Manuals / Brands / Computer Equipment / Network Router / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications ZyAIR B-500 6.5Introduction to WPA, 6.5.1 User Authentication, Table 6-3Wireless: Static WEP

1 209

Download 209 pages, 5.42 Mb

		ZyAIR B-500 Wireless Access Point User’s Guide
		Table 6-3 Wireless: Static WEP

	LABEL	DESCRIPTION

	Security	Select Static WEP from the drop-down list.

	WEP	Select 64-bit WEP or 128-bit WEP to enable data encryption.
	Encryption
	Authentication	Select Auto, Open System or Shared Key from the drop-down list box.
	Method	If WEP encryption is activated, the default setting is Auto.

	ASCII	Select this option to enter ASCII characters as the WEP keys.

	Hex	Select this option to enter hexadecimal characters as the WEP keys.
		The preceding “0x” is entered automatically.

	Key 1 to	The WEP keys are used to encrypt data. Both the ZyAIR and the wireless stations must
	Key 4	use the same WEP key for data transmission.
	Key 4	If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal

		characters ("0-9", "A-F").
		If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters
		("0-9", "A-F").
		You must configure all four keys, but only one key can be used at any one time. The
		default key is key 1.
	Apply	Click Apply to save your changes back to the ZyAIR.

	Reset	Click Reset to begin configuring this screen afresh.

6.5Introduction to WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption.

6.5.1 User Authentication

WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. You can’t use the ZyAIR’s Local User Database for WPA authentication purposes since the Local User Database uses EAP-MD5 which cannot be used to generate keys. See later in this chapter and the appendices for more information on IEEE 802.1x, RADIUS and EAP.

Therefore, if you don’t have an external RADIUS server you should use WPA-PSK (WPA -Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a client will be granted access to a WLAN.

Wireless Security

6-7

Contents

User's Guide Copyright Federal Communications Commission (FCC) Interference Statement ZyXEL Limited Warranty Customer Support Page Table of Contents LOGS Chapter 9 Maintenance Chapter 10 Introducing the SMT Chapter 11 General Setup Chapter 12 LAN Setup Chapter 13 Dial-inUser Setup Chapter 14 SNMP Configuration Chapter 17 Firmware and Configuration File Maintenance A-1 B-1 C-1 Appendix D Wireless LAN and IEEE 802.11 List of Figures Page Page Page List of Tables Page Preface Control Panels Modem User Guide Feedback Part I: OVERVIEW Page Getting to Know Your ZyAIR 1.1Introducing the ZyAIR Wireless Access Point 1.2ZyAIR Features 10/100M Auto-negotiatingEthernet/Fast Ethernet Interface 10/100M Auto-crossoverEthernet/Fast Ethernet Interface 802.11b Wireless LAN Standard Output Power Management Limit the number of Client Connections SSL Passthrough Wireless LAN MAC Address Filtering WEP Encryption Wi-FiProtected Access IEEE 802.1x Network Security SNMP Full Network Management 1.3Applications for the ZyAIR 1.3.1 Internet Access Application 1.3.2 Corporation Network Application Figure 1-2Corporation Network Application Page Introducing the Web Configurator 2.1Accessing the ZyAIR Web Configurator 2.2Resetting the ZyAIR 2.2.1 Method of Restoring Factory-Defaults 2.3Navigating the ZyAIR Web Configurator Page Wizard Setup 3.1Wizard Setup Overview 3.1.1 Channel 3.1.2 ESS ID 3.1.3 WEP Encryption 3.2Wizard Setup: General Setup 3.3Wizard Setup: Wireless LAN 3.4Wizard Setup: Screen Basic Security Table 3-3Wizard 2 : Wireless LAN Setup Extend Security 3.5Wizard Setup: IP Address 3.5.1 IP Address Assignment 3.5.2 IP Address and Subnet Mask Figure 3-3Wizard 3 : IP Address Assignment Table 3-6Wizard 3 : IP Address Assignment You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again If you change the ZyAIR's IP address, you must use the 3.6Basic Setup Complete Page Part II: SYSTEM, WIRELESS AND IP Page System Screens 4.1System Overview 4.2Configuring General Setup 4.3Configuring Password 4.4Configuring Time Setting Figure 4-3Time Setting Table 4-3Time Setting Page Page Wireless Configuration and Roaming 5.1Wireless LAN Overview 5.1.1 IBSS 5.1.2 BSS 5.1.3 ESS 5.2Wireless LAN Basics 5.2.1 RTS/CTS 5.2.2 Fragmentation Threshold 5.3Preamble Type 5.4Configuring Wireless Figure 5-5Wireless Table 5-1Wireless If you are configuring the ZyAIR from a computer connected to the wireless LAN and you change the ZyAIR’s ESSID or WEP settings, you will lose your wireless connection when you Page 5.5Configuring Roaming 5.5.1 Requirements for Roaming Roaming Figure 5-7Roaming Table 5-2Roaming All APs on the same subnet and the wireless stations must have the Wireless Security 6.1Wireless Security Overview Figure 6-2Wireless Table 6-1Wireless 6.2Security Parameters Summary 6.3WEP Overview 6.3.1 Data Encryption 6.3.2 Authentication 6.4Configuring WEP Encryption Figure 6-4Wireless: Static WEP 6.5Introduction to WPA 6.5.1 User Authentication 6.5.2 Encryption 6.6WPA-PSKApplication Example 6.7Configuring WPA-PSKAuthentication Figure 6-6Wireless: WPA-PSK Table 6-4Wireless: WPA-PSK 6.8Wireless Client WPA Supplicants 6.9WPA with RADIUS Application Example 6.10 Configuring WPA Authentication Figure 6-8Wireless: WPA Table 6-5Wireless: WPA 6.11 802.1x Overview 6.12 Dynamic WEP Key Exchange 6.13 Configuring 802.1x and Dynamic WEP Key Exchange 6.14 Configuring 802.1x and Static WEP Key Exchange Figure 6-10Wireless: 802.1x + Static WEP Table 6-7Wireless: 802.1x + Static WEP 6.15 Configuring Figure 6-11Wireless: 802.1x + No WEP Table 6-8Wireless: 802.1x + No WEP Page 6.16 MAC Filter Figure 6-12MAC Address Filter 6.17 Introduction to RADIUS •Authentication •Accounting Types of RADIUS Messages •Access-Request 6.17.1 EAP Authentication Overview 6.18 Introduction to Local User Database 6.19 Configuring Local User Database Figure 6-14Local User Database 6.20 Configuring RADIUS Figure 6-15RADIUS Table 6-11RADIUS Page IP Screen 7.1Factory Ethernet Defaults 7.2TCP/IP Parameters 7.2.1 IP Address and Subnet Mask 7.3Configuring IP Table 7-1IP Setup Part III: LOGS Page Logs Screens 8.1Configuring View Log 8.2Configuring Log Settings Figure 8-2Log Settings Table 8-2Log Settings Page Page Part IV: MAINTENANCE Page Maintenance 9.1Maintenance Overview 9.2System Status Screen 9.2.1 System Statistics 9.3Association List 9.4Channel Usage Figure 9-4Channel Usage Table 9-4Channel Usage 9.5F/W Upload Screen Table 9-5Firmware Upload Do not turn off the ZyAIR while firmware upload is in progress Firmware Upload in Process Figure 9-6Firmware Upload In Process Figure 9-7Network Temporarily Disconnected 9.6Configuration Screen 9.6.1 Backup Configuration 9.6.2 Restore Configuration 9.6.3 Back to Factory Defaults 9.7Restart Screen Part V: SMT CONFIGURATION Page Introducing the SMT 10.1 Connect to your ZyAIR Using Telnet 10.2 Changing the System Password 10.3 ZyAIR SMT Menu Overview Example Figure 10-3ZyAIR B-500SMT Menu Overview Example 10.4 Navigating the SMT Interface 10.4.1 System Management Terminal Interface Summary Page General Setup 11.1 General Setup 11.1.1 Procedure To Configure Menu Table 11-1Menu 1 General Setup LAN Setup 12.1 LAN Setup 12.2 TCP/IP Ethernet Setup 12.3 Wireless LAN Setup Figure 12-3Menu 3.5 Wireless LAN Setup Table 12-2Menu 3.5 Wireless LAN Setup Page 12.3.1 Configuring MAC Address Filter Figure 12-5Menu 3.5.1 WLAN MAC Address Filter Table 12-3Menu 3.5.1 WLAN MAC Address Filter 12.3.2 Configuring Roaming Table 12-4Menu 3.5.2 Roaming Configuration Dial-inUser Setup 13.1 Dial-inUser Setup Table 13-1Menu 14.1- Edit Dial-inUser SNMP Configuration 14.1 About SNMP 14.2 Supported MIBs 14.3 SNMP Configuration 14.4 SNMP Traps Table 14-2SNMP Traps System Security 15.1 System Security 15.1.1 System Password 15.1.2 Configuring External RADIUS Server Figure 15-3Menu 23.2 System Security : RADIUS Server Table 15-1Menu 23.2 System Security : RADIUS Server 15.1.3 IEEE Figure 15-5Menu 23.4 System Security : IEEE802.1x Table 15-2Menu 23.4 System Security : IEEE802.1x Page Page System Information and Diagnosis 16.1 Overview 16.2 System Status Figure 16-2Menu 24.1 System Maintenance : Status Table 16-1Menu 24.1 System Maintenance : Status 16.3 System Information 16.3.1 System Information 16.3.2 Console Port Speed 16.4 Log and Trace 16.4.1 Viewing Error Log 16.5 Diagnostic Figure 16-8Menu 24.4 System Maintenance : Diagnostic Diagnostic Table 16-3Menu 24.4 System Maintenance Menu : Diagnostic Firmware and Configuration File Maintenance 17.1 Filename Conventions 17.2 Backup Configuration 17.2.1 Backup Configuration Using FTP 17.2.2 Using the FTP command from the DOS Prompt 17.2.3 Backup Configuration Using TFTP 17.2.4 Example: TFTP Command 17.3 Restore Configuration 17.4 Uploading Firmware and Configuration Files 17.4.1 Firmware Upload 17.4.2 Configuration File Upload 17.4.3 Using the FTP command from the DOS Prompt Example 17.4.4 TFTP File Upload 17.4.5 Example: TFTP Command System Maintenance and Information 18.1 Command Interpreter Mode 18.2 Time and Date Setting 18.2.1 Resetting the Time Page Part VI: APPENDICES Page Troubleshooting Problems Starting Up the ZyAIR Problems with the Ethernet Interface Problems with the Password Problems with Telnet Problems with the WLAN Interface Page Brute-ForcePassword Guessing Protection Page Setting up Your Computer’s IP Address Windows 95/98/Me Properties Page Windows 2000/NT/XP Page Page Page Macintosh OS 8/9 Page Macintosh OS Page Page Wireless LAN and IEEE Benefits of a Wireless LAN IEEE Ad-hocWireless LAN Configuration Infrastructure Wireless LAN Configuration Diagram D-2ESS Provides Campus-WideCoverage Page Wireless LAN With IEEE Security Flaws with IEEE Deployment Issues with IEEE Advantages of the IEEE Diagram E-1Sequences for EAP MD5–ChallengeAuthentication Types of EAP Authentication EAP-MD5 (Message-DigestAlgorithm 5) EAP-TLS(Transport Layer Security) EAP-TTLS(Tunneled Transport Layer Service) PEAP (Protected EAP) LEAP IP Subnetting IP Addressing IP Classes Subnet Masks Subnetting Example: Two Subnets Page Example: Four Subnets Example Eight Subnets Subnetting With Class A and Class B Networks Page Command Interpreter Command Syntax Command Usage Page Log Descriptions Chart I-2ICMP Notes Log Commands Log Command Example Page Page Index Page Console Port Speed Log and Trace