Manuals / Brands / Computer Equipment / Network Router / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications ZyXEL G-1000 v2 Types of EAP Authentication, AP P E N D I X J

1 198

Download 198 pages, 5.89 Mb

ZyXEL G-1000 v2 User’s Guide

AP P E N D I X J

Types of EAP Authentication

This appendix discusses popular EAP authentication types.

The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information.

EAP-MD5 (Message-Digest Algorithm 5)

MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless station. The wireless station ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text.

However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key. You must configure WEP encryption keys for data encryption.

EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead.

EAP-TTLS (Tunneled Transport Layer Service)

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.

185

Contents

Page Page Copyright Disclaimer Trademarks Interference Statements and Certifications Federal Communications Commission (FCC) Interference Statement FCC Caution IMPORTANT NOTE: FCC Radiation Exposure Statement Certifications Safety Warnings ZyXEL Limited Warranty Note Customer Support Page Page Table of Contents Wizard Setup Wireless LAN Remote Management Configuration System Page Firmware and Configuration File Maintenance System Maintenance and Information Troubleshooting Appendix A Product Specifications Page Page List of Figures Page Page Page List of Tables Page Page Page Preface About This User's Guide Related Documentation User Guide Feedback Syntax Conventions Graphics Icons Key Getting to Know Your Device 10/100M Auto-negotiatingEthernet/Fast Ethernet Interface 10/100M Auto-crossoverEthernet/Fast Ethernet Interface Reset Button ZyAIR LED WPA and WPA2 IEEE 802.11b Wireless LAN Standard IEEE 802.11g Wireless LAN Standard STP (Spanning Tree Protocol) / RSTP (Rapid STP) Limit the number of Client Connections SSL Passthrough Brute-ForcePassword Guessing Protection Wireless LAN MAC Address Filtering SNMP Full Network Management Logging and Tracing Diagnostics Capabilities Embedded FTP and TFTP Servers 1.3.1 Internet Access Application 1.3.2 Corporation Network Application Page Introducing the Web Configurator RESET 2.3.1 .Procedure To Use The Reset Button SYS 2.4.1 Navigation Panel 2.4.2 Status Screen Page 2.4.3 Status: Packet Statistics (Details...) Summary 2.4.4 Status: WLAN Association List Page Wizard Setup 3.3.1 Name (SSID), Channel ID and Security 3.3.2 Configuring WEP or WPA(2) PSK Security Basic (WEP) Page Page 3.3.3 IP Address Assignment 3.3.4 Apply Settings http://zyxelXXXX Finish Page Wireless LAN 4.2.1 SSID 4.2.2 MAC Address Filter 4.2.3 User Authentication 4.2.4 Encryption IEEE IEEE 802.1x + Static WEP IEEE 802.1x + Dynamic WEP WPA WPA compatible Note: Apply Click Network > Wireless LAN to open the General screen 4.4.1 No Security No Security 4.4.2 WEP Encryption 4.4.3 WEP Encryption Screen Network > Wireless LAN 4.4.4 WPA(2)-PSK Page 4.4.5 WPA(2) Authentication Screen Wireless LAN Network Wireless WPA Page Allow Deny MAC Filter Network > Wireless LAN > Advanced Page IP and DNS Screens Network > IP > Advanced Page Page Remote Management Configuration 6.1.2System Timeout Advanced > Remote MGMT WWW Telnet FTP Page 6.6.1Supported MIBs 6.6.2 SNMP Traps 6.6.3 Configuring SNMP SNMP Page System Page Maintenance > System > Time Setting Page Page Page Logs Table 32 View Log Access Control Page Page Page Page Tools Firmware Upload in Progress Return 9.2.1 Backup Configuration Backup 9.2.2 Restore Configuration 9.2.3 Back to Factory Defaults Reset Restart Page Introducing the SMT New Password Retype to confirm Page Figure 45 G-1000v2 SMT Main Menu General Setup Page LAN Setup Menu 3.5 – Wireless LAN Setup Page 12.3.1 Configuring MAC Address Filter 2Enter 5 to display Menu 3.5 – Wireless LAN Setup Figure 50 Menu 3.5 Wireless LAN Setup Edit MAC Address Filter [ENTER]. Menu 3.5.1 – WLAN MAC Address Filter displays as shown next Figure 51 Menu 3.5.1 WLAN MAC Address Filter 12.3.2 Configuring Roaming Figure 52 Menu 3.5 Wireless LAN Setup Edit Roaming Configuration [ENTER] Menu 3.5.2 – Roaming Configuration SNMP Configuration Page System Security Page Menu23 – System Security Figure 58 Menu 23 System Security 2Enter 4 to display Menu 23.4 – System Security – IEEE802.1x Page Page Page System Information and Diagnosis Menu 24.1 – System Maintenance – Status Figure 61 Menu 24.1 System Maintenance: Status 1Enter 24 to display Menu 24 – System Maintenance 2Enter 2 to display Menu 24.2 – System Information and Console Port Speed Figure 62 Menu 24.2 System Information and Console Port Speed 15.2.1 System Information Figure 63 Menu 24.2.1 System Information: Information 15.2.2 Console Port Speed Menu 24.2.2 – System Maintenance – Console Port Speed Figure 64 Menu 24.2.2 System Maintenance: Change Console Port Speed 2Enter 3 to display Menu 24.3 – Log and Trace 15.3.1 Syslog Logging Menu 24.4 – System Maintenance – Diagnostic Firmware and Configuration File Maintenance ZyNOS F/W Version Menu 24.2.1 – System Maintenance – Information 16.2.1 Backup Configuration Using FTP Figure 68 Menu 24.5 Backup Configuration 16.2.2 Using the FTP command from the DOS Prompt Figure 69 FTP Session Example 16.2.3 Backup Configuration Using TFTP 16.2.4 Example: TFTP Command 16.2.5 Backup Via Console Port Figure 70 System Maintenance: Backup Configuration Figure 71 System Maintenance: Starting Xmodem Download Screen Transfer Receive File Browse Xmodem Receive System Maintenance and Information Menu 24.10 – System Maintenance – Time and Date Setting Figure 76 Menu 24.10 System Maintenance: Time and Date Setting 17.3.1 Telnet Figure 77 Telnet Configuration on a TCP/IP Network 17.3.2 FTP 17.3.3 Web 17.3.4 Remote Management Setup WAN only LAN only All Disable 17.3.5 Remote Management Limitations Page Troubleshooting Page Product Specifications Page Brute-ForcePassword Guessing Protection Page Setting up Your Computer’s IP Address Installing Components Add Adapter Protocol Microsoft Client for Microsoft Networks Configuring Obtain an IP address automatically Specify an IP address Subnet Mask Gateway New gateway field TCP/IP Properties Verifying Settings IP Configuration Network Connections Network and Dial-up Connections 3Right-click Local Area Connection and then click Properties Internet Protocol (TCP/IP) Use the following IP Address IP address Subnet mask Default gateway IP Settin Use the following DNS server addresses Preferred DNS server Alternate DNS server 8Click OK to close the Internet Protocol (TCP/IP) Properties window 9Click OK to close the Local Area Connection Properties window 2Select Ethernet built-in from the Connect via list Using DHCP Server Configure: Configure Manually Router address 5Close the TCP/IP Control Panel Save Apply Now Page IP Address Assignment Conflicts Page Page Page IP Subnetting Page Page Page Page Table 75 Subnet Page Page Command Interpreter Page AP P E N D I X G Log Descriptions Table 82 Sys log Configuring What You Want the G-1000v2 to Log Displaying Logs Page Wireless LAN and IEEE BSS ESS RTS/CTS RTS/CTS RTS/CTS Fragmentation Threshold Page Wireless LAN Security Types of RADIUS Messages EAP-MD5 EAP-TLS EAP- TTLS PEAP LEAP PEAP (Protected EAP) LEAP Dynamic WEP Key Exchange Open System Shared Key Page Encryption User Authentication Wireless Client WPA Supplicants WPA with RADIUS Application Example Page RADIUS Server Authentication Sequence Mutual Authentication with Internal RADIUS server Page Page Types of EAP Authentication Page Antenna Selection and Positioning Recommendation Positioning Antennas Index