ZyXEL Communications ZyXEL G-1000 v2 186

ZyXEL G-1000 v2 User’s Guide

PEAP (Protected EAP)

Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco.

LEAP

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE802.1x.

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of the authentication types.

Table 87 Comparison of EAP Authentication Types

	EAP-MD5	EAP-TLS	EAP-TTLS	PEAP	LEAP

Mutual Authentication	No	Yes	Yes	Yes	Yes

Certificate – Client	No	Yes	Optional	Optional	No

Certificate – Server	No	Yes	Yes	Yes	No

Dynamic Key Exchange	No	Yes	Yes	Yes	Yes

Credential Integrity	None	Strong	Strong	Strong	Moderate

Deployment Difficulty	Easy	Hard	Moderate	Moderate	Moderate

Client Identity Protection	No	No	Yes	Yes	No

186

Contents

Page Page Copyright Disclaimer Trademarks Interference Statements and Certifications Federal Communications Commission (FCC) Interference Statement FCC Caution IMPORTANT NOTE: FCC Radiation Exposure Statement Certifications Safety Warnings ZyXEL Limited Warranty Note Customer Support Page Page Table of Contents Wizard Setup Wireless LAN Remote Management Configuration System Page Firmware and Configuration File Maintenance System Maintenance and Information Troubleshooting Appendix A Product Specifications Page Page List of Figures Page Page Page List of Tables Page Page Page Preface About This User's Guide Related Documentation User Guide Feedback Syntax Conventions Graphics Icons Key Getting to Know Your Device 10/100M Auto-negotiatingEthernet/Fast Ethernet Interface 10/100M Auto-crossoverEthernet/Fast Ethernet Interface Reset Button ZyAIR LED WPA and WPA2 IEEE 802.11b Wireless LAN Standard IEEE 802.11g Wireless LAN Standard STP (Spanning Tree Protocol) / RSTP (Rapid STP) Limit the number of Client Connections SSL Passthrough Brute-ForcePassword Guessing Protection Wireless LAN MAC Address Filtering SNMP Full Network Management Logging and Tracing Diagnostics Capabilities Embedded FTP and TFTP Servers 1.3.1 Internet Access Application 1.3.2 Corporation Network Application Page Introducing the Web Configurator RESET 2.3.1 .Procedure To Use The Reset Button SYS 2.4.1 Navigation Panel 2.4.2 Status Screen Page 2.4.3 Status: Packet Statistics (Details...) Summary 2.4.4 Status: WLAN Association List Page Wizard Setup 3.3.1 Name (SSID), Channel ID and Security 3.3.2 Configuring WEP or WPA(2) PSK Security Basic (WEP) Page Page 3.3.3 IP Address Assignment 3.3.4 Apply Settings http://zyxelXXXX Finish Page Wireless LAN 4.2.1 SSID 4.2.2 MAC Address Filter 4.2.3 User Authentication 4.2.4 Encryption IEEE IEEE 802.1x + Static WEP IEEE 802.1x + Dynamic WEP WPA WPA compatible Note: Apply Click Network > Wireless LAN to open the General screen 4.4.1 No Security No Security 4.4.2 WEP Encryption 4.4.3 WEP Encryption Screen Network > Wireless LAN 4.4.4 WPA(2)-PSK Page 4.4.5 WPA(2) Authentication Screen Wireless LAN Network Wireless WPA Page Allow Deny MAC Filter Network > Wireless LAN > Advanced Page IP and DNS Screens Network > IP > Advanced Page Page Remote Management Configuration 6.1.2System Timeout Advanced > Remote MGMT WWW Telnet FTP Page 6.6.1Supported MIBs 6.6.2 SNMP Traps 6.6.3 Configuring SNMP SNMP Page System Page Maintenance > System > Time Setting Page Page Page Logs Table 32 View Log Access Control Page Page Page Page Tools Firmware Upload in Progress Return 9.2.1 Backup Configuration Backup 9.2.2 Restore Configuration 9.2.3 Back to Factory Defaults Reset Restart Page Introducing the SMT New Password Retype to confirm Page Figure 45 G-1000v2 SMT Main Menu General Setup Page LAN Setup Menu 3.5 – Wireless LAN Setup Page 12.3.1 Configuring MAC Address Filter 2Enter 5 to display Menu 3.5 – Wireless LAN Setup Figure 50 Menu 3.5 Wireless LAN Setup Edit MAC Address Filter [ENTER]. Menu 3.5.1 – WLAN MAC Address Filter displays as shown next Figure 51 Menu 3.5.1 WLAN MAC Address Filter 12.3.2 Configuring Roaming Figure 52 Menu 3.5 Wireless LAN Setup Edit Roaming Configuration [ENTER] Menu 3.5.2 – Roaming Configuration SNMP Configuration Page System Security Page Menu23 – System Security Figure 58 Menu 23 System Security 2Enter 4 to display Menu 23.4 – System Security – IEEE802.1x Page Page Page System Information and Diagnosis Menu 24.1 – System Maintenance – Status Figure 61 Menu 24.1 System Maintenance: Status 1Enter 24 to display Menu 24 – System Maintenance 2Enter 2 to display Menu 24.2 – System Information and Console Port Speed Figure 62 Menu 24.2 System Information and Console Port Speed 15.2.1 System Information Figure 63 Menu 24.2.1 System Information: Information 15.2.2 Console Port Speed Menu 24.2.2 – System Maintenance – Console Port Speed Figure 64 Menu 24.2.2 System Maintenance: Change Console Port Speed 2Enter 3 to display Menu 24.3 – Log and Trace 15.3.1 Syslog Logging Menu 24.4 – System Maintenance – Diagnostic Firmware and Configuration File Maintenance ZyNOS F/W Version Menu 24.2.1 – System Maintenance – Information 16.2.1 Backup Configuration Using FTP Figure 68 Menu 24.5 Backup Configuration 16.2.2 Using the FTP command from the DOS Prompt Figure 69 FTP Session Example 16.2.3 Backup Configuration Using TFTP 16.2.4 Example: TFTP Command 16.2.5 Backup Via Console Port Figure 70 System Maintenance: Backup Configuration Figure 71 System Maintenance: Starting Xmodem Download Screen Transfer Receive File Browse Xmodem Receive System Maintenance and Information Menu 24.10 – System Maintenance – Time and Date Setting Figure 76 Menu 24.10 System Maintenance: Time and Date Setting 17.3.1 Telnet Figure 77 Telnet Configuration on a TCP/IP Network 17.3.2 FTP 17.3.3 Web 17.3.4 Remote Management Setup WAN only LAN only All Disable 17.3.5 Remote Management Limitations Page Troubleshooting Page Product Specifications Page Brute-ForcePassword Guessing Protection Page Setting up Your Computer’s IP Address Installing Components Add Adapter Protocol Microsoft Client for Microsoft Networks Configuring Obtain an IP address automatically Specify an IP address Subnet Mask Gateway New gateway field TCP/IP Properties Verifying Settings IP Configuration Network Connections Network and Dial-up Connections 3Right-click Local Area Connection and then click Properties Internet Protocol (TCP/IP) Use the following IP Address IP address Subnet mask Default gateway IP Settin Use the following DNS server addresses Preferred DNS server Alternate DNS server 8Click OK to close the Internet Protocol (TCP/IP) Properties window 9Click OK to close the Local Area Connection Properties window 2Select Ethernet built-in from the Connect via list Using DHCP Server Configure: Configure Manually Router address 5Close the TCP/IP Control Panel Save Apply Now Page IP Address Assignment Conflicts Page Page Page IP Subnetting Page Page Page Page Table 75 Subnet Page Page Command Interpreter Page AP P E N D I X G Log Descriptions Table 82 Sys log Configuring What You Want the G-1000v2 to Log Displaying Logs Page Wireless LAN and IEEE BSS ESS RTS/CTS RTS/CTS RTS/CTS Fragmentation Threshold Page Wireless LAN Security Types of RADIUS Messages EAP-MD5 EAP-TLS EAP- TTLS PEAP LEAP PEAP (Protected EAP) LEAP Dynamic WEP Key Exchange Open System Shared Key Page Encryption User Authentication Wireless Client WPA Supplicants WPA with RADIUS Application Example Page RADIUS Server Authentication Sequence Mutual Authentication with Internal RADIUS server Page Page Types of EAP Authentication Page Antenna Selection and Positioning Recommendation Positioning Antennas Index