Manuals / Brands / Computer Equipment / Network Router / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications ZyAIR B-500 6.17.1 EAP Authentication Overview, •Access-Accept, •Access-Challenge, •Accounting-Request, •Accounting-Response

1 209

Download 209 pages, 5.42 Mb

ZyAIR B-500 Wireless Access Point User’s Guide

•Access-Accept

Sent by a RADIUS server allowing access.

•Access-Challenge

Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message.

The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting:

•Accounting-Request

Sent by the access point requesting accounting.

•Accounting-Response

Sent by the RADIUS server to indicate that it has started or stopped accounting.

In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the wired network from unauthorized access.

6.17.1 EAP Authentication Overview

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, the access point helps a wireless station and a RADIUS server perform authentication.

The type of authentication you use depends on the RADIUS server or the AP. The ZyAIR supports EAP- TLS, EAP-TTLS and DEAP with RADIUS. Refer to the Types of EAP Authentication appendix for descriptions on the four common types.

Your ZyAIR supports EAP-MD5 (Message-Digest Algorithm 5) with the local user database and RADIUS.

The following figure shows an overview of authentication when you specify a RADIUS server on your access point.

Figure 6-13 EAP Authentication

Wireless Security

6-25

Contents

User's Guide Copyright Federal Communications Commission (FCC) Interference Statement ZyXEL Limited Warranty Customer Support Page Table of Contents LOGS Chapter 9 Maintenance Chapter 10 Introducing the SMT Chapter 11 General Setup Chapter 12 LAN Setup Chapter 13 Dial-inUser Setup Chapter 14 SNMP Configuration Chapter 17 Firmware and Configuration File Maintenance A-1 B-1 C-1 Appendix D Wireless LAN and IEEE 802.11 List of Figures Page Page Page List of Tables Page Preface Control Panels Modem User Guide Feedback Part I: OVERVIEW Page Getting to Know Your ZyAIR 1.1Introducing the ZyAIR Wireless Access Point 1.2ZyAIR Features 10/100M Auto-negotiatingEthernet/Fast Ethernet Interface 10/100M Auto-crossoverEthernet/Fast Ethernet Interface 802.11b Wireless LAN Standard Output Power Management Limit the number of Client Connections SSL Passthrough Wireless LAN MAC Address Filtering WEP Encryption Wi-FiProtected Access IEEE 802.1x Network Security SNMP Full Network Management 1.3Applications for the ZyAIR 1.3.1 Internet Access Application 1.3.2 Corporation Network Application Figure 1-2Corporation Network Application Page Introducing the Web Configurator 2.1Accessing the ZyAIR Web Configurator 2.2Resetting the ZyAIR 2.2.1 Method of Restoring Factory-Defaults 2.3Navigating the ZyAIR Web Configurator Page Wizard Setup 3.1Wizard Setup Overview 3.1.1 Channel 3.1.2 ESS ID 3.1.3 WEP Encryption 3.2Wizard Setup: General Setup 3.3Wizard Setup: Wireless LAN 3.4Wizard Setup: Screen Basic Security Table 3-3Wizard 2 : Wireless LAN Setup Extend Security 3.5Wizard Setup: IP Address 3.5.1 IP Address Assignment 3.5.2 IP Address and Subnet Mask Figure 3-3Wizard 3 : IP Address Assignment Table 3-6Wizard 3 : IP Address Assignment You must know the IP address assigned to the ZyAIR (by the DHCP server) to access the ZyAIR again If you change the ZyAIR's IP address, you must use the 3.6Basic Setup Complete Page Part II: SYSTEM, WIRELESS AND IP Page System Screens 4.1System Overview 4.2Configuring General Setup 4.3Configuring Password 4.4Configuring Time Setting Figure 4-3Time Setting Table 4-3Time Setting Page Page Wireless Configuration and Roaming 5.1Wireless LAN Overview 5.1.1 IBSS 5.1.2 BSS 5.1.3 ESS 5.2Wireless LAN Basics 5.2.1 RTS/CTS 5.2.2 Fragmentation Threshold 5.3Preamble Type 5.4Configuring Wireless Figure 5-5Wireless Table 5-1Wireless If you are configuring the ZyAIR from a computer connected to the wireless LAN and you change the ZyAIR’s ESSID or WEP settings, you will lose your wireless connection when you Page 5.5Configuring Roaming 5.5.1 Requirements for Roaming Roaming Figure 5-7Roaming Table 5-2Roaming All APs on the same subnet and the wireless stations must have the Wireless Security 6.1Wireless Security Overview Figure 6-2Wireless Table 6-1Wireless 6.2Security Parameters Summary 6.3WEP Overview 6.3.1 Data Encryption 6.3.2 Authentication 6.4Configuring WEP Encryption Figure 6-4Wireless: Static WEP 6.5Introduction to WPA 6.5.1 User Authentication 6.5.2 Encryption 6.6WPA-PSKApplication Example 6.7Configuring WPA-PSKAuthentication Figure 6-6Wireless: WPA-PSK Table 6-4Wireless: WPA-PSK 6.8Wireless Client WPA Supplicants 6.9WPA with RADIUS Application Example 6.10 Configuring WPA Authentication Figure 6-8Wireless: WPA Table 6-5Wireless: WPA 6.11 802.1x Overview 6.12 Dynamic WEP Key Exchange 6.13 Configuring 802.1x and Dynamic WEP Key Exchange 6.14 Configuring 802.1x and Static WEP Key Exchange Figure 6-10Wireless: 802.1x + Static WEP Table 6-7Wireless: 802.1x + Static WEP 6.15 Configuring Figure 6-11Wireless: 802.1x + No WEP Table 6-8Wireless: 802.1x + No WEP Page 6.16 MAC Filter Figure 6-12MAC Address Filter 6.17 Introduction to RADIUS •Authentication •Accounting Types of RADIUS Messages •Access-Request 6.17.1 EAP Authentication Overview 6.18 Introduction to Local User Database 6.19 Configuring Local User Database Figure 6-14Local User Database 6.20 Configuring RADIUS Figure 6-15RADIUS Table 6-11RADIUS Page IP Screen 7.1Factory Ethernet Defaults 7.2TCP/IP Parameters 7.2.1 IP Address and Subnet Mask 7.3Configuring IP Table 7-1IP Setup Part III: LOGS Page Logs Screens 8.1Configuring View Log 8.2Configuring Log Settings Figure 8-2Log Settings Table 8-2Log Settings Page Page Part IV: MAINTENANCE Page Maintenance 9.1Maintenance Overview 9.2System Status Screen 9.2.1 System Statistics 9.3Association List 9.4Channel Usage Figure 9-4Channel Usage Table 9-4Channel Usage 9.5F/W Upload Screen Table 9-5Firmware Upload Do not turn off the ZyAIR while firmware upload is in progress Firmware Upload in Process Figure 9-6Firmware Upload In Process Figure 9-7Network Temporarily Disconnected 9.6Configuration Screen 9.6.1 Backup Configuration 9.6.2 Restore Configuration 9.6.3 Back to Factory Defaults 9.7Restart Screen Part V: SMT CONFIGURATION Page Introducing the SMT 10.1 Connect to your ZyAIR Using Telnet 10.2 Changing the System Password 10.3 ZyAIR SMT Menu Overview Example Figure 10-3ZyAIR B-500SMT Menu Overview Example 10.4 Navigating the SMT Interface 10.4.1 System Management Terminal Interface Summary Page General Setup 11.1 General Setup 11.1.1 Procedure To Configure Menu Table 11-1Menu 1 General Setup LAN Setup 12.1 LAN Setup 12.2 TCP/IP Ethernet Setup 12.3 Wireless LAN Setup Figure 12-3Menu 3.5 Wireless LAN Setup Table 12-2Menu 3.5 Wireless LAN Setup Page 12.3.1 Configuring MAC Address Filter Figure 12-5Menu 3.5.1 WLAN MAC Address Filter Table 12-3Menu 3.5.1 WLAN MAC Address Filter 12.3.2 Configuring Roaming Table 12-4Menu 3.5.2 Roaming Configuration Dial-inUser Setup 13.1 Dial-inUser Setup Table 13-1Menu 14.1- Edit Dial-inUser SNMP Configuration 14.1 About SNMP 14.2 Supported MIBs 14.3 SNMP Configuration 14.4 SNMP Traps Table 14-2SNMP Traps System Security 15.1 System Security 15.1.1 System Password 15.1.2 Configuring External RADIUS Server Figure 15-3Menu 23.2 System Security : RADIUS Server Table 15-1Menu 23.2 System Security : RADIUS Server 15.1.3 IEEE Figure 15-5Menu 23.4 System Security : IEEE802.1x Table 15-2Menu 23.4 System Security : IEEE802.1x Page Page System Information and Diagnosis 16.1 Overview 16.2 System Status Figure 16-2Menu 24.1 System Maintenance : Status Table 16-1Menu 24.1 System Maintenance : Status 16.3 System Information 16.3.1 System Information 16.3.2 Console Port Speed 16.4 Log and Trace 16.4.1 Viewing Error Log 16.5 Diagnostic Figure 16-8Menu 24.4 System Maintenance : Diagnostic Diagnostic Table 16-3Menu 24.4 System Maintenance Menu : Diagnostic Firmware and Configuration File Maintenance 17.1 Filename Conventions 17.2 Backup Configuration 17.2.1 Backup Configuration Using FTP 17.2.2 Using the FTP command from the DOS Prompt 17.2.3 Backup Configuration Using TFTP 17.2.4 Example: TFTP Command 17.3 Restore Configuration 17.4 Uploading Firmware and Configuration Files 17.4.1 Firmware Upload 17.4.2 Configuration File Upload 17.4.3 Using the FTP command from the DOS Prompt Example 17.4.4 TFTP File Upload 17.4.5 Example: TFTP Command System Maintenance and Information 18.1 Command Interpreter Mode 18.2 Time and Date Setting 18.2.1 Resetting the Time Page Part VI: APPENDICES Page Troubleshooting Problems Starting Up the ZyAIR Problems with the Ethernet Interface Problems with the Password Problems with Telnet Problems with the WLAN Interface Page Brute-ForcePassword Guessing Protection Page Setting up Your Computer’s IP Address Windows 95/98/Me Properties Page Windows 2000/NT/XP Page Page Page Macintosh OS 8/9 Page Macintosh OS Page Page Wireless LAN and IEEE Benefits of a Wireless LAN IEEE Ad-hocWireless LAN Configuration Infrastructure Wireless LAN Configuration Diagram D-2ESS Provides Campus-WideCoverage Page Wireless LAN With IEEE Security Flaws with IEEE Deployment Issues with IEEE Advantages of the IEEE Diagram E-1Sequences for EAP MD5–ChallengeAuthentication Types of EAP Authentication EAP-MD5 (Message-DigestAlgorithm 5) EAP-TLS(Transport Layer Security) EAP-TTLS(Tunneled Transport Layer Service) PEAP (Protected EAP) LEAP IP Subnetting IP Addressing IP Classes Subnet Masks Subnetting Example: Two Subnets Page Example: Four Subnets Example Eight Subnets Subnetting With Class A and Class B Networks Page Command Interpreter Command Syntax Command Usage Page Log Descriptions Chart I-2ICMP Notes Log Commands Log Command Example Page Page Index Page Console Port Speed Log and Trace