1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. VFG6005N
    5. /
  5. 29
Page 141 / 162 Scroll up to view Page 136 - 140
132
Figure 173
RTS/CTS
When station A sends data to
the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time,
collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both
stations.
RTS/CTS
is designed to prevent collisions due to hidden nodes. An
RTS/CTS
defines the biggest size data frame you can
send before an RTS (Request To Send)/CTS (Clear to Send) handshake is invoked.
When a data frame exceeds the
RTS/CTS
value you set (between 0 to 2432 bytes), the station that wants to transmit this
frame must first send an RTS (Request To Send) message to the AP for permission to send it. The AP then responds with
a CTS (Clear to Send) message to all other stations within its range to notify them to defer their transmission. It also
reserves and confirms with the requesting station the time frame for the requested transmission.
Stations can send frames smaller than the specified
RTS/CTS
directly to the AP without the RTS (Request To Send)/CTS
(Clear to Send) handshake.
You should only configure
RTS/CTS
if the possibility of hidden nodes exists on your network and the "cost" of resending
large frames is more than the extra network overhead involved in the RTS (Request To Send)/CTS (Clear to Send)
handshake.
If the
RTS/CTS
value is greater than the
Fragmentation Threshold
value (see next), then the RTS (Request To
Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach
RTS/CTS
size.
Note: Enabling the RTS Threshold causes redundant network overhead that could negatively affect the
throughput performance instead of providing a remedy.
Fragmentation Threshold
A
Fragmentation Threshold
is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the
wireless network before the AP will fragment the packet into smaller data frames.
Page 142 / 162
133
A large
Fragmentation Threshold
is recommended for networks not prone to interference while you should set a smaller
threshold for busy networks or networks that are prone to interference.
If the
Fragmentation Threshold
value is smaller than the
RTS/CTS
value (see previously) you set then the RTS (Request
To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach
RTS/CTS
size.
Preamble Type
A preamble is used to synchronize the transmission timing in your wireless network. There are two preamble modes:
Long
and
Short
.
Short preamble takes less time to process and minimizes overhead, so it should be used in a good wireless network
environment when all wireless stations support it.
Select
Long
if you have a ‗noisy‘ network or are unsure of what preamble mode your wireless stations support as all IEEE
802.11b compliant wireless adapters must support long preamble. However, not all wireless adapters support short
preamble. Use long preamble if you are unsure what preamble mode the wireless adapters support, to ensure
interpretability between the AP and the wireless stations and to provide more reliable communication in ‗noisy‘ networks.
Select
Dynamic
to have the AP automatically use short preamble when all wireless stations support it, otherwise the AP
uses long preamble.
Note: The AP and the wireless stations MUST
use the same preamble mode in order to communicate.
IEEE 802.11g Wireless LAN
IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface
directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has
several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and
modulation are as follows:
IEEE 802.11g
DATA RATE
(MBPS)
MODULATION
1
DBPSK (Differential Binary Phase Shift Keyed)
Page 143 / 162
134
2
DQPSK (Differential Quadrature Phase Shift Keying)
5.5 / 11
CCK (Complementary Code Keying)
6/9/12/18/24/36/48/54
OFDM (Orthogonal Frequency Division Multiplexing)
IEEE 802.1x
In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended
authentication as well as providing additional accounting and control features. It is supported by Windows XP and a
number of network devices. Some advantages of IEEE 802.1x are:
User based identification that allows for roaming.
Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and
accounting management on a network RADIUS server.
Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be
deployed with no changes to the access point or the wireless stations.
RADIUS
RADIUS is based on a client-server model that supports authentication, authorization and accounting. The access point is
the client and the server is the RADIUS server. The RADIUS server handles the following tasks:
Authentication
Determines the identity of the users.
Authorization
Determines the network services available to authenticated users once they are connected to the network.
Accounting
Keeps track of the client‘s network activity.
RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless station and the
network RADIUS server.
Page 144 / 162
135
Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user
authentication:
Access-Request
Sent by an access point requesting authentication.
Access-Reject
Sent by a RADIUS server rejecting access.
Access-Accept
Sent by a RADIUS server allowing access.
Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper
response from the user and then sends another Access-Request message.
The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user
accounting:
Accounting-Request
Sent by the access point requesting accounting.
Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a
password, they both know. The key is not sent over the network. In addition to the shared key, password information
exchanged is also encrypted to protect the network from unauthorized access.
Types of Authentication
This appendix discusses some popular authentication types:
EAP-MD5
,
EAP-TLS
,
EAP-TTLS
,
PEAP
and
LEAP
.
The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more
information.
Page 145 / 162
136
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the
wireless stat
ion. The wireless station ‗proves‘ that it knows the password by encrypting the password with the challenge
and sends back the information. Password is not sent in plain text.
However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext
passwords, the passwords must be stored. Thus someone other than the authentication server may access the password
file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform
mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key.
You must configure WEP encryption keys for data encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The
server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to
the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity
vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender‘s identity. Howev
er,
to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management
overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to
establish a secure connection. Client authentication is then done by sending username and password through the secure
connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy
authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username
and password methods through the secured connection to authenticate the clients, thus hiding client identity. However,
PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for
client authentication. EAP-GTC is implemented only by Cisco.
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x.
Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times
out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed.

Rate

4 / 5 based on 1 vote.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top