Page 161 / 300 Scroll up to view Page 156 - 160
Chapter 18 Wireless LAN
P-663HN-51 User’s Guide
161
Every device in the same wireless network must use security compatible with
the AP.
Security stops unauthorized devices from using the wireless network. It can also
protect the information that is sent in the wireless network.
18.10.2
Additional Wireless Terms
The following table describes some wireless network terms and acronyms used in
the ZyXEL Device’s Web Configurator.
18.10.3
Wireless Security Overview
The following sections introduce different types of wireless security you can set up
in the wireless network.
18.10.3.1
SSID
Normally, the ZyXEL Device acts like a beacon and regularly broadcasts the SSID
in the area. You can hide the SSID instead, in which case the ZyXEL Device does
not broadcast the SSID. In addition, you should change the default SSID to
something that is difficult to guess.
Table 60
Additional Wireless Terms
TERM
DESCRIPTION
RTS/CTS Threshold
In a wireless network which covers a large area, wireless devices
are sometimes not aware of each other’s presence.
This may cause
them to send information to the AP at the same time and result in
information colliding and not getting through.
By setting this value lower than the default value, the wireless
devices must sometimes get permission to send information to the
ZyXEL Device. The lower the value, the more often the devices must
get permission.
If this value is greater than the fragmentation threshold value (see
below), then wireless devices never have to get permission to send
information to the ZyXEL Device.
Preamble
A preamble affects the timing in your wireless network. There are
two preamble modes: long and short. If a device uses a different
preamble mode than the ZyXEL Device does, it cannot communicate
with the ZyXEL Device.
Authentication
The process of verifying whether a wireless device is allowed to use
the wireless network.
Fragmentation
Threshold
A small fragmentation threshold is recommended for busy networks,
while a larger threshold provides faster performance if the network
is not very busy.
Page 162 / 300
Chapter 18 Wireless LAN
P-663HN-51 User’s Guide
162
This type of security is fairly weak, however, because there are ways for
unauthorized wireless devices to get the SSID. In addition, unauthorized wireless
devices can still see the information that is sent in the wireless network.
18.10.3.2
MAC Address Filter
Every device that can use a wireless network has a unique identification number,
called a MAC address.
2
A MAC address is usually written using twelve hexadecimal
characters
3
; for example, 00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC
address for each device in the wireless network, see the device’s User’s Guide or
other documentation.
You can use the MAC address filter to tell the ZyXEL Device which devices are
allowed or not allowed to use the wireless network. If a device is allowed to use
the wireless network, it still has to have the correct information (SSID, channel,
and security). If a device is not allowed to use the wireless network, it does not
matter if it has the correct information.
This type of security does not protect the information that is sent in the wireless
network. Furthermore, there are ways for unauthorized wireless devices to get the
MAC address of an authorized device. Then, they can use that MAC address to use
the wireless network.
18.10.3.3
User Authentication
Authentication is the process of verifying whether a wireless device is allowed to
use the wireless network. You can make every user log in to the wireless network
before they can use it. However, every device in the wireless network has to
support IEEE 802.1x to do this.
For wireless networks, you can store the user names and passwords for each user
in a RADIUS server. This is a server used in businesses more than in homes. If you
do not have a RADIUS server, you cannot set up user names and passwords for
your users.
Unauthorized wireless devices can still see the information that is sent in the
wireless network, even if they cannot use the wireless network. Furthermore,
there are ways for unauthorized wireless users to get a valid user name and
password. Then, they can use that user name and password to use the wireless
network.
2.
Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks.
These kinds of wireless devices might not have MAC addresses.
3.
Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.
Page 163 / 300
Chapter 18 Wireless LAN
P-663HN-51 User’s Guide
163
18.10.3.4
Encryption
Wireless networks can use encryption to protect the information that is sent in the
wireless network. Encryption is like a secret code. If you do not know the secret
code, you cannot understand the message.
The types of encryption you can choose depend on the type of authentication.
(See
Section 18.10.3.3 on page 162
for information about this.)
For example, if the wireless network has a RADIUS server, you can choose
WPA
or
WPA2
. If users do not log in to the wireless network, you can choose no
encryption,
Static WEP
,
WPA-PSK
, or
WPA2-PSK
.
Usually, you should set up the strongest encryption that every device in the
wireless network supports. For example, suppose you have a wireless network
with the ZyXEL Device and you do not have a RADIUS server. Therefore, there is
no authentication. Suppose the wireless network has two devices. Device A only
supports WEP, and device B supports WEP and WPA. Therefore, you should set up
Static WEP
in the wireless network.
Note: It is recommended that wireless networks use
WPA-PSK
,
WPA
, or stronger
encryption. The other types of encryption are better than none at all, but it is still
possible for unauthorized wireless devices to figure out the original information
pretty quickly.
When you select
WPA2
or
WPA2-PSK
in your ZyXEL Device, you can also select
an option (
WPA compatible
) to support WPA as well. In this case, if some of the
devices support WPA and some support WPA2, you should set up
WPA2-PSK
or
WPA2
(depending on the type of wireless network login) and select the
WPA
compatible
option in the ZyXEL Device.
Many types of encryption use a key to protect the information in the wireless
network. The longer the key, the stronger the encryption. Every device in the
wireless network must have the same key.
Table 61
Types of Encryption for Each Type of Authentication
NO AUTHENTICATION
RADIUS SERVER
Weakest
No Security
WPA
Static WEP
WPA-PSK
Stronges
t
WPA2-PSK
WPA2
Page 164 / 300
Chapter 18 Wireless LAN
P-663HN-51 User’s Guide
164
18.10.4
WiFi Protected Setup
Your ZyXEL Device supports WiFi Protected Setup (WPS), which is an easy way to
set up a secure wireless network. WPS is an industry standard specification,
defined by the WiFi Alliance.
WPS allows you to quickly set up a wireless network with strong security, without
having to configure security settings manually. Each WPS connection works
between two devices. Both devices must support WPS (check each device’s
documentation to make sure).
Depending on the devices you have, you can either press a button (on the device
itself, or in its configuration utility) or enter a PIN (a unique Personal Identification
Number that allows one device to authenticate the other) in each of the two
devices. When WPS is activated on a device, it has two minutes to find another
device that also has WPS activated. Then, the two devices connect and set up a
secure network by themselves.
18.10.4.1
Push Button Configuration
WPS Push Button Configuration (PBC) is initiated by pressing a button on each
WPS-enabled device, and allowing them to connect automatically. You do not need
to enter any information.
Not every WPS-enabled device has a physical WPS button. Some may have a WPS
PBC button in their configuration utilities instead of or in addition to the physical
button.
Take the following steps to set up WPS using the button.
1
Ensure that the two devices you want to set up are within wireless range of one
another.
2
Look for a WPS button on each device. If the device does not have one, log into its
configuration utility and locate the button.
3
Press the button on one of the devices (it doesn’t matter which). For the ZyXEL
Device you must press the WPS button for more than three seconds.
4
Within two minutes, press the button on the other device. The registrar sends the
network name (SSID) and security key through an secure connection to the
enrollee.
If you need to make sure that WPS worked, check the list of associated wireless
clients in the AP’s configuration utility. If you see the wireless client in the list,
WPS was successful.
Page 165 / 300
Chapter 18 Wireless LAN
P-663HN-51 User’s Guide
165
18.10.4.2
PIN Configuration
Each WPS-enabled device has its own PIN (Personal Identification Number). This
may either be static (it cannot be changed) or dynamic (in some devices you can
generate a new PIN by clicking on a button in the configuration interface).
Use the PIN method instead of the push-button configuration (PBC) method if you
want to ensure that the connection is established between the devices you specify,
not just the first two devices to activate WPS in range of each other. However, you
need to log into the configuration interfaces of both devices to use the PIN
method.
When you use the PIN method, you must enter the PIN from one device (usually
the wireless client) into the second device (usually the Access Point or wireless
router). Then, when WPS is activated on the first device, it presents its PIN to the
second device. If the PIN matches, one device sends the network and security
information to the other, allowing it to join the network.
Take the following steps to set up a WPS connection between an access point or
wireless router (referred to here as the AP) and a client device using the PIN
method.
1
Ensure WPS is enabled on both devices.
2
Access the WPS section of the AP’s configuration interface. See the device’s User’s
Guide for how to do this.
3
Look for the client’s WPS PIN; it will be displayed either on the device, or in the
WPS section of the client’s configuration interface.
4
Enter the client’s PIN in the AP’s configuration interface.
Note: If the client device’s configuration interface has an area for entering another
device’s PIN, you can either enter the client’s PIN in the AP, or enter the AP’s
PIN in the client - it does not matter which.
5
Start WPS on both devices within two minutes.
Note: Use the configuration utility to activate WPS, not the push-button on the device
itself.
6
On a computer connected to the wireless client, try to connect to the Internet. If
you can connect, WPS was successful.
If you cannot connect, check the list of associated wireless clients in the AP’s
configuration utility. If you see the wireless client in the list, WPS was successful.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top