Zyxel P-330W Router Manual PDF (Setup & Configuration Guide)

Page 61 / 141 Scroll up to view Page 56 - 60

ZyXEL P-330W User’s Guide

61

Chapter 5 Wireless

Figure 33

Wireless Security Setup: WPA-PSK

The following table describes the labels in this screen.

Table 23

Wireless Security Setup: WPA-PSK

LABEL

DESCRIPTION

Encryption

Choose

WPA

from the drop-down list box for TKIP encryption.

Choose

WPA2 (AES)

from the drop-down list box to use WPA2’s AES encryption.

Choose

WPA2 Mixed

from the drop-down list box to allow both TKIP or AES

encryption.

WPA

Authentication

Mode

Choose

Personal

to enable PSK mode.

WPA Format

Choose whether to enter the PSK by either

Passphras

e or

Hex

key.

Pre-Shared Key

The encryption mechanisms used for

WPA

and

WPA-PSK

are the same. The only

difference between the two is that

WPA-PSK

uses a simple common password,

instead of user-specific credentials.

Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including

spaces and symbols) or 64 hex characters.

Group Key Life

TIme

The

Group Key Life Time

is the rate at which the AP sends a new group key out

to all clients. The re-keying process is the WPA equivalent of automatically

changing the WEP key for an AP and all stations in a WLAN on a periodic basis.

Save

Click

Save

to save your changes back to the P-330W.

Reset

Click

Reset

to reload the previous configuration for this screen.

Page 62 / 141

ZyXEL P-330W User’s Guide

Chapter 5 Wireless

62

5.7.7

Introduction to RADIUS

RADIUS is based on a client-sever model that supports authentication and accounting, where

access point is the client and the server is the RADIUS server. The RADIUS server handles

the following tasks among others:

• Authentication

Determines the identity of the users.

• Accounting

Keeps track of the client’s network activity.

RADIUS user is a simple package exchange in which your P-330W acts as a message relay

between the wireless station and the network RADIUS server.

5.7.7.1

Types of RADIUS Messages

The following types of RADIUS messages are exchanged between the access point and the

RADIUS server for user authentication:

• Access-Request

Sent by an access point requesting authentication.

• Access-Reject

Sent by a RADIUS server rejecting access.

• Access-Accept

Sent by a RADIUS server allowing access.

5.7.7.2

Access-Challenge

Sent by a RADIUS server requesting more information in order to allow access. The access

point sends a proper response from the user and then sends another Access-Request message.

The following types of RADIUS messages are exchanged between the access point and the

RADIUS server for user accounting:

5.7.7.3

Accounting-Request

Sent by the access point requesting accounting.

5.7.7.4

Accounting-Response

Sent by the RADIUS server to indicate that it has started or stopped accounting.

Page 63 / 141

ZyXEL P-330W User’s Guide

63

Chapter 5 Wireless

In order to ensure network security, the access point and the RADIUS server use a shared

secret key, which is a password, they both know. The key is not sent over the network. In

addition to the shared key, password information exchanged is also encrypted to protect the

wired network from unauthorized access.

5.7.7.5

EAP Authentication Overview

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the

IEEE802.1x transport mechanism in order to support multiple types of user authentication. By

using EAP to interact with an EAP-compatible RADIUS server, the access point helps a

wireless station and a RADIUS server perform authentication.

The type of authentication you use depends on the RADIUS server or the AP. The P-330W

supports EAP-TLS, EAP-TTLS and PEAP with RADIUS. Refer to the

Types of EAP

Authentication

appendix for descriptions on the four common types.

Your P-330W supports EAP-MD5 (Message-Digest Algorithm 5) with RADIUS.

The following figure shows an overview of authentication when you specify a RADIUS server

on your access point.

Figure 34

EAP Authentication

The details below provide a general description of how IEEE 802.1x EAP authentication

works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix.

1

The wireless station sends a “start” message to the P-330W.

2

The P-330W sends a “request identity” message to the wireless station for identity

information.

3

The wireless station replies with identity information, including username and password.

4

The RADIUS server checks the user information against its user profile database and

determines whether or not to authenticate the wireless station.

5.7.7.6

WPA with RADIUS Application Example

You need the IP address of the RADIUS server, its port number (default is 1812), and the

RADIUS shared secret. A WPA application example with an external RADIUS server looks

as follows. “A” is the RADIUS server. “DS” is the distribution system.

1

The AP passes the wireless client’s authentication request to the RADIUS server.

Page 64 / 141

ZyXEL P-330W User’s Guide

Chapter 5 Wireless

64

2

The RADIUS server then checks the user's identification against its database and grants

or denies network access accordingly.

3

The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then

sets up a key hierarchy and management system, using the pair-wise key to dynamically

generate unique data encryption keys to encrypt every data packet that is wirelessly

communicated between the AP and the wireless clients.

Figure 35

WPA with RADIUS Application Example

5.7.8

Configuring WPA Authentication

In order to configure and enable WPA encryption; click the

SECURITY

link under

WIRELESS

to display the

Wireless Security

screen. Select the mode

(WPA, WPA2, WPA2

Mixed)

from the

Encryption

list.

Select

ENTERPRISE

under

WPA Encryption Mode

.

Page 65 / 141

ZyXEL P-330W User’s Guide

65

Chapter 5 Wireless

Figure 36

Wireless Security Setup: WPA With RADIUS

The following table describes the labels in this screen.

Table 24

Wireless Security Setup: WPA

LABEL

DESCRIPTION

Encryption

Choose

WPA

from the drop-down list box for TKIP encryption.

Choose

WPA2 (AES)

from the drop-down list box to use WPA2’s AES

encryption.

Choose

WPA2 Mixed

from the drop-down list box to allow both TKIP or AES

encryption.

WPA Group Key

Update Timer

The

WPA Group Key Update Timer

is the rate at which the AP (if using

WPA-

PSK

key management) or

RADIUS

server (if using WPA key management)

sends a new group key out to all clients. The re-keying process is the WPA

equivalent of automatically changing the WEP key for an AP and all stations in a

WLAN on a periodic basis. Setting of the

WPA Group Key Update Timer

is also

supported in

WPA-PSK

mode. The P-330W default is

1800

seconds (30

minutes).

Authentication Server

IP Address

Enter the IP address of the external authentication server in dotted decimal

notation.

Port

Enter the port number of the external authentication server. The default port

number is

1812

.

You need not change this value unless your network administrator instructs you

to do so with additional information.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share