Manuals / Brands / Computer Equipment / Network Card / ZyXEL Communications / Computer Equipment / Network Card

ZyXEL Communications B-2000 4.3.3 Sequence for EAP Authentication, Step, Step, Step, Step, •Access-Accept, •Access-Challenge, •Accounting-Request, •Accounting-Response

1 204

Download 204 pages, 4.48 Mb

ZyAIR B-2000 Wireless LAN Gateway with 4-Port Switch

•Access-Accept

Sent by a RADIUS server allowing access.

•Access-Challenge

Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message.

The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting:

•Accounting-Request

Sent by the access point requesting accounting.

•Accounting-Response

Sent by the RADIUS server to indicate that it has started or stopped accounting.

In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access.

4.3.3 Sequence for EAP Authentication

The following figure shows the authentication steps when you enable EAP and specify a RADIUS server on your access point.

Figure 4-3 Sequence for EAP Authentication

The steps below describe how the IEEE 802.1X EAP authentication works. Step 1. The wireless client sents a “request” message to the ZyAIR..

Step 2. The ZyAIR sends a “request” message to the wireless client for identity information. Step 3. The wireless client replies with the password and username information.

Step 4. The ZyAIR receives the message and repackets this information into an Access-Request package which is then sent to the remote RADIUS server (or the Authentication server).

4-4	Wireless LAN Security Setup

Contents

Page Copyright Federal Communications Commission (FCC) Interference Statement ZyXEL Limited Warranty Customer Support Table of Contents Chapter 3 Internet Access Chapter 5 Remote Node Configuration Chapter 8 SNMP Configuration Chapter 11 System Maintenance and Information Chapter 12 Call Scheduling ADDITIONAL INFORMATION Appendix A Wireless LAN and IEEE Appendix B Wireless LAN With IEEE802.1x List of Figures Page Page Page List of Tables List of Diagrams Preface Syntax Conventions Bold Times New Roman Bold Arial Part I: GETTING STARTED Page Getting To Know Your ZyAIR 1.1ZyAIR B-2000Wireless LAN Gateway with 4-PortSwitch 1.2Features of the ZyAIR Wireless LAN MAC Address Filtering IEEE 802.1x for Network Security EAP (RFC2284) RADIUS (RFC2138, 2139) PPPoE Support (RFC2516) DHCP Support Multicast Network Management Diagnostics Capabilities 1.3Application for the ZyAIR 1.3.1 Broadband Internet Access via Cable or DSL modem Hardware Installation and Initial Setup 2.1Front Panel LEDs of the ZyAIR Table 2-1Front Panel LED Description 2.2Side Panel and Connections of the ZyAIR 2.2.1 WAN Port 2.2.2 Four LAN 10/100M Ports 2.2.3 Console Port 2.2.4 Restore Factory Defaults/Reset Button 2.2.5 Power Port 2.2.6 F.G. (Frame Ground) 2.2.7 Antennas 2.3Hardware Mounting Options 2.4Additional Installation Requirements 2.5ZyAIR Configuration 2.5.1Connect to Your ZyAIR Using the Web Configurator 2.5.2 Connect to your ZyAIR Using Telnet 2.5.3 Connect to Your ZyAIR Using the Console Port 2.5.4 Initial Screen 2.5.5 Entering Password 2.6Resetting the ZyAIR 2.6.1 Methods of Restoring Factory-Defaults 2.6.2 ZyAIR SMT Menu Overview Figure 2-5ZyAIR SMT Menu Overview 2.7Navigating the SMT Interface 2.7.1 System Management Terminal Interface Summary 2.8Changing the System Password 2.9General Setup 2.9.1 Dynamic DNS 2.9.2 Procedure To Configure Menu 2.9.3 Procedure to Configure Dynamic DNS 2.10 WAN Setup 2.11 LAN Setup 2.11.1 General Ethernet Port Filter Setup Page Internet Access 3.1Factory Ethernet Defaults 3.2LANs and WANs 3.2.1 LANs, WANs and the ZyAIR 3.3TCP/IP Parameters 3.3.1 IP Address and Subnet Mask 3.3.2 Private IP Addresses 3.3.3 RIP Setup 3.3.4 DHCP Configuration 3.4IP Multicast 3.5TCP/IP Ethernet and DHCP Setup Figure 3-2Menu 3.2 – TCP/IP and DHCP Ethernet Setup Table 3-1DHCP Ethernet Setup Menu Fields 3.6IP Alias 3.6.1 IP Alias Setup Figure 3-6Menu 3.2.1-IPAlias Setup Table 3-3IP Alias Setup Menu Fields 3.7Encapsulation 3.7.1 Ethernet 3.7.2 PPPoE 3.7.3 PPTP 3.8IP Address Assignment 3.9Internet Access Configuration 3.10 Internet Access Setup 3.11 Wireless LAN 3.11.1 Wireless LAN Parameters ESS ID RTS Threshold Figure 3-8RTS Threshold 3.11.2 Wireless LAN Setup 3.11.3 Roaming 3.11.4 Requirements for Roaming 3.11.5 Enable the Roaming Feature on the ZyAIR Table 3-7Roaming Configuration Field Descriptions Part II: ADVANCED APPLICATIONS Page Wireless LAN Security Setup 4.1Levels of Security 4.2Data Encryption with WEP Menu 3 – Lan Setup Step 2. Enter 5 to display Menu 3.5 – Wireless LAN Setup Figure 4-2Wireless LAN Setup Table 4-1Wireless LAN Setup Field Description 4.3Network Authentication 4.3.1 EAP 4.3.2 RADIUS 4.3.3 Sequence for EAP Authentication 4.3.4 Enable EAP Authentication on Your ZyAIR 4.3.5 Configuring External RADIUS Server 4.4Creating User Accounts on the ZyAIR 4.5MAC Address Filtering Figure 4-9Menu 3.5 – Wireless LAN Setup Edit MAC Address Filtering Menu 3.5.1 – WLAN MAC Address Filter Figure 4-10Menu 3.5.1 – WLAN MAC Address Filter Table 4-5MAC Address Filter Field Description Remote Node Configuration 5.1Remote Node Profile 5.1.1 Encapsulation Scenarios Figure 5-1Menu 11.1 - Remote Node Profile Menu 11.1 – Remote Node Profile Table 5-1Remote Node Profile Menu Fields Page 5.1.2 Outgoing Authentication Protocol 5.1.3 Remote Node Setup Edit IP Remote Node Network Layer Options Figure 5-2Remote Node Network Layer Options Table 5-2Remote Node Network Layer Options 5.2Remote Node Filter 5.2.1 IP Static Route Setup Figure 5-5Sample Static Routing Topology Configuration Static Route Setup Figure 5-6Menu 12.1 - IP Static Route Setup Figure 5-7Edit IP Static Route Menu 12.1 - Edit IP Static Route Setup Table 5-3Edit IP Static Route Menu Fields Page Network Address Translation (NAT) 6.1Introduction 6.1.1 NAT Definitions 6.1.2 What NAT Does 6.1.3 How NAT Works 6.1.4 NAT Application 6.1.5 NAT Mapping Types Server Port numbers do not change for One-to-One and Many One-to-One NAT mapping types Table 6-2NAT Mapping Types 6.2Using NAT 6.2.1 SUA (Single User Account) Versus NAT 6.2.2 Applying NAT 6.3NAT Setup 6.3.1 Address Mapping Sets Figure 6-7Menu 15.1.255 - SUA Address Mapping Rules Table 6-4SUA Address Mapping Rules User-DefinedAddress Mapping Sets Select Rule Set Name Figure 6-8Menu 15.1.1 - First Set Table 6-5Fields in Menu 6.3.2Configuring Individual Rule 6.4NAT Server Sets – Port Forwarding 6.4.1 Configuring a Server behind NAT Figure 6-10Menu 15.2 - NAT Server Setup Start Port No End Port No Figure 6-11Multiple Servers Behind NAT Example 6.5General NAT Examples 6.5.1 Example 1: Internet Access Only 6.5.2 Example 2: Internet Access with an Inside Server 6.5.3 Example 3: Multiple Public IP Addresses With Inside Servers Menu 15.1 - Address Mapping Sets Figure 6-17Example 3: Menu Edit Action Start IP Figure 6-18Example 3: Menu Figure 6-19Example 3: Final Menu Example 3: Menu 6.5.4 Example 4: NAT Unfriendly Application Programs Figure 6-22Example 4: Menu Part III: ADVANCED MANAGEMENT Page Filter Configuration 7.1About Filtering Filter Rule 7.2Configuring a Filter Set Figure 7-4NetBIOS_WAN Filter Rules Summary Figure 7-5NetBIOS_LAN Filter Rules Summary Figure 7-6TEL_FTP_WEB_WAN Filter Rules Summary 7.2.1 Filter Rules Summary Menus 7.3Configuring a Filter Rule 7.3.1 TCP/IP Filter Rule Page Table 7-3TCP/IP Filter Rule Menu Fields Page Figure 7-8Executing an IP Filter 7.3.2 Generic Filter Rule 7.4Filter Types and NAT 7.5Example Filter Edit Comments TCP/IP Filter Rule Figure 7-12Sample Filter – Menu 7.6Applying Filters and Factory Defaults 7.6.1 Ethernet Traffic 7.6.2 Remote Node Filters SNMP Configuration 8.1About SNMP 8.2Supported MIBs 8.3SNMP Configuration 8.4SNMP Traps Table 8-2SNMP Traps Table 8-3Ports and Permanent Virtual Circuits System Information and Diagnosis 9.1System Status Figure 9-2Menu 24.1 – System Maintenance – Status Table 9-1System Maintenance – Status Menu Fields 9.2System Information 9.2.1 System Information 9.2.2 Console Port Speed 9.3Log and Trace 9.3.1 Viewing Error Log 9.3.2 UNIX Syslog Figure 9-8Menu 24.3.2 – System Maintenance – Syslog Table 9-3System Maintenance Menu – Syslog Parameters 9.3.3 Call-TriggeringPacket 9.4Diagnostic Page Firmware and Configuration File Maintenance 10.1 Filename Conventions 10.2 Backup Configuration 10.2.1 Backup Configuration 10.2.2 Using the FTP Command from the Command Line 10.2.3 Example of FTP Commands from the Command Line 10.2.4 GUI-basedFTP Clients 10.2.5 TFTP and FTP over WAN Will Not Work When 10.2.6 Backup Configuration Using TFTP 10.2.7 TFTP Command Example 10.2.8 GUI-basedTFTP Clients 10.2.9 Backup Via Console Port 10.3 Restore Configuration 10.3.1 Restore Using FTP 10.3.2 Restore Using FTP Session Example 10.3.3 Restore Via Console Port 10.4 Uploading Firmware and Configuration Files 10.4.1 Firmware File Upload 10.4.2 Configuration File Upload 10.4.3 FTP File Upload Command from the DOS Prompt Example 10.4.4 FTP Session Example of Firmware File Upload 10.4.5 TFTP File Upload 10.4.6 TFTP Upload Command Example 10.4.7 Uploading Via Console Port 10.4.8 Uploading Firmware File Via Console Port 10.4.9 Example Xmodem Firmware Upload Using HyperTerminal 10.4.10Uploading Configuration File Via Console Port 10.4.11Example Xmodem Configuration Upload Using HyperTerminal Figure 10-19Example Xmodem Upload System Maintenance and Information 11.1 Command Interpreter Mode 11.2 Time and Date Setting 11.2.1 Resetting the Time Page Call Scheduling 12.1 Introduction To delete a schedule set, enter the set number and press [SPACE BAR] and then [ENTER] (or delete) in the Edit Name field Menu 26.1 - Schedule Set Setup Figure 12-2Schedule Set Setup Duration Main Menu PPPoE PPTP Encapsulation Figure 12-3Applying Schedule Set(s) to a Remote Node (PPTP) Remote Management 13.1 Telnet 13.2 FTP 13.3 Web 13.4 Remote Management 13.4.1 Remote Management Setup 13.4.2 Remote Management Limitations 13.5 Remote Management and NAT 13.6 System Timeout Part: ADDITIONAL INFORMATION Page Troubleshooting 14.1 Problem Starting Up the ZyAIR 14.2 Problem with the Password 14.3 Problem with the Ethernet Interface 14.4 Problem with the WAN Interface 14.5 Problem with Internet Access 14.6 Problem with Telnet Page Appendix A Wireless LAN and IEEE Diagram 1 Peer-to-PeerCommunication in an Ad-hocNetwork Infrastructure Wireless LAN Configuration Diagram 2 ESS Provides Campus-WideCoverage Page Appendix B Wireless LAN With IEEE802.1x Diagram 3 Sequences for EAP MD5-ChallengeAuthentication Appendix C Antenna Selection and Positioning Recommendation Positioning Antennas Appendix D PPPoE How PPPoE Works The ZyAIR as a PPPoE Client Diagram 5 ZyAIR as a PPPoE Client Appendix E PPTP PPTP Protocol Overview Diagram 7 PPTP Protocol Overview Control and PPP Connections Call Connection Diagram 8 Example Message Exchange between PC and an ANT PPP Data Connection Page Appendix F TCP/IP Client Client for Microsoft Networks Configuring TCP/IP Obtain an IP address automatically Specify an IP address Setting up Your Windows NT/2000 Computer Internet Protocol (TCP/IP) 3.The Internet Protocol TCP/IP Properties window opens Subnet mask Default gateway 4.The Internet Protocol TCP/IP Properties window opens Use the following IP Address -Inthe IP Settings tab, in IP addresses, click Add TCP/IP Address Default gateways Setting up Your Macintosh Computer Configuring TCP/IP Properties Ethernet Connect via Using DHCP Server Page Appendix G IP Subnetting Chart 2 Allowed IP Address Range By Class Subnet Masks Chart 3 “Natural” Masks Subnetting Chart 4 Alternative Subnet Mask Notation Example: Two Subnets Chart 5 Subnet Chart 6 Subnet Example: Four Subnets Chart 7 Subnet Chart 8 Subnet Chart 9 Subnet Chart 10 Subnet More Subnets Chart 11 Class C Subnet Planning Subnetting With Class A and Class B Networks Chart 12 Class B Subnet Planning Page Appendix H Power Adapter Specifications Page Index