ZyXEL G-260 User’s Guide

The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it's still an improvement over WEP as it employs an easier-to-use, consistent, single, alphanumeric password.

2.2.4 WPA(2)-PSK Application Example

A WPA(2)s-PSK application looks as follows.

1First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols).

2The AP checks each client's password and (only) allows it to join the network if it matches its password.

3The AP derives and distributes keys to the wireless clients.

4The AP and wireless clients use the TKIP encryption process to encrypt data exchanged between them.

Figure 8 WPA-PSK Authentication

2.2.5 WPA with RADIUS Application Example

You need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA-RADIUS application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system.

1The AP passes the wireless client's authentication request to the RADIUS server.

2The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly.

3The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.

27

Chapter 2 Wireless LAN Network