Manuals / ZyXEL Communications / Computer Equipment / Network Card

ZyXEL Communications G-1000 manual Introduction to WPA, 6.6.1 WPA2-PSK Application Example

Models: G-1000

1 192

Download 192 pages 21.42 Kb

Page 59

6.6 Introduction to WPA

G-1000 User’s Guide

6.6 Introduction to WPA

Wi-Fi Protected Access (WPA and WPA2) applies IEEE 801.2x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using and external RADIUS database. WPA has better user authentication and improved data encryption than WEP, and WPA2 provides even better data encryption and user authentication than WPA. See the appendix for more information on WPA(2) user authentication and WPA encryption.

If the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you don’t have an external RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key). WPA2-PSK only requires a single (identical) password entered into each WLAN member. As long as the passwords match, a client will be granted access to a WLAN.

If the wireless clients do not support WPA2, use WPA or WPA-PSK, depending on whether or not you have an additional RADIUS server. Use WEP only if the wireless clients do not support WPA(2).

Note: You can’t use the Local User Database for authentication when you select WPA(2).

6.6.1 WPA(2)-PSK Application Example

AWPA-PSK (or WPA2-PSK) application looks as follows.

1First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must be between 8 and 63 printable characters (including spaces; alphabetic characters are case-sensitive).

2The AP checks each client’s password and (only) allows it to join the network if the password matches.

3The AP derives and distributes keys to the wireless clients.

4The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them.

Chapter 6 Wireless LAN

59

Image 59

ZyXEL Communications G-1000 manual Introduction to WPA, 6.6.1 WPA2-PSK Application Example

Contents

User’s Guide 802.11g Wireless Access PointG-1000 Trademarks CopyrightDisclaimer Information for Canadian Users Federal Communications Commission FCC Interference StatementCertifications Safety Warnings ZyXEL Limited Warranty Date that you received your device Customer SupportProduct model and serial number Warranty Information Brief description of the problem and the steps you took to solve itCustomer Support G-1000 User’s GuideCustomer Support G-1000 User’s GuideCopyright Table of ContentsSafety Warnings ZyXEL Limited WarrantyG-1000 User’s Guide Chapter Wireless LANRemote Management Screens ChapterChapter MaintenanceGeneral Setup ChapterSystem Password Appendix B G-1000 User’s Guide List of FiguresFigure 6 The MAIN MENU Screen of the Web Configurator Figure 37 System Status Show Statistics Figure 80 Menu 24 System Maintenance G-1000 User’s Guide G-1000 User’s Guide List of TablesTable 37 Restore Configuration Table 80 Subnet G-1000 User’s Guide Related Documentation PrefaceAbout This Users Guide Graphics Icons Key User Guide FeedbackSyntax Conventions Getting to Know Your G-1000 1.2 G-1000 Features1.2.1 Physical Features 1.2.1.3 Reset Button1.2.1.4 G-1000 LED 1.2.2 Firmware Features1.2.2.2 Wi-Fi Protected Access 1.2.2.3 802.11b Wireless LAN Standard1.2.2.5 STP Spanning Tree Protocol / RSTP Rapid STP 1.2.2.4 802.11g Wireless LAN Standard1.2.2.7 Brute-Force Password Guessing Protection 1.2.2.8 Wireless LAN MAC Address Filtering1.2.2.11 SNMP 1.2.2.15 Wireless Association List1.3 Applications for the G-1000 1.2.2.10 IEEE 802.1x Network Security1.3.2 Corporation Network Application 1.3.1 Internet Access ApplicationChapter 1 Getting to Know Your G-1000 G-1000 User’s GuideCH A P T E R Hardware Installation and Initial Setup2.1 Front Panel of the G-1000 COLOR 2.2 Top Panel and Connections of the G-1000Chapter 2 Hardware Installation and Initial Setup G-1000 User’s Guide Table 3 Front Panel LED Description2.2.1 One 10/100M Ethernet Port 2.2.2 Power Port2.2.3 The RESET Button 2.2.4 Antennas 2.4 Additional Installation Requirements2.5 Configuring Your G-1000 2.3 Hardware Mounting OptionsCH A P T E R Introducing the Web Configurator3.1 Accessing the G-1000 Web Configurator 3.2.1 Procedure To Use The Reset Button 3.2 Resetting the G-10003.2.2 Method of Restoring Factory-Defaults 3.3 Navigating the G-1000 Web ConfiguratorClick LOGOUT at any time to exit the web configurator 4.1.2 ESS ID Wizard Setup4.1 Wizard Setup Overview 4.1.1 ChannelTable 5 Wizard 1 General Setup 4.2 Wizard Setup General Setup4.3 Wizard Setup Wireless LAN Figure 7 Wizard 1 General SetupTable 6 Wizard 2 Wireless LAN Setup Note This field is only available when you have an externalwireless card inserted in the G-1000 Figure 8 Wizard 2 Wireless LAN Setup4.4.2 IP Address and Subnet Mask 4.4 Wizard Setup IP Address4.4.1 IP Address Assignment Note If you changed the G-1000s IP address, you must use by the DHCP server to access the G-1000 againthe new IP address if you want to access the web configurator Note You must know the IP address assigned to the G-1000Click Back to return to the previous screen 4.5 Basic Setup CompleteClick Finish to proceed to complete the Wizard setup Back FinishFigure 11 System General Setup 5.2 Configuring General SetupSystem Screens 5.1 System OverviewTable 10 Password 5.3 Configuring PasswordFigure 12 Password G-1000 User’s Guide 5.4 Configuring Time SettingFigure 13 Time Setting Table 11 Time SettingLABEL Table 11 Time SettingG-1000 User’s Guide Chapter 5 System Screens6.1 Introduction Wireless LAN6.2 Wireless Security Overview 6.2.2 Authentication6.2.4 Hide G-1000 Identity 6.2.3 Restricted Access6.2.5 Configuring Wireless LAN on the G-1000 6.3.1 WEP Encryption 6.3 Configuring the Wireless ScreenApply to confirm. You must then change the wireless settings of your Note If you are configuring the G-1000 from a computer connectedto the wireless LAN and you change the G-1000’s ESSID or WEP settings, you will lose your wireless connection when you pressLABEL Table 13 WirelessChapter 6 Wireless LAN G-1000 User’s Guide6.4 Configuring Roaming 6.4.1 Requirements for Roaming have the same ESSID to allow roaming 6.5 MAC FilterNote All APs on the same subnet and the wireless stations must Table 15 MAC Address Filter Chapter 6 Wireless LANG-1000 User’s Guide Figure 17 MAC Address Filter6.6.1 WPA2-PSK Application Example 6.6 Introduction to WPA6.6.2 WPA2 with RADIUS Application Example 6.6.3 Wireless Client WPA Supplicants 6.7 Configuring IEEE 802.1x and WPA6.7.1 Authentication Required Table 17 Wireless LAN 802.1x/WPA for 802.1x Protocol Note If wireless station authentication is done using a RADIUSserver, the reauthentication timer on the RADIUS server has Figure 21 Wireless LAN 802.1x/WPA for 802.1x ProtocolG-1000 User’s Guide 6.7.2 Authentication Required WPATable 17 Wireless LAN 802.1x/WPA for 802.1x Protocol Chapter 6 Wireless LAN6.7.3 Authentication Required WPA-PSK Chapter 6 Wireless LAN 6.7.4 Authentication Required WPA2Figure 23 Wireless LAN 802.1x/WPA for WPA-PSK Protocol Table 19 Wireless LAN 802.1x/WPA for WPA-PSK Protocol6.7.5 Authentication Required WPA2-PSK 6.8 Configuring RADIUS Table 22 RADIUS Screen Chapter 6 Wireless LANG-1000 User’s Guide Figure 26 RADIUS Screen7.1.2 WAN IP Address Assignment IP Screen7.1 TCP/IP Parameters 7.1.1 IP Address and Subnet MaskFigure 27 IP Setup 7.2 Configuring IPby the DHCP server to access the G-1000 again new IP address if you want to access the web configuratorCH A P T E R Remote Management Screens8.1 Remote Management Overview 8.1.1 Remote Management Limitations8.1.2 Remote Management and NAT 8.2 Configuring WWW8.1.3 System Timeout 8.4 Configuring TELNET 8.3 Configuring Telnet8.5 Configuring FTP Note SNMP is only available if TCP/IP is configured 8.6 SNMPGet - Allows the manager to retrieve an object variable from the agent Table 28 SNMP Traps 8.6.1 Supported MIBs8.6.2 SNMP Traps G-1000 User’s Guideenet0 8.6.4 Configuring SNMP8.6.3 SNMP Interface Index SNMP ConfigurationLABEL G-1000 User’s GuideTable 30 Remote Management SNMP Chapter 8 Remote Management ScreensChapter 8 Remote Management Screens G-1000 User’s GuideCH A P T E R 9.1 Configuring View LogLog Screens Table 31 View Log 9.2 Configuring Log SettingsFigure 34 View Log Chapter 9 Log Screens Figure 35 Log SettingsTable 32 Log Settings G-1000 User’s GuideLABEL Table 32 Log SettingsG-1000 User’s Guide Chapter 9 Log ScreensCH A P T E R Maintenance10.1 Maintenance Overview 10.2 System Status Screen10.2.1 System Statistics 10.3 Association ListFigure 38 Association List 10.4 F/W Upload ScreenChapter 10 Maintenance G-1000 User’s GuideFigure 40 Firmware Upload In Process Note Do not turn off the G-1000 while firmware upload is in progressFigure 39 Firmware Upload Figure 41 Network Temporarily Disconnected 10.5 Configuration ScreenFigure 42 Firmware Upload Error Figure 43 Configuration 10.5.1 Backup Configuration10.5.2 Restore Configuration Figure 45 Network Temporarily Disconnected Figure 44 Configuration Upload Successful10.6 Restart Screen 10.5.3 Back to Factory DefaultsCH A P T E R 11.1 Connect to your G-1000 Using Telnet11.2 Changing the System Password Introducing the SMTFigure 50 Menu 23.1 System Security Change Password 11.3 G-1000 SMT Menus OverviewChapter 11 Introducing the SMT 11.4 Navigating the SMT InterfaceTable 39 Main Menu Commands G-1000 User’s Guide Table 38 SMT Menus Overview continuedTable 40 Main Menu Summary Table 39 Main Menu CommandsG-1000 User’s Guide Figure 51 G-1000 SMT Main MenuCH A P T E R General SetupFIELD Table 41 Menu 1 General SetupChapter 12 General Setup G-1000 User’s GuideCH A P T E R LAN Setup13.1 LAN Setup 13.2 TCP/IP Ethernet SetupFigure 54 Menu 3.2 TCP/IP Setup 13.3 Wireless LAN SetupFIELD G-1000 User’s Guide Figure 55 Menu 3.5 Wireless LAN SetupTable 43 Menu 3.5 Wireless LAN Setup Chapter 13 LAN SetupConfiguration 13.3.1 Configuring MAC Address FilterTable 43 Menu 3.5 Wireless LAN Setup Chapter 13 LAN SetupENTER. Menu 3.5.1 - WLAN MAC Address Filter displays as shown next 2 Enter 5 to display Menu 3.5 - Wireless LAN SetupFigure 56 Menu 3.5 Wireless LAN Setup Chapter 13 LAN SetupChapter 13 LAN Setup 13.3.2 Configuring Roaming2 Enter 5 to display Menu 3.5 - Wireless LAN Setup Figure 58 Menu 3.5 Wireless LAN SetupG-1000 User’s Guide Figure 59 WLAN Roaming ConfigurationTable 45 Menu 3.5.4 Bridge Link Configuration Chapter 13 LAN SetupG-1000 User’s Guide Chapter 13 LAN SetupCH A P T E R Dial-in User SetupTable 46 Menu 14.1- Edit Dial-in User Chapter 14 Dial-in User SetupG-1000 User’s Guide Figure 61 Menu 14.1- Edit Dial-in UserChapter 15 SNMP Configuration SNMP ConfigurationFigure 62 Menu 22 SNMP Configuration Table 47 Menu 22 SNMP ConfigurationG-1000 User’s Guide Chapter 15 SNMP ConfigurationCH A P T E R 16.1 System Password16.2 Configuring External RADIUS Server System SecurityFIELD G-1000 User’s Guide Figure 65 Menu 23.2 System Security RADIUS ServerTable 48 Menu 23.2 System Security RADIUS Server Chapter 16 System Security2 Enter 4 to display Menu 23.4 - System Security - IEEE802.1x 16.3Chapter 16 System Security Required or No Access AllowedG-1000 User’s Guide Figure 67 Menu 23.4 System Security IEEE802.1x Table 49 Menu 23.4 System Security IEEE802.1xTable 49 Menu 23.4 System Security IEEE802.1x configure Data Privacy for Broadcast/Multicast packets fieldWhen you configure Key Management Protocol to WPA, the Authentication G-1000 User’s GuideChapter 16 System Security G-1000 User’s GuideCH A P T E R System Information and Diagnosis17.1 System Status Table 50 Menu 24.1 System Maintenance Status 17.2 System Information1 Enter 24 to display Menu 24 - System Maintenance Figure 69 Menu 24.1 System Maintenance StatusG-1000 User’s Guide 17.2.1 System InformationTable 51 Menu 24.2.1 System Maintenance Information Menu 1 - General Setup17.2.2 Console Port Speed 17.3 DiagnosticFollow the procedure next to get to display this menu Chapter 17 System Information and Diagnosis G-1000 User’s GuideCH A P T E R Firmware and Configuration File Maintenance18.1 Filename Conventions 18.2.1 Backup Configuration Using FTP 18.2 Backup Configuration18.2.2 Using the FTP command from the DOS Prompt Figure 75 FTP Session Example 18.2.3 Backup Configuration Using TFTP18.2.5 Backup Via Console Port 18.2.4 Example TFTP Command1 Display menu 24.5 and enter “y” at the following screen CH A P T E R System Maintenance and Information19.1 Command Interpreter Mode Figure 81 Valid CI Commands 19.2 Time and Date SettingFigure 80 Menu 24 System Maintenance G-1000 User’s Guide Figure 82 Menu 24.10 System Maintenance Time and Date SettingTable 56 System Maintenance Time and Date Setting Chapter 19 System Maintenance and Information19.3.2 FTP 19.3 Remote Management Setup19.3.4 Remote Management Setup 19.3.1 TelnetG-1000 User’s Guide 19.3.5 Remote Management LimitationsChapter 19 System Maintenance and Information LAN only , WAN only , All or Disable . The default is LAN only19.4 Remote Management and NAT 19.5 System TimeoutAppendix A TroubleshootingProblems Starting Up the G-1000 Problems with the Ethernet InterfaceTable 61 Troubleshooting the Password Problems with the PasswordProblems with Telnet Problems with the WLAN InterfaceFirmware SpecificationsAppendix B HardwareG-1000 User’s Guide Table 65 Firmware continued SpecificationsExample Brute-Force Password Guessing ProtectionAppendix C G-1000 User’s Guide Brute-Force Password Guessing ProtectionWindows 95/98/Me Appendix D Setting up Your Computer’s IP AddressInstalling Components Configuring Windows 2000/NT/XP Verifying SettingsFigure 88 Windows XP Start Menu Setting up Your Computer’s IP Address3 Right-click Local Area Connection and then click Properties G-1000 User’s GuidePage In the IP Settings tab, in IP addresses, click Add 8 Click OK to close the Internet Protocol TCP/IP Properties window Macintosh OS 8/9Verifying Settings 1 Click Start, All Programs, Accessories and then Command PromptFigure 94 Macintosh OS 8/9 Apple Menu Setting up Your Computer’s IP Address2 Select Ethernet built-in from the Connect via list G-1000 User’s GuideSelect Built-in Ethernet from the Show list Macintosh OSVerifying Settings 5 Close the TCP/IP Control PanelVerifying Settings G-1000 User’s Guide Setting up Your Computer’s IP AddressIP Address Assignment Conflicts Case A The G-1000 is using the same LAN and WAN IP addressesAppendix E IP Address Assignment Conflicts Case D Two or more subscribers have the same IP addressG-1000 User’s Guide Figure 99 IP Address Conflicts Case B Figure 100 IP Address Conflicts Case CIP Address Assignment Conflicts In this case, the subscribers are not able to access the InternetG-1000 User’s Guide Figure 101 IP Address Conflicts Case DIP Address Assignment Conflicts G-1000 User’s GuideAppendix F Wireless LANsWireless LAN Topologies Ad-hoc Wireless LAN ConfigurationPage G-1000 User’s Guide Figure 104 Infrastructure WLAN ChannelRTS/CTS Wireless LANsFigure 105 RTS/CTS Fragmentation ThresholdPreamble Type IEEE 802.11g Wireless LANTypes of RADIUS Messages IEEERADIUS EAP-MD5 Message-Digest Algorithm Types of AuthenticationLEAP EAP-TTLS Tunneled Transport Layer ServiceEAP-TLS Transport Layer Security PEAP Protected EAPEncryption WPA2Security Parameters Summary User AuthenticationENABLE IEEE Table 69 Wireless Security Relational Matrix continuedWireless LANs AUTHENTICATIONG-1000 User’s Guide Wireless LANsIP Classes Appendix GIP Subnetting IP AddressingSubnetting Subnet MasksLAST OCTET BIT VALUE Example Two SubnetsSUBNET MASK IP ADDRESS SUBNET MASK “1” BITSTable 76 Subnet Table 75 SubnetTable 79 Subnet Example Four SubnetsTable 77 Subnet Table 78 SubnetExample Eight Subnets Subnetting With Class A and Class B Networks IP Subnetting G-1000 User’s GuideAppendix H Command InterpreterCommand Syntax Command UsageG-1000 User’s Guide Command InterpreterG-1000 User’s Guide AppendixLog Descriptions Table 84 System Maintenance LogsTable 86 Sys log Log CommandsConfiguring What You Want the G-1000 to Log G-1000 User’s Guide Table 85 ICMP Notes continuedG-1000 User’s Guide Log Command ExampleDisplaying Logs Table 87 Log Categories and Available SettingsLog Descriptions G-1000 User’s GuideTypes of Antennas For WLAN Antenna CharacteristicsAppendix J Antenna Selection and Positioning RecommendationPositioning Antennas Connector TypeG-1000 User’s Guide Power Adaptor SpecificationsAppendix K Power Adaptor SpecificationsG-1000 User’s Guide Table 93 AUSTRALIA AND NEW ZEALAND PLUG STANDARDS Power Adaptor SpecificationsZyAIR G-3000 User’s Guide NumericsIndex FTP 72, 75, 134 Restrictions ZyAIR G-3000 User’s GuideZyAIR G-3000 User’s Guide ZyAIR G-3000 User’s Guide ZyAIR G-3000 User’s Guide