G-1000 User’s Guide, System Security, Field

G-1000 User’s Guide

Table 49 Menu 23.4 System Security: IEEE802.1x

FIELD	DESCRIPTION

Dynamic WEP Key	This field is activated only when you select Authentication Required in the
Exchange	Wireless Port Control field. Also set the Authentication Databases field to
	RADIUS Only. Local user database may not be used.
	Select Disable to allow wireless stations to communicate with the access
	points without using dynamic WEP key exchange.
	Select 64-bit WEP or 128-bit WEP to enable data encryption.
	Up to 32 stations can access the G-1000 when you configure dynamic WEP
	key exchange.
PSK	Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including
	spaces and symbols) when you select WPA-PSKin the Key Management
	Protocol field.
WPA Mixed Mode	Select Enable to activate WPA mixed mode. Otherwise, select Disable and
	configure Data Privacy for Broadcast/Multicast packets field.
WPA Broadcast/	The WPA Broadcast/Multicast Key Update Timer is the rate at which the AP
Multicast Key Update	(if using WPA-PSKkey management) or RADIUS server (if using WPA key
Timer	management) sends a new group key out to all clients. The re-keying process
	is the WPA equivalent of automatically changing the WEP key for an AP and all
	stations in a WLAN on a periodic basis. Setting of the WPA Broadcast/
	Multicast Key Update Timer is also supported in WPA-PSK mode. The G-
	1000 default is 1800 seconds (30 minutes).
Authentication	The authentication database contains wireless station login information. The
Databases	local user database is the built-in database on the G-1000. The RADIUS is an
	external server. Use this field to decide which database the G-1000 should use
	(first) to authenticate a wireless station.
	Before you specify the priority, make sure you have set up the corresponding
	database correctly first.
	When you configure Key Management Protocol to WPA, the Authentication
	Databases must be RADIUS Only. You can only use the Local User
	Database with 802.1x Key Management Protocol.
	Select Local User Database Only to have the G-1000 just check the built-in
	user database on the G-1000 for a wireless station's username and password.
	Select RADIUS Only to have the G-1000 just check the user database on the
	specified RADIUS server for a wireless station's username and password.
	Select Local first, then RADIUS to have the G-1000 first check the user
	database on the G-1000 for a wireless station's username and password. If the
	user name is not found, the G-1000 then checks the user database on the
	specified RADIUS server.
	Select RADIUS first, then Local to have the G-1000 first check the user
	database on the specified RADIUS server for a wireless station's username and
	password. If the G-1000 cannot reach the RADIUS server, the G-1000 then
	checks the local user database on the G-1000. When the user name is not
	found or password does not match in the RADIUS server, the G-1000 will not
	check the local user database and the authentication fails.

When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.

Once you enable user authentication, you need to specify an external RADIUS server or create local user accounts on the G-1000 for authentication

116	Chapter 16 System Security

ZyXEL Communications manual G-1000 User’s Guide, Menu 23.4 System Security IEEE802.1x, Field

Models: G-1000

Protocol field.

configure Data Privacy for Broadcast/Multicast packets field.

When you configure Key Management Protocol to WPA, the Authentication

Databases must be RADIUS Only. You can only use the Local User

Database with 802.1x Key Management Protocol.