Zyxel AMG1302-T10B Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Zyxel

AMG1302-T10B

Page 111 / 320 Scroll up to view Page 106 - 110

Chapter 7 Wireless LAN

AMG1302/AMG1202-TSeries User’s Guide

111

7.10.3.4

Encryption

Wireless networks can use encryption to protect the information that is sent in the wireless

network. Encryption is like a secret code. If you do not know the secret code, you cannot

understand the message.

The types of encryption you can choose depend on the type of authentication. (See

Section

7.10.3.3 on page 110

for information about this.)

For example, if the wireless network has a RADIUS server, you can choose

WPA

WPA2

. If users

do not log in to the wireless network, you can choose no encryption,

Static WEP

WPA-PSK

, or

WPA2-PSK

Usually, you should set up the strongest encryption that every device in the wireless network

supports. For example, suppose you have a wireless network with the AMG1302/AMG1202-TSeries

and you do not have a RADIUS server. Therefore, there is no authentication. Suppose the wireless

network has two devices. Device A only supports WEP, and device B supports WEP and WPA-PSK.

Therefore, you should set up

Static WEP

in the wireless network.

Note: It is recommended that wireless networks use

WPA-PSK

WPA

, or stronger

encryption. The other types of encryption are better than none at all, but it is still

possible for unauthorized wireless devices to figure out the original information

pretty quickly.

When you select

WPA2

WPA2-PSK

in your AMG1302/AMG1202-TSeries, you can also select an

option (

WPA compatible

) to support WPA as well. In this case, if some of the devices support WPA

and some support WPA2, you should set up

WPA2-PSK

WPA2

(depending on the type of

wireless network login) and select the

WPA compatible

option in the AMG1302/AMG1202-TSeries.

Many types of encryption use a key to protect the information in the wireless network. The longer

the key, the stronger the encryption. Every device in the wireless network must have the same key.

7.10.4

Signal Problems

Because wireless networks are radio networks, their signals are subject to limitations of distance,

interference and absorption.

Problems with distance occur when the two radios are too far apart. Problems with interference

occur when other radio waves interrupt the data signal. Interference may come from other radio

transmissions, such as military or air traffic control communications, or from machines that are

coincidental emitters such as electric motors or microwaves. Problems with absorption occur when

physical objects (such as thick walls) are between the two radios, muffling the signal.

Table 29

Types of Encryption for Each Type of Authentication

NO AUTHENTICATION

RADIUS SERVER

Weakest

No Security

WPA

Static WEP

WPA-PSK

Strongest

WPA2-PSK

WPA2

Page 112 / 320

Chapter 7 Wireless LAN

AMG1302/AMG1202-TSeries User’s Guide

112

7.10.5

BSS

A Basic Service Set (BSS) exists when all communications between wireless stations or between a

wireless station and a wired network client go through one access point (AP).

Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS traffic blocking is

disabled, wireless station A and B can access the wired network and communicate with each other.

When Intra-BSS traffic blocking is enabled, wireless station A and B can still access the wired

network but cannot communicate with each other.

Figure 40

Basic Service set

7.10.6

MBSSID

Traditionally, you need to use different APs to configure different Basic Service Sets (BSSs). As well

as the cost of buying extra APs, there is also the possibility of channel interference. The AMG1302/

AMG1202-TSeries’s MBSSID (Multiple Basic Service Set IDentifier) function allows you to use one

access point to provide several BSSs simultaneously. You can then assign varying QoS priorities

and/or security modes to different SSIDs.

Wireless devices can use different BSSIDs to associate with the same AP.

7.10.6.1

Notes on Multiple BSSs

•

A maximum of eight BSSs are allowed on one AP simultaneously.

•

You must use different keys for different BSSs. If two wireless devices have different BSSIDs

(they are in different BSSs), but have the same keys, they may hear each other’s

communications (but not communicate with each other).

Page 113 / 320

Chapter 7 Wireless LAN

AMG1302/AMG1202-TSeries User’s Guide

113

•

MBSSID should not replace but rather be used in conjunction with 802.1x security.

7.10.7

Wireless Distribution System (WDS)

The AMG1302/AMG1202-TSeries can act as a wireless network bridge and establish WDS (Wireless

Distribution System) links with other APs. You need to know the MAC addresses of the APs you want

to link to. Once the security settings of peer sides match one another, the connection between

devices is made.

At the time of writing, WDS security is compatible with other ZyXEL access points only. Refer to

your other access point’s documentation for details.

The following figure illustrates how WDS link works between APs. Notebook computer

is a

wireless client connecting to access point

AP 1

has no wired Internet connection, but it can

establish a WDS link with access point

AP 2

, which has a wired Internet connection. When

AP 1

has a WDS link with

AP 2

, the notebook computer can access the Internet through

AP 2

Figure 41

WDS Link Example

7.10.8

WiFi Protected Setup (WPS)

Your AMG1302/AMG1202-TSeries supports WiFi Protected Setup (WPS), which is an easy way to set

up a secure wireless network. WPS is an industry standard specification, defined by the WiFi

Alliance.

WPS allows you to quickly set up a wireless network with strong security, without having to

configure security settings manually. Each WPS connection works between two devices. Both

devices must support WPS (check each device’s documentation to make sure).

Depending on the devices you have, you can either press a button (on the device itself, or in its

configuration utility) or enter a PIN (a unique Personal Identification Number that allows one device

to authenticate the other) in each of the two devices. When WPS is activated on a device, it has two

minutes to find another device that also has WPS activated. Then, the two devices connect and set

up a secure network by themselves.

7.10.8.1

Push Button Configuration

WPS Push Button Configuration (PBC) is initiated by pressing a button on each WPS-enabled

device, and allowing them to connect automatically. You do not need to enter any information.

Not every WPS-enabled device has a physical WPS button. Some may have a WPS PBC button in

their configuration utilities instead of or in addition to the physical button.

Take the following steps to set up WPS using the button.

Ensure that the two devices you want to set up are within wireless range of one another.

WDS

AP 2

AP 1

Page 114 / 320

Chapter 7 Wireless LAN

AMG1302/AMG1202-TSeries User’s Guide

114

Look for a WPS button on each device. If the device does not have one, log into its configuration

utility and locate the button (see the device’s User’s Guide for how to do this - for the AMG1302/

AMG1202-TSeries, see

Section 7.6 on page 103

Press the button on one of the devices (it doesn’t matter which). For the AMG1302/AMG1202-

TSeries you must press the WPS button for more than three seconds.

Within two minutes, press the button on the other device. The registrar sends the network name

(SSID) and security key through an secure connection to the enrollee.

If you need to make sure that WPS worked, check the list of associated wireless clients in the AP’s

configuration utility. If you see the wireless client in the list, WPS was successful.

7.10.8.2

PIN Configuration

Each WPS-enabled device has its own PIN (Personal Identification Number). This may either be

static (it cannot be changed) or dynamic (in some devices you can generate a new PIN by clicking

on a button in the configuration interface).

Use the PIN method instead of the push-button configuration (PBC) method if you want to ensure

that the connection is established between the devices you specify, not just the first two devices to

activate WPS in range of each other. However, you need to log into the configuration interfaces of

both devices to use the PIN method.

When you use the PIN method, you must enter the PIN from one device (usually the wireless client)

into the second device (usually the Access Point or wireless router). Then, when WPS is activated

on the first device, it presents its PIN to the second device. If the PIN matches, one device sends

the network and security information to the other, allowing it to join the network.

Take the following steps to set up a WPS connection between an access point or wireless router

(referred to here as the AP) and a client device using the PIN method.

Ensure WPS is enabled on both devices.

Access the WPS section of the AP’s configuration interface. See the device’s User’s Guide for how to

do this.

Look for the client’s WPS PIN; it will be displayed either on the device, or in the WPS section of the

client’s configuration interface (see the device’s User’s Guide for how to find the WPS PIN - for the

AMG1302/AMG1202-TSeries, see

Section 7.5 on page 101

Enter the client’s PIN in the AP’s configuration interface.

If the client device’s configuration interface has an area for entering another device’s PIN, you can

either enter the client’s PIN in the AP, or enter the AP’s PIN in the client - it does not matter which.

Start WPS on both devices within two minutes.

Use the configuration utility to activate WPS, not the push-button on the device itself.

On a computer connected to the wireless client, try to connect to the Internet. If you can connect,

WPS was successful.

If you cannot connect, check the list of associated wireless clients in the AP’s configuration utility. If

you see the wireless client in the list, WPS was successful.

Page 115 / 320

Chapter 7 Wireless LAN

AMG1302/AMG1202-TSeries User’s Guide

115

The following figure shows a WPS-enabled wireless client (installed in a notebook computer)

connecting to the WPS-enabled AP via the PIN method.

Figure 42

Example WPS Process: PIN Method

7.10.8.3

How WPS Works

When two WPS-enabled devices connect, each device must assume a specific role. One device acts

as the registrar (the device that supplies network and security settings) and the other device acts

as the enrollee (the device that receives network and security settings. The registrar creates a

secure EAP (Extensible Authentication Protocol) tunnel and sends the network name (SSID) and the

WPA2-PSK pre-shared key to the enrollee. If the registrar is already part of a network, it sends the

existing information. If not, it generates the SSID and WPA2)-PSK randomly.

The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a

WPS-enabled access point.

ENROLLEE

SECURE EAP TUNNEL

SSID

WPA(2)-PSK

WITHIN 2 MINUTES

COMMUNICATION

This device’s

WPS

Enter WPS PIN

WPS

from other device:

WPS PIN:

123456

WPS

START

WPS

START

REGISTRAR

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share