Manuals / Brands / Computer Equipment / Network Router / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications ZyAIR B-500 6.3.2 Authentication, Auto, Shared Key, Open System, Figure 6-3WEP Authentication Steps

1 209

Download 209 pages, 5.42 Mb

ZyAIR B-500 Wireless Access Point User’s Guide

6.3.2 Authentication

Three different methods can be used to authenticate wireless stations to the network: Open System, Shared Key, and Auto. The following figure illustrates the steps involved.

Figure 6-3 WEP Authentication Steps

Open system authentication involves an unencrypted two-message procedure. A wireless station sends an open system authentication request to the AP, which will then automatically accept and connect the wireless station to the network. In effect, open system is not authentication at all as any station can gain access to the network.

Shared key authentication involves a four-message procedure. A wireless station sends a shared key authentication request to the AP, which will then reply with a challenge text message. The wireless station must then use the AP’s default WEP key to encrypt the challenge text and return it to the AP, which attempts to decrypt the message using the AP’s default WEP key. If the decrypted message matches the challenge text, the wireless station is authenticated. This requires you to enable the WEP encryption and specify a WEP key on both the wireless station and the AP.

6-4	Wireless Security

Contents

User's Guide Copyright Federal Communications Commission (FCC) Interference Statement ZyXEL Limited Warranty Customer Support Page Table of Contents LOGS Chapter 9 Maintenance Chapter 10 Introducing the SMT Chapter 11 General Setup Chapter 12 LAN Setup Chapter 13 Dial-inUser Setup Chapter 14 SNMP Configuration Chapter 17 Firmware and Configuration File Maintenance A-1 B-1 C-1 Appendix D Wireless LAN and IEEE 802.11 List of Figures Page Page Page List of Tables Page Preface Control Panels Modem User Guide Feedback Part I: OVERVIEW Page Getting to Know Your ZyAIR 1.1Introducing the ZyAIR Wireless Access Point 1.2ZyAIR Features 10/100M Auto-negotiatingEthernet/Fast Ethernet Interface 10/100M Auto-crossoverEthernet/Fast Ethernet Interface 802.11b Wireless LAN Standard Output Power Management Limit the number of Client Connections SSL Passthrough Wireless LAN MAC Address Filtering WEP Encryption Wi-FiProtected Access IEEE 802.1x Network Security SNMP Full Network Management 1.3Applications for the ZyAIR 1.3.1 Internet Access Application 1.3.2 Corporation Network Application Figure 1-2Corporation Network Application Page Introducing the Web Configurator 2.1Accessing the ZyAIR Web Configurator 2.2Resetting the ZyAIR 2.2.1 Method of Restoring Factory-Defaults 2.3Navigating the ZyAIR Web Configurator Page Wizard Setup 3.1Wizard Setup Overview 3.1.1 Channel 3.1.2 ESS ID 3.1.3 WEP Encryption 3.2Wizard Setup: General Setup 3.3Wizard Setup: Wireless LAN 3.4Wizard Setup: Screen Basic Security Table 3-3Wizard 2 : Wireless LAN Setup Extend Security 3.5Wizard Setup: IP Address 3.5.1 IP Address Assignment 3.5.2 IP Address and Subnet Mask Figure 3-3Wizard 3 : IP Address Assignment Table 3-6Wizard 3 : IP Address Assignment You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again If you change the ZyAIR's IP address, you must use the 3.6Basic Setup Complete Page Part II: SYSTEM, WIRELESS AND IP Page System Screens 4.1System Overview 4.2Configuring General Setup 4.3Configuring Password 4.4Configuring Time Setting Figure 4-3Time Setting Table 4-3Time Setting Page Page Wireless Configuration and Roaming 5.1Wireless LAN Overview 5.1.1 IBSS 5.1.2 BSS 5.1.3 ESS 5.2Wireless LAN Basics 5.2.1 RTS/CTS 5.2.2 Fragmentation Threshold 5.3Preamble Type 5.4Configuring Wireless Figure 5-5Wireless Table 5-1Wireless If you are configuring the ZyAIR from a computer connected to the wireless LAN and you change the ZyAIR’s ESSID or WEP settings, you will lose your wireless connection when you Page 5.5Configuring Roaming 5.5.1 Requirements for Roaming Roaming Figure 5-7Roaming Table 5-2Roaming All APs on the same subnet and the wireless stations must have the Wireless Security 6.1Wireless Security Overview Figure 6-2Wireless Table 6-1Wireless 6.2Security Parameters Summary 6.3WEP Overview 6.3.1 Data Encryption 6.3.2 Authentication 6.4Configuring WEP Encryption Figure 6-4Wireless: Static WEP 6.5Introduction to WPA 6.5.1 User Authentication 6.5.2 Encryption 6.6WPA-PSKApplication Example 6.7Configuring WPA-PSKAuthentication Figure 6-6Wireless: WPA-PSK Table 6-4Wireless: WPA-PSK 6.8Wireless Client WPA Supplicants 6.9WPA with RADIUS Application Example 6.10 Configuring WPA Authentication Figure 6-8Wireless: WPA Table 6-5Wireless: WPA 6.11 802.1x Overview 6.12 Dynamic WEP Key Exchange 6.13 Configuring 802.1x and Dynamic WEP Key Exchange 6.14 Configuring 802.1x and Static WEP Key Exchange Figure 6-10Wireless: 802.1x + Static WEP Table 6-7Wireless: 802.1x + Static WEP 6.15 Configuring Figure 6-11Wireless: 802.1x + No WEP Table 6-8Wireless: 802.1x + No WEP Page 6.16 MAC Filter Figure 6-12MAC Address Filter 6.17 Introduction to RADIUS •Authentication •Accounting Types of RADIUS Messages •Access-Request 6.17.1 EAP Authentication Overview 6.18 Introduction to Local User Database 6.19 Configuring Local User Database Figure 6-14Local User Database 6.20 Configuring RADIUS Figure 6-15RADIUS Table 6-11RADIUS Page IP Screen 7.1Factory Ethernet Defaults 7.2TCP/IP Parameters 7.2.1 IP Address and Subnet Mask 7.3Configuring IP Table 7-1IP Setup Part III: LOGS Page Logs Screens 8.1Configuring View Log 8.2Configuring Log Settings Figure 8-2Log Settings Table 8-2Log Settings Page Page Part IV: MAINTENANCE Page Maintenance 9.1Maintenance Overview 9.2System Status Screen 9.2.1 System Statistics 9.3Association List 9.4Channel Usage Figure 9-4Channel Usage Table 9-4Channel Usage 9.5F/W Upload Screen Table 9-5Firmware Upload Do not turn off the ZyAIR while firmware upload is in progress Firmware Upload in Process Figure 9-6Firmware Upload In Process Figure 9-7Network Temporarily Disconnected 9.6Configuration Screen 9.6.1 Backup Configuration 9.6.2 Restore Configuration 9.6.3 Back to Factory Defaults 9.7Restart Screen Part V: SMT CONFIGURATION Page Introducing the SMT 10.1 Connect to your ZyAIR Using Telnet 10.2 Changing the System Password 10.3 ZyAIR SMT Menu Overview Example Figure 10-3ZyAIR B-500SMT Menu Overview Example 10.4 Navigating the SMT Interface 10.4.1 System Management Terminal Interface Summary Page General Setup 11.1 General Setup 11.1.1 Procedure To Configure Menu Table 11-1Menu 1 General Setup LAN Setup 12.1 LAN Setup 12.2 TCP/IP Ethernet Setup 12.3 Wireless LAN Setup Figure 12-3Menu 3.5 Wireless LAN Setup Table 12-2Menu 3.5 Wireless LAN Setup Page 12.3.1 Configuring MAC Address Filter Figure 12-5Menu 3.5.1 WLAN MAC Address Filter Table 12-3Menu 3.5.1 WLAN MAC Address Filter 12.3.2 Configuring Roaming Table 12-4Menu 3.5.2 Roaming Configuration Dial-inUser Setup 13.1 Dial-inUser Setup Table 13-1Menu 14.1- Edit Dial-inUser SNMP Configuration 14.1 About SNMP 14.2 Supported MIBs 14.3 SNMP Configuration 14.4 SNMP Traps Table 14-2SNMP Traps System Security 15.1 System Security 15.1.1 System Password 15.1.2 Configuring External RADIUS Server Figure 15-3Menu 23.2 System Security : RADIUS Server Table 15-1Menu 23.2 System Security : RADIUS Server 15.1.3 IEEE Figure 15-5Menu 23.4 System Security : IEEE802.1x Table 15-2Menu 23.4 System Security : IEEE802.1x Page Page System Information and Diagnosis 16.1 Overview 16.2 System Status Figure 16-2Menu 24.1 System Maintenance : Status Table 16-1Menu 24.1 System Maintenance : Status 16.3 System Information 16.3.1 System Information 16.3.2 Console Port Speed 16.4 Log and Trace 16.4.1 Viewing Error Log 16.5 Diagnostic Figure 16-8Menu 24.4 System Maintenance : Diagnostic Diagnostic Table 16-3Menu 24.4 System Maintenance Menu : Diagnostic Firmware and Configuration File Maintenance 17.1 Filename Conventions 17.2 Backup Configuration 17.2.1 Backup Configuration Using FTP 17.2.2 Using the FTP command from the DOS Prompt 17.2.3 Backup Configuration Using TFTP 17.2.4 Example: TFTP Command 17.3 Restore Configuration 17.4 Uploading Firmware and Configuration Files 17.4.1 Firmware Upload 17.4.2 Configuration File Upload 17.4.3 Using the FTP command from the DOS Prompt Example 17.4.4 TFTP File Upload 17.4.5 Example: TFTP Command System Maintenance and Information 18.1 Command Interpreter Mode 18.2 Time and Date Setting 18.2.1 Resetting the Time Page Part VI: APPENDICES Page Troubleshooting Problems Starting Up the ZyAIR Problems with the Ethernet Interface Problems with the Password Problems with Telnet Problems with the WLAN Interface Page Brute-ForcePassword Guessing Protection Page Setting up Your Computer’s IP Address Windows 95/98/Me Properties Page Windows 2000/NT/XP Page Page Page Macintosh OS 8/9 Page Macintosh OS Page Page Wireless LAN and IEEE Benefits of a Wireless LAN IEEE Ad-hocWireless LAN Configuration Infrastructure Wireless LAN Configuration Diagram D-2ESS Provides Campus-WideCoverage Page Wireless LAN With IEEE Security Flaws with IEEE Deployment Issues with IEEE Advantages of the IEEE Diagram E-1Sequences for EAP MD5–ChallengeAuthentication Types of EAP Authentication EAP-MD5 (Message-DigestAlgorithm 5) EAP-TLS(Transport Layer Security) EAP-TTLS(Tunneled Transport Layer Service) PEAP (Protected EAP) LEAP IP Subnetting IP Addressing IP Classes Subnet Masks Subnetting Example: Two Subnets Page Example: Four Subnets Example Eight Subnets Subnetting With Class A and Class B Networks Page Command Interpreter Command Syntax Command Usage Page Log Descriptions Chart I-2ICMP Notes Log Commands Log Command Example Page Page Index Page Console Port Speed Log and Trace