1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. P-660HN-F1Z
    5. /
  5. 27
Page 131 / 421 Scroll up to view Page 126 - 130
Chapter 7 Wireless LAN
P-660HN-FxZ Series User’s Guide
131
"
If the client device’s configuration interface has an area for entering another
device’s PIN, you can either enter the client’s PIN in the AP, or enter the AP’s
PIN in the client - it does not matter which.
5
Start WPS on both devices within two minutes.
"
Use the configuration utility to activate WPS, not the push-button on the device
itself.
6
On a computer connected to the wireless client, try to connect to the Internet. If you can
connect, WPS was successful.
If you cannot connect, check the list of associated wireless clients in the AP’s
configuration utility. If you see the wireless client in the list, WPS was successful.
The following figure shows a WPS-enabled wireless client (installed in a notebook computer)
connecting to the WPS-enabled AP via the PIN method.
Page 132 / 421
Chapter 7 Wireless LAN
P-660HN-FxZ Series User’s Guide
132
Figure 65
Example WPS Process: PIN Method
7.9.8.3
How WPS Works
When two WPS-enabled devices connect, each device must assume a specific role. One device
acts as the registrar (the device that supplies network and security settings) and the other
device acts as the enrollee (the device that receives network and security settings. The registrar
creates a secure EAP (Extensible Authentication Protocol) tunnel and sends the network name
(SSID) and the WPA-PSK or WPA2-PSK pre-shared key to the enrollee. Whether WPA-PSK
or WPA2-PSK is used depends on the standards supported by the devices. If the registrar is
already part of a network, it sends the existing information. If not, it generates the SSID and
WPA(2)-PSK randomly.
The following figure shows a WPS-enabled client (installed in a notebook computer)
connecting to a WPS-enabled access point.
ENROLLEE
SECURE EAP TUNNEL
SSID
WPA(2)-PSK
WITHIN 2 MINUTES
COMMUNICATION
This device’s
WPS
Enter WPS PIN
WPS
from other device:
WPS PIN:
123456
WPS
START
WPS
START
REGISTRAR
Page 133 / 421
Chapter 7 Wireless LAN
P-660HN-FxZ Series User’s Guide
133
Figure 66
How WPS works
The roles of registrar and enrollee last only as long as the WPS setup process is active (two
minutes). The next time you use WPS, a different device can be the registrar if necessary.
The WPS connection process is like a handshake; only two devices participate in each WPS
transaction. If you want to add more devices you should repeat the process with one of the
existing networked devices and the new device.
Note that the access point (AP) is not always the registrar, and the wireless client is not always
the enrollee. All WPS-certified APs can be a registrar, and so can some WPS-enabled wireless
clients.
By default, a WPS devices is “unconfigured”. This means that it is not part of an existing
network and can act as either enrollee or registrar (if it supports both functions). If the registrar
is unconfigured, the security settings it transmits to the enrollee are randomly-generated. Once
a WPS-enabled device has connected to another device using WPS, it becomes “configured”.
A configured wireless client can still act as enrollee or registrar in subsequent WPS
connections, but a configured access point can no longer act as enrollee. It will be the registrar
in all subsequent WPS connections in which it is involved. If you want a configured AP to act
as an enrollee, you must reset it to its factory defaults.
7.9.8.4
Example WPS Network Setup
This section shows how security settings are distributed in an example WPS setup.
The following figure shows an example network. In step
1
, both
AP1
and
Client 1
are
unconfigured. When WPS is activated on both, they perform the handshake. In this example,
AP1
is the registrar, and
Client 1
is the enrollee. The registrar randomly generates the security
information to set up the network, since it is unconfigured and has no existing information.
SECURE TUNNEL
SECURITY INFO
WITHIN 2 MINUTES
COMMUNICATION
ACTIVATE
WPS
ACTIVATE
WPS
WPS HANDSHAKE
REGISTRAR
ENROLLEE
Page 134 / 421
Chapter 7 Wireless LAN
P-660HN-FxZ Series User’s Guide
134
Figure 67
WPS: Example Network Step 1
In step
2
, you add another wireless client to the network. You know that
Client 1
supports
registrar mode, but it is better to use
AP1
for the WPS handshake with the new client since
you must connect to the access point anyway in order to use the network. In this case,
AP1
must be the registrar, since it is configured (it already has security information for the
network).
AP1
supplies the existing security information to
Client 2
.
Figure 68
WPS: Example Network Step 2
In step 3, you add another access point (
AP2
) to your network.
AP2
is out of range of
AP1
, so
you cannot use
AP1
for the WPS handshake with the new access point. However, you know
that
Client 2
supports the registrar function, so you use it to perform the WPS handshake
instead.
REGISTRAR
ENROLLEE
SECURITY INFO
CLIENT 1
AP1
REGISTRAR
CLIENT 1
AP1
ENROLLEE
CLIENT 2
EXISTING CONNECTION
SECURITY INFO
Page 135 / 421
Chapter 7 Wireless LAN
P-660HN-FxZ Series User’s Guide
135
Figure 69
WPS: Example Network Step 3
7.9.8.5
Limitations of WPS
WPS has some limitations of which you should be aware.
WPS works in Infrastructure networks only (where an AP and a wireless client
communicate). It does not work in Ad-Hoc networks (where there is no AP).
When you use WPS, it works between two devices only. You cannot enroll multiple
devices simultaneously, you must enroll one after the other.
For instance, if you have two enrollees and one registrar you must set up the first enrollee
(by pressing the WPS button on the registrar and the first enrollee, for example), then
check that it successfully enrolled, then set up the second device in the same way.
WPS works only with other WPS-enabled devices. However, you can still add non-WPS
devices to a network you already set up using WPS.
WPS works by automatically issuing a randomly-generated WPA-PSK or WPA2-PSK
pre-shared key from the registrar device to the enrollee devices. Whether the network uses
WPA-PSK or WPA2-PSK depends on the device. You can check the configuration
interface of the registrar device to discover the key the network is using (if the device
supports this feature). Then, you can enter the key into the non-WPS device and join the
network as normal (the non-WPS device must also support WPA-PSK or WPA2-PSK).
When you use the PBC method, there is a short period (from the moment you press the
button on one device to the moment you press the button on the other device) when any
WPS-enabled device could join the network. This is because the registrar has no way of
identifying the “correct” enrollee, and cannot differentiate between your enrollee and a
rogue device. This is a possible way for a hacker to gain access to a network.
CLIENT 1
AP1
REGISTRAR
CLIENT 2
EXISTING CONNECTION
SECURITY INFO
ENROLLEE
AP2
EXISTING CONNECTION

Rate

4 / 5 based on 1 vote.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top