beautypg.com

10 dynamic wep key exchange, 11 introduction to wpa, 1 user authentication – ZyXEL Communications 5 Series User Manual

Page 202: 2 encryption

background image

ZyWALL 5/35/70 Series User’s Guide

202

Chapter 10 Wireless LAN

10.10 Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key expires when
the wireless connection times out, disconnects or reauthentication times out. A new WEP key
is generated each time reauthentication is performed.

If this feature is enabled, it is not necessary to configure a default encryption key in the
Wireless Card screen (see

Section 10.16.4 on page 211

). You may still configure and store

keys here, but they will not be used while dynamic WEP is enabled.

To use dynamic WEP, enable and configure dynamic WEP key exchange in the Wireless
Card screen and configure RADIUS server settings in the AUTH SERVER RADIUS screen
(see

Section 20.3 on page 393

). Ensure that the wireless station's EAP type is configured to

one of the following:

• EAP-TLS

• EAP-TTLS

• PEAP

Note: EAP-MD5 cannot be used with dynamic WEP key exchange.

10.11 Introduction to WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. Key differences
between WPA and WEP are user authentication and improved data encryption.

10.11.1 User Authentication

WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless clients using an external RADIUS database. You can't use the ZyWALL's Local User
Database for WPA authentication purposes since the Local User Database uses EAP-MD5
which cannot be used to generate keys. See later in this chapter and the appendices for more
information on IEEE 802.1x, RADIUS and EAP.

If you don't have an external RADIUS server you should use WPA-PSK (WPA -Pre-Shared
Key) that only requires a single (identical) password entered into each access point, wireless
gateway and wireless client. As long as the passwords match, a client will be granted access to
a WLAN.

10.11.2 Encryption

WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message
Integrity Check (MIC) and IEEE 802.1x.

See also other documents in the category ZyXEL Communications Hardware: