Manuals / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications wireless n gigbit router zyxel manual WPA2, 365, Encryption

Models: wireless n gigbit router zyxel

1 384

Download 384 pages 30.66 Kb

Page 365

Appendix D Wireless LANs

If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled.

Note: EAP-MD5 cannot be used with dynamic WEP key exchange

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types.

Table 134 Comparison of EAP Authentication Types

	EAP-MD5	EAP-TLS	EAP-TTLS	PEAP	LEAP
Mutual Authentication	No	Yes	Yes	Yes	Yes

Certificate – Client	No	Yes	Optional	Optional	No

Certificate – Server	No	Yes	Yes	Yes	No

Dynamic Key Exchange	No	Yes	Yes	Yes	Yes

Credential Integrity	None	Strong	Strong	Strong	Moderate

Deployment Difficulty	Easy	Hard	Moderate	Moderate	Moderate

Client Identity	No	No	Yes	Yes	No
Protection

WPA(2)

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA.

Key differences between WPA(2) and WEP are improved data encryption and user authentication.

Encryption

Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption.

Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.

NBG-460N User’s Guide

365

Image 365

ZyXEL Communications wireless n gigbit router zyxel manual WPA2, 365, Encryption, Comparison of EAP Authentication Types

Contents

NBG-460N Page Intended Audience About This Users GuideRelated Documentation User Guide FeedbackAbout This Users Guide Syntax Conventions Document ConventionsIcons Used in Figures Telephone Switch Router ModemNBG-460N Computer Server DslamSafety Warnings Safety Warnings NBG-460N User’s Guide Contents Overview Contents Overview NBG-460N User’s Guide Table of Contents Chapter Connection Wizard Part II Network WAN 177 Part IV Management 235 Part V Maintenance and Troubleshooting 261 Part VI Appendices and Index Table of Contents NBG-460N User’s Guide Part Page Applications Getting to Know Your NBG-460NOverview Router Mode Wireless ApplicationsLAN NBG460N3 AP + Bridge AP ModeAP + Bridge Application BridgeBridge Application Bridge Loop Two Bridges Connected to Hub Feature Router AP Mode Bridge Features Available in Router Mode vs. AP ModeWays to Manage the NBG-460N Router vs. AP vs. BridgeGood Habits for Managing the NBG-460N PowerLEDs Front Panel LEDsThis feature Off Device is in normal power mode Wireless LAN Off Wireless LAN is not ready or has failedWAN WlanGetting to Know Your NBG-460N NBG-460N User’s Guide WPS Button WPS Button NBG-460N User’s Guide Accessing the Web Configurator Introducing the Web ConfiguratorWeb Configurator Overview Change Password Screen Procedure to Use the Reset Button Resetting the NBG-460NNavigating the Web Configurator Icon Description Status Screen in Router ModeStatus Screen Icon Key Scheduler Label DescriptionDhcp When the line is disconnected Wlan is disabledIs enabled and N/A when the Wlan is disabled Memory UsageScreens Summary Navigation PanelLink TAB Function LANDdns NATVPN MgmtSummary Any IP Table Mode As a Router or a Access Point LanguageSummary Bandwidth Management Monitor Logs View LogSummary BW Mgmt Monitor Summary Dhcp TableHost Name field Summary Packet StatisticsIntervals field Summary VPN MonitorStop Click Stop to stop refreshing statistics This is the security association index numberThis is the index number of an associated wireless station Summary Wireless Station StatusAssociation Time NBG-460N’s Wlan networkIntroducing the Web Configurator NBG-460N User’s Guide Connection Wizard Wizard SetupSystem Name Connection Wizard System InformationUnderscores are accepted Domain NameUse the same Ssid in order to access the network Connection Wizard Wireless LANThis option is only available if WPS is not enabled SsidWizard Basic WEP Security Basic WEP SecurityWEP Extend WPA-PSK or WPA2-PSK SecurityAscii HEXPre-Shared Connection Wizard Internet ConfigurationKey Do thisPPPoE Connection Ethernet ConnectionConnection Description Type PptpPptp Connection ISP Parameter for Internet AccessWizard Pptp Connection ISP Parameters for Internet AccessWAN IP Address Assignment Your IP AddressUse fixed IP address Provided by your ISP10.0.0.0 172.16.0.0 192.168.0.0 IP Address and Subnet MaskPrivate IP Address Ranges WAN IP and DNS Server Address Assignment DNS Server Address AssignmentChoose an IP address WAN MAC AddressWAN IP Address Assignment Wizard WAN MAC Address Connection Wizard Bandwidth managementWizard Bandwidth Management Connection Wizard CompleteConnection Wizard Complete Connection Wizard NBG-460N User’s Guide Internet How to Connect to the Internet from an APTutorials Push Button Configuration NBG460N Example WPS Process PIN Method Channel Security SSIDExample3WPA-PSK Pre-Shared Key ThisismyWPA-PSKpre-sharedkeyTutorial Status AP Mode Configure Your NotebookConnecting a Wireless Client to a Wireless Network Link Status Using AP + Bridge Mode and WDSConfiguring Your Bridge Mode Settings Pre-Shared Key ThisismyWPA2-PSKpre-sharedkey WPA2-PSKSite-To-Site VPN Tunnel Tutorial Site-To-Site VPN Tunnel SettingsSetting BOB’S NBG-460N JACK’S NBG-460N Tutorial Property Configuring Bob’s NBG-460N VPN SettingsTutorial Authentication Method Configuring Jack’s NBG-460N VPN SettingsTutorial Property Tutorial Authentication Method Pinging Jack’s Local IP Address Checking the VPN ConnectionBandwidth Management for your Network Configuring Bandwidth Management by ApplicationConfiguring Bandwidth Allocation by IP or IP Range Configuring Bandwidth Management by Custom ApplicationFields Services Real Audio Rtsp VDO Live FTP Refer to Appedix F on the Bandwidth Mgnt Setting your NBG-460N to AP Mode AP ModeStatus Screen Status AP ModeSystem Setting Configuration Mode Display Network Wireless LAN WPS screenThis shows the LAN port’s Dhcp role Client or None SchedulesOr connected Menu AP ModeSetting Logs View Log Maintenance System GeneralReset the factory defaults to your NBG-460N Mask or to get the LAN IP address from a Dhcp serverSys OP General Configuring Your SettingsLAN Settings Table below describes the labels in the screen Wlan and Maintenance SettingsLogging in to the Web Configurator in AP Mode Network Page Example of a Wireless Network Wireless LANWhat You Should Know Wireless Security OverviewWhat You Can Do Ssid No Authentication Radius Server Types of Encryption for Each Type of Authentication100 Weakest Stronges t101 General Wireless LAN ScreenPrintable 7-bit Ascii characters for the wireless LAN 102 No SecurityWPA-PSK and WPA2-PSK are available in this field Select Static WEP , WPA-PSK , WPA , WPA2-PSK or WPA2 to add103 WEP EncryptionWEP keys and displays them in the Key fields below Select 64-bit WEP or 128-bit WEP to enable data encryption104 AP or peer computer 105Correct WEP key HexSecurity Mode field Server, the reauthentication timer on the Radius server has106 Priority107 4 WPA/WPA2Has priority Server, the reauthentication timer on the Radius server108 109 MAC Filter ScreenMAC 110Quality of Service QoS Screen Wireless LAN Advanced Screen111 RTS/CTSOn page 123 for more information 112WMM QoS Policy You want to apply WMM QoS113 Application Priority ConfigurationConfiguration screen User-Defined 114Mail 115 WPS ScreenScheduling Screen WPS Station Screen116 Push ButtonWhole day 117Following times fields Day118 WDS Screen119 Security Mode Static WEPBetween the NBG-460N and any wireless clients ASCII/HEX 120Technical Reference Security Mode WPA2-PSKRoaming 121Roaming Example 122123 Quality of ServiceIPod Touch Web Configurator WiFi Protected Setup124 WMM QoS Priorities125 Login Screen126 System StatusWAN connection is not working 127MBM 128129 WPS in ProgressPort Forwarding Turn the rule OFF 130Rule is turned on 131 Accessing the iPod Touch Web ConfiguratorAccessing the iPod Touch Web Configurator 132 LAN and WAN 133134 Configuring Your Internet ConnectionWhat You Need To Know WAN MAC Address Multicast135 136 Iptv STB PortYou have one STB 137You have two STBs 192.168.1.20138 NetBIOS over TCP/IPAuto-Bridge 139 Internet ConnectionEthernet Encapsulation Address 140Defined changes to None after you click Apply WAN MACPPPoE Encapsulation Setting or upload a different ROM file141 Select Clone the computers MAC address IP Address and enter142 All of the LANs computers will have accessDNS Servers First DNS 143Computer’s Different ROM file144 Pptp EncapsulationPptp connection 145Select Clone the computers MAC address IP Address Advanced WAN Screen146 Select Igmp V-1,IGMP V-2 or None 147To be in Router Mode for the Iptv STB port to work When the NBG-460N gets a WAN IP address that is notIgmp 148149 LANLAN IP Screen IP Pool SetupLAN TCP/IP 150LAN TCP/IP LAN IP Alias151 Advanced LAN Screen Any IP Setup152 IP address that you assign. Unless you are implementing153 LANs, WANs and the ZyXEL Device154 Any IP155 156 157 Dhcp158 Dhcp General ScreenDhcp Advanced Screen 159 Select the Enable Dhcp Server check box. When you clearMust have their DNS server addresses manually configured Client List Screen NBG-460Ns system DNS server configured in the WAN Internet160 Select DNS Relay to have the NBG-460N act as a DNS proxy.This is the index number of the host computer 161Host names. After you click Apply, the MAC address and IP Them162 163 Network Address Translation NATSelect the check box to enable NAT Enable NetworkDefault Server Setup General NAT Screen165 NAT Application Screen166 Fields under Add Application Rule Wake On LAN is enabled167 168 Configuring Servers Behind Port Forwarding ExampleGame List Example 169 NAT Advanced ScreenCan establish through the NBG-460N Users may not be able to access the Internet170 Trigger Port Forwarding Example LAN that requested the service171 Traffic to a server on the WAN172 Two Points To Remember About Trigger Ports173 Dynamic DNSDynDNS Wildcard 174 Enable Dynamic Select this check box to use dynamic DNSDynamic DNS Screen WAN IP address 175176 177 Part178 179 Firewall180 About the NBG-460N FirewallTriangle Routes 181 Triangle Routes and IP Alias182 Services ScreenGeneral Firewall Screen Icmp 183Add Firewall Rule screen 184185 Add Firewall Rule ScreenPool Single IP is selected as the Address TypeAddress Type Click Clear All to empty the Blocked Services186 187 188 189 Content FilteringContent Filtering Profiles 190 Restrict Web FeaturesKeyword Blocking URL Checking Days and Times191 Filter ScreenCookies 192Web Proxy AllowedSchedule Screen Which content filtering will be enforced193 Not affected194 Customizing Keyword Blocking URL CheckingDomain Name or IP Address URL Checking Full Path URL Checking195 IPSec VPN196 IKE SA IKE Phase 1 Overview197 IPSec SA IKE Phase 2 OverviewIP Addresses of the NBG-460N and Remote IPSec Router Local Network and Remote Network198 General Screen199 VPN Rule Setup Basic200 Feature to workSecure Gateway Address field set to Enabled201 202 With dynamic WAN IP addresses Your computer in the Local Content field. The NBG-460N203 Address field refer to the Secure Gateway Address field 204205 VPN Rule Setup Advanced206 Security VPN General Rule Setup IKE Advanced207 Select No to disable it208 209 210 211 212 Each IPSec SA. It is more secure but takes more time VPN Rule Setup Manual213 214 Security VPN General Rule Setup Manual215 216 SPI 217Secure Trailing spaces are truncated SA Monitor Screen218 219 VPN and Remote ManagementIKE SA Proposal 220 Diffie-Hellman DH Key ExchangeVPN Example Matching ID Type and Content Authentication221 Remote Ipsec Router222 Negotiation ModeVPN Example Mismatching ID Type and Content 223 15.6.6 VPN, NAT, and NAT Traversal224 IPSec ProtocolEncapsulation Additional IPSec VPN Topics IPSec SA Proposal and Perfect Forward Secrecy225 SA Life TimePrivate DNS Server Encryption and Authentication Algorithms226 Private DNS Server Example 227228 229 Management230 Lanwan Static Route231 232 IP Static Route Screen233 Static Route Setup Screen234 235 Bandwidth ManagementFTP Chat, Email236 General Configuration ScreenMbps 237Management check box 238 Advanced ConfigurationConnected to the WAN port has an upstream speed of 10 Mbps Wlan BandwidthLow 239240 Rule Configuration with the Pre-defined ServiceWlan to WAN To Wlan241 Rule Configuration User Defined Service Rule Configuration242 Monitor ScreenMedia Bandwidth Management Setup Services Predefined Bandwidth Management ServicesService Description Technical ReferencesBandwidth Management Priority with Default Classes Default Bandwidth Management Classes and Priorities244 Class Type PriorityBandwidth Management Priorities Bandwidth Management Priorities245 246 247 Remote ManagementRemote Management Limitations System TimeoutRemote Management and NAT 248WWW Screen Specify to access the NBG-460N using this service249 Remote management250 Telnet ScreenFTP Screen 251 DNS ScreenYou specify to send DNS queries to the NBG-460N 252253 Universal Plug-and-Play UPnPNAT Traversal 254 UPnP Screen255 Using UPnP in Windows XP ExampleNetwork Connections 256257 Internet Connection Properties Advanced Settings258 Web Configurator Easy AccessNetwork Connections My Network Places 259Network Connections My Network Places Properties Example 260261 Maintenance Troubleshooting262 263 SystemSystem General Screen 264 265 Time Setting ScreenSelect User Defined Time Server Address and enter the IP 266267 268 269 LogsView Log Screen Log categories that you selected in the Log Settings270 DisplayTime and date Log Settings271 Messages will not be sent via e-mail Mail Log Settings Mail Server272 Smtp 273Sent via e-mail Log Descriptions System Maintenance Logs274 LOG Message Description275 System Error LogsTCP Reset Logs Access Control Logs276 Firewall Attack Alerts screenPacket Filter Logs 277Icmp Logs 278UPnP packets can pass through the firewall Content Filtering Logs279 Attack Logs 280IPSec Logs 281IKE Logs 282283 284 802.1X Logs 285PKI Logs 286 ACL Setting NotesPacket Direction Description Type Code DescriptionSyslog Logs 287Icmp Notes LOG Display Payload Type 288RFC-2408 Isakmp Payload Types 289 ToolsFirmware Upload Screen 290 Maintenance Tools FirmwareNetwork Temporarily Disconnected Upload Error MessageBackup Configuration Configuration ScreenRestore Configuration Maintenance Restore Configuration293 Configuration Restore Successful294 Back to Factory DefaultsRestart Screen Wake On LAN Indicate either Ready or MAC Address errorGreen 295296 Maintenance Tools Green297 Configuration ModeCategory Link TAB Advanced Configuration Options298 299 Sys Op ModeRouter 300301 Maintenance Sys OP Mode GeneralFirewall or bandwidth management 302303 LanguageLanguage Screen 304 305 TroubleshootingPower, Hardware Connections, and LEDs 306 NBG-460N Access and LoginAdvanced Suggestions 307308 Internet AccessInternet connection is slow or intermittent 309310 Resetting the NBG-460N to Its Factory Defaults311 Wireless Router/AP Troubleshooting312 Advanced FeaturesHardware Features Product Specifications and Wall- Mounting Instructions313 PWR, LAN1-4, WAN, WLAN, WPSSuch as microwave ovens, wireless phones Firmware FeaturesBluetooth enabled devices, and other wireless LANs 314315 Feature Specification Feature Specifications316 Standards SupportedProtocol MBM Media Bandwidth Management Wall-mounting Instructions317 Masonry Plug and M4 Tap Screw 318319 Appendices Index320 321 Disable pop-up BlockersInternet Explorer Pop-up Blockers 322 Enable pop-up Blockers with Exceptions323 Select Settings…to open the Pop-up Blocker Settings screen324 JavaScriptsInternet Options Security 325326 Java PermissionsJava Sun 327Java Sun 328329 Introduction to IP AddressesStructure 330 Subnet MasksSubnet Mask Identifying Network Number 1ST 2ND 3RD 4TH OctetNetwork Size 331Subnet Masks Binary 1ST 2ND 3RD 4TH Decimal Octet332 NotationMaximum Host Numbers Alternative Subnet Mask Notation333 Subnetting334 Example Four SubnetsIP/SUBNET Mask Network Number Last Octet BIT Value 335336 Example Eight SubnetsSubnet Planning 337 Configuring IP Addresses16-bit Network Number Subnet Planning NO. Borrowed Subnet Mask NO. Hosts PER Host Bits SubnetsPrivate IP Addresses 338339 Setting up Your Computer’s IP Address340 Installing ComponentsWindows 95/98/Me 341 Configuring342 Verifying Settings343 Windows 2000/NT/XPWindows XP Control Panel 344Windows XP Local Area Connection Properties 345Windows XP Internet Protocol TCP/IP Properties 346Windows XP Advanced TCP/IP Properties 347348 349 Macintosh OS 8/9Macintosh OS 8/9 TCP/IP 350351 Macintosh OS352 Using the K Desktop Environment KDELinux Red Hat 9.0 KDE Ethernet Device General 353354 Using Configuration FilesRed Hat 9.0 DNS Settings in resolv.conf Red Hat 9.0 Static IP Address Setting in ifconfig-eth0356 Verifying Settings357 Wireless LAN TopologiesAd-hoc Wireless LAN Configuration 358 Basic Service Set359 ChannelRTS/CTS 360Fragmentation Threshold Ieee 802.11g Wireless LANPreamble Type 361362 IeeeIeee 802.11g Data Rate Modulation Mbps363 Types of AuthenticationTypes of Radius Messages EAP-MD5 Message-Digest Algorithm364 EAP-TTLS Tunneled Transport Layer ServiceEAP-TLS Transport Layer Security Peap Protected EAPWPA2 Comparison of EAP Authentication Types365 Encryption366 User Authentication367 27.0.2 WPA2-PSK Application Example27.0.3 WPA2 with Radius Application Example Authentication Encryptio Enter METHOD/ KEY Wireless Security Relational MatrixSecurity Parameters Summary 368369 ServicesName Protocol Ports Description Examples of Services370 371 372 Certifications Copyright373 DisclaimerFCC Radiation Exposure Statement 374Viewing Certifications ZyXEL Limited Warranty375 Registration 376377 IndexClasses and priorities CTS Clear to SendEncapsulating Security Payload. See ESP 378Essid IKE SA 379Ethernet PPPoE. see also PPP over Ethernet Language Link type 40Mbssid 380MAC Radius QoS QoS priorities Quality of Service QoS381 382 Wireless security 98 overviewXbox Live ZyNOS 39 383384