Zyxel P-330W Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Zyxel

P-330W

Page 56 / 141 Scroll up to view Page 51 - 55

ZyXEL P-330W User’s Guide

Chapter 5 Wireless

5.7

Security Parameters Summary

Refer to this table to see what other security parameters you should configure for each

Authentication Method/ key management protocol type. You enter manual keys by first

selecting

64-bit WEP

128-bit WEP

from the

WEP Encryption

field and then typing the

keys (in ASCII or hexadecimal format) in the key text boxes. MAC address filters are not

dependent on how you configure these security features.

5.7.1

WEP Overview

WEP (Wired Equivalent Privacy) as specified in the IEEE 802.11 standard provides methods

for both data encryption and wireless station authentication.

5.7.2

Data Encryption

WEP provides a mechanism for encrypting data using encryption keys. Both the AP and the

wireless stations must use the same WEP key to encrypt and decrypt data. Your P-330W

allows you to configure up to four 64-bit or 128-bit WEP keys, but only one key can be

enabled at any one time.

5.7.3

Configuring WEP Encryption

In order to configure and enable WEP encryption; click the

SECURITY

link under

WIRELESS

to display the

Wireless Security

screen. Select

Static WEP

from the

Encryption

list.

Table 20

Wireless Security Relational Matrix

AUTHENTICATION METHOD/

KEY MANAGEMENT

PROTOCOL

ENCRYPTION

METHOD

ENTER

MANUAL KEY

IEEE 802.1X

Open

None

Disabled

Open

WEP

Enable with 802.1x

Yes

Disabled

Shared

WEP

Enable with 802.1x

Yes

Disable

WPA

TKIP

Enable

WPA-PSK

TKIP

Yes

Disabled

WPA2

AES

Enable

WPA2-PSK

AES

Yes

Disabled

WPA2-Mixed

AES & TKIP

Enable

WPA2-Mixed PSK

AES & TKIP

Yes

Disabled

Page 57 / 141

ZyXEL P-330W User’s Guide

Chapter 5 Wireless

Figure 30

Wireless Security Setup:

WEP Encryption

The following table describes the wireless LAN security labels in this screen

Click SET WEP KEY to configure WEP encryption.

Table 21

Wireless Security Setup: Static WEP Encryption

LABEL

DESCRIPTION

Encryption

Choose

WEP

from the drop-down list box.

Set WEP Key

Click this to configure WEP without 802.1x.

Use 802.1x

Authentication

Mark the check box here to use 802.1x authentication.

WEP

Encryption

Select

64-bit WEP

128-bit WEP

Used only when using 802.1x authentication.

Authentication RADIUS Server

Port

The port number on the RADIUS server.

IP Address

Enter the IP address of the RADIUS server.

Password

Enter the password (shared secret) for the RADIUS server.

Save

Click

Save

to save your changes back to the P-330W.

Reset

Click

Reset

to reload the previous configuration for this screen.

Page 58 / 141

ZyXEL P-330W User’s Guide

Chapter 5 Wireless

Figure 31

Wireless Security Setup:

WEP Encryption

The following table describes the wireless LAN security labels in this screen

Table 22

Wireless Security Setup:

WEP Encryption

LABEL

DESCRIPTION

Key Length

Select

64-bit WEP

128-bit WEP

Key Format

ASCII: Select this option in order to enter ASCII characters as WEP key.

Hex: Select this option in order to enter hexadecimal characters as a WEP key.

Default Tx Key

You must configure at least one key, only one key can be activated at any one time.

The default key is key 1.

Encryption Key

1 to 4

The WEP keys are used to encrypt data. Both the P-330W and the wireless stations

must use the same WEP key for data transmission.

If you chose

64-bit WEP

, then enter any 5 ASCII characters or 10 hexadecimal

characters ("0-9", "A-F").

If you chose

128-bit WEP

, then enter 13 ASCII characters or 26 hexadecimal

characters ("0-9", "A-F").

Passphrase

Enter a Passphrase (up to 32 printable characters) and clicking

Generate WEP KEY

The P-330W automatically generates a WEP key.

Save

Click

Save

to save your changes back to the P-330W.

Click

to close this window.

Reset

Click

Reset

to reload the previous configuration for this screen.

Page 59 / 141

ZyXEL P-330W User’s Guide

Chapter 5 Wireless

5.7.4

Introduction to WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft.

Key differences between WPA and WEP are user authentication and improved data

encryption.

5.7.4.1

User Authentication

WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate

wireless clients using an external RADIUS database. See later in this chapter and the

appendices for more information on IEEE 802.1x, RADIUS and EAP.

Your wireless client

will need to be able to support 802.1x authentication to use RADIUS authentication.

Therefore, if you don’t have an external RADIUS server you should use WPA-PSK (WPA -

Pre-Shared Key) that only requires a single (identical) password entered into each access

point, wireless gateway and wireless client. As long as the passwords match, a client will be

granted access to a WLAN.

5.7.4.2

Encryption

WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message

Integrity Check (MIC) and IEEE 802.1x.

Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and

distributed by the authentication server. It includes a per-packet key mixing function, a

Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with

sequencing rules, and a re-keying mechanism.

TKIP regularly changes and rotates the encryption keys so that the same encryption key is

never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the

AP that then sets up a key hierarchy and management system, using the pair-wise key to

dynamically generate unique data encryption keys to encrypt every data packet that is

wirelessly communicated between the AP and the wireless clients. This all happens in the

background automatically.

The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data

packets, altering them and resending them. The MIC provides a strong mathematical function

in which the receiver and the transmitter each compute and then compare the MIC. If they do

not match, it is assumed that the data has been tampered with and the packet is dropped.

By generating unique data encryption keys for every data packet and by creating an integrity

checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi

network than WEP, making it difficult for an intruder to break into the network.

The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference

between the two is that WPA-PSK uses a simple common password, instead of user-specific

credentials. The common-password approach makes WPA-PSK susceptible to brute-force

password-guessing attacks but it’s still an improvement over WEP as it employs an easier-to-

use, consistent, single, alphanumeric password.

Page 60 / 141

ZyXEL P-330W User’s Guide

Chapter 5 Wireless

5.7.4.3

WPA-PSK Application Example

A WPA-PSK application looks as follows.

First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key

(PSK) must consist of between 8 and 63 ASCII characters (including spaces and

symbols).

The AP checks each client’s password and (only) allows it to join the network if it

matches its password.

The AP derives and distributes keys to the wireless clients.

The AP and wireless clients use the TKIP encryption process to encrypt data exchanged

between them.

Figure 32

WPA - PSK Authentication

5.7.5

Introduction to WPA2

WPA2 is based on the same 802.11i spec as WPA.

The primary difference between WPA and

WPA2 is that WPA2 uses AES encryption in places of TKIP.

Like WPA, WPA2 can function

either using a pre-shared key or by using a RADIUS server to perform authentication.

WPA2

also offers a mixed mode which allows WPA clients to authenticate and use TKIP encryption

while still allowing WPA2 clients to use AES.

Configuration of WPA2 is the same as WPA.

5.7.6

Configuring WPA-PSK Authentication

In order to configure and enable WPA-PSK encryption; click the

SECURITY

link under

WIRELESS

to display the

Wireless Security

screen. Select

WPA (TKIP)

from the

Encryption

list.

Select

PERSONAL

under

WPA Encryption Mode

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share