Page 56 / 141 Scroll up to view Page 51 - 55
ZyXEL P-330W User’s Guide
Chapter 5 Wireless
56
5.7
Security Parameters Summary
Refer to this table to see what other security parameters you should configure for each
Authentication Method/ key management protocol type. You enter manual keys by first
selecting
64-bit WEP
or
128-bit WEP
from the
WEP Encryption
field and then typing the
keys (in ASCII or hexadecimal format) in the key text boxes. MAC address filters are not
dependent on how you configure these security features.
5.7.1
WEP Overview
WEP (Wired Equivalent Privacy) as specified in the IEEE 802.11 standard provides methods
for both data encryption and wireless station authentication.
5.7.2
Data Encryption
WEP provides a mechanism for encrypting data using encryption keys. Both the AP and the
wireless stations must use the same WEP key to encrypt and decrypt data. Your P-330W
allows you to configure up to four 64-bit or 128-bit WEP keys, but only one key can be
enabled at any one time.
5.7.3
Configuring WEP Encryption
In order to configure and enable WEP encryption; click the
SECURITY
link under
WIRELESS
to display the
Wireless Security
screen. Select
Static WEP
from the
Encryption
list.
Table 20
Wireless Security Relational Matrix
AUTHENTICATION METHOD/
KEY MANAGEMENT
PROTOCOL
ENCRYPTION
METHOD
ENTER
MANUAL KEY
IEEE 802.1X
Open
None
No
Disabled
Open
WEP
No
Enable with 802.1x
Yes
Disabled
Shared
WEP
No
Enable with 802.1x
Yes
Disable
WPA
TKIP
No
Enable
WPA-PSK
TKIP
Yes
Disabled
WPA2
AES
No
Enable
WPA2-PSK
AES
Yes
Disabled
WPA2-Mixed
AES & TKIP
No
Enable
WPA2-Mixed PSK
AES & TKIP
Yes
Disabled
Page 57 / 141
ZyXEL P-330W User’s Guide
57
Chapter 5 Wireless
Figure 30
Wireless Security Setup:
WEP Encryption
The following table describes the wireless LAN security labels in this screen
Click SET WEP KEY to configure WEP encryption.
Table 21
Wireless Security Setup: Static WEP Encryption
LABEL
DESCRIPTION
Encryption
Choose
WEP
from the drop-down list box.
Set WEP Key
Click this to configure WEP without 802.1x.
Use 802.1x
Authentication
Mark the check box here to use 802.1x authentication.
WEP
Encryption
Select
64-bit WEP
or
128-bit WEP
.
Used only when using 802.1x authentication.
Authentication RADIUS Server
Port
The port number on the RADIUS server.
IP Address
Enter the IP address of the RADIUS server.
Password
Enter the password (shared secret) for the RADIUS server.
Save
Click
Save
to save your changes back to the P-330W.
Reset
Click
Reset
to reload the previous configuration for this screen.
Page 58 / 141
ZyXEL P-330W User’s Guide
Chapter 5 Wireless
58
Figure 31
Wireless Security Setup:
WEP Encryption
The following table describes the wireless LAN security labels in this screen
Table 22
Wireless Security Setup:
WEP Encryption
LABEL
DESCRIPTION
Key Length
Select
64-bit WEP
or
128-bit WEP
.
Key Format
ASCII: Select this option in order to enter ASCII characters as WEP key.
Hex: Select this option in order to enter hexadecimal characters as a WEP key.
Default Tx Key
You must configure at least one key, only one key can be activated at any one time.
The default key is key 1.
Encryption Key
1 to 4
The WEP keys are used to encrypt data. Both the P-330W and the wireless stations
must use the same WEP key for data transmission.
If you chose
64-bit WEP
, then enter any 5 ASCII characters or 10 hexadecimal
characters ("0-9", "A-F").
If you chose
128-bit WEP
, then enter 13 ASCII characters or 26 hexadecimal
characters ("0-9", "A-F").
Passphrase
Enter a Passphrase (up to 32 printable characters) and clicking
Generate WEP KEY
.
The P-330W automatically generates a WEP key.
Save
Click
Save
to save your changes back to the P-330W.
Close
Click
Close
to close this window.
Reset
Click
Reset
to reload the previous configuration for this screen.
Page 59 / 141
ZyXEL P-330W User’s Guide
59
Chapter 5 Wireless
5.7.4
Introduction to WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft.
Key differences between WPA and WEP are user authentication and improved data
encryption.
5.7.4.1
User Authentication
WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless clients using an external RADIUS database. See later in this chapter and the
appendices for more information on IEEE 802.1x, RADIUS and EAP.
Your wireless client
will need to be able to support 802.1x authentication to use RADIUS authentication.
Therefore, if you don’t have an external RADIUS server you should use WPA-PSK (WPA -
Pre-Shared Key) that only requires a single (identical) password entered into each access
point, wireless gateway and wireless client. As long as the passwords match, a client will be
granted access to a WLAN.
5.7.4.2
Encryption
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message
Integrity Check (MIC) and IEEE 802.1x.
Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and
distributed by the authentication server. It includes a per-packet key mixing function, a
Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with
sequencing rules, and a re-keying mechanism.
TKIP regularly changes and rotates the encryption keys so that the same encryption key is
never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the
AP that then sets up a key hierarchy and management system, using the pair-wise key to
dynamically generate unique data encryption keys to encrypt every data packet that is
wirelessly communicated between the AP and the wireless clients. This all happens in the
background automatically.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data
packets, altering them and resending them. The MIC provides a strong mathematical function
in which the receiver and the transmitter each compute and then compare the MIC. If they do
not match, it is assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity
checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi
network than WEP, making it difficult for an intruder to break into the network.
The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference
between the two is that WPA-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA-PSK susceptible to brute-force
password-guessing attacks but it’s still an improvement over WEP as it employs an easier-to-
use, consistent, single, alphanumeric password.
Page 60 / 141
ZyXEL P-330W User’s Guide
Chapter 5 Wireless
60
5.7.4.3
WPA-PSK Application Example
A WPA-PSK application looks as follows.
1
First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key
(PSK) must consist of between 8 and 63 ASCII characters (including spaces and
symbols).
2
The AP checks each client’s password and (only) allows it to join the network if it
matches its password.
3
The AP derives and distributes keys to the wireless clients.
4
The AP and wireless clients use the TKIP encryption process to encrypt data exchanged
between them.
Figure 32
WPA - PSK Authentication
5.7.5
Introduction to WPA2
WPA2 is based on the same 802.11i spec as WPA.
The primary difference between WPA and
WPA2 is that WPA2 uses AES encryption in places of TKIP.
Like WPA, WPA2 can function
either using a pre-shared key or by using a RADIUS server to perform authentication.
WPA2
also offers a mixed mode which allows WPA clients to authenticate and use TKIP encryption
while still allowing WPA2 clients to use AES.
Configuration of WPA2 is the same as WPA.
5.7.6
Configuring WPA-PSK Authentication
In order to configure and enable WPA-PSK encryption; click the
SECURITY
link under
WIRELESS
to display the
Wireless Security
screen. Select
WPA (TKIP)
from the
Encryption
list.
Select
PERSONAL
under
WPA Encryption Mode
.

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top