5.1 Backup Configuration 10.5.2 Restore Configuration Table 10-7Restore Configuration Do not turn off the device while configuration file upload is in progress Figure 10-12Configuration Upload Successful Figure 10-13Network Temporarily Disconnected 10.5.3 Back to Factory Defaults Figure 10-16Reset Warning Message Page Part V: SMT CONFIGURATION Page 11.1 Connect to your ZyAIR Using Telnet 11.2 Changing the System Password 11.3 ZyAIR SMT Menu Overview Example Figure 11-3ZyAIR B-3000SMT Menu Overview Example 11.4 Navigating the SMT Interface 11.4.1 System Management Terminal Interface Summary Page 12.1 General Setup 12.1.1 Procedure To Configure Menu Table 12-1Menu 1 General Setup 13.1 LAN Setup 13.2 TCP/IP Ethernet Setup 13.3 Wireless LAN Setup Figure 13-3Menu 3.5 Wireless LAN Setup Table 13-2Menu 3.5 Wireless LAN Setup Page 13.3.1 Configuring MAC Address Filter Figure 13-5Menu 3.5.1 WLAN MAC Address Filter Table 13-3Menu 3.5.1 WLAN MAC Address Filter 13.3.2 Configuring Roaming 13.3.3 Configuring Multiple ESS (for ZyAIR B-3000only) Figure 13-9Menu 3.5.3 Multiple ESS Configuration Table 13-5Menu 3.5.3 Multiple ESS Configuration Configuring an Extended Service Set ESS Menu 3.5.3.1 – ESS x Configuration Figure 13-10Menu 3.5.3.1 ESS x Configuration Table 13-6Menu 3.5.3.1 ESS x Configuration 13.3.4 Configuring Bridge Link (for ZyAIR B-3000only) Figure 13-12Menu 3.5.4 Bridge Link Configuration Table 13-7Menu 3.5.4 Bridge Link Configuration 14.1 Dial-inUser Setup Table 14-1Menu 14.1- Edit Dial-inUser 15.1 VLAN Setup Page 16.1 About SNMP 16.2 Supported MIBs 16.3 SNMP Configuration 16.4 SNMP Traps Table 16-2SNMP Traps Table 16-3Ports and Interface Types 17.1 System Security 17.1.1 System Password 17.1.2 Configuring External RADIUS Server Figure 17-3Menu 23.2 System Security : RADIUS Server Table 17-1Menu 23.2 System Security : RADIUS Server Menu23 – System Security Figure 17-4Menu 23 System Security Step 2. Enter 4 to display Menu 23.4 – System Security – IEEE802.1x Figure 17-5Menu 23.4 System Security : IEEE802.1x Table 17-2Menu 23.4 System Security : IEEE802.1x Page Page 18.1 System Status Figure 18-2Menu 24.1 System Maintenance : Status Table 18-1Menu 24.1 System Maintenance : Status 18.2 System Information 18.2.1 System Information 18.2.2 Console Port Speed 18.3 Log and Trace 18.3.1 Viewing Error Log 18.4 Diagnostic Figure 18-8Menu 24.4 System Maintenance : Diagnostic Diagnostic Table 18-3Menu 24.4 System Maintenance Menu : Diagnostic Page Page Page Page Page Page Page Page Page Page 20.1 Command Interpreter Mode 20.2 Time and Date Setting 20.2.1 Resetting the Time Page Part VI: APPENDICES Page Problems Starting Up the ZyAIR Problems with the Ethernet Interface Problems with the Password Problems with Telnet Problems with the WLAN Interface Page Appendix B Brute-ForcePassword Guessing Protection Chart B-1 Brute-ForcePassword Guessing Protection Commands Page Windows 95/98/Me Properties Page Windows 2000/NT/XP Page Page Page Macintosh OS 8/9 Page Macintosh OS Page Page Benefits of a Wireless LAN IEEE Ad-hocWireless LAN Configuration Infrastructure Wireless LAN Configuration Diagram D-2ESS Provides Campus-WideCoverage Page Security Flaws with IEEE Deployment Issues with IEEE Advantages of the IEEE Diagram E-1Sequences for EAP MD5–ChallengeAuthentication EAP-MD5 (Message-DigestAlgorithm 5) EAP-TLS(Transport Layer Security) EAP-TTLS(Tunneled Transport Layer Service) PEAP (Protected EAP) Comparison of EAP Authentication Types Appendix G Power over Ethernet Specifications Chart 1 Power over Ethernet Injector Specifications Chart G-2Power over Ethernet Injector RJ-45Port Pin Assignments PIN NO Page Antenna Characteristics Frequency Radiation Pattern Antenna Gain Types of Antennas For WLAN Connector Type PPPoE in Action Benefits of PPPoE Traditional Dial-upScenario How PPPoE Works ZyAIR as a PPPoE Client What is PPTP How can we transport PPP frames from a PC to a broadband modem over Ethernet PPTP and the ZyAIR PPTP Protocol Overview Control & PPP connections Call Connection PPP Data Connection Page IP Addressing IP Classes Subnet Masks Subnetting Example: Two Subnets Page Example: Four Subnets Example Eight Subnets Subnetting With Class A and Class B Networks Page Command Syntax Command Usage Page Introduction Display NetBIOS Filter Settings NetBIOS Filter Configuration Appendix N Log Descriptions Chart N-1System Error Logs Chart N-2System Maintenance Logs Chart N-3ICMP Notes Log Commands Log Command Example Page Page Appendix O Power Adaptor Specifications Page Appendix P Index