Manuals / ZyXEL Communications / Computer Equipment / Network Card

ZyXEL Communications G-1000 Wireless LAN, Introduction, Wireless Security Overview, Encryption

Models: G-1000

1 192

Download 192 pages 21.42 Kb

Page 50

G-1000 User’s Guide

CH A P T E R 6

Wireless LAN

This chapter discusses how to configure Wireless LAN.

6.1 Introduction

A wireless LAN (WLAN) can be as simple as two computers with WLAN adapters communicating in a peer-to-peer network or as complex as a number of computers with WLAN adapters communicating through access points which bridge network traffic to the wired LAN.

Note: See the WLAN appendix for more detailed information on WLANs.

6.2 Wireless Security Overview

Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.

Wireless security methods available on the G-1000 are data encryption, wireless client authentication, restricting access by device MAC address and hiding the G-1000 identity.

6.2.1Encryption

•Use WPA(2) security if you have WPA(2)-aware wireless clients and a RADIUS server. WPA(2) has user authentication and improved data encryption over WEP.

•Use WPA(2)-PSK if you have WPA(2)-aware wireless clients but no RADIUS server.

•If you don’t have WPA(2)-aware wireless clients, then use WEP key encrypting. A higher bit key offers better security at a throughput trade-off. You can enter 64-bit or 128- bit WEP keys.

6.2.2Authentication

WPA has user authentication and you can also configure IEEE 802.1x to use the built-in database (Local User Database) or a RADIUS server to authenticate wireless clients before joining your network.

•Use RADIUS authentication if you have a RADIUS server. See the appendices for information on protocols used when a client authenticates with a RADIUS server via the G-1000.

50	Chapter 6 Wireless LAN

Image 50

ZyXEL Communications G-1000 manual Wireless LAN, Introduction, Wireless Security Overview, Encryption, Authentication

Contents

User’s Guide 802.11g Wireless Access PointG-1000 Trademarks CopyrightDisclaimer Federal Communications Commission FCC Interference Statement Information for Canadian UsersCertifications Safety Warnings ZyXEL Limited Warranty Brief description of the problem and the steps you took to solve it Customer SupportProduct model and serial number Warranty Information Date that you received your deviceG-1000 User’s Guide Customer SupportG-1000 User’s Guide Customer SupportZyXEL Limited Warranty Table of ContentsSafety Warnings CopyrightG-1000 User’s Guide Chapter Wireless LANRemote Management Screens ChapterChapter MaintenanceGeneral Setup ChapterSystem Password Appendix B G-1000 User’s Guide List of FiguresFigure 6 The MAIN MENU Screen of the Web Configurator Figure 37 System Status Show Statistics Figure 80 Menu 24 System Maintenance G-1000 User’s Guide List of Tables G-1000 User’s GuideTable 37 Restore Configuration Table 80 Subnet G-1000 User’s Guide Related Documentation PrefaceAbout This Users Guide Graphics Icons Key User Guide FeedbackSyntax Conventions 1.2.1.3 Reset Button 1.2 G-1000 Features1.2.1 Physical Features Getting to Know Your G-10001.2.2.3 802.11b Wireless LAN Standard 1.2.2 Firmware Features1.2.2.2 Wi-Fi Protected Access 1.2.1.4 G-1000 LED1.2.2.8 Wireless LAN MAC Address Filtering 1.2.2.4 802.11g Wireless LAN Standard1.2.2.7 Brute-Force Password Guessing Protection 1.2.2.5 STP Spanning Tree Protocol / RSTP Rapid STP1.2.2.10 IEEE 802.1x Network Security 1.2.2.15 Wireless Association List1.3 Applications for the G-1000 1.2.2.11 SNMP1.3.1 Internet Access Application 1.3.2 Corporation Network ApplicationG-1000 User’s Guide Chapter 1 Getting to Know Your G-1000CH A P T E R Hardware Installation and Initial Setup2.1 Front Panel of the G-1000 G-1000 User’s Guide Table 3 Front Panel LED Description 2.2 Top Panel and Connections of the G-1000Chapter 2 Hardware Installation and Initial Setup COLOR2.2.1 One 10/100M Ethernet Port 2.2.2 Power Port2.2.3 The RESET Button 2.3 Hardware Mounting Options 2.4 Additional Installation Requirements2.5 Configuring Your G-1000 2.2.4 AntennasCH A P T E R Introducing the Web Configurator3.1 Accessing the G-1000 Web Configurator 3.2 Resetting the G-1000 3.2.1 Procedure To Use The Reset Button3.3 Navigating the G-1000 Web Configurator 3.2.2 Method of Restoring Factory-DefaultsClick LOGOUT at any time to exit the web configurator 4.1.1 Channel Wizard Setup4.1 Wizard Setup Overview 4.1.2 ESS IDFigure 7 Wizard 1 General Setup 4.2 Wizard Setup General Setup4.3 Wizard Setup Wireless LAN Table 5 Wizard 1 General SetupFigure 8 Wizard 2 Wireless LAN Setup Note This field is only available when you have an externalwireless card inserted in the G-1000 Table 6 Wizard 2 Wireless LAN Setup4.4.2 IP Address and Subnet Mask 4.4 Wizard Setup IP Address4.4.1 IP Address Assignment Note You must know the IP address assigned to the G-1000 by the DHCP server to access the G-1000 againthe new IP address if you want to access the web configurator Note If you changed the G-1000s IP address, you must useBack Finish 4.5 Basic Setup CompleteClick Finish to proceed to complete the Wizard setup Click Back to return to the previous screen5.1 System Overview 5.2 Configuring General SetupSystem Screens Figure 11 System General SetupTable 10 Password 5.3 Configuring PasswordFigure 12 Password Table 11 Time Setting 5.4 Configuring Time SettingFigure 13 Time Setting G-1000 User’s GuideChapter 5 System Screens Table 11 Time SettingG-1000 User’s Guide LABEL6.2.2 Authentication Wireless LAN6.2 Wireless Security Overview 6.1 Introduction6.2.4 Hide G-1000 Identity 6.2.3 Restricted Access6.2.5 Configuring Wireless LAN on the G-1000 6.3 Configuring the Wireless Screen 6.3.1 WEP Encryptionsettings, you will lose your wireless connection when you press Note If you are configuring the G-1000 from a computer connectedto the wireless LAN and you change the G-1000’s ESSID or WEP Apply to confirm. You must then change the wireless settings of yourG-1000 User’s Guide Table 13 WirelessChapter 6 Wireless LAN LABEL6.4 Configuring Roaming 6.4.1 Requirements for Roaming have the same ESSID to allow roaming 6.5 MAC FilterNote All APs on the same subnet and the wireless stations must Figure 17 MAC Address Filter Chapter 6 Wireless LANG-1000 User’s Guide Table 15 MAC Address Filter6.6 Introduction to WPA 6.6.1 WPA2-PSK Application Example6.6.2 WPA2 with RADIUS Application Example 6.7 Configuring IEEE 802.1x and WPA 6.6.3 Wireless Client WPA Supplicants6.7.1 Authentication Required Figure 21 Wireless LAN 802.1x/WPA for 802.1x Protocol Note If wireless station authentication is done using a RADIUSserver, the reauthentication timer on the RADIUS server has Table 17 Wireless LAN 802.1x/WPA for 802.1x ProtocolChapter 6 Wireless LAN 6.7.2 Authentication Required WPATable 17 Wireless LAN 802.1x/WPA for 802.1x Protocol G-1000 User’s Guide6.7.3 Authentication Required WPA-PSK Table 19 Wireless LAN 802.1x/WPA for WPA-PSK Protocol 6.7.4 Authentication Required WPA2Figure 23 Wireless LAN 802.1x/WPA for WPA-PSK Protocol Chapter 6 Wireless LAN6.7.5 Authentication Required WPA2-PSK 6.8 Configuring RADIUS Figure 26 RADIUS Screen Chapter 6 Wireless LANG-1000 User’s Guide Table 22 RADIUS Screen7.1.1 IP Address and Subnet Mask IP Screen7.1 TCP/IP Parameters 7.1.2 WAN IP Address Assignmentnew IP address if you want to access the web configurator 7.2 Configuring IPby the DHCP server to access the G-1000 again Figure 27 IP Setup8.1.1 Remote Management Limitations Remote Management Screens8.1 Remote Management Overview CH A P T E R8.1.2 Remote Management and NAT 8.2 Configuring WWW8.1.3 System Timeout 8.3 Configuring Telnet 8.4 Configuring TELNET8.5 Configuring FTP 8.6 SNMP Note SNMP is only available if TCP/IP is configuredGet - Allows the manager to retrieve an object variable from the agent G-1000 User’s Guide 8.6.1 Supported MIBs8.6.2 SNMP Traps Table 28 SNMP TrapsSNMP Configuration 8.6.4 Configuring SNMP8.6.3 SNMP Interface Index enet0Chapter 8 Remote Management Screens G-1000 User’s GuideTable 30 Remote Management SNMP LABELG-1000 User’s Guide Chapter 8 Remote Management ScreensCH A P T E R 9.1 Configuring View LogLog Screens Table 31 View Log 9.2 Configuring Log SettingsFigure 34 View Log G-1000 User’s Guide Figure 35 Log SettingsTable 32 Log Settings Chapter 9 Log ScreensChapter 9 Log Screens Table 32 Log SettingsG-1000 User’s Guide LABEL10.2 System Status Screen Maintenance10.1 Maintenance Overview CH A P T E R10.3 Association List 10.2.1 System StatisticsG-1000 User’s Guide 10.4 F/W Upload ScreenChapter 10 Maintenance Figure 38 Association ListFigure 40 Firmware Upload In Process Note Do not turn off the G-1000 while firmware upload is in progressFigure 39 Firmware Upload Figure 41 Network Temporarily Disconnected 10.5 Configuration ScreenFigure 42 Firmware Upload Error Figure 43 Configuration 10.5.1 Backup Configuration10.5.2 Restore Configuration Figure 44 Configuration Upload Successful Figure 45 Network Temporarily Disconnected10.5.3 Back to Factory Defaults 10.6 Restart ScreenIntroducing the SMT 11.1 Connect to your G-1000 Using Telnet11.2 Changing the System Password CH A P T E R11.3 G-1000 SMT Menus Overview Figure 50 Menu 23.1 System Security Change PasswordG-1000 User’s Guide Table 38 SMT Menus Overview continued 11.4 Navigating the SMT InterfaceTable 39 Main Menu Commands Chapter 11 Introducing the SMTFigure 51 G-1000 SMT Main Menu Table 39 Main Menu CommandsG-1000 User’s Guide Table 40 Main Menu SummaryGeneral Setup CH A P T E RG-1000 User’s Guide Table 41 Menu 1 General SetupChapter 12 General Setup FIELD13.2 TCP/IP Ethernet Setup LAN Setup13.1 LAN Setup CH A P T E R13.3 Wireless LAN Setup Figure 54 Menu 3.2 TCP/IP SetupChapter 13 LAN Setup G-1000 User’s Guide Figure 55 Menu 3.5 Wireless LAN SetupTable 43 Menu 3.5 Wireless LAN Setup FIELDChapter 13 LAN Setup 13.3.1 Configuring MAC Address FilterTable 43 Menu 3.5 Wireless LAN Setup ConfigurationChapter 13 LAN Setup 2 Enter 5 to display Menu 3.5 - Wireless LAN SetupFigure 56 Menu 3.5 Wireless LAN Setup ENTER. Menu 3.5.1 - WLAN MAC Address Filter displays as shown nextFigure 58 Menu 3.5 Wireless LAN Setup 13.3.2 Configuring Roaming2 Enter 5 to display Menu 3.5 - Wireless LAN Setup Chapter 13 LAN SetupChapter 13 LAN Setup Figure 59 WLAN Roaming ConfigurationTable 45 Menu 3.5.4 Bridge Link Configuration G-1000 User’s GuideChapter 13 LAN Setup G-1000 User’s GuideDial-in User Setup CH A P T E RFigure 61 Menu 14.1- Edit Dial-in User Chapter 14 Dial-in User SetupG-1000 User’s Guide Table 46 Menu 14.1- Edit Dial-in UserTable 47 Menu 22 SNMP Configuration SNMP ConfigurationFigure 62 Menu 22 SNMP Configuration Chapter 15 SNMP ConfigurationChapter 15 SNMP Configuration G-1000 User’s GuideSystem Security 16.1 System Password16.2 Configuring External RADIUS Server CH A P T E RChapter 16 System Security G-1000 User’s Guide Figure 65 Menu 23.2 System Security RADIUS ServerTable 48 Menu 23.2 System Security RADIUS Server FIELD16.3 2 Enter 4 to display Menu 23.4 - System Security - IEEE802.1xTable 49 Menu 23.4 System Security IEEE802.1x Required or No Access AllowedG-1000 User’s Guide Figure 67 Menu 23.4 System Security IEEE802.1x Chapter 16 System SecurityG-1000 User’s Guide configure Data Privacy for Broadcast/Multicast packets fieldWhen you configure Key Management Protocol to WPA, the Authentication Table 49 Menu 23.4 System Security IEEE802.1xG-1000 User’s Guide Chapter 16 System SecurityCH A P T E R System Information and Diagnosis17.1 System Status Figure 69 Menu 24.1 System Maintenance Status 17.2 System Information1 Enter 24 to display Menu 24 - System Maintenance Table 50 Menu 24.1 System Maintenance StatusMenu 1 - General Setup 17.2.1 System InformationTable 51 Menu 24.2.1 System Maintenance Information G-1000 User’s Guide17.3 Diagnostic 17.2.2 Console Port SpeedFollow the procedure next to get to display this menu G-1000 User’s Guide Chapter 17 System Information and DiagnosisCH A P T E R Firmware and Configuration File Maintenance18.1 Filename Conventions 18.2 Backup Configuration 18.2.1 Backup Configuration Using FTP18.2.2 Using the FTP command from the DOS Prompt 18.2.3 Backup Configuration Using TFTP Figure 75 FTP Session Example18.2.4 Example TFTP Command 18.2.5 Backup Via Console Port1 Display menu 24.5 and enter “y” at the following screen CH A P T E R System Maintenance and Information19.1 Command Interpreter Mode Figure 81 Valid CI Commands 19.2 Time and Date SettingFigure 80 Menu 24 System Maintenance Chapter 19 System Maintenance and Information Figure 82 Menu 24.10 System Maintenance Time and Date SettingTable 56 System Maintenance Time and Date Setting G-1000 User’s Guide19.3.1 Telnet 19.3 Remote Management Setup19.3.4 Remote Management Setup 19.3.2 FTPLAN only , WAN only , All or Disable . The default is LAN only 19.3.5 Remote Management LimitationsChapter 19 System Maintenance and Information G-1000 User’s Guide19.5 System Timeout 19.4 Remote Management and NATProblems with the Ethernet Interface TroubleshootingProblems Starting Up the G-1000 Appendix AProblems with the WLAN Interface Problems with the PasswordProblems with Telnet Table 61 Troubleshooting the PasswordHardware SpecificationsAppendix B FirmwareSpecifications G-1000 User’s Guide Table 65 Firmware continuedExample Brute-Force Password Guessing ProtectionAppendix C Brute-Force Password Guessing Protection G-1000 User’s GuideAppendix D Setting up Your Computer’s IP Address Windows 95/98/MeInstalling Components Configuring Verifying Settings Windows 2000/NT/XPG-1000 User’s Guide Setting up Your Computer’s IP Address3 Right-click Local Area Connection and then click Properties Figure 88 Windows XP Start MenuPage In the IP Settings tab, in IP addresses, click Add 1 Click Start, All Programs, Accessories and then Command Prompt Macintosh OS 8/9Verifying Settings 8 Click OK to close the Internet Protocol TCP/IP Properties windowG-1000 User’s Guide Setting up Your Computer’s IP Address2 Select Ethernet built-in from the Connect via list Figure 94 Macintosh OS 8/9 Apple Menu5 Close the TCP/IP Control Panel Macintosh OSVerifying Settings Select Built-in Ethernet from the Show listVerifying Settings Setting up Your Computer’s IP Address G-1000 User’s GuideIP Address Assignment Conflicts Case A The G-1000 is using the same LAN and WAN IP addressesAppendix E Figure 100 IP Address Conflicts Case C Case D Two or more subscribers have the same IP addressG-1000 User’s Guide Figure 99 IP Address Conflicts Case B IP Address Assignment ConflictsFigure 101 IP Address Conflicts Case D In this case, the subscribers are not able to access the InternetG-1000 User’s Guide IP Address Assignment ConflictsG-1000 User’s Guide IP Address Assignment ConflictsAd-hoc Wireless LAN Configuration Wireless LANsWireless LAN Topologies Appendix FPage Wireless LANs ChannelRTS/CTS G-1000 User’s Guide Figure 104 Infrastructure WLANFragmentation Threshold Figure 105 RTS/CTSIEEE 802.11g Wireless LAN Preamble TypeTypes of RADIUS Messages IEEERADIUS Types of Authentication EAP-MD5 Message-Digest AlgorithmPEAP Protected EAP EAP-TTLS Tunneled Transport Layer ServiceEAP-TLS Transport Layer Security LEAPWPA2 EncryptionUser Authentication Security Parameters SummaryAUTHENTICATION Table 69 Wireless Security Relational Matrix continuedWireless LANs ENABLE IEEEWireless LANs G-1000 User’s GuideIP Addressing Appendix GIP Subnetting IP ClassesSubnet Masks SubnettingSUBNET MASK “1” BITS Example Two SubnetsSUBNET MASK IP ADDRESS LAST OCTET BIT VALUETable 75 Subnet Table 76 SubnetTable 78 Subnet Example Four SubnetsTable 77 Subnet Table 79 SubnetExample Eight Subnets Subnetting With Class A and Class B Networks G-1000 User’s Guide IP SubnettingCommand Usage Command InterpreterCommand Syntax Appendix HCommand Interpreter G-1000 User’s GuideTable 84 System Maintenance Logs AppendixLog Descriptions G-1000 User’s GuideG-1000 User’s Guide Table 85 ICMP Notes continued Log CommandsConfiguring What You Want the G-1000 to Log Table 86 Sys logTable 87 Log Categories and Available Settings Log Command ExampleDisplaying Logs G-1000 User’s GuideG-1000 User’s Guide Log DescriptionsAntenna Selection and Positioning Recommendation Antenna CharacteristicsAppendix J Types of Antennas For WLANConnector Type Positioning AntennasPower Adaptor Specifications Power Adaptor SpecificationsAppendix K G-1000 User’s GuidePower Adaptor Specifications G-1000 User’s Guide Table 93 AUSTRALIA AND NEW ZEALAND PLUG STANDARDSZyAIR G-3000 User’s Guide NumericsIndex ZyAIR G-3000 User’s Guide FTP 72, 75, 134 RestrictionsZyAIR G-3000 User’s Guide ZyAIR G-3000 User’s Guide ZyAIR G-3000 User’s Guide