ZyWALL 5/35/70 Series User’s Guide

Sent by the RADIUS server to indicate that it has started or stopped accounting.

In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access.

9.9.2 EAP Authentication Overview

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, the access point helps a wireless station and a RADIUS server perform authentication.

The type of authentication you use depends on the RADIUS server or the AP.

Your ZyWALL supports EAP-MD5 (Message-Digest Algorithm 5) with the local user database.

The following figure shows an overview of authentication when you specify a RADIUS server on your access point.

Figure 77 EAP Authentication

The details below provide a general description of how IEEE 802.1x EAP authentication works.

The wireless station sends a start message to the ZyWALL.

The ZyWALL sends a request identity message to the wireless station for identity information.

The wireless station replies with identity information, including user name and password.

The RADIUS server checks the user information against its user profile database and determines whether or not to authenticate the wireless station.

9.10Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed.

Chapter 9 Wireless LAN

182