Manuals / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications wireless active fiber router WPA2, Encryption, EAP-MD5, Eap-Tls, Eap-Ttls

Models: wireless active fiber router

1 183

Download 183 pages 30.96 Kb

Page 150

EAP-MD5

Appendix D Wireless LANs

If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled.

Note: EAP-MD5 cannot be used with dynamic WEP key exchange.

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types.

Comparison of EAP Authentication Types

	EAP-MD5	EAP-TLS	EAP-TTLS	PEAP	LEAP
Mutual	No	Yes	Yes	Yes	Yes
Authentication
Certificate – Client	No	Yes	Optional	Optional	No
Certificate – Server	No	Yes	Yes	Yes	No
Dynamic Key	No	Yes	Yes	Yes	Yes
Exchange
Credential Integrity	None	Strong	Strong	Strong	Moderate
Deployment	Easy	Hard	Moderate	Moderate	Moderate
Difficulty
Client Identity	No	No	Yes	Yes	No
Protection

WPA(2)

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA.

Key differences between WPA(2) and WEP are improved data encryption and user authentication.

Encryption

Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1X. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption.

Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.

150

FSG1100HN User’s Guide

Image 150

ZyXEL Communications wireless active fiber router manual WPA2, Encryption, EAP-MD5, Eap-Tls, Eap-Ttls, Peap, Leap

Contents

admin FSG1100HNWireless Active Fiber Router PasswordPage Tips for Reading User’s Guides On-Screen About This Users GuideIntended Audience Related DocumentationDocumentation Feedback Need More Help?Date that you received your device Product model and serial number Warranty InformationCustomer Support About This User’s GuideWarnings tell you about things that could harm you or your device Document ConventionsWarnings and Notes Syntax ConventionsIcons Used in Figures Document ConventionsFSG1100HN User’s Guide Safety Warnings SAFETY WARNINGS FSG1100HN User’s GuideFSG1100HN Table of Contents3 Introducing the Web Configurator IntroductionSecurity Maintenance and TroubleshootingTable of Contents ManagementPage Getting to Know Your FSG-100HN The WPS Button PART IntroductionIntroducing the Web Configurator Setting the Device Mode FSG1100HN User’s GuidePage 1.2 Applications 1 Getting to Know Your FSG1100HN1.1 Overview FSG1100HN Network1.3 Ways to Manage the FSG1100HN 1.4 Good Habits for Managing the FSG1100HN1.5 LED and Rear Panel COLOR Front Panel LEDs and WPS ButtonPower STATUSButton 2 The WPS Button 2.1 OverviewPage 3 Introducing the Web Configurator 3.2 Accessing the Web Configurator3.1 Overview 3.3 Resetting the FSG1100HN 3.3.1 Procedure to Use the Reset ButtonPassword Screen Status Screen 3.4 Navigating the Web ConfiguratorWeb Configurator Status Screen Mode window System Information Device Mode to3.4.1 WLAN Information Multiple AP Table System Information Active Session 3.4.2 Summary Active Session TableStatus Multiple AP LABELLABEL 3.5 Setting the Device ModeSystem Information Active Session DESCRIPTIONPage PART Network Wireless LAN WAN LAN Network Address Translation NATFSG1100HN User’s Guide FSG1100HN User’s Guide 4 Wireless LAN Example of a Wireless Network4.1 Overview 4.2 What You Can Do 4.3 What You Should KnowLABEL 4.4 Wireless Basic Settings ScreenWireless Basic Settings DESCRIPTIONLABEL Wireless Basic Settings Multiple AP4.4.1 Multiple AP Table DESCRIPTIONWireless Basic Settings Show Active Clients 4.4.2 Active Wireless Client TableWireless Basic Settings Show Active Clients LABELWireless Advanced Settings 4.5 Wireless Advanced Settings ScreenWireless Advanced Settings LABELEnable or disable Intra-BSS Traffic. A Basic Service Set BSS 4.6.1 WEP 4.6 Wireless Security ScreenWireless Security Wireless SecurityLABEL Wireless Security WEPWireless Security DESCRIPTIONWireless Security WPA 4.6.2 WPAWireless Security WPA Select Enterprise RADIUS or Personal Pre-Shared Key LABELDESCRIPTION Select the PSK format, Passphrase or HEX - 64 charactersWireless Security WPA2 Wireless Security WPA24.6.3 WPA2 Chapter 4 Wireless LANLABEL Wireless Security WPA-Mixed4.6.4 WPA-Mixed DESCRIPTIONDESCRIPTION Wireless Security WPA-MixedLABEL Select Enterprise RADIUS or Personal Pre-Shared KeyWireless Access Control 4.7 Wireless Access Control Screen4.8 Wi-Fi Protected Setup Screen Wireless Access ControlClick Wireless WPS to open the Wi-Fi Protected Setup screen Wireless WPSWireless WPS LABELChapter 4 Wireless LAN FSG1100HN User’s GuideChapter 4 Wireless LAN FSG1100HN User’s Guide5.2 What You Can Do 5 WAN5.1 Overview LAN and WANNetworking WAN DHCP Client 5.3 WAN for DHCP Client ScreenNetworking WAN DHCP Client LABELthe device discovered through standard IGMP interfaces Networking WAN Static IP 5.4 WAN for Static IP ScreenNetworking WAN Static IP LABELuses TCP/IP for simple peer-to-peer network connectivity between LABEL 5.5 WAN for PPPoE ScreenNetworking WAN PPPoE DESCRIPTIONAttain DNS Chapter 5 WAN FSG1100HN User’s Guide6.1 Overview LAN Setup6 LAN 6.2 What You Can Do6.3.2 LAN TCP/IP 6.3.1 IP Pool Setup6.3 What You Need To Know LAN and WAN IP AddressesNetworking LAN General 6.4 LAN General ScreenNetworking LAN General LABELNetworking LAN Show Client 6.4.1 Active DHCP Client TableNetworking LAN Show Client LABELNetworking LAN Set Static DHCP 6.4.2 Static DHCPNetworking LAN Set Static DHCP LABELNetworking VLAN 6.5 VLAN ScreenNetworking VLAN LABELChapter 6 LAN FSG1100HN User’s Guide7.2 What You Can Do 7 NAT7.1 Overview NAT ExampleNetworking NAT General 7.3 NAT General ScreenNetworking NAT General LABELClick Apply to save your changes back to the FSG1100HN Click Refresh to begin configuring this screen afreshApply RefreshEnable of Disable DMZ 7.4 NAT DMZ ScreenNetworking NAT DMZ Networking NAT DMZNetworking NAT Port Forwarding 7.5 NAT Port Forwarding ScreenNetworking NAT Port Forwarding LABELChapter 7 NAT FSG1100HN User’s GuideFirewall SecurityPART FSG1100HN User’s GuideFSG1100HN User’s Guide Default Firewall Action 8 FirewallOverview 8.1 What You Can Do 8.2 What You Need To Know8.2.1 About the FSG1100HN Firewall Firewall Filter 8.3 Firewall Filter ScreenFirewall Filter LABELFirewall Filter Add 8.4 Firewall Filter Add ScreenFirewall Filter Add LABELFirewall Denial of Service 8.5 Firewall Denial of Service ScreenFirewall Denial of Service LABELWhole Firewall Content Filter 8.6 Firewall Content Filter ScreenFirewall Content Filter is news/pressroom.phpType a keyword in this field. You may use any character up to Chapter 8 Firewall FSG1100HN User’s GuidePART Management Bandwidth Maintenance TR-069 Auto ProvisionFSG1100HN User’s Guide FSG1100HN User’s Guide Networking MBM 9 Media Bandwidth Management9.1 Media Bandwidth Management Screen Networking MBMChoose Guaranteed minimum bandwidth or Restricted maximum bandwidthChapter 9 Media Bandwidth Management Chapter 9 Media Bandwidth Management FSG1100HN User’s GuideManagement TR-069 General 10 TR-06910.1 TR-069 General Screen Management TR-069 GeneralChapter 10 TR-069 Click Refresh to begin configuring this screen afreshRefresh FSG1100HN User’s GuideChapter 10 TR-069 FSG1100HN User’s GuideManagement Auto Provision 11 Auto Provision11.1 Auto Provision Screen LABEL DESCRIPTIONRefresh Click Refresh to begin configuring this screen afresh Chapter 11 Auto ProvisionFSG1100HN User’s Guide Chapter 11 Auto Provision FSG1100HN User’s GuidePART Maintenance and Troubleshooting System Settings Log ToolsFSG1100HN User’s Guide FSG1100HN User’s Guide Maintenance System Settings General 12 System Settings12.1 System Settings General Screen Maintenance System Settings GeneralLABEL 12.2 System Settings Dynamic DNS ScreenMaintenance System Settings Dynamic DNS DESCRIPTIONLABEL 12.3 System Settings Time ScreenMaintenance System Settings Time DESCRIPTIONChoose the time zone of your location. This will set the time Chapter 12 System Settings FSG1100HN User’s Guide13.1 Log Screen Maintenance Log13 Log LABELChapter 13 Log FSG1100HN User’s Guide14.1 Tools Firmware Screen 14.2 Tools Configuration Screen14 Tools LABEL DESCRIPTIONLABEL 14.3 Tools Restart ScreenClick Maintenance Tools Restart to open the Restart screen DESCRIPTIONRestart The following table describes the tools restart label in this screenLABEL DESCRIPTION Chapter 14 ToolsChapter 14 Tools FSG1100HN User’s GuideLegal Information PART AppendicesSetting up Your Computer’s IP Address Wireless LANs Services FSG1100HN User’s GuideFSG1100HN User’s Guide A Pop-up Windows, JavaScripts and Java Permissions Disable pop-up BlockersIn order to use the Web Configurator you need to allow Internet Explorer Pop-up BlockersEnable pop-up Blockers with Exceptions Internet Options PrivacyAppendix A Pop-up Windows, JavaScripts, and Java Permissions 2 Select Settings…to open the Pop-up Blocker Settings screenInternet Options Privacy FSG1100HN User’s GuideAppendix A Pop-up Windows, JavaScripts, and Java Permissions Pop-up Blocker SettingsJavaScripts FSG1100HN User’s GuideAppendix A Pop-up Windows, JavaScripts, and Java Permissions Internet Options Security2 Click the Custom Level... button 3 Scroll down to Scripting FSG1100HN User’s GuideAppendix A Pop-up Windows, JavaScripts, and Java Permissions Security Settings - Java ScriptingJava Permissions FSG1100HN User’s GuideAppendix A Pop-up Windows, JavaScripts, and Java Permissions Security Settings - JavaJAVA Sun FSG1100HN User’s GuideAppendix A Pop-up Windows, JavaScripts, and Java Permissions Java Sun3 Click OK to close the window FSG1100HN User’s GuideB IP Addresses and Subnetting Introduction to IP AddressesStructure Subnet Masks Network Number and Host IDSubnet Mask - Identifying Network Number Network Size Subnet MasksSubnet Mask - Identifying Network Number Notation Maximum Host NumbersAlternative Subnet Mask Notation Subnetting Subnetting Example Before SubnettingExample Four Subnets Subnetting Example After SubnettingSubnet SubnetSubnet SubnetExample Eight Subnets Subnet Planning24-bit Network Number Subnet Planning SUBNET MASK Configuring IP AddressesNO. “BORROWED” NO. HOSTSPrivate IP Addresses C Setting up Your Computer’s IP Address Installing Components Windows 95/98/Me Network ConfigurationWindows 95/98/Me Configuring Windows 95/98/Me TCP/IP Properties IP AddressVerifying Settings Windows 95/98/Me TCP/IP Properties DNS ConfigurationAppendix C Setting up Your Computer’s IP Address Windows 2000/NT/XPWindows XP Start Menu FSG1100HN User’s GuideAppendix C Setting up Your Computer’s IP Address Windows XP Control PanelWindows XP Control Panel Network Connections Properties 3 Right-click Local Area Connection and then click PropertiesWindows XP Local Area Connection Properties Click AdvancedWindows XP Internet Protocol TCP/IP Properties Windows XP Advanced TCP/IP Properties Click OK when finishedWindows XP Internet Protocol TCP/IP Properties Verifying Settings1 Click Start, All Programs, Accessories and then Command Prompt 8 Click OK to close the Internet Protocol TCP/IP Properties windowAppendix C Setting up Your Computer’s IP Address Macintosh OS 8/9Macintosh OS 8/9 Apple Menu FSG1100HN User’s Guide2 Select Ethernet built-in from the Connect via list Macintosh OS 8/9 TCP/IPVerifying Settings 5 Close the TCP/IP Control PanelMacintosh OS Macintosh OS X Apple MenuMacintosh OS X Network Red Hat 9.0 KDE Network Configuration Devices Using the K Desktop Environment KDENote Make sure you are logged in as the root administrator LinuxRed Hat 9.0 KDE Network Configuration DNS Red Hat 9.0 KDE Ethernet Device GeneralUsing Configuration Files Red Hat 9.0 KDE Network Configuration ActivateRed Hat 9.0 Dynamic IP Address Setting in ifconfig-eth0 Red Hat 9.0 Restart Ethernet Card Red Hat 9.0 Static IP Address Setting in ifconfig-eth0Red Hat 9.0 DNS Settings in resolv.conf BOOTPROTO=staticAppendix C Setting up Your Computer’s IP Address Verifying SettingsRed Hat 9.0 Checking TCP/IP Properties FSG1100HN User’s GuideAd-hoc Wireless LAN Configuration D Wireless LANsWireless LAN Topologies Peer-to-Peer Communication in an Ad-hoc NetworkBasic Service Set Channel RTS/CTSInfrastructure WLAN RTS/CTS IEEE 802.11g Wireless LAN Fragmentation ThresholdPreamble Type IEEE DBPSK Differential Binary Phase Shift KeyedDQPSK Differential Quadrature Phase Shift Keying RADIUSTypes of Authentication Types of RADIUS MessagesEAP-MD5 Message-Digest Algorithm PEAP Protected EAP EAP-TTLS Tunneled Transport Layer ServiceEAP-TLS Transport Layer Security LEAPEAP-MD5 WPA2Encryption EAP-TLSUser Authentication WPA2-PSK Authentication WPA2-PSK Application ExampleWPA2 with RADIUS Application Example Wireless Security Relational Matrix Security Parameters SummaryNAME E ServicesExamples of Services PROTOCOLPROTOCOL Examples of Services continuedNAME PORTSPROTOCOL Examples of Services continuedNAME PORTSPROTOCOL Examples of Services continuedNAME PORTSCertifications F Legal InformationCopyright DisclaimerZyXEL Limited Warranty Viewing CertificationsEnd-User License Agreement for FSG1100HN Registration4.Restrictions 7.Limitation of Liability Appendix E Services FSG1100HN User’s GuideOpen-Sourced Components GNU GENERAL PUBLIC LICENSE Version 2, June verbatim or with modifications and/or translated into another language. Hereinafter, translation is included without limitation in the term modification. Each licensee is addressed as you. Activities other than copying, distribution and modification are not covered by this License they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program independent of having been made by running the Program. Whether that is true depends on what the Program does modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the NO WARRANTY Copyright 2001 H. Peter Anvin - All Rights Reserved OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF \ SUCH DAMAGE notice, this list of conditions and the following disclaimer THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS AND \ OR SERVICES LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION tftp-hpa $Id$ notice, this list of conditions and the following disclaimer pppd - Point-to-Point Protocol Daemon Authors This Product includes igmpproxy 0.1 software under below license 1. Definitions 2.4 Restrictions on Use 4.4 No Modifications to Server Identification Field 7. Indemnification by You 11. Entire Agreement