ZyXEL Communications WAP3205 177

Appendix D Wireless LANs

1The AP passes the wireless client's authentication request to the RADIUS server.

2The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly.

3A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS server and the client.

4The RADIUS server distributes the PMK to the AP. The AP then sets up a key hierarchy and management system, using the PMK to dynamically generate unique data encryption keys. The keys are used to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.

Figure 108 WPA(2) with RADIUS Application Example

WPA(2)-PSK Application Example

A WPA(2)-PSK application looks as follows.

1First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols).

2The AP checks each wireless client's password and allows it to join the network only if the password matches.

3The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID.

4The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them.

	177
WAP3205 v2 User’s Guide	177

Contents

WAP3205 User’s Guide Page Contents Overview Page Table of Contents Introducing the Web Configurator Connection Wizard Page Maintenance Page Page Getting to Know Your WAP3205 RESET Table LED COLOR STATUS DESCRIPTION Page WAP3205 v2 Modes AP UR CL Access Point Mode Start > Run Ignore ICON Monitor Configuration Maintenance LABEL Point Mode Client is set - Access Point Mode Configured Expert LINK TAB FUNCTION MONITOR MAINTENANCE Client Mode Page Mode is set - Client Mode - Connected or Disassociated Wireless LAN > Profile Infrastructure Ad Hoc Add Configuration > Wireless LAN > Profile LABEL DESCRIPTION Apply Back No Security Static WEP Generate Select 64-bitWEP or 128-bitWEP Open WPA2-PSK Configuration > Wireless LAN > Site Survey Configuration > Wireless LAN > WPS Conf PIN Universal Repeater Mode Site Survey Universal Repeater Mode is set - Universal Repeater Mode Disassociated YES Configuration > Wireless LAN > Universal Repeater Wireless LAN > General Wireless LAN > Universal Repeater Cancel Select 64-bits or 128-bits Page Page Page Introducing the Web Configurator Login Ignore Administrator Inactivity Timer Logout Home Status Page Page Page Connection Wizard Next Connect Page Page Page Page Page Page Page Page Tutorials Push Button Configuration (PBC) PIN Configuration Start Push Button WPS Station WITHIN 2 MINUTES SECURITY INFO COMMUNICATION Authentication by PIN Channel Security Wireless LAN > General SSID_Example3 Auto Channel Selection Start > Programs Confirm Save Save Page SSID_Worker SSID_VoIP SSID_Guest SSID SECURITY TYPE Configuration > Network > Wireless LAN > General Enable Intra-BSS Traffic SSID_Worker SSID_VoIP MAC Filter Allow Policy Add a station Mac Address Page Page WLAN Station Status (Details...) Summary Monitor > WLAN Station Status Page Page Profile Activate Page Page Page Monitor Page Poll Interval(s) Stop Page Wireless LAN Advanced QoS Scheduling WDS Page NO AUTHENTICATION RADIUS SERVER Weakest Strongest WPA-PSK Apply Click Network > Wireless LAN to open the General screen Page Reset Select Static WEP from the Security Mode list Select WPA-PSK or WPA2-PSK from the Security Mode list Security Mode WPA-PSK/WPA2-PSK Wireless LAN > Security WPA2 Wireless LAN WPA WPA2 Enabled Disabled MAC Address Disable 100% 90% 75% 50% 25% 20/40 MHz Page Push Button Network Wireless LAN Scheduling Day For the following times For the following times field Off AP + Bridge Basic Setting Disabled AP + Bridge Basic Setting WEP TKIP AES Encryp key Page LAN Network > LAN > IP Page Page Maintenance Click Maintenance > Password Manual o'clock Last o'clock field Maintenance > Firmware Upgrade Browse Upload Firmware Upload In Process Return Maintenance > Backup/Restore Backup Maintenance > Reset/Restart Restart Page Troubleshooting Troubleshooting Advanced Suggestion Network > Wireless LAN > General > WDS Disable Advanced Suggestions RESET Page Page Pop-upWindows, JavaScripts and Java Permissions 2Select Settings…to open the Pop-upBlocker Settings screen Allowed sites Close Custom Level Scripting Active scripting Scripting of Java applets Microsoft VM Java permissions 2Make sure that Use Java 2 for <applet> under Java (Sun) is selected Tools Options Content Preferences Choose how you prefer to handle Open all JavaScript Options Page IP Addresses and Subnetting 1ST OCTET: 2ND 3RD 4TH OCTET OCTET: BINARY 1ST DECIMAL OCTET SUBNET MASK Page Table 54 Subnet IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE Table 55 Subnet Table 56 Subnet Table 57 Subnet SUBNET FIRST ADDRESS NO. “BORROWED” NO. SUBNETS NO. HOSTS PER HOST BITS Page Page Page Setting Up Your Computer’s IP Address Page 5The Internet Protocol TCP/IP Properties window opens Obtain an IP address automatically 7Click OK to close the Internet Protocol (TCP/IP) Properties window 8Click OK to close the Local Area Connection Properties window 1Click Start > All Programs > Accessories > Command Prompt Command Prompt Page Continue 7The Internet Protocol Version 4 (TCP/IPv4) Properties window opens 9Click OK to close the Internet Protocol (TCP/IP) Properties window 10Click OK to close the Local Area Connection Properties window Page Page 6The Internet Protocol Version 4 (TCP/IPv4) Properties window opens 8Click OK to close the Internet Protocol (TCP/IP) Properties window 9Click OK to close the Local Area Connection Properties window 1Click Apple > System Preferences System Preferences Built-in Ethernet Configure Using DHCP Configure IPv4 Manually Subnet Mask Router Apply Now Applications > Utilities > Network Utilities 2In System Preferences, click the Network icon Configure Network interface 1Click System > Administration > Network Network Settings Unlock Authenticate Properties Static IP address IP address Subnet mask Gateway address DNS System > Administration > Network Tools Network device Devices Interface Statistics 1Click K Menu > Computer > Administrator Settings (YaST) Run as Root - KDE su YaST Control Center Network Devices Network Card Overview Name Network Card Setup Address Dynamic Address (DHCP) Statically assigned IP Address Hostname Hostname/DNS Finish KNetwork Manager Task bar Show Connection Information Page Wireless LANs Page Page Figure 107 RTS/CTS RTS/CTS Fragmentation Threshold Fragmentation Threshold DATA RATE (MBPS) MODULATION SECURITY LEVEL Page Page EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP Page Page AUTHENTICATION ENCRYPTIO ENTER METHOD/ KEY IEEE Page Page Common Services Page Page Page Legal Information Copyright Certifications ZyXEL Limited Warranty Open Source Licenses Regulatory Information National Restrictions Safety Warnings Page Page 20, 25 20 84 Page 29, 30, 38, 39, 41, 89, 90 SSID 20, 36, 84