Zyxel P-661HNU-F1 Router Manual PDF (Setup & Configuration Guide)

Page 206 / 404 Scroll up to view Page 201 - 205

Chapter 14 MAC Filter

P-661HNU-Fx User’s Guide

206

14.2

The MAC Filter Screen

Use the

MAC Filter

screen to allow wireless clients access to the ZyXEL Device. To

change your ZyXEL Device’s MAC filter settings, click

Security

>

MAC Filter

. The

screen appears as shown.

Figure 85

Security > MAC Filter

The following table describes the labels in this menu.

Table 50

Security > MAC Filter

LABEL

DESCRIPTION

MAC

Address

Filter

Select

Enable

to activate MAC address filtering.

Set

This is the index number of the MAC address.

Allow

Select

Allow

to permit access to the ZyXEL Device. MAC addresses not

listed will be denied access to the ZyXEL Device.

If you clear this, the

MAC Address

field for this set clears.

MAC

Address

Enter the MAC addresses of the wireless station that are allowed access to

the ZyXEL Device in these address fields. Enter the MAC addresses in a

valid MAC address format, that is, six hexadecimal character pairs, for

example, 12:34:56:78:9a:bc.

Apply

Click

Apply

to save your changes.

Cancel

Click

Cancel

to restore your previously saved settings.

Page 207 / 404

P-661HNU-Fx User’s Guide

207

C

HAPTER

15

Certificates

15.1

Overview

The ZyXEL Device can use certificates (also called digital IDs) to authenticate

users. Certificates are based on public-private key pairs. A certificate contains the

certificate owner’s identity and public key. Certificates provide a way to exchange

public keys for use in authentication.

15.1.1

What You Can Do in this Chapter

•

Use the

Local Certificate

screens to view and import the ZyXEL Device’s CA-

signed certificates (

Section 15.2 on page 210

).

•

Use the

Trusted CA

screens to save the certificates of trusted CAs to the ZyXEL

Device. You can also export the certificates to a computer (

Section 15.2.1 on

page 212

).

15.1.2

What You Need to Know

The following terms and concepts may help as you read this chapter.

Certification Authorities

A Certification Authority (CA) issues certificates and guarantees the identity of

each certificate owner. There are commercial certification authorities like

CyberTrust or VeriSign and government certification authorities.

Public and Private Keys

When using public-key cryptology for authentication, each host has two keys. One

key is public and can be made openly available; the other key is private and must

be kept secure. Public-key encryption in general works as follows.

1

Tim wants to send a private message to Jenny. Tim generates a public-private key

pair. What is encrypted with one key can only be decrypted using the other.

2

Tim keeps the private key and makes the public key openly available.

Page 208 / 404

Chapter 15 Certificates

P-661HNU-Fx User’s Guide

208

3

Tim uses his private key to encrypt the message and sends it to Jenny.

4

Jenny receives the message and uses Tim’s public key to decrypt it.

5

Additionally, Jenny uses her own private key to encrypt a message and Tim uses

Jenny’s public key to decrypt the message.

The ZyXEL Device uses certificates based on public-key cryptology to authenticate

users attempting to establish a connection. The method used to secure the data

that you send through an established connection depends on the type of

connection. For example, a VPN tunnel might use the triple DES encryption

algorithm.

The certification authority uses its private key to sign certificates. Anyone can then

use the certification authority’s public key to verify the certificates.

Certification Path

A certification path is the hierarchy of certification authority certificates that

validate a certificate. The ZyXEL Device does not trust a certificate if any

certificate on its path has expired or been revoked.

Certificate Directory Servers

Certification authorities maintain directory servers with databases of valid and

revoked certificates. A directory of certificates that have been revoked before the

scheduled expiration is called a CRL (Certificate Revocation List). The ZyXEL

Device can check a peer’s certificate against a directory server’s list of revoked

certificates. The framework of servers, software, procedures and policies that

handles keys is called PKI (public-key infrastructure).

Advantages of Certificates

Certificates offer the following benefits.

•

The ZyXEL Device only has to store the certificates of the certification

authorities that you decide to trust, no matter how many devices you need to

authenticate.

•

Key distribution is simple and very secure since you can freely distribute public

keys and you never need to transmit private keys.

Certificate File Formats

The certification authority certificate that you want to import has to be in one of

these file formats:

Page 209 / 404

Chapter 15 Certificates

P-661HNU-Fx User’s Guide

209

•

Binary X.509: This is an ITU-T recommendation that defines the formats for

X.509 certificates.

•

PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses 64

ASCII characters to convert a binary X.509 certificate into a printable form.

•

Binary PKCS#7: This is a standard that defines the general syntax for data

(including digital signatures) that may be encrypted. The ZyXEL Device

currently allows the importation of a PKS#7 file that contains a single

certificate.

•

PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses

64 ASCII characters to convert a binary PKCS#7 certificate into a printable

form.

Note: Be careful not to convert a binary file to text during the transfer process. It is

easy for this to occur since many programs use text files by default.

15.1.3

Verifying a Certificate

Before you import a trusted CA or trusted remote host certificate into the ZyXEL

Device, you should verify that you have the actual certificate. This is especially

true of trusted CA certificates since the ZyXEL Device also trusts any valid

certificate signed by any of the imported trusted CA certificates.

You can use a certificate’s fingerprint to verify it. A certificate’s fingerprint is a

message digest calculated using the MD5 or SHA1 algorithms. The following

procedure describes how to check a certificate’s fingerprint to verify that you have

the actual certificate.

1

Browse to where you have the certificate saved on your computer.

2

Make sure that the certificate has a “.cer” or “.crt” file name extension.

Figure 86

Certificates on Your Computer

Page 210 / 404

Chapter 15 Certificates

P-661HNU-Fx User’s Guide

210

3

Double-click the certificate’s icon to open the

Certificate

window. Click the

Details

tab and scroll down to the

Thumbprint Algorithm

and

Thumbprint

fields.

Figure 87

Certificate Details

4

Use a secure method to verify that the certificate owner has the same information

in the

Thumbprint Algorithm

and

Thumbprint

fields. The secure method may

very based on your situation. Possible examples would be over the telephone or

through an HTTPS connection.

15.2

Local Certificates

Use this screen to view the ZyXEL Device’s summary list of certificates and

certification requests. You can import the following certificates to your ZyXEL

Device:

•

Web Server - This certificate secures HTTP connections.

•

SSH/SCP/SFTP - This certificate secures remote connections.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share